-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MDEV-19316: mysql_secure_installation offers to rename root user #1288
Conversation
return 1 | ||
fi | ||
|
||
do_query "UPDATE mysql.global_priv SET User='$newuser' WHERE User='root';" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line 311, you used $rootuser
, why not here ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
311 is return, unsure what you are asking
Hi @ManjotS, |
fixed bad indents, while loop for set_root_user
@vuvova I don't think that MDEV will effect this PR.. unless you think we should have secure installation redefine mysql.user view, which it could. |
MDEV-19650 says that renaming a root user, breaks mysql.user, makes it unusable. I think it's very relevant to a PR about renaming the root user. |
|
I am a MariaDB Corp employee and this work was done as part of my employment. Don't need CLA. |
@ManjotS can you try locally to run your query? I couldn't.
|
Based on MDEV-19650, |
@ManjotS I took your concepts and wrote ddd6677 to keep it compatible with the goals of MDEV-10112 (Galera replication of changes - which is also getting corrected in the tree of changes). Related to MDEV-22486 its all about ensuring that non-root access can be used and overall this has simplified the implementation somewhat. If there's unix socket authentication it won't prompt the change. It currently will rename to I know this change has been requested for a long time. Sorry for the delay. Is there any other desired and anti-desired aspects of this implementation in development to fix MDEV-19316? |
That was quite a simplification, but I am happy with it! |
Based off @ManjotS's implementation in MariaDB#1288
Patch includes redesign of the script and solves following MDEVs: - MDEV-22486: mysql_secure_installation cannot work without root user in the database - MDEV-25169 Secure installation with normal user fails to accept empty root password - MDEV-10112: mysql_secure_installation should use GRANT, REVOKE, etc for galera support - MDEV-19316: mysql_secure_installation should offer to rename root user Closes PR #1288 - Adding test case for the script evaluation Co-author: Daniel Black <daniel@mariadb.org> Reviewed by: daniel@mariadb.org serg@mariadb.com
Hi @ManjotS, I'm going through older pull requests to help move them forward. I see that @an3l is continuing development of this based on your work in his branch Also, feel free to comment further in MDEV-19316. |
This PR fixes MDEV-19316
mysql_secure_installation should offer to rename root to another name (default to short hostname) before prompting for root password change.