Root password policy for mysql
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-dfsg-5.0 (Ubuntu) |
Fix Released
|
Wishlist
|
Soren Hansen | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Edgy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Won't Fix
|
Wishlist
|
Soren Hansen |
Bug Description
We want to ask as few questions as possible during installation, so we prefer not to ask the user for a root password for his mysql server during install. However, having a mysql server without a root password leaves the database wide open for various exploits in e..g webapps.
We need a solution that preferably does not involve asking questions during installation, but also does not leave us that open to exploits.
Martin Pitt suggested hacking mysql to allow the (system) root user to change the mysql root password without knowing the current password and setting it to a random/bogus value on installation. That way, any user with sudo privileges can set a proper password after installation if he wants to.
Changed in mysql-dfsg-5.0: | |
assignee: | nobody → ubuntu-server |
importance: | Undecided → High |
status: | Unconfirmed → Confirmed |
Changed in mysql-dfsg-5.0: | |
assignee: | ubuntu-server → shawarma |
Changed in mysql-dfsg-5.0: | |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
Changed in mysql-dfsg-5.0: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
Changed in mysql-dfsg-5.0: | |
importance: | High → Wishlist |
status: | Confirmed → Triaged |
Actually you can do the sudo thing without hacking mysql or touching mysql code. A rather simple init/shell-script (re)starting mysqld with skip privileges lets you overwrite existing root passwords, that is also the way mysql suggests.
So a /etc/init.d/mysql setpass could interactively ask you wheter to restart mysql with skip privs listening only on a local socket, set a new password and restart mysql with normal my.cnf configuration afterwards.
That might sound a little freaky but actually it's fewer code, more maintainable and mysql administrators used to have a standard mysql server don't get puzzled about a patched server.