How to access MariaDB from a Linux systemd service without password

Hello,

I'm running MariaDB 10.3 on my Debian 10 (Buster) with configurations in /root/.my.cnf

[mysql]

<some users and password>

user=meyer

password=<root-password>

user=root

password=<root-password>

[mysqladmin]

user=root

password=<root-password>

[mysqldump]

user=root

password=<root-password>

[mysqlcheck]

user=root

password=<root-password>

[client]

user=root

password=<root-password>

I'm able to connect to the database without password from terminal or bash script with "mysql -u root" but not with "mysql -u meyer". This is what I want. But if I start the bash script as a service I get the error "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)" Do I have to configure something to enable passwordless root access from a service?

Thanks in advance Matthias

Answer Answered by Daniel Black in this comment.

The systemd service has ProtectHome=yes by default making the /root/.my.cnf file inaccessible to the systemd service.

While disabling with ProtectHome=false may seem like the easy option, consider the alternative:

ALTER USER root@localhost IDENTIFIED VIA unix_socket

Ref: unix socket authentication.

With this the /root/.my.cnf file is no longer needed, and the root unix user is the only one that can access the root@localhost MariaDB user account.

If your systemd service runs under a different user, say xyzservice, then;

CREATE USER xyservice@localhost IDENTIFIED VIA unix_socket

And then provide the sufficient grants to that user based on what the service needs.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.