Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0.20
-
None
Description
mysql_secure_installation doesn't pass "socket" to the "mysql" client. It doesn't matter if the argument is set in the configuration file provided as --defaults-file or if it is set with --socket via the command-line.
e.g., Let's start with some setup with a binary tarball installation:
sudo ./scripts/mysql_install_db --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
|
sudo ./bin/mysqld_safe --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user
|
sudo cp ./bin/mysql /usr/bin # temporarily get around MDEV-8498
|
Contents of /etc/my.cnf:
[mysqld]
|
datadir=/var/lib/mysql
|
socket=/var/lib/mysql/mysql.sock
|
# Disabling symbolic-links is recommended to prevent assorted security risks
|
symbolic-links=0
|
# Settings user and group are ignored when systemd is used.
|
# If you need to run mysqld under a different user or group,
|
# customize your systemd unit file for mariadb according to the
|
# instructions in http://fedoraproject.org/wiki/Systemd
|
|
[mysqld_safe]
|
log-error=/var/log/mariadb/mariadb.log
|
pid-file=/var/run/mariadb/mariadb.pid
|
|
#
|
# include all files from the config directory
|
#
|
!includedir /etc/my.cnf.d
|
Contents of /home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf:
[client]
|
socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
|
|
[mysqld]
|
datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
|
socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
|
# Disabling symbolic-links is recommended to prevent assorted security risks
|
symbolic-links=0
|
# Settings user and group are ignored when systemd is used.
|
# If you need to run mysqld under a different user or group,
|
# customize your systemd unit file for mariadb according to the
|
# instructions in http://fedoraproject.org/wiki/Systemd
|
|
[mysqld_safe]
|
log-error=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.log
|
pid-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.pid
|
|
#
|
# include all files from the config directory
|
#
|
#!includedir /etc/my.cnf.d
|
Now, try to call mysql_secure_installation. It should use the "socket" value in the file provided by --defaults-file.
$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64
|
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
|
|
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
|
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
|
|
In order to log into MariaDB to secure it, we'll need the current
|
password for the root user. If you've just installed MariaDB, and
|
you haven't set the root password yet, the password will be blank,
|
so you should just press enter here.
|
|
Enter current password for root (enter for none):
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")
|
So, let's try setting it with --socket instead:
$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
|
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
|
|
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
|
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
|
|
In order to log into MariaDB to secure it, we'll need the current
|
password for the root user. If you've just installed MariaDB, and
|
you haven't set the root password yet, the password will be blank,
|
so you should just press enter here.
|
|
Enter current password for root (enter for none):
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")
|