4373 Bjorn Munch 2012-10-03
WL #6055 New default config file
Forgot to bzr add two files
Please ignore scripts/mysql_security_commands.sql, it is of no
relevance to this WL
added:
scripts/mysql_security_commands.sql
support-files/my-default.cnf.sh
4372 Bjorn Munch 2012-10-03
WL #6055 New default config file in MySQL 5.6
NB this commit does not actually add it, that's a previous commit
I also needed a preliminary version of some changes to mysql_install_db
This commit extends mysql_install_db to copy my-default.cnf and use it
Adding checks for existing config files
Supporting existing options for config files
Interdependecies between settings ($basedir) required some reorg
Also changed install location of my-default.cnf to "share"
modified:
.bzr-mysql/default.conf
scripts/mysql_install_db.pl.in
support-files/CMakeLists.txt
=== added file 'scripts/mysql_security_commands.sql'
--- a/scripts/mysql_security_commands.sql 1970-01-01 00:00:00 +0000
+++ b/scripts/mysql_security_commands.sql 2012-10-03 16:41:09 +0000
@@ -0,0 +1,36 @@
+-- Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; version 2 of the License.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-- GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License
+-- along with this program; if not, write to the Free Software
+-- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+# This set of commands will modify the predefined accounts of a MySQL installation
+# to increase security.
+
+# 1) Set passwords for the root account.
+# Note that the password 'ABC123xyz' will be replaced by a random string
+# when these commands are transferred to the server.
+SET @@old_passwords=1;
+UPDATE mysql.user SET Password=PASSWORD('ABC123xyz') WHERE User='root' and plugin='mysql_old_password';
+SET @@old_passwords=0;
+UPDATE mysql.user SET Password=PASSWORD('ABC123xyz') WHERE User='root' and plugin in ('', 'mysql_native_password');
+SET @@old_passwords=2;
+UPDATE mysql.user SET authentication_string=PASSWORD('ABC123xyz') WHERE User='root' and plugin='sha256_password';
+
+# 2) Drop the anonymous account.
+DELETE FROM mysql.user WHERE User='';
+
+# 3) Force the root user to change the password on first connect.
+UPDATE mysql.user SET Password_expired='Y' WHERE User='root';
+
+# In case this file is sent to a running server.
+FLUSH PRIVILEGES;
=== added file 'support-files/my-default.cnf.sh'
--- a/support-files/my-default.cnf.sh 1970-01-01 00:00:00 +0000
+++ b/support-files/my-default.cnf.sh 2012-10-03 16:41:09 +0000
@@ -0,0 +1,26 @@
+# For advice on how to change settings please see
+# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
+
+[mysqld]
+
+# Remove leading # and set to the amount of RAM for the most important data
+# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
+# innodb_buffer_pool_size = 128M
+
+# Remove leading # to turn on a very important data integrity option: logging
+# changes to the binary log between backups.
+# log_bin
+
+# These are commonly set, remove the # and set as required.
+# basedir
+# datadir
+# port
+# server_id
+@CNF_SOCKET_LINE@
+
+# Remove leading # to set options mainly useful for reporting servers.
+# The server defaults are faster for transactions and fast SELECTs.
+# Adjust sizes as needed, experiment to find the optimal values.
+# join_buffer_size = 128M
+# sort_buffer_size = 2M
+# read_rnd_buffer_size = 2M
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-5.6-wl6055 branch (bjorn.munch:4372 to 4373) WL#6055 | Bjorn Munch | 4 Oct |
