List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:September 24 2002 5:48pm
Subject:Re: Security: is 'root' truly neccessary?
View as plain text  
At 16:53 -0700 9/24/02, Tom Emerson wrote:
>Being new to MySQL, it took a while to grok how "security" works.  Now that
>I have a bit of a better understanding, a mental "revalation" is coming to
>the surface of my mind: since "mysql" users are NOT unix/windows-domain
>"users", is the "root" user truly needed for a functional mysql environment?
>
>I do realize that there needs to be "some" user who essentially has all the
>grantable columns set to "Y" in the USER table, otherwise you could lose the
>ability to add or delete users, specify new databases, etc.  I'm thinking
>this "super user" could (should?) be identified by something such as "dba"
>or "admin" -- anything other than the name of "root".  This would avoid the
>[probable] security hole of using the "unix" password as the "mysql"
>password for the "root" user (something I suspect many people have done
>without realizing the implications) simply because there would be no "root"
>user.

The user name in the superuser accounts doesn't have to be named "root".
It could just as well be "powerless".

>
>I'm kind of guessing that one reason that the name "root" was chosen was
>because the command-line interface defaults the user name to your (unix)
>session name.  By pre-building a "root" user, the authors avoided the need
>to "teach" the use of the "-u" switch during the initial setup of mySql
>(which is good and bad: good because it is "one less thing" for a new mysql
>admin to have to learn, bad because new admins haven't even been introduced
>to the security system, so they are likely to use their actual "root"
>password because they haven't yet been informed that mysql-users <>
>unix-users...)

Thread
Security: is 'root' truly neccessary?Tom Emerson24 Sep
  • Re: Security: is 'root' truly neccessary?Paul DuBois24 Sep