[MDEV-7656] init_file option does not allow changing passwords Created: 2015-03-04  Updated: 2015-10-23  Resolved: 2015-10-23

Status: Closed
Project: MariaDB Server
Component/s: Admin statements
Affects Version/s: 10.0.17, 10.1.3, 10.0
Fix Version/s: 10.0.22, 10.1.9

Type: Bug Priority: Major
Reporter: Andrew Garner Assignee: Sergei Golubchik
Resolution: Fixed Votes: 1
Labels: verified

Sprint: 10.0.22

 Description   

This came up when resetting a forgotten password for a database user in mariadb 10.0.17, where typically the process was to restart with --init-file that applies some SQL like SET PASSWORD / UPDATE ... SET PASSWORD / GRANT ... IDENTIFIED BY. Under MariaDB 10.0.17 (and also tested under 10.1.3) this results in the following error in the error log and no effect:

ERROR: 1131 You are using MariaDB as an anonymous user and anonymous users are not allowed to modify user settings

This seems to only affect changing the password of existing users, but new users can be added with a password. Alternatively, skip-grant-tables can be used as an alternative (but we find less desirable) method to reset a password.

This seems like a bug, and fwiw, the behavior seems to differ from MySQL 5.6. Is this behavior of init-file in MariaDB intended?

 Comments   
Comment by Elena Stepanova [ 2015-03-04 ]

Thanks for the report.
It started happening on 10.0* tree with the following revision:

    revno: 3427.35.138
 
    revision-id: sergii@pisem.net-20131018184140-m792steyor2pwysh
 
    parent: sergii@pisem.net-20131018183813-s3i5mxiwveb14wyu
 
    committer: Sergei Golubchik <sergii@pisem.net>
 
    branch nick: 10.0-base
 
    timestamp: Fri 2013-10-18 11:41:40 -0700
 
    message:
 
      SET PASSWORD bugfixes:
 
      * work as documented, use CURRENT_USER()
 
      * move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work

Test case

 
create user foo@localhost;
 
 
 
select user,host,password from mysql.user where user='foo';
 
 
 
--write_file $MYSQLTEST_VARDIR/init.file
 
grant all on *.* to foo@localhost identified by 'test';
 
EOF
 
 
 
--enable_reconnect
 
 
 
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
 
 
 
--shutdown_server 10
 
--source include/wait_until_disconnected.inc
 
 
 
--exec echo "restart:--init-file=$MYSQLTEST_VARDIR/init.file  " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
 
 
 
--source include/wait_until_connected_again.inc
 
select user,host,password from mysql.user where user='foo';
 
 
 
drop user foo@localhost;

Comment by TomP [ 2015-08-11 ]

We too are seeing this issue with 10.0.21 on CentOS 6.

We use the init-file feature to ensure certain system users are setup with the correct hashed passwords on our database servers when the servers start.

This file is puppet managed so that new servers are automatically provisioned with these users.

Generated at Thu Feb 08 07:21:16 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.