← Back to team overview

maria-discuss team mailing list archive

Re: Why does local root need a password?


Hi, Felipe!

On Mar 25, Felipe Gasper wrote:
> Hello,
> I’ve submitted a proposal to the MySQL team to allow the system
> administrator, when logging in via a local socket that indicates
> reliably that the DB client is the superuser (e.g., SO_PEERCRED in
> Linux), to not need a password. As implemented, my suggestion allows
> root to log in as any user.
> The rationale is that the system administrator can do anything on the
> server (including manual edits to the DB files) anyway; thus, every
> user already implicitly trusts that user with their data.
> This will simplify DB administration on several levels, but most
> conspicuously because a lost DB admin password will no longer
> necessitate the awkward one-time-init-file recovery method.
> Would MariaDB be interested in this proposal?

We totally agree with your rationale.

This is why MariaDB packages in Debian had password-less root login for
a few years now.

It caused some complains from users who expected to be able to login as
root without sudo, by specifying a password.

Other complained that if MariaDB is installed locally, not system-wide,
one should not need sudo to login as root (there's a debian bug report
about it).

These issues were fixed in 10.4. And now in MariaDB-10.4 by default
creates two accounts that allow both SO_PEERCRED-based and
password-based logins. For the root user and for the owner of the
datadir. With the rationale, exactly, that these two local users have
access to all the data anyway.

It was https://jira.mariadb.org/browse/MDEV-12484 - implemented in 10.4.3.

It does not allow root to log in as any user though, only as root.

Chief Architect MariaDB
and security@xxxxxxxxxxx