maria-discuss team mailing list archive

Thread
Date

Re: Why does local root need a password?

To: Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
From: Peter McLarty <peter.mclarty63@xxxxxxxxx>
Date: Tue, 26 Mar 2019 11:09:35 +1000
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <9F6D93F5-55EE-4B7B-8FA3-9975A2D4423F@felipegasper.com>

The governance committee would have a fit about that security. That would
set up the possibility of the DBA logging in as an application service user
or some other user and edit data implicitly implying that the service
account or the user has been hacked as the edits came from that user in the
audit logs.

Yes by nature the DBA is god and this is true in all databases. SOX based
users in the US will talk about all the problems they have been dealt with
by auditors when addressing compliance.

For me, this opens a big can of governance worms. Happy to hear why that's
wrong

Cheers

Peter


On Tue, 26 Mar 2019 at 10:02, Felipe Gasper <felipe@xxxxxxxxxxxxxxxx> wrote:

> That’s different, I think. That’s for a mapping between system users and
> dB users.
>
> What I’m proposing is specifically for root, to be able to log in as any
> DB user.
>
> -FG
>
> On Mar 25, 2019, at 6:21 PM, Justin Swanhart <greenlion@xxxxxxxxx> wrote:
>
> MariaDB already supports authenticating as OS users such as root, when use
> by UNIX domain sockets for communications:
> https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/
>
> On Mar 25, 2019, at 6:07 PM, Felipe Gasper <felipe@xxxxxxxxxxxxxxxx>
> wrote:
>
> Hello,
>
>    I’ve submitted a proposal to the MySQL team to allow the system
> administrator, when logging in via a local socket that indicates reliably
> that the DB client is the superuser (e.g., SO_PEERCRED in Linux), to not
> need a password. As implemented, my suggestion allows root to log in as any
> user.
>
>    The rationale is that the system administrator can do anything on the
> server (including manual edits to the DB files) anyway; thus, every user
> already implicitly trusts that user with their data.
>
>    This will simplify DB administration on several levels, but most
> conspicuously because a lost DB admin password will no longer necessitate
> the awkward one-time-init-file recovery method.
>
>    Would MariaDB be interested in this proposal?
>
> -FG
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help   : https://help.launchpad.net/ListHelp
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help   : https://help.launchpad.net/ListHelp
>


-- 
Peter McLarty
Leader and Technologist
0402094238
http://petermclarty.setmore.com/

Follow ups

Re: Why does local root need a password?
From: Felipe Gasper, 2019-03-26

References

Why does local root need a password?
From: Felipe Gasper, 2019-03-25
Re: Why does local root need a password?
From: Justin Swanhart, 2019-03-25
Re: Why does local root need a password?
From: Felipe Gasper, 2019-03-25