[Leaplist] Ubuntu 8.02 and MySQL 5.x

Dan Cherry dan.s.cherry at gmail.com
Mon Nov 24 04:00:05 EST 2008 

On Sunday 23 November 2008 11:09:22 pm John Simpson wrote:
> On 2008-11-23, at 1436, Dan Cherry wrote:
> > On Sunday 23 November 2008 1:03:05 pm Jason Boxman wrote:
> >> You might look in:
> >>
> >> /etc/mysql/debian.cnf
> >>
> >> It'll define a password for debian-sys-maint which is probably the
> >> account
> >> it is looking for.  PostgreSQL has a similar special user
> >> configuration for
> >> updates on Debian.  The file's readable only by root.
> >>
> >> I don't know if that is the actual password or if it's encrypted,
> >> though.
> >> If it's the latter, your knowledge of what to actually set it to
> >> won't help
> >> that much.
> >
> > the password in debian.cnf is a plain text password.  The password
> > stored
> > within mysql is encrypted.  use the passwd() function in mysql to
> > encrypt the
> > plain text string from debian.cnf, and you should be good to go.
>
> which suggests to me that every ubuntu (or debian?) system out there
> which uses the mysql packages, has the same mysql root (or root-
> equivalent) password.

apparently, the password is generated at installation time.  It's different on 
each machine I use.  Which kinda hints that it could be regenerated, but I'm 
just not familiar with which program does that.  
>
> would it make sense to tell people to change that password (or even
> better, the userid AND the password), especially if their mysql server
> is listening on a TCP socket which is open to the world?

likely not.  In order to access the userid and password 
from /etc/mysql/debian.cnf you would have to have root privileges.  Once you 
can read that file, you'd have access to the new userid and password, anyway.

It WOULD make sense to close that socket to the outside world, and force the 
use of ssh or similar.
>
> --------------------------------------------------------
>
> | John M. Simpson  --  KG4ZOW  --  Programmer At Large |
> | http://www.jms1.net/                 <jms1 at jms1.net> |
>
> --------------------------------------------------------
>
> |   Hope for America  --  http://www.ronpaul2008.com/  |
>
> --------------------------------------------------------



-- 
Dan
Finding a solution to a problem doesn't solve the problem...
Implementing the solution, solves the problem

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list