Page 1 of 1
Posted: Fri Aug 17, 2018 10:07 pm
i installed mariadb and it did not prompt me any root setup
i am able to log in using sudo mariadb -u root -p but how do i setup mariadb root password and what other configuration i missed
Posted: Fri Aug 17, 2018 10:24 pm
Since you can login in using flags "-u root" and '-P" (it prompts for password, doesn't it?) then your root password is set up.
Posted: Fri Aug 17, 2018 10:34 pm
it does not, just logs me in by just using the sudo password
Posted: Fri Aug 17, 2018 10:44 pm
That's the way it works in DebIan stretch and derivatives. Yes, it's really bad and a massive security hole.
https://websiteforstudents.com/mariadb- ... 8-04-beta/
Posted: Fri Aug 17, 2018 10:59 pm
You can login as root using
You may omit -u root if you are root. And the -p option is useless because [email protected]
isn't authenticated by the native password authentication plugin but by the unix socket authentication plugin in a mariadb server, when installed from Debian packages.
If you want to setup a password for the [email protected]
database user, you should be aware that the installation of other packages may fail, if they need to create a database in mariadb. E.g. phpmyadmin must be installed before you setup a root password, because the builders of this package don't expect, that login as root might require a password.
Posted: Fri Aug 17, 2018 11:35 pm
If you are root in the OS, you can restart the mariadb server without password and permission checks. The additional "security hole", that is introduced by the unix socket authentication for root is, that you don't need to restart the server, before you can login without password.
Posted: Sat Aug 18, 2018 10:42 am
DougieLawson wrote: ↑
Fri Aug 17, 2018 10:44 pm
Yes, it's really bad and a massive security hole.
But is it really a security hole, if a user has root access to the server then they have full access to the data files to do whatever they want to with doesn't make any difference if they have root access on mysql or not (they can easily get it if they want).
It could be argued it's more secure as you no longer need root passwords that might be easy to remember/guess (or worse stored on the filesysem).