Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19516

mysql_secure_installation doesn't set password_last_changed while setting password for root

    XMLWordPrintable

Details

    Description

      mysql_secure_installation performs direct updates on mysql.global_priv. If it is instructed to set a password for root, it inserts the authentication_string value, but not password_last_changed, and then it reloads privileges. So, if the server is running with non-zero default_password_lifetime, the rest of the script will fail, as root won't be allowed to do anything anymore.

      Change the root password? [Y/n] y
      New password: 
      Re-enter new password: 
      Password updated successfully!
      Reloading privilege tables..
       ... Success!
       
       
      By default, a MariaDB installation has an anonymous user, allowing anyone
      to log into MariaDB without having to have a user account created for
      them.  This is intended only for testing, and to make the installation
      go a bit smoother.  You should remove them before moving into a
      production environment.
       
      Remove anonymous users? [Y/n] y
      ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement
       ... Failed!
      

      If it default_password_lifetime is configured later , then root will get blocked as soon as the value is set, even if it's only been minutes after mysql_secure_installation had finished, which is also somewhat embarrassing.

      Attachments

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.