MySQL user 'root' without password is fine?!

Gordon Messmer yinyang at eburg.com
Tue Nov 4 03:19:46 UTC 2003


Robert Scheck wrote:
> 
> playing around with the latest MySQL from Rawhide, I noticed, that there is
> a bug or a problem in the new MySQL init script.

You're right.  The "mysqladmin ping" command should be:
/usr/bin/mysqladmin ping -u UNKNOWN_USER 2> /dev/null

Otherwise, mysqladmin will always try to connect as the "root" user, 
which will almost always (and *should* always) have a password.

> I posted that at bugzilla, my posting is closed now, because supposedly all
> works fine and it isn't a problem...
> 
> I personally think that's a brashness!

It might have been a misunderstanding.  Hopefully it can be resolved.

> If I read all correctly you don't need a password for the MySQL user 'root'
> - that's fine and it's no security hole - really nice! :-/

I think the person you contacted was simply testing the "mysqladmin 
ping" command as a non-root user.  As a non-root user, the command will 
work since it tries to connect anonymously rather than as root.  If so, 
then he was simply unable to reproduce the problem because he was not 
testing the same way you were.

> Description of problem, how reproducible and steps to reproduce:
> # service mysqld restart
> Stopping MySQL:                                            [  OK  ]
> Timeout error occurred trying to start MySQL Daemon.
> Starting MySQL:                                            [FAILED]
> #
> It displays only an error, but mysqld lives!

Yep.  The script starts msyql properly, but fails to realize this.

> You can't do that so - you've seen it above!
> I added a new init script solving that problem.
> And I think it's ugly to use "2> /dev/null" at a Bash script...

It's perfectly normal, and appropriate in this case.






More information about the fedora-list mailing list