And even if you define any random password there, and pass it to client, connection will still succeed:
root@server-0624-01023:/home/ubuntu# cat /etc/mysql/debian.cnf
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/mysqld/mysqld.sock
root@server-0624-01023:/home/ubuntu# mysql --defaults-file=/etc/mysql/debian.cnf
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 54
Server version: 10.3.34-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
I would say this bug should not be that critical. As mysqlclient will try socket auth first before trying password one.
By default file looks like this:
[client] mysqld/ mysqld. sock mysqld/ mysqld. sock
host = localhost
user = root
password =
socket = /var/run/
[mysql_upgrade]
host = localhost
user = root
password =
socket = /var/run/
And even if you define any random password there, and pass it to client, connection will still succeed:
root@server- 0624-01023: /home/ubuntu# cat /etc/mysql/ debian. cnf mysqld/ mysqld. sock mysqld/ mysqld. sock 0624-01023: /home/ubuntu# mysql --defaults- file=/etc/ mysql/debian. cnf MariaDB- 0ubuntu0. 20.04.1 Ubuntu 20.04
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/
[mysql_upgrade]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/
root@server-
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 54
Server version: 10.3.34-
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> Bye 0624-01023: /home/ubuntu#
root@server-
But I think we still should avoid placing this file for non-Debian distros and if our user is not root but admin.