Cannot log in as root user when not root Unix user

Bug #1567098 reported by Robie Basak on 2016-04-06
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
High
Unassigned

Bug Description

I'm not clear if this is an issue, but I think it needs investigating.

DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server
dpkg-reconfigure mysql-server (supply new root password)
Switch to non-root Unix user
Log in with mysql client as MySQL root user

Expected behaviour: login successful
Actual behaviour: login refused

Was this case considered when doing the Unix socket auth? Is the issue that the password was initially blank and then set later, or does it do it even if the password was initially set? If the former then this probably isn't as important as the latter case.

Robie Basak (racb) wrote :

(please check this reproduces first - I only suspect this due to some test failure logs)

Changed in mysql-5.7 (Ubuntu):
importance: Undecided → High
tags: added: mysql-5.7-transition
description: updated
Lars Tangvald (lars-tangvald) wrote :

I'm pretty certain it's the former, as I've been consistently setting a root password when installing 5.7 and logging in as a non-root unix user.

Lars Tangvald (lars-tangvald) wrote :

The issue might either be that a) Password isn't changed if database exists and has auth_socket set or b) Password is changed, but auth_socket isn't disabled, in which case it will override any password and require the unix user (and only the unix user).

Lars Tangvald (lars-tangvald) wrote :

If auth_socket is set to a user, then ALTER USER ... IDENTIFIED BY 'password' will not have any effect.

So if the server is installed with a blank password for root, trying to change the password with a reconfigure won't work.

But logging in as a root with a password set during the initial install works as it should.

If we want to be able to switch from auth_socket back to a normal password login we can ensure mysql_native_plugin is the user's authentication method when setting the password in postinst.

Lars Tangvald (lars-tangvald) wrote :

If the server has passwordless root access, this patch will check the value of mysql-server/rootpassword. If set, it will set that password instead of enabling auth_socket

The attachment "0001-Enable-setting-password-for-existing-database-if-it-.patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.7 - 5.7.11-0ubuntu6

---------------
mysql-5.7 (5.7.11-0ubuntu6) xenial; urgency=medium

  [ Lars Tangvald ]
  * Added patch for exporting my_make_scrambled_password to fix
    pure-ftpd FTBFS.
  * Client commands in d/postinst will ignore custom config (LP:
    #1567695)
  * Enable changing root password on install if previous db had empty
    (LP: #1567098)

  [ Robie Basak ]
  * d/mysql-server-5.7.postinst: quote "$rootpw" correctly.
  * d/control: add libnuma-dev and libaio-dev to libmysqld-dev
    dependencies, since these are required according to "mysql_config
    --libmysqld-libs". This fixes FTBFS of packages that use
    libmysqld-dev.

 -- Robie Basak <email address hidden> Wed, 13 Apr 2016 17:34:08 +0100

Changed in mysql-5.7 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers