Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8375

Debian: Passwordless mysqld root login via socket auth bugfixing

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 10.0
    • Fix Version/s: 10.0
    • Component/s: Platform Debian
    • Labels:
      None

      Description

      Reported by Otto Kekäläinen:

      • Daniel Black did a great job helping me to transform the current Debian Sid packaging on MariaDB 10.0 to use the socket auth for the root user, thus no mysql/mariadb root password is needed anymore
      • This new system works great for new installs, but users who had been using a root account with a password get confused when it suddently disappears during an upgrade, eg. https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1447808
      • The Debian mariadb-server-10.0.preinst and .postinst scripts should be engineered so that they detect if an upgrade is taking place (if there was a previous root password or if the database is blank) and in those cases where a root password did previously exist, it should still be possible to log in also using the password.
      • Daniel black drafted https://github.com/ottok/mariadb-10.0/pull/23/files but I don't understand how it solves this situation.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              danblack Daniel Black added a comment -

              > but I don't understand how it solves this situation.

              makes the mysql_install_db create the root user authenticated by unix_socket rather than leaving it to package scripts.

              Show
              danblack Daniel Black added a comment - > but I don't understand how it solves this situation. makes the mysql_install_db create the root user authenticated by unix_socket rather than leaving it to package scripts.
              Hide
              serg Sergei Golubchik added a comment -

              I'm not exactly sure what to do here. It's not an upstream (MariaDB) bug (yet). It needs to be fixed downstream (in Debian packaging). I don't know how downstream wants to fix the bug either. Not switching existing users to unix_socket seems obvious enough to me.

              Show
              serg Sergei Golubchik added a comment - I'm not exactly sure what to do here. It's not an upstream (MariaDB) bug (yet). It needs to be fixed downstream (in Debian packaging). I don't know how downstream wants to fix the bug either. Not switching existing users to unix_socket seems obvious enough to me.
              Hide
              otto Otto Kekäläinen added a comment -

              Daniel Black Thanks for the comment above but unfortunately I still don't understand how it works, what is the sequence of events, what does this mean for new install and upgrades, what things that change will rule out that will stop working etc. Can you please extend the context a bit?

              We could also sit down an finalize this passwordless root login issue at the dev meetup next month if you wish to spend some time on it there.

              Show
              otto Otto Kekäläinen added a comment - Daniel Black Thanks for the comment above but unfortunately I still don't understand how it works, what is the sequence of events, what does this mean for new install and upgrades, what things that change will rule out that will stop working etc. Can you please extend the context a bit? We could also sit down an finalize this passwordless root login issue at the dev meetup next month if you wish to spend some time on it there.
              Hide
              danblack Daniel Black added a comment -

              scripts/mysql_system_tables_data.sql could be modified to add a root user account with a unix_socket auth.

              The plugin would also need to be inserted here into the plugins table.

              This would cover the install case as this is incorporated into the mysql_install_db script. some wrapping here will be needed to avoid installing this on Windows installs.

              As upgrades don't invoke mysql_install_db the only thing required in mariadb-server-X.X.postinst is to populate user=root in debian.cnf instead of user = debian-sys-maint if its a socket user. The test_mysql_access bit of the postinit script is incorrect as this will return true if its a socket authed root user.

              Happy to spend some time on it at the dev conference. Its going to be pretty busy I suspect.

              Show
              danblack Daniel Black added a comment - scripts/mysql_system_tables_data.sql could be modified to add a root user account with a unix_socket auth. The plugin would also need to be inserted here into the plugins table. This would cover the install case as this is incorporated into the mysql_install_db script. some wrapping here will be needed to avoid installing this on Windows installs. As upgrades don't invoke mysql_install_db the only thing required in mariadb-server-X.X.postinst is to populate user=root in debian.cnf instead of user = debian-sys-maint if its a socket user. The test_mysql_access bit of the postinit script is incorrect as this will return true if its a socket authed root user. Happy to spend some time on it at the dev conference. Its going to be pretty busy I suspect.

                People

                • Assignee:
                  otto Otto Kekäläinen
                  Reporter:
                  svoj Sergey Vojtovich
                • Votes:
                  3 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated: