Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
10.4(EOL), 10.5
-
None
Description
Starting from 10.4, mysql_secure_installation gets stuck at the very beginning of execution if the database doesn't have root@localhost and the script is executed under another superuser.
It happens because after successfully connecting under the other user, it immediately runs show create user root@localhost, gets an error, interprets it as a failure to connect, and goes into the loop asking again for a password:
|
mysql_secure_installation from 10.4 7f03a933, console output |
Enter current password for root (enter for none): |
ERROR 1133 (28000) at line 1: Can't find any matching row in the user table |
Enter current password for root (enter for none):
|
ERROR 1133 (28000) at line 1: Can't find any matching row in the user table |
Enter current password for root (enter for none): |
ERROR 1133 (28000) at line 1: Can't find any matching row in the user table |
|
10.4 7f03a933, general log |
200506 21:58:39 16 Connect elenst@localhost as anonymous on |
16 Query show create user root@localhost |
16 Quit
|
200506 22:00:11 17 Connect elenst@localhost as anonymous on |
17 Query show create user root@localhost |
17 Quit
|
200506 22:00:13 18 Connect elenst@localhost as anonymous on |
18 Query show create user root@localhost |
Earlier it wouldn't matter much, because most of operations couldn't be performed anyway due to the non-existing owner of mysql.user. Now with the trend of allowing removal of root@localhost (MDEV-19650), it becomes an issue.
Please also note the cosmetic problems, hardcoded "root" in messages like
Enter current password for root
|
where it is really asking for a password of a user it is going to pass to MariaDB client.
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
Activity
Hi Serg, mysql_secure_installation redesign patch is here.
groot-verde FYI based on MDEV-25169 conversation. If you have time to test the ^ patch would be great.
anel, I don't understand what you're doing. The bug here is that mysql_secure_installation runs show create user for root, and cannot distinguish between "user not found" and "access denied", so it goes into an infinite loop. The fix is either to distinguish between these errors or use a different statement that wouldn't normally fail. Instead you're rewriting half of mysql_secure_installation for some reason. Let's just fix the bug first.
Whether mysql_secure_installation should even work for someone who took care to delete root@localhost is rather questionable. It is supposed to harden the default installation. An installation without a root user is clearly already hardened and definitely not default. So, I'm not sure mysql_secure_installation needs to support it beyond exiting with a meaningful message.
May be, let's fix the bug first and then we can discuss whether mysql_secure_installation needs a redesign at all and what kind of redesign it needs?
Yes serg, thanks.
Daniel can you please review: c73b88011ed003ec for this MDEV.
review was done on https://github.com/MariaDB/server/commit/c73b88011ed003ec7fe766ff84a824c8cf196c83 - comments within
Patch:
https://github.com/MariaDB/server/commit/a6166ded25b33a2d11fbd88b5a1be4949f49d0fc
result:
$ ./scripts/mariadb-secure-installation -umajra -pmajraNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the currentpassword for the root user. If you've just installed MariaDB, andhaven't set the root password yet, you should just press enter here.Enter current password for root (enter for none):There is no root user.Cleaning up...