← Back to team overview

maria-discuss team mailing list archive

Re: Issue authenticating as mysql in 10.5 on Ubuntu 20.04

 

Hi Antony,

here the links to the before mentioned pages:

Authentication from MariaDB 10.4 -> https://mariadb.com/kb/en/authentication-from-mariadb-104/
Authentication in MariaDB 10.4 — Understanding the Changes -> https://mariadb.org/authentication-in-mariadb-10-4/

Here what mysql.global_priv contains:

MariaDB [(none)]> select * from mysql.global_priv;
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| Host      | User        | Priv                                                                                                                                       |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| localhost | mariadb.sys | {"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}                   |
| localhost | root        | {"access":<same_token_as_mysql>,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} |
| localhost | mysql       | {"access":<same_token_as_root_>,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} |
+-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.000 sec)

MariaDB [(none)]>

Both account create to use unix_socket and share the same password.

The security model for unix_socket is that for connections from the socket the db only checks if the context of the program, which is connecting to the database, is running in is owned by root. Thats from my understanding should make no difference when trying to connect to the database as mysql.

Best Alex


--- 
Best regards / Mit freundlichen Grüßen 
Alexander Nolting

----- Ursprüngliche Mail -----
Von: "Antony Stone" <Antony.Stone@xxxxxxxxxxxxxxxxxxxxxx>
An: "maria-discuss" <maria-discuss@xxxxxxxxxxxxxxxxxxx>
Gesendet: Montag, 11. Januar 2021 19:30:17
Betreff: Re: [Maria-discuss] Issue authenticating as mysql in 10.5 on Ubuntu	20.04

On Monday 11 January 2021 at 18:53:33, Alexander Nolting wrote:

> I did a fresh 20.04 and MariaDB 10.5.8 install and now I'm having a
> question related to the new authentication concept starting from 10.4.
>
> As stated at Authentication from MariaDB 10.4 and Authentication in MariaDB
> 10.4 — Understanding the Changes

Please can you provide a link to that documentation?

> there are two administrative accounts created: root and mysql.

I don't use Ubuntu, but I do use Debian and Devuan, and on both of those I get 
a 'root' user but I do not get a 'mysql' user.

> Logging as normal user as root into mariadb using unix_sockets is no
> problem

> Doing the same with as mysql
> testusr@host:~$ sudo mariadb -u mysql
> 
> ERROR 1698 (28000): Access denied for user 'mysql'@'localhost'.

1. What do you get from:

sudo mariadb -u root -e "select unique User from user"

	?

That will show you what username have been set up for you.

2. Note that in the first case "sudo ... -u root" you *are* the root user at 
the same time as you are trying to connect as the root user.

In the second case "sudo ... -u mysql" you are the root user but you are 
trying to connect as the mysql user - I think this may break the security 
model.  Does "sudo -u mysql mariadb -u mysql" do anything different?


Antony.

-- 
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.

 - Frank Skinner

                                                   Please reply to the list;
                                                         please *don't* CC me.

_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~maria-discuss
More help   : https://help.launchpad.net/ListHelp


References