[MDEV-26593] Replace mysql_secure_installation with a notice that it is useless Created: 2021-09-11  Updated: 2022-11-28

Status: Open
Project: MariaDB Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Otto Kekäläinen Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None

Issue Links:
PartOf
includes MDEV-7657 mysql_secure_installation does not wo... Open
includes MDEV-10112 mysql_secure_installation should use ... Open
includes MDEV-20259 mysql_secure_installation should use ... Open
Relates
relates to MDEV-30110 Update mariadb-secure-installation to... Open

 Description   

Due to historical reasons, a lot of people have learnt that running mysql_secure_installation after installing MySQL is a good routine.

In reality mysql_secure_installation has been useless for years.

  • It removes anonymous users – but the default MariaDB installation has none
  • It removes the tmp database – but the default MariaDB installation has none
  • It sets a root password and writes it into my.cnf – which makes the security posture worse compared to a default MariaDB installation with pure unix socket authentication and now passwords that could leak or be guessed
  • It removes remote root access account – but those don't have any access in a default MariaDB installation, and remote root is the only reason one would ever want to have a root password at all, so the script is just silly now

It would be better to remove the whole thing and just replace it with a notice "The command mysql_secure_installation has been deprecated – MariaDB is secure by default and there are no actions that need to be taken after installing MariaDB. This script does not improve the security of MariaDB at all."

Looking at the history of the script nobody has ever stopped to think does it make any sense at all nowadays: https://github.com/MariaDB/server/commits/193bfdd831bbbf65e74acd12baf691d4305e3c11/scripts/mysql_secure_installation.sh

In the past 10 years nobody has done anything to improve the security features, all commits are pure bug fixes. And there is still more bugfixes needed to make it fully work:

Rather than invest time in fixing bugs in a script that is useless, just get rid of the script that is only misleading users and replace it with a notice so users can unlearn from the routine of having to run it.

 Comments   
Comment by Luke (Inactive) [ 2022-02-16 ]

This isn't entirely true, a fresh install will prove differently.

[root@db01 ~]# mariadb -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.7.3-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> select user,host from mysql.user;
----------------------+

User Host

----------------------+

  db01
  localhost
mariadb.sys localhost
mysql localhost
root localhost

----------------------+
5 rows in set (0.003 sec)

MariaDB [(none)]> show databases;
--------------------

Database

--------------------

information_schema
mysql
performance_schema
sys
test

--------------------
5 rows in set (0.001 sec)

Comment by Daniel Black [ 2022-02-16 ]

I do share the exasperation of its excessive use (like FLUSH PRIVILEGES everywhere). I even had to add add a notice in the docker library entrypoint for mariadb based on user misinformatio.

Writing descriptions (like MDEV-27613) for upgrade and other packaging things does add to the harmful perception.

It removes anonymous users – but the default MariaDB installation has none

It removes the test database – but the default MariaDB installation has none

You are right for Debian, and rpm packages. Possibly some other distros. Notably as luke.smith showed earlier anonymous user and test database is there. When installed using mysql_install_db --auth-root-authentication-method=normal is the case where the option where mysql_secure_installation is "strongly recommended".

anel and I did get to writing a large amount of mysql_secure_installation fixes latest year, which addresses some issues, but others like writing temporary config file containing the password, like mysql_upgrade, isn't done. It stalled because it just because too big a change to be considered stable. Constraints like not-bash means that work arounds like this (before or after implementation), and a few other scripting constructs aren't as easy.

Maybe as an option we should revert to a server assisted implementation as an installed stored procedure and cut back mysql_install_db to calling it rather than trying to do it all in shell.

I don't think we can totally drop it as "this is useless", but we could advice use the user like "unless you have done mysql_install_db --auth-root-authentication-method=normal, or have set a weak root password", your system is already secure." (+ maybe something around skip-test-db because that isn't default).

Comment by Ian Gilfillan [ 2022-06-13 ]

danblack's suggestion to advise the user when running it seems to make sense.

Generated at Thu Feb 08 09:46:29 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.