Hi, Felipe! On Mar 25, Felipe Gasper wrote:
Hello,
I’ve submitted a proposal to the MySQL team to allow the system administrator, when logging in via a local socket that indicates reliably that the DB client is the superuser (e.g., SO_PEERCRED in Linux), to not need a password. As implemented, my suggestion allows root to log in as any user.
The rationale is that the system administrator can do anything on the server (including manual edits to the DB files) anyway; thus, every user already implicitly trusts that user with their data.
This will simplify DB administration on several levels, but most conspicuously because a lost DB admin password will no longer necessitate the awkward one-time-init-file recovery method.
Would MariaDB be interested in this proposal?
We totally agree with your rationale. This is why MariaDB packages in Debian had password-less root login for a few years now. It caused some complains from users who expected to be able to login as root without sudo, by specifying a password. Other complained that if MariaDB is installed locally, not system-wide, one should not need sudo to login as root (there's a debian bug report about it). These issues were fixed in 10.4. And now in MariaDB-10.4 by default creates two accounts that allow both SO_PEERCRED-based and password-based logins. For the root user and for the owner of the datadir. With the rationale, exactly, that these two local users have access to all the data anyway. It was https://jira.mariadb.org/browse/MDEV-12484 - implemented in 10.4.3. It does not allow root to log in as any user though, only as root. Regards, Sergei Chief Architect MariaDB and security@mariadb.org