From: Bjorn Munch Date: October 3 2012 4:43pm Subject: bzr push into mysql-5.6-wl6055 branch (bjorn.munch:4372 to 4373) WL#6055 List-Archive: http://lists.mysql.com/commits/144960 Message-Id: <20121003164352.7691.60261.4373@khepri15.no.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 4373 Bjorn Munch 2012-10-03 WL #6055 New default config file Forgot to bzr add two files Please ignore scripts/mysql_security_commands.sql, it is of no relevance to this WL added: scripts/mysql_security_commands.sql support-files/my-default.cnf.sh 4372 Bjorn Munch 2012-10-03 WL #6055 New default config file in MySQL 5.6 NB this commit does not actually add it, that's a previous commit I also needed a preliminary version of some changes to mysql_install_db This commit extends mysql_install_db to copy my-default.cnf and use it Adding checks for existing config files Supporting existing options for config files Interdependecies between settings ($basedir) required some reorg Also changed install location of my-default.cnf to "share" modified: .bzr-mysql/default.conf scripts/mysql_install_db.pl.in support-files/CMakeLists.txt === added file 'scripts/mysql_security_commands.sql' --- a/scripts/mysql_security_commands.sql 1970-01-01 00:00:00 +0000 +++ b/scripts/mysql_security_commands.sql 2012-10-03 16:41:09 +0000 @@ -0,0 +1,36 @@ +-- Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. +-- +-- This program is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; version 2 of the License. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +# This set of commands will modify the predefined accounts of a MySQL installation +# to increase security. + +# 1) Set passwords for the root account. +# Note that the password 'ABC123xyz' will be replaced by a random string +# when these commands are transferred to the server. +SET @@old_passwords=1; +UPDATE mysql.user SET Password=PASSWORD('ABC123xyz') WHERE User='root' and plugin='mysql_old_password'; +SET @@old_passwords=0; +UPDATE mysql.user SET Password=PASSWORD('ABC123xyz') WHERE User='root' and plugin in ('', 'mysql_native_password'); +SET @@old_passwords=2; +UPDATE mysql.user SET authentication_string=PASSWORD('ABC123xyz') WHERE User='root' and plugin='sha256_password'; + +# 2) Drop the anonymous account. +DELETE FROM mysql.user WHERE User=''; + +# 3) Force the root user to change the password on first connect. +UPDATE mysql.user SET Password_expired='Y' WHERE User='root'; + +# In case this file is sent to a running server. +FLUSH PRIVILEGES; === added file 'support-files/my-default.cnf.sh' --- a/support-files/my-default.cnf.sh 1970-01-01 00:00:00 +0000 +++ b/support-files/my-default.cnf.sh 2012-10-03 16:41:09 +0000 @@ -0,0 +1,26 @@ +# For advice on how to change settings please see +# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html + +[mysqld] + +# Remove leading # and set to the amount of RAM for the most important data +# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. +# innodb_buffer_pool_size = 128M + +# Remove leading # to turn on a very important data integrity option: logging +# changes to the binary log between backups. +# log_bin + +# These are commonly set, remove the # and set as required. +# basedir +# datadir +# port +# server_id +@CNF_SOCKET_LINE@ + +# Remove leading # to set options mainly useful for reporting servers. +# The server defaults are faster for transactions and fast SELECTs. +# Adjust sizes as needed, experiment to find the optimal values. +# join_buffer_size = 128M +# sort_buffer_size = 2M +# read_rnd_buffer_size = 2M No bundle (reason: useless for push emails).