mysql admin user (was: root's home world readable)

To: "Thomas Bushnell, BSG" <tb@becket.net>
Cc: Chris Francy <francyci@cnw.com>, "Noah L. Meyerhans" <frodo@morgul.net>, debian-security@lists.debian.org
Subject: mysql admin user (was: root's home world readable)
From: Christian Hammers <ch@westend.com>
Date: Tue, 22 Jan 2002 01:02:06 +0100
Message-id: <[🔎] 20020122000206.GF28443@westend.com>
Mail-followup-to: Christian Hammers <ch@westend.com>, "Thomas Bushnell, BSG" <tb@becket.net>, Chris Francy <francyci@cnw.com>, "Noah L. Meyerhans" <frodo@morgul.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] 87vgdvuvkd.fsf@becket.becket.net>
References: <[🔎] 1011639243.479.11.camel@eimbox> <[🔎] 1011639243.479.11.camel@eimbox> <[🔎] 5.1.0.14.2.20020121132417.00a9cae8@pop.mail.yahoo.com> <[🔎] 87d703wf59.fsf@becket.becket.net> <[🔎] 20020121232028.GA28443@westend.com> <[🔎] 87zo37uw4c.fsf@becket.becket.net> <[🔎] 20020121233000.GD28443@westend.com> <[🔎] 87vgdvuvkd.fsf@becket.becket.net>

Hello

On Mon, Jan 21, 2002 at 03:35:14PM -0800, Thomas Bushnell, BSG wrote:

[cutted much to answer all below]
> > So I end up with a debian specific user with shutdown/reload privileges 
> > that's created with a random (saved) password at installtime as the best
> > solution, or?
> 
> Nope.  Probably the user should need to be root (or some other generic
> user), but the files that are manipulated to accomplish
> shutdown/reload and so forth should all be in /etc.
Nope (to your nope, because what you argument does in no way contradict
my proposals, and the english wasn't that bad :-))

But to clear things up:
I create a Debian specific users with all privileges that my Debian scripts
need and then store this user's password in plaintext (necessary) in /etc.
That's all I need as mysql now lets me specify config files everywhere so
I don't have to give them via command line or similar which show up in "ps".

I won't fiddle around with the (mysql)root's password outside of /root 
because a common admin wouldn't expect that. (All mysql clients default to
connect you with your $USER name so root normally is mysql user "root",
too). 
So there really are no problems (

friendly,

-christian-

--
  This doesn't belong to a security mailing list...

Reply to:

References:
- root's home world readable
  - From: eim <eim@eimbox.org>
- Re: root's home world readable
  - From: Chris Francy <francyci@cnw.com>
- Re: root's home world readable
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: [d-security] Re: root's home world readable
  - From: Christian Hammers <ch@westend.com>
- Re: [d-security] Re: root's home world readable
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: [d-security] Re: root's home world readable
  - From: Christian Hammers <ch@westend.com>
- Re: [d-security] Re: root's home world readable
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: [d-security] Re: root's home world readable
Next by Date: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Previous by thread: Re: [d-security] Re: root's home world readable
Next by thread: Local exploit in courier-mta package
Index(es):
- Date
- Thread