MariaDB starting with 5.2.0

This plugin first appeared in MariaDB 5.2.0.

Description

This plugin allows the user to use operating system credentials when connecting to MariaDB via Unix socket. It works by retrieving uid of the process that has connected to the socket (using the getsockopt(..., SO_PEERCRED, ...) call) and allowing to connect to the MariaDB account with the corresponding user name. See Plugin SQL Statements for information about using plugins in general and the Pluggable Authentication for authentication plugins details.

To install the plugin, use:

INSTALL PLUGIN unix_socket SONAME 'auth_socket';

The UNIX_SOCKET plugin is installed by default in new installs of Ubuntu 15.10 and later, and Debian testing.

Examples

CREATE USER serg IDENTIFIED VIA unix_socket;

CREATE USER monty IDENTIFIED VIA unix_socket;

quit
Bye
$ whoami
serg
$ mysql --user=serg
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.2.0-MariaDB-alpha-debug Source distribution
MariaDB []> quit
Bye
$ mysql --user=monty
ERROR 1045 (28000): Access denied for user 'monty'@'localhost' (using password: NO)

In this example, a user serg is already logged into the system and has full shell access. Because he has identified himself to the operating system, he does not need to do it again for the database MariaDB trusts operating system credentials. But he cannot connect to the database as another user.

See Also

Comments

Comments loading...