Bug 24909

Summary: mysql init scripts MUST stop using mysqladmin
Product: [Retired] Red Hat Linux Reporter: Adrian Chung <adrianc>
Component: mysqlAssignee: Patrick Macdonald <patrickm>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: jw35
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-25 04:28:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adrian Chung 2001-01-25 04:28:41 UTC 
Both the logrotate.d/mysqld script and the new mysql-3.23.32-1.7 init
script in /etc/rc.d/init.d/mysqld attempt to use mysqladmin to flush,
shutdown and reload mysqld.

How is this expected to work, when the password for the root user is set to
a non-null password?

More over, what's the point of releasing a security update when the only
way scripts will run properly is for them to expect null passwords for the
root user?
Comment 1 Trond Eivind Glomsrxd 2001-01-25 04:31:40 UTC 
Creating a .my.cnf in roots home directory should fix this. If there is any
other way of flushing the logs, let me know.
Comment 2 Adrian Chung 2001-01-25 05:07:14 UTC 
Works like a charm.  If only MySQL documented that somewhere useful.

If only you were closer to Canada, I'd buy you a beer. :)
Comment 3 Jon Warbrick 2001-01-30 13:23:50 UTC 
Not being able to change/set the (MySQL) root password without having to store
it somewhere else in plain text is not very satisfactory. It will make it even
more likely that people will run MySQL with wide open access to anyone who can
log on to the machine.

MySQL can be cleanly stopped with a kill -TERM (that's what the supplied
mysql.server.sh script does). For log file flushing, I'd suggest that you
arrange to create a new MySQL user in postinstall with a random PWD and only
RELOAD rights. (GRANT RELOAD to *.* TO sys_reload@localhost IDENTIFIED BY
"<pwd>") Then hardwire the password into the rotate script. At least then the
password, even if discovered, will only alow someone to do one of a number of
reloads. And people will be able to set a root pwd without further problems.
Comment 4 Trond Eivind Glomsrxd 2001-01-30 20:02:31 UTC 
Take a look at 3.23.32-5 when it shows up in Rawhide, it implements some of this.