Security of Mariadb root account
Installed Mariadb on a Raspberry Pi running Raspbian Stretch OS.
Ran the mysql_secure_installation script to secure database, setting a root password, and 'Yes' to remainder of questions. At this stage, I assumed that the Mariadb root account was secured with the password, however...
$ sudo mysql and without entering any password whatsoever, I get access to perform actions normally associated with the root account.
How can that be?? and what was the purpose in adding a password, if root access can be so readily gained.
Answer Answered by Brian Evans in this comment.
This is a Debian decision to:
- Not require a password with sudo
- Utilize the unix_socket plugin by default
The latter is set in the Debian install scripts. You can override this by removing the plugin for 'root'@'localhost' as long as you understand that Debian scripts may be looking for their default.