Creating users and granting permissions to databases
Because of MySQL's client-server architecture, the server may accept connections from multiple clients. The connecting clients authenticate themselves to MySQL using a username and password. Information about user accounts and privileges is stored in an internal database called mysql.
MySQL accounts are separate from system accounts, which is usually a good thing because more often than not they represent applications running on your server rather than actual users. Each application connecting to your database server should have its own user account, with access privileges limited to only those databases which are needed for the application to run. It would be a bad idea to allow an application root-level access. This is because if the application is compromised, an attacker could steal or damage all databases on your system.
In addition to a username and password, MySQL accounts are also described by the host from which a user is allowed...
