Details

    Description

      After installing MariaDB I ran mysql_secure_installation and set the root password allowed root to login over the network, 'Y' to remove other options.

      After setting the password I logged in successfully any password using the command:

      1. mariadb -u root

      I ran mysql_secure_installation 2 more times and set the password again to a different password each time and it made no difference.

      Attachments

        Issue Links

          Activity

            danblack Daniel Black added a comment -

            You'll probably find it works for root and not any other user. If you're a root linux user a password isn't providing much extra security as it has raw table access.

            danblack Daniel Black added a comment - You'll probably find it works for root and not any other user. If you're a root linux user a password isn't providing much extra security as it has raw table access.
            rickr Rick Ruggiero added a comment - - edited

            Correct, with another user other than root the authentication challenge request is being respected, but this is not normal behaviour and often in production environments root does not automatically have access to DBA account privileges.

            If this is now correct behaviour it will need to be clearly described as this would be considered a severe security risk in most of the production environments I have worked in.

            rickr Rick Ruggiero added a comment - - edited Correct, with another user other than root the authentication challenge request is being respected, but this is not normal behaviour and often in production environments root does not automatically have access to DBA account privileges. If this is now correct behaviour it will need to be clearly described as this would be considered a severe security risk in most of the production environments I have worked in.

            This is intentional security enhancement feature (no need to remember root password, no need to store it in a file for scripts to use, no need to bother generating a strong password, etc).

            The root user almost always have all access rights to the database anyway, root can copy all database files, root can edit all database files directly, root can access MariaDB process memory. It generally does not add any additional security to require the root user to know the password for the database.

            Anyway, if your setup is different and you are sure that your root user cannot access the database and you want to ensure root has the password — you need to change root's authentication plugin to be mysql_native_password, not unix_socket.

            See https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/

            serg Sergei Golubchik added a comment - This is intentional security enhancement feature (no need to remember root password, no need to store it in a file for scripts to use, no need to bother generating a strong password, etc). The root user almost always have all access rights to the database anyway, root can copy all database files, root can edit all database files directly, root can access MariaDB process memory. It generally does not add any additional security to require the root user to know the password for the database. Anyway, if your setup is different and you are sure that your root user cannot access the database and you want to ensure root has the password — you need to change root's authentication plugin to be mysql_native_password, not unix_socket. See https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/

            People

              serg Sergei Golubchik
              rickr Rick Ruggiero
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.