soydepr
Posts: 155
Joined: Mon Mar 24, 2014 10:51 am

mariadb

Fri Aug 17, 2018 10:07 pm

i installed mariadb and it did not prompt me any root setup

i am able to log in using sudo mariadb -u root -p but how do i setup mariadb root password and what other configuration i missed

W. H. Heydt
Posts: 10749
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: mariadb

Fri Aug 17, 2018 10:24 pm

Since you can login in using flags "-u root" and '-P" (it prompts for password, doesn't it?) then your root password is set up.

soydepr
Posts: 155
Joined: Mon Mar 24, 2014 10:51 am

Re: mariadb

Fri Aug 17, 2018 10:34 pm

it does not, just logs me in by just using the sudo password

User avatar
DougieLawson
Posts: 35789
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: mariadb

Fri Aug 17, 2018 10:44 pm

That's the way it works in DebIan stretch and derivatives. Yes, it's really bad and a massive security hole.

https://websiteforstudents.com/mariadb- ... 8-04-beta/
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

fbe
Posts: 494
Joined: Thu Aug 17, 2017 9:08 pm

Re: mariadb

Fri Aug 17, 2018 10:59 pm

You can login as root using

Code: Select all

sudo mysql
You may omit -u root if you are root. And the -p option is useless because [email protected] isn't authenticated by the native password authentication plugin but by the unix socket authentication plugin in a mariadb server, when installed from Debian packages.

If you want to setup a password for the [email protected] database user, you should be aware that the installation of other packages may fail, if they need to create a database in mariadb. E.g. phpmyadmin must be installed before you setup a root password, because the builders of this package don't expect, that login as root might require a password.

fbe
Posts: 494
Joined: Thu Aug 17, 2017 9:08 pm

Re: mariadb

Fri Aug 17, 2018 11:35 pm

If you are root in the OS, you can restart the mariadb server without password and permission checks. The additional "security hole", that is introduced by the unix socket authentication for root is, that you don't need to restart the server, before you can login without password.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: mariadb

Sat Aug 18, 2018 10:42 am

DougieLawson wrote:
Fri Aug 17, 2018 10:44 pm
Yes, it's really bad and a massive security hole.
But is it really a security hole, if a user has root access to the server then they have full access to the data files to do whatever they want to with doesn't make any difference if they have root access on mysql or not (they can easily get it if they want).

It could be argued it's more secure as you no longer need root passwords that might be easy to remember/guess (or worse stored on the filesysem).

Return to “General discussion”