Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19516

mysql_secure_installation doesn't set password_last_changed while setting password for root

    XMLWordPrintable

    Details

      Description

      mysql_secure_installation performs direct updates on mysql.global_priv. If it is instructed to set a password for root, it inserts the authentication_string value, but not password_last_changed, and then it reloads privileges. So, if the server is running with non-zero default_password_lifetime, the rest of the script will fail, as root won't be allowed to do anything anymore.

      Change the root password? [Y/n] y
      New password: 
      Re-enter new password: 
      Password updated successfully!
      Reloading privilege tables..
       ... Success!
       
       
      By default, a MariaDB installation has an anonymous user, allowing anyone
      to log into MariaDB without having to have a user account created for
      them.  This is intended only for testing, and to make the installation
      go a bit smoother.  You should remove them before moving into a
      production environment.
       
      Remove anonymous users? [Y/n] y
      ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement
       ... Failed!
      

      If it default_password_lifetime is configured later , then root will get blocked as soon as the value is set, even if it's only been minutes after mysql_secure_installation had finished, which is also somewhat embarrassing.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: