← Back to team overview

maria-discuss team mailing list archive

Re: Why does local root need a password?



>         The rationale is that the system administrator can do anything on
> the server (including manual edits to the DB files) anyway; thus, every
> user already implicitly trusts that user with their data.

The user that is the manager of the server(root in Linux) is not the owner
of the data.
So imho we should go exactly the opposite direction, trying to make more
complicated, not easier, to just do anything that's not strictly managing
the server.
Yes he can tamper files but one thing is doing that and another is that any
'root' can read sensitive data, consider also MariaDB supports data at rest
encryption with third party external key management system.

Best Regards


Follow ups