Comments - MariaDB Galera Cluster - Known Limitations
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
selinux doesn't matter.
`ALTER USER` changes the password, but only if the authentication plugin is mysql_native_password. Look at `SHOW CREATE USER 'root'@'localhost'`, there may be another authentication plugin in use. This can also be changed with ALTER USER.
This behaviour is odd. Report it as a bug with the logs.
I added the following option on /etc/my.cnf.d/server.cnf to solve the issue.
[mysqld] unix_socket=OFF
I have executed the following command: SHOW CREATE USER 'root'@'localhost'
It returned with the following result: +--------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------------------------------------------------------------+
It seems the authentication plugin is mysql_native_password. What I should do now?
"OR unix_socket". This means if you are root unix user, no authentication password is needed. If you aren't the root user, then it will ask for a password.
So this is behaving as expected.
How may I remove "OR unix_socket" option?
How may I rectify it?
Take a look at Authentication from MariaDB 10.4 which explains how to revert back to the old password authentication method.
There's nothing to rectify. Your initial `mysql -u root -p` before you restarted was executed as a non-root user. Since your restart you ran it as root. The restart of the server in no-way impacted this.
There is no risk in having a root user access the server without a password. A root unix user already has total control over the entire system.
MariaDB package update scripts may depend on a unix_socket authenticated root user and a passwordless root and so do logrotate scripts.
Recommend action. Do nothing. You are not insecure.
Your statement, ' Your initial `mysql -u root -p` before you restarted was executed as a non-root user', seems not true. I login the system as 'root' OS user. Then I issued the command, 'mysql -u root -p'.
Copyright © 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
No password required!. The process was owned by 'root'.
I don't understand why it is normal. I started MariaDB as root user. But I should be able to assign a password for 'root' db user, not OS root user. After I assigned a password to root db user, it kept asking me to input root password for CLI login.
But when I stopped and started the db, the root db password gone!!! To my understanding, the password should be kept on the database. Why the action of restarting db erase the root db password on database?