Bug #29287 | Please grant system root user all privileges. | ||
---|---|---|---|
Submitted: | 21 Jun 2007 21:21 | Modified: | 16 Jul 2007 10:45 |
Reporter: | Soren Hansen | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S4 (Feature request) |
Version: | any | OS: | Linux |
Assigned to: | CPU Architecture: | Any |
[21 Jun 2007 21:21]
Soren Hansen
[22 Jun 2007 4:06]
Valeriy Kravchuk
Thank you for a problem report. This, OS authentification for a (local?) "root" user, sound as a good and potentially useful feature request. Oracle, for example, has OS authentification option for users with SYSDBA role who can start/stop the server. But I see no way to implement it so that older(!) MySQL server version will magically forget about their authentification/access rights checking algorithms, sorry. And, surely, this is formally not a bug, as current behaviour and possible options are clearly documented (see http://dev.mysql.com/doc/refman/5.1/en/password-security.html, for example).
[22 Jun 2007 6:49]
Soren Hansen
> Oracle, for example, has OS authentification option for users with SYSDBA > role who can start/stop the server. But I see no way to implement it so that > older(!) MySQL server version will magically forget about their > authentification/access rights checking algorithms, sorry. I'm not talking about magic :) I just meant that it would be nice if the patch to implement this also would apply (almost) cleanly to older versions of MySQL. > And, surely, this is formally not a bug, Should I have reported it elsewhere?
[22 Jun 2007 18:54]
Valeriy Kravchuk
> Should I have reported it elsewhere? No, this is a verified S4 bug (feature request) now. Just do not expect it to be fixed any time really soon.
[26 Jun 2007 11:23]
Sergei Golubchik
Note, that you can cleanly shut MySQL down by sending it a signal - no password required.
[16 Jul 2007 10:45]
Soren Hansen
Clearly, the right thing to do would be to grant full access to the user that mysqld is running as rather than root.
[6 Sep 2014 11:06]
Daniƫl van Eeden
This is possible with 5.5.10+ with the auth_socket authentication plugin. mysql> install plugin auth_socket soname 'auth_socket.so'; Query OK, 0 rows affected (0.01 sec) mysql> CREATE USER 'mysql'@'localhost' IDENTIFIED WITH auth_socket; Query OK, 0 rows affected (0.01 sec) http://dev.mysql.com/doc/refman/5.5/en/socket-authentication-plugin.html