neilyoung
commented
6 months ago Disregard please. I can live with that
Closed neilyoung closed 6 months ago
neilyoung
commented
6 months ago Disregard please. I can live with that
I was wondering, why this is possible.
sudo mysqllogs me in asroot@localhost. I consider this as a security risk, because if one makes that on my server this simple order opens MySQL to him.On another machine I was following the steps outlined here https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04 instead of using this ansible setup, especially those in the red box, which define the preparations necessary to be run before
sudo mysql_secure_installation. There it is not possible to just simplysudo mysql. It turns out, that the couple of initial actions make sure that this is not possible:Would it be possible to achieve the same degree of security with the ansible script?
Of course, on both machines
sudo mysql -pand then providing the root password is possible, but one need to know it.I might be missing something, maybe the root password is stored anyway somewhere on the machine, but I would feel better, if
sudo mysqlwouldn't be possible just so.EDIT: At least
/var/log/syslogholds the root password after installation, nice...Feb 14 13:54:19 ca python3[22583]: ansible-ansible.legacy.command Invoked with _raw_params=mysql -u root -NBe "ALTER USER 'root'@'localhost'#012 IDENTIFIED WITH mysql_native_password BY '****'; FLUSH PRIVILEGES;"#012 _uses_shell=True expand_argument_vars=True stdin_add_newline=True strip_empty_EDIT2: But at least the sudo password must be provided once... Maybe I'm too paranoid...