[debian-mysql] Bug#435744: Bug#435744: mysql-server-5.0: mysqladmin does not update all root passwords
Norbert Tretkowski
norbert at tretkowski.de
Tue Nov 6 08:56:51 UTC 2007
Am Montag, den 05.11.2007, 22:14 -0800 schrieb Monty Taylor:
> Actually, I think this bug points out another flaw which is that
> multiple root password accounts are created. One account is just fine.
I see only two root accounts on fresh installations, one for localhost
and one for the local hostname:
root at db2:~# mysql -u root -p -e "select host,user from user" mysql
Enter password:
+-----------+------------------+
| host | user |
+-----------+------------------+
| db2 | root |
| localhost | debian-sys-maint |
| localhost | root |
+-----------+------------------+
> Is there some Debian specific reason 3 accounts are created? Upstream
> creates two to work around the weird resolution order caused by having
> the anonymous user present. But since we don't create the anonymous
> user, % actually will match all hosts (including localhost)
I don't think using '%' is a good idea, it allows remote access to the
database with root privileges when you're not using 127.0.0.1 for
bind-address.
Norbert
More information about the pkg-mysql-maint
mailing list