On Thu, Jun 07, 2007 at 01:06:24PM -0000, Soren Hansen wrote: > On Thu, Jun 07, 2007 at 11:32:14AM -0000, Caspar Clemens Mierau wrote: > > Actually you can do the sudo thing without hacking mysql or touching > > mysql code. A rather simple init/shell-script (re)starting mysqld with > > skip privileges lets you overwrite existing root passwords, that is also > > the way mysql suggests. > > Do you have some sort of reference where they suggest that?
The official documentation from MySQL has a section on how to reset the root password : http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html > > So a /etc/init.d/mysql setpass could interactively ask you wheter to > > restart mysql with skip privs listening only on a local socket, set a > > new password and restart mysql with normal my.cnf configuration > > afterwards. This solution (starting mysqld with "--skip-grant-tables --user=root") is mentioned in the documentation, but not recommended. The recommended way is to generate a file containing an SQL command to set the password, and (re)start the server with the --init-file option. That way you don't have to restart the mysql daemon once the password has been reseted. > > Hm. I thought about that, but hadn't thought about putting it in the > init script. Clever. > I like it too. But does this comply with the debian policy relating to init scripts ? Can custom functions be added ? > Suggestion: > > 1. Add a setpass option to /etc/init.d/mysql that will allow the > (system) root user to change the mysql root password. > > 2. Ask for a root password during installation (it's only on the server > CD and even then it's only if you choose the LAMP install) and also let > the user know about the shiny new way of resetting the password. I'd rather set a random password during installation. May be for the LAMP case, a password could be asked, with a pre-generated password pre-seeded. > Question: > > If the user doesn't give a password, should we: > > a) just reprompt him until he caves in and sets one > b) accept the empty password > c) set it to a bogus(invalid) password and tell the user about the > setpass option of the init script. > I would take b) in the case of installing a LAMP task. If the user wants explicitly to have an empty password, we should let him, provided that we offer a pre-generated random password by default. -- Mathias -- Root password policy for mysql https://bugs.launchpad.net/bugs/119075 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
