[debian-mysql] Bug#855098: Bug#855098: mysql_secure_installation
Otto Kekäläinen
otto at debian.org
Wed Mar 8 20:55:04 UTC 2017
Hello!
2017-03-05 20:16 GMT+02:00 rugk <rugk at posteo.de>:
> Hi,
> actually I also had problems with your decicion not to use debian-sys-maint
> anymore and I would suspect other users, who are used to mysql, might have
> too. Because after a fresh install of mariadb-server I did the same steps,
> which were also recommend for mysql: I ran mysql_secure_installation.
> This works as expected and the user is assured that the instance is now
> save. However the first thing it does is change the root password, so
> actually this breaks your authentication.
>
> The user knows how he/she did it with mysql, does the same steps with
> mariadb and breaks the whole thing. Usually the user only notices this first
> when trying to stop the mysql service, at which point he/she has no clue
> what is wrong here.
> This might affect all users who are security-aware and run
> mysql_secure_installation without knowing the changes done in mariadb.
Yes, the right thing here is probably to modify the
mysql_secure_installation to behave in a way which is compatible with
fresh new default installs.
In general mysql_secure_installation is kind of a legacy thing and I
don't think many people use it, but we have no statistics and I might
be wrong.
..
> BTW: The README is really bad to find…
Yes, but in our experience Debian sysadmins anyway find it more easily
than other pieces of documentation.
The file is here in case you want to improve it with a new chapter:
https://anonscm.debian.org/git/pkg-mysql/mariadb-10.1.git/tree/debian/mariadb-server-10.1.README.Debian
You can send the path per mail or as a pull request on
https://github.com/ottok/mariadb-10.1
More information about the pkg-mysql-maint
mailing list