mirror of
https://github.com/MariaDB/server.git
synced 2025-01-19 21:42:35 +01:00
736afe8680
In Debian, the default install is made more secure by omitting the anonymous
user and by making the root account authenticate by unix socket
authentication instead of the default password-less root. However, Debian
hard-codes this change in mysql_install_db, which breaks that program for
other users.
This commit instead implements new general options for mysql_install_db that
can be used by anyone to similarly perform a more secure install:
--skip-auth-anonymous-user: omits the anonymous user.
--auth-root-authentication-method=normal: Keeps the existing behaviour
with a password-less root account. Currently on by default.
--auth-root-socket-user=USER
--auth-root-authentication-method=socket: creates the MariaDB root user
with the name USER (defaults to 'root') and using unix socket
authentication. This way, only that user has MariaDB root access
after install.
The idea with --auth-root-authentication-method=normal is that
applications that need this behaviour can give that option explicitly.
Then eventually we could make --auth-root-authentication-method=socket
the default, giving a more secure default installation.
Note that it is perfectly possible to do a secure install with
--auth-root-authentication-method=normal. For example, installing a
private server just for local access by a single OS-level user, by
using --skip-networking and putting the connection socket in a
location without public access. So it is important to preserve this
API for backwards compatibility.
|
||
|---|---|---|
| .. | ||
| additions | ||
| patches | ||
| po | ||
| apparmor-profile | ||
| autobake-deb.sh | ||
| changelog | ||
| compat | ||
| control | ||
| copyright | ||
| libmariadbclient-dev.dirs | ||
| libmariadbclient-dev.examples | ||
| libmariadbclient-dev.files | ||
| libmariadbclient-dev.links | ||
| libmariadbclient-dev.README.Maintainer | ||
| libmariadbclient18.dirs | ||
| libmariadbclient18.files | ||
| libmariadbclient18.postinst | ||
| libmariadbd-dev.files | ||
| mariadb-client-10.1.dirs | ||
| mariadb-client-10.1.docs | ||
| mariadb-client-10.1.files | ||
| mariadb-client-10.1.links | ||
| mariadb-client-10.1.menu | ||
| mariadb-client-10.1.README.Debian | ||
| mariadb-client-core-10.1.files | ||
| mariadb-common.files | ||
| mariadb-common.postrm | ||
| mariadb-connect-engine-10.1.files | ||
| mariadb-cracklib-password-check-10.1.files | ||
| mariadb-gssapi-client-10.1.files | ||
| mariadb-gssapi-server-10.1.files | ||
| mariadb-oqgraph-engine-10.1.files | ||
| mariadb-server-10.1.config | ||
| mariadb-server-10.1.dirs | ||
| mariadb-server-10.1.files.in | ||
| mariadb-server-10.1.logcheck.ignore.paranoid | ||
| mariadb-server-10.1.logcheck.ignore.server | ||
| mariadb-server-10.1.logcheck.ignore.workstation | ||
| mariadb-server-10.1.mysql-server.logrotate | ||
| mariadb-server-10.1.mysql.init | ||
| mariadb-server-10.1.postinst | ||
| mariadb-server-10.1.postrm | ||
| mariadb-server-10.1.preinst | ||
| mariadb-server-10.1.prerm | ||
| mariadb-server-10.1.py | ||
| mariadb-server-10.1.README.Debian | ||
| mariadb-server-10.1.templates | ||
| mariadb-server-core-10.1.files | ||
| mariadb-test-10.1.dirs | ||
| mariadb-test-10.1.files | ||
| mariadb-test-10.1.links | ||
| mysql-common.dirs | ||
| mysql-common.files | ||
| mysql-common.postrm | ||
| rules | ||