[debian-mysql] Bug#435744: Bug#435744: mysql-server-5.0: mysqladmin does not update all root passwords

Norbert Tretkowski norbert at tretkowski.de
Tue Nov 6 08:56:51 UTC 2007


Am Montag, den 05.11.2007, 22:14 -0800 schrieb Monty Taylor:
> Actually, I think this bug points out another flaw which is that
> multiple root password accounts are created. One account is just fine.

I see only two root accounts on fresh installations, one for localhost
and one for the local hostname:

root at db2:~# mysql -u root -p -e "select host,user from user" mysql
Enter password: 
+-----------+------------------+
| host      | user             |
+-----------+------------------+
| db2       | root             | 
| localhost | debian-sys-maint | 
| localhost | root             | 
+-----------+------------------+

> Is there some Debian specific reason 3 accounts are created? Upstream
> creates two to work around the weird resolution order caused by having
> the anonymous user present. But since we don't create the anonymous
> user, % actually will match all hosts (including localhost)

I don't think using '%' is a good idea, it allows remote access to the
database with root privileges when you're not using 127.0.0.1 for
bind-address.

	Norbert






More information about the pkg-mysql-maint mailing list