Caspar Clemens Mierau wrote: > 1. Are there any other applications where random passwords are set (that > you need)?
Yes, mysql. People are unaware of this, but there is another root user in mysql wich has random password. Check /etc/mysql/debian.cnf. > 2. MySQL by default does not listen on a (remote) network interface. Not directly, but that's not important. Local non-root user can destroy databases and local user can set up a service wich would allow remote users to connect to local mysql as root, again making possible to destroy mysql databases. > 3. I cannot name one distribution that sets a random password to mysql, > this would lead to a lot of questions. You can - Debian. I didn't check others. > 4. You need to store it somewhere on the disk. As said - /etc/mysql/debian.cnf > I therefore still prefer offering a script using the skip-stuff, be it > in an init script or not. It could of course also be a /usr/sbin or > /usr/local/sbin script named "mysql_set_rootpass" or something like > this. Such script could also be easily given back to the debian project. > If you still want to warn the user you could check the mysql password on > start (starting mysql ... mysql has no password set ... please do xyz) > which could be stopped by setting a flag in a config script. Script/program that overrides root password is something every mysql has for years now. There is nothing special we have to develop. init script already uses debian-sys-maint mysql account for checking status of mysqld, stoping it and doing reload. Adding 'reset_password' should be fairly easy. We should take a look if it is possible to change root password with mysqladmin, authenticated as debian-sys-maint user. If that's possible, adding random password to root and changing it's pass with mysqladmin trough init script should be trivial. -- Root password policy for mysql https://bugs.launchpad.net/bugs/119075 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
