[MDEV-39480] sysusers.d: lock mysql service account and make it non-login - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.11
Fix Version/s: 13.0
Component/s: Packaging
Labels:
- contribution

Description

MariaDB currently creates the @MYSQLD_USER@ sysusers entry like this:

u @MYSQLD_USER@ - "MariaDB" @MYSQL_DATADIR@

This leaves the datadir as the account home and does not make it explicit that the account is locked/non-login.

For a service user, it is clearer to define it as a locked account with no usable home or shell:

u! @MYSQLD_USER@ - "MariaDB Server" /nonexistent /bin/false

This makes the mysql account clearly service-only, avoids using the datadir as a login home, and matches the usual convention for non-interactive system users.

Attachments

Activity

People

Assignee:: Daniel Black

Reporter:: Aquila Macedo

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2026-04-28 21:57

Updated:: 2026-04-30 07:18

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.