Comments - mysql_secure_installation
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
!Attention! In my use case it asked the following:
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
This was a bit misleading because it seems that the unix_socket plugin is enabled by default for root@localhost on my installation (Mariadb 10.4.6) and it was not disabled by the script.
To clarify: I don't want any local user (not even root) to be able to connect to the database directly using unix_socket without issuing a password. This is because I setup encryption-at-rest and it would not add too much extra security if one can 'root' the machine and easily circumvent this encryption (by just logging in as root using the unix_socket).
I agree with T.Niessink. I do not want any local user including root to connect to the DB without knowing the root user's db password. However while logged into unix as the root user (completing setup of a new server), having finishing the mysql_secure_installation process for MariaDB 10.5.15, and having entered No to the question regarding switching to unix socket authentication, I was able to access the MariaDB command prompt by simply typing mysql at the unix command prompt!! Did not have to enter -p, was not asked for a password, and was in MariaDB as a root user! I also tried "mysql -p" and hit enter at the password prompt and was able to connect as the root user in MariaDB. This seems like a very bad thing!
Sooo, we should say No? I sort of understand your post, but not the recommendation. I would appreciate if you would be so kind as to elaborate on what we should select in this option. Thank you