Having previously used MySQL quite extensively on Linux, I was fairly confident that getting MariaDB (10.0.31) setup on this Mint 18.1 (Ubuntu) box would be easy enough. And the installation was exactly that.
But oddly enough it now seems to know when I’m fibbing about who I am. Previously with MySQL on Redhat, Suse, PCLinixOS… I could log into mysqld which was configured with a blank password for [email protected] (i.e. using the AF_UNIX socket) by asserting I was root, but this didn’t work on my Mint/MariaDB:
[email protected] ~ $ mysql -u root ERROR 1698 (28000): Access denied for user 'root'@'localhost'
But this does work if I ‘su’:
[email protected] /etc $ su Password: animal etc # mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 47 Server version: 10.0.31-MariaDB-0ubuntu0.16.04.2 Ubuntu 16.04 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> select current_user; +----------------+ | current_user | +----------------+ | [email protected] | +----------------+ 1 row in set (0.00 sec)
mysql -u root,
mysql -u root -h localhost).
My non-root user has permissions on the socket file:
[email protected] ~ $ ls -l /var/run/mysqld/mysqld.sock srwxrwxrwx 1 mysql mysql 0 Nov 29 20:46 /var/run/mysqld/mysqld.sock
My root user does not have a ~/my.conf or ~/.my.cnf to hold a password.
I don’t make a habit of running insecure systems – but I’m puzzled by this apparent change of behaviour. Does the server really validate the uid of the client?
MariaDB on Ubuntu 15.10 and later automatically use UNIX socket authentication by default. The UID of the user who opens the local socket connection is used and can authenticate without a password. Only MariaDB builds on current versions of Debian and Ubuntu enable this by default.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.