maria-discuss team mailing list archive

Thread
Date

Re: Why does local root need a password?

To: Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
From: Justin Swanhart <greenlion@xxxxxxxxx>
Date: Mon, 25 Mar 2019 18:21:07 -0400
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <B2EAC294-4E55-4E41-8C97-43B469ACF073@felipegasper.com>

MariaDB already supports authenticating as OS users such as root, when use by UNIX domain sockets for communications:
https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/

> On Mar 25, 2019, at 6:07 PM, Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> wrote:
> 
> Hello,
> 
>    I’ve submitted a proposal to the MySQL team to allow the system administrator, when logging in via a local socket that indicates reliably that the DB client is the superuser (e.g., SO_PEERCRED in Linux), to not need a password. As implemented, my suggestion allows root to log in as any user.
> 
>    The rationale is that the system administrator can do anything on the server (including manual edits to the DB files) anyway; thus, every user already implicitly trusts that user with their data.
> 
>    This will simplify DB administration on several levels, but most conspicuously because a lost DB admin password will no longer necessitate the awkward one-time-init-file recovery method.
> 
>    Would MariaDB be interested in this proposal?
> 
> -FG
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Why does local root need a password?
From: Felipe Gasper, 2019-03-25

References

Why does local root need a password?
From: Felipe Gasper, 2019-03-25