On Wed, Jun 29, 2005 at 12:24:18AM +0200, Christian Hammers wrote: > > Is that a good reason to run without root pass? > > It's good enough not to change the password without asking the admin and > not displaying it on every upgrade if the admin likes to stay with his > decision.
so this is what i will propose:
- after mysql is (re)started in the postinst, connect as root w/o password
- if successfull
- debconf prompt the no-password note[1]
- set debconf password value to blank/unseen
- debconf prompt for the password[2]
- if password non-blank
- set password
if there is a password, or if the server is not running, the admin never
sees the debconf questions. if it's running and no password is set,
the admin gets a high priority note informing them of the problem (which
is sent only once, unless the debconf database gets nuked or the package
is reconfigured). the admin then is prompted with the password
question, which if skipped/unanswered does nothing.
fairly simple... what do you think?
sean
[1]
Template: mysql-common/no-root-password
Type: note
Description: MySQL administrative user does not have a password.
The administrative user for your database does not currently have a
password set. This can be considered a major security risk, especially
on multi-user systems.
[2]
Template: mysql-common/root-password
Type: string
Description: Please provide a password for the MySQL administrative user.
Please provide a password for the MySQL administrative user. If left
blank, the password will not be set.
--
signature.asc
Description: Digital signature
