Bug #46842 mysql_secure_installation ignores --socket, etc.
Submitted: 20 Aug 2009 19:51 Modified: 20 Jul 2010 10:02
Reporter: Timothy Smith Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S2 (Serious)
Version:4.1, 5.0, 5,1, next bzr OS:Any
Assigned to: CPU Architecture:Any

[20 Aug 2009 19:51] Timothy Smith 
Description:
If the server is started with a non-default socket location, it is impossible to tell mysql_secure_installation how to connect to the server.  It ignores any my.cnf files and command-line options.

How to repeat:
Start mysqld with a non-default socket location.  For example, use a .tar.gz binary with my.cnf:

[server]
socket=/var/tmp/test-mysql.sock

[client]
socket=/var/tmp/test-mysql.sock

Try running the script:

mysql_secure_installation

mysql_secure_installation --socket=/var/tmp/test-mysql.sock

You will get "Can't connect to local MySQL server through socket '/tmp/mysql.sock'".

Suggested fix:
I'm not sure why mysql_secure_installation uses --defaults-file= instead of --defaults-extra-file=.  The fix may be as simple as just changing this.  Like:

--- scripts/mysql_secure_installation.sh        2007-01-01 04:31:23 +0000
+++ scripts/mysql_secure_installation.sh        2009-08-20 19:43:02 +0000
@@ -39,7 +39,7 @@ prepare() {
 
 do_query() {
     echo $1 >$command
-    mysql --defaults-file=$config <$command
+    mysql --defaults-extra-file=$config <$command
     return $?
 }
 

A not-too-bad workaround is to make a symbolic link to the socket file.  That is, as long as there isn't already another server running on the box that uses that socket location.

if [ -r /tmp/mysql.sock ]; then
  echo "ERROR, can't override socket location, another server is using /tmp/mysql.sock" >&2
  exit 2
else
  ln -s /var/tmp/test-mysql.sock /tmp/mysql.sock
  mysql_secure_installation
  rm /var/tmp/test-mysql.sock
fi
[20 Aug 2009 21:22] Sveta Smirnova 
Thank you for the report.

Verified as described.
[14 Sep 2009 21:16] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/83220

3124 Jim Winstead	2009-09-14
      mysql_secure_installation did not read the global options file, which made it
      impossible to specify options such as a non-default socket location.
      (Bug #46842)
[19 May 2010 13:14] Daniël van Eeden 
This works for installations with the socket defined in a default config file location like /etc/my.cnf

I'm using 1 server with 2 mysqld processes and 2 different my.cnf files and 2 socket files.

mysql_secure_installation should not only read variables from the config files in the default locations but it should also be possible to specify a config file which should be used.
[12 Jan 2014 17:38] Daniël van Eeden 
This bug is fixed in MySQL 5.7.