Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
-
None
Description
mysql_install_db prints at the end
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server, then issue the following commands:" |
echo |
echo "'$bindir/mysqladmin' -u root password 'new-password'" |
echo "'$bindir/mysqladmin' -u root -h $hostname password 'new-password'" |
echo |
echo "Alternatively you can run:" |
echo "'$bindir/mysql_secure_installation'" |
echo |
But in fact it creates four root accounts, root@localhost, root@hostname, root@127.0.0.1, root@::1, the last two only accessible with skip_name_resolve=1 and (for the last one) with ipv6 support.
How to fix the instruction to cover all root accounts? There are various possibilities.
Option one
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server with the --skip-name-resolve, then issue the following commands:" |
echo |
echo "'$bindir/mysqladmin' -u root password 'new-password'" |
echo "'$bindir/mysqladmin' -u root -h $hostname password 'new-password'" |
echo "'$bindir/mysqladmin' -u root -h 127.0.0.1 password 'new-password'" |
echo "'$bindir/mysqladmin' -u root -h ::1 password 'new-password'" |
echo |
echo "Alternatively you can run:" |
echo "'$bindir/mysql_secure_installation'" |
echo |
This explicitly tells the user to "start the server with the --skip-name-resolve", not the easiest approach.
Option two
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server, then issue the following commands:" |
echo |
echo "'$bindir/mysql' -u root -e 'UPDATE mysql.user SET password=password(\"new-password\") WHERE user=\"root\";flush privileges'" |
echo |
echo "Alternatively you can run:" |
echo "'$bindir/mysql_secure_installation'" |
echo |
This updates all root users and only one command instead of four (or two). But more sensitive to correct pasting and to quotes inside a password. And it does exactly what the manual tells not to do — direct update of a privilege table.
Option three
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server, then issue the following commands:" |
echo |
echo "'$bindir/mysql' -u root -e 'SET PASSWORD FOR root@\"$hostname\" = PASSWORD(\"new-password\")'" |
echo "'$bindir/mysql' -u root -e 'SET PASSWORD FOR root@\"127.0.0.1\" = PASSWORD(\"new-password\")'" |
echo "'$bindir/mysql' -u root -e 'SET PASSWORD FOR root@\"::1\" = PASSWORD(\"new-password\")'" |
echo "'$bindir/mysql' -u root -e 'SET PASSWORD FOR root@\"localhost\" = PASSWORD(\"new-password\")'" |
echo |
echo "Alternatively you can run:" |
echo "'$bindir/mysql_secure_installation'" |
echo |
No direct updates, but four commands to copy, four times to repeat the password. And as sensitive to correct pasting and quotes as the option two.
Option four
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server, then run:" |
echo "'$bindir/mysql_secure_installation'" |
echo |
The shortest possible. But will ask more questions than just about root password.
Option five
If our task is to make it as easy as possible for the end user, how about this:
mariadb_set_password --user=root [--for-user=root] [--for-hostname=hostname, hostname] |
If for-hostname is not set, then it would set for all accounts for that user. If for-user is not set, then change the account for the current user.
This would also work nicely for installations where the root user is renamed.
The benefit of a script is that in that one we can, in case of no hostname, we can directly manipulate that user table if we would need to do that.
Another option is to extend mariadb_admin to do this, but with the same options as above.
This would allow us to write:
echo "PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !" |
echo "To do so, start the server, then run:" |
echo "mariadb_set_password --user=root" |
echo "or" |
echo "'$bindir/mysql_secure_installation'" |
Attachments
Issue Links
- duplicates
-
MDEV-25318 mysql_install_db.sh wrong instructions on how to set root password leading to passwordless root account.
- Closed