Bug #118499 .mylogin.cnf covered the command line
Submitted: 23 Jun 9:20 Modified: 26 Jun 1:47
Reporter: licheng guo Email Updates:
Status: Analyzing Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S2 (Serious)
Version:mysql-8.0.32 OS:Linux (centos7.9)
Assigned to: MySQL Verification Team CPU Architecture:Any
Tags: .mylogin.cnf

[23 Jun 9:20] licheng guo 
Description:
[mysql@registry /home/mysql] $ ps aux|grep mysqld
mysql       1463  1.4 11.6 7447192 924596 ?      Sl   09:54   6:20 /glc/mysql/app/mysql-8.0.32/bin/mysqld --defaults-file=/glc/mysql/conf/my.cnf --user=mysql --datadir=/glc/mysql/data --daemonize
mysql    1167307  0.0  0.0  12136  1040 pts/6    S+   17:07   0:00 grep --color=auto mysqld
[mysql@registry /home/mysql] $ mysql_config_editor print --all
[mysql]
user = "admin"
password = *****
host = "172.17.139.106"
port = 8032
[mysql@registry /home/mysql] $ hostname -I
172.17.139.106 10.10.0.1 10.10.10.1 fc11:1::216:3eff:fe3e:4e4f 
[mysql@registry /home/mysql] $ mysql --login-path=mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.32-debug Source distribution

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

[admin@172.17.139.106:8032 17:08:48((none))]$ select version();
+--------------+
| version()    |
+--------------+
| 8.0.32-debug |
+--------------+
1 row in set (0.03 sec)

[admin@172.17.139.106:8032 17:08:57((none))]$ exit;
Bye
[mysql@registry /home/mysql] $ grep sock /glc/mysql/conf/my.cnf
socket                                                  =  /glc/mysql/tmp/mysql.sock
socket                                                  =  /glc/mysql/tmp/mysql.sock
[mysql@registry /home/mysql] $ mysql -uroot -p'dudVPkt1u73kOj3uoUjPxAAB0t2JxZtg' -S /glc/mysql/tmp/mysql.sock
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'172.17.139.106' (using password: YES)
[mysql@registry /home/mysql] $ ls -a
.  ..  .ansible  .bash_history  .bash_logout  .bash_profile  .bashrc  .cache  .dotnet  gmon.out  .local  .mylogin.cnf  .mysql_history  .ssh  .viminfo  .vscode-server  .wget-hsts
[mysql@registry /home/mysql] $ mv .mylogin.cnf .mylogin.cnf.bak
[mysql@registry /home/mysql] $ mysql -uroot -p'dudVPkt1u73kOj3uoUjPxAAB0t2JxZtg' -S /glc/mysql/tmp/mysql.sock
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.32-debug Source distribution

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

[root@localhost:mysql.sock 17:11:25((none))]$ select version();
+--------------+
| version()    |
+--------------+
| 8.0.32-debug |
+--------------+
1 row in set (0.00 sec)

[root@localhost:mysql.sock 17:11:28((none))]$ exit;
Bye
[mysql@registry /home/mysql] $ 

How to repeat:
(1)mysql_config_editor set --login-path=mysql --user=admin  --host=127.0.0.1 --port=8032 --password

(2)mysql -uroot -p -S /glc/mysql/tmp/mysql.sock

Suggested fix:
The username specified on the command line should take precedence over .mylogin.cnf
[23 Jun 9:29] licheng guo 
How I discovered this problem is that I have a machine that someone else has used. He previously used mysql_config_editor --login-path=mysql to configure it. Later, I reinitialized a mysql instance and found that I could not log in to the mysql instance using socket after mysqld --initialize.
[26 Jun 1:47] licheng guo 
step1:

sql> create user admin@'%' identified with mysql_native_password by 's25twgmpkK5LDS4EyXuP5HevypILrFlG';
grant all privileges on *.* to admin@'%'  with grant option;

sql> create user root@'%' identified with mysql_native_password by 'EmI8ddUp8RPFd0mK8ZUEMl3c6HJrOm9N';
grant all privileges on *.* to root@'%'  with grant option;

sql> alter user root@localhost identified with mysql_native_password by 'dudVPkt1u73kOj3uoUjPxAAB0t2JxZtg';

step2:

shell> mysql -uroot -pdudVPkt1u73kOj3uoUjPxAAB0t2JxZtg -S /glc/mysql/tmp/mysql.sock -e "select version();"

shell> mysql -uadmin -ps25twgmpkK5LDS4EyXuP5HevypILrFlG -h127.0.0.1 -P8032 -e "select version();"

shell> mysql -uadmin -ps25twgmpkK5LDS4EyXuP5HevypILrFlG -h172.17.139.106 -P8032 -e "select version();"

step3:

# input the password:s25twgmpkK5LDS4EyXuP5HevypILrFlG
shell> mysql_config_editor set --login-path=mysql --user=admin  --host=172.17.139.106 --port=8032 --password

shell> mysql --login-path=mysql -e "select version();"

shell> mysql -uroot -pdudVPkt1u73kOj3uoUjPxAAB0t2JxZtg -S /glc/mysql/tmp/mysql.sock
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'172.17.139.106' (using password: YES)