Ubuntu
mysql-5.7 package

Cannot log in as root user when not root Unix user

Bug #1567098 reported by Robie Basak
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I'm not clear if this is an issue, but I think it needs investigating.

DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server
dpkg-reconfigure mysql-server (supply new root password)
Switch to non-root Unix user
Log in with mysql client as MySQL root user

Expected behaviour: login successful
Actual behaviour: login refused

Was this case considered when doing the Unix socket auth? Is the issue that the password was initially blank and then set later, or does it do it even if the password was initially set? If the former then this probably isn't as important as the latter case.

See original description
Revision history for this message
Robie Basak (racb) wrote :

(please check this reproduces first - I only suspect this due to some test failure logs)

Changed in mysql-5.7 (Ubuntu):
importance: Undecided → High
tags: added: mysql-5.7-transition
description: updated
Revision history for this message
Lars Tangvald (lars-tangvald) wrote :

I'm pretty certain it's the former, as I've been consistently setting a root password when installing 5.7 and logging in as a non-root unix user.

Revision history for this message
Lars Tangvald (lars-tangvald) wrote :

The issue might either be that a) Password isn't changed if database exists and has auth_socket set or b) Password is changed, but auth_socket isn't disabled, in which case it will override any password and require the unix user (and only the unix user).

Revision history for this message
Lars Tangvald (lars-tangvald) wrote :

If auth_socket is set to a user, then ALTER USER ... IDENTIFIED BY 'password' will not have any effect.

So if the server is installed with a blank password for root, trying to change the password with a reconfigure won't work.

But logging in as a root with a password set during the initial install works as it should.

If we want to be able to switch from auth_socket back to a normal password login we can ensure mysql_native_plugin is the user's authentication method when setting the password in postinst.

Revision history for this message
Lars Tangvald (lars-tangvald) wrote :

If the server has passwordless root access, this patch will check the value of mysql-server/rootpassword. If set, it will set that password instead of enabling auth_socket

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "0001-Enable-setting-password-for-existing-database-if-it-.patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.7 - 5.7.11-0ubuntu6

---------------
mysql-5.7 (5.7.11-0ubuntu6) xenial; urgency=medium

  [ Lars Tangvald ]
  * Added patch for exporting my_make_scrambled_password to fix
    pure-ftpd FTBFS.
  * Client commands in d/postinst will ignore custom config (LP:
    #1567695)
  * Enable changing root password on install if previous db had empty
    (LP: #1567098)

  [ Robie Basak ]
  * d/mysql-server-5.7.postinst: quote "$rootpw" correctly.
  * d/control: add libnuma-dev and libaio-dev to libmysqld-dev
    dependencies, since these are required according to "mysql_config
    --libmysqld-libs". This fixes FTBFS of packages that use
    libmysqld-dev.

 -- Robie Basak <email address hidden> Wed, 13 Apr 2016 17:34:08 +0100

Changed in mysql-5.7 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.