Security of Mariadb root account

Installed Mariadb on a Raspberry Pi running Raspbian Stretch OS.

Ran the mysql_secure_installation script to secure database, setting a root password, and 'Yes' to remainder of questions. At this stage, I assumed that the Mariadb root account was secured with the password, however...

Using $ sudo mysql and without entering any password whatsoever, I get access to perform actions normally associated with the root account.

How can that be?? and what was the purpose in adding a password, if root access can be so readily gained.

Answer Answered by Brian Evans in this comment.

This is a Debian decision to:

  1. Not require a password with sudo
  2. Utilize the unix_socket plugin by default

The latter is set in the Debian install scripts. You can override this by removing the plugin for 'root'@'localhost' as long as you understand that Debian scripts may be looking for their default.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.