Re: Mysql

On Sun, 30 Mar 2008, houghi wrote:-

David Bolt wrote:
[0] IIRC, when you start up the mysql daemon for the first time, it asks
you to set a password for user root at localhost and also for
root@xxxxxxxxxxxxxx using /usr/bin/mysqladmin. If you haven't done very
much you might be lucky and find that command, including the password
you set, in your bash history.

The confusion comes from the fact that the user `root` on a system is
a user that has access to everything, while this is not true for a user
`root` in MySQL.

The confusion is probably because, after freshly installing mysql and
starting it for the first time, you get this[0]:

lion:~ # rcmysql start
Creating MySQL privilege database...
Installing MySQL system tables...
OK
Filling help tables...
OK
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h lion.davjam.org password 'new-password'
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
Updating MySQL privilege database...
Looking for 'mysql' in: /usr/bin/mysql
Looking for 'mysqlcheck' in: /usr/bin/mysqlcheck
Running 'mysqlcheck'...
mysql.columns_priv OK
mysql.db OK
mysql.func OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.host OK
mysql.proc OK
mysql.procs_priv OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
Running 'mysql_fix_privilege_tables'...
OK
Starting service MySQL done

There the user can be anybody, including `root` or `mysql_root` or
`anything_you_desire` and there has to be no relation perse between the
users on the system and the users in MySQL.

In a way, there is. That first user has the ability to do anything to
the mysql daemon including creating and "deleting" users, although
"deleting" users is probably the wrong term for it. To delete a user,
you just revoke their access rights using:

revoke all on *.* from 'user@hostname';

and then they no longer have access to any of the databases.

Even worse is that MySQL can work perfectly without the yser 'root' in
MySQL and on some places I read that having 'root' in MySQL could be a
security problem.

I've not read about that, but since I've not been chasing up that much
on mysql, it wouldn't surprise me if I'd missed it. If you can, can you
provide a citation for it?

Setting MySQL up is not the most logical thing to do.

Presently it requires entering 2 commands straight after the initial
start-up to set up the "root" users account and password. What's so hard
about that?

Hence bug #347149
Took me a long time to grasp that as well.


[0] after freshly installing mysql-Max on 10.3 (PPC)

Regards,
David Bolt

--
www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a1
SUSE 10.1 64bit | openSUSE 10.2 64bit | openSUSE 10.3 64bit
RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC |RISC OS 3.11
.

Relevant Pages

  • [Full-Disclosure] Proofpoint Protection Server remote MySQL root user vulnerability
    ... The MySQL server may be remotely access by the "root" user without using ... The Proofpoint Protection Server is a software product to filter spam ... the embedded MySQL 4.0 server binds to the default port ... Remote root will not be able to FLUSH ...
    (Full-Disclosure)
  • Re: myqsl dummy needs help
    ... Mike Wright wrote: ... MySQL does this. ... user that user is totally separate from the OS root account. ... I don't install MySql very often but I seem to recall an alert given ...
    (Fedora)
  • Re: INSTALAÇÃO DEBIAN LAMP!
    ... You should only use english in this list. ... >acessar o MySql e diz que eu não tenho permissão para acesso (isso pq eu ... >estou como ROOT). ... Sin importar el usuario, si quieres entrar a mysql como root, ...
    (Debian-User)
  • mysql connect problems
    ... starting out with MySQL or MySQL-dependent packages run into this. ... Neither of the two above-mentioned applications can connect to my ... # mysql -u root -p ... mysql database, and run 'select user, password, host from user;' I see ...
    (freebsd-questions)
  • Re: Need Help setting up Mysql on Openserver 6.0
    ... >> Essentially the same as included with the SCO Doc server. ... > the Root Password... ... Stopping mysql ... ... SET PASSWORD FOR 'root'@'localhost' = PASSWORD; ...
    (comp.unix.sco.misc)