Home -> Usenet -> c.d.mysql -> Re: Ubuntu MySQL install with Virtualmin - password problems with 16.04.4 server

Re: Ubuntu MySQL install with Virtualmin - password problems with 16.04.4 server

From: Thomas 'PointedEars' Lahn <PointedEars_at_web.de>
Date: Sat, 31 Mar 2018 19:17:55 +0200
Message-ID: <2751831.CbtlEUcBR6_at_PointedEars.de> 






J.O. Aho wrote:


> On 03/31/18 01:37, Thomas 'PointedEars' Lahn wrote:
>> Axel Schwenke wrote:
>>> On 29.03.2018 22:02, J.O. Aho wrote:
>>>> I would say bad design, the password is only for their front end and
>>>> they leave the database without root password
>>>
>>> I don't think that this is correctly deduced. MySQL ships (for quite
>>> some time now) with the auth_socket plugin [1] enabled and uses it for
>>> the default "root_at_localhost" account. That means for connecting to MySQL
>>> as root you don't need any password - when you run the "mysql" command
>>> as user root.
>>>
>>> *I* think that Virtualmin just isn't aware of that. It asks for a
>>> password that is never needed.
>> 
>> You are both writing nonsense.  Virtualmin is “a powerful and flexible
>> web hosting control panel for Linux and BSD systems”.  *No* secure Web
>> server runs as “root” by default (and none should); usually it is “www-
>> data” instead.
> 
> Not talking about as whom the web server is run as, but how the so
> called database root user password is used, as the password set during
> installation isn't used hasn't been set for the mysql database user
> root, it's only used as password to access the database through the web
> ui. Please don't assume things, read instead what people has written.





Likewise.  And shut up when you don’t have a minimum clue.



Contrary to what Axel said:



On my Debian/Devuan GNU+Linux system, with a *default* MySQL configuration, 
it is not possible to connect to the MySQL server as MySQL user “root” 
without a password when the “mysql” command is run as system user “root”:



| $ su -

| Password: 

| 

| # mysql -u root

| ERROR 1045 (28000): Access denied for user 'root'_at_'localhost' (using 


| password: NO)

| 

| # mysql -u root -p

| Enter password: 

| Welcome to the MySQL monitor.  Commands end with ; or \g.

| Your MySQL connection id is 49

| Server version: 5.6.25-3 (Debian)

| […]




As I indicated (by quoting from the product’s Web site, which *none* of you 
has visited before posting), Virtualmin is a *Web* application.  Thus, it 
must use interfaces available to *Web* applications to execute MySQL 
commands.  There two ways to do that: a) through database APIs for the 
programming language in which it is written; b) through programming language 
interfaces for the operating system on which it is running.



If the Web application actually used the “mysql” command through OS 
interfaces (which would potentially enable it to execute other programs on 
the server system, which constitute a security risk, and is therefore often 
made impossible or difficult), then it is very likely that it would _not_ do 
that as user “root”.  Because the *Web server* (software) that is executing 
the Web application is not running as “root” by default, and child processes 
(forks) inherit the environment of their parent process, including the user.



Contrary to what you said:



If instead the Web application does not use the “mysql” command (which is 
likely), then it has to use database interfaces of the programming language 
in which it is written.  This is the case here.  [As it happens, Virtualmin 
is a PHP (default) or Perl Web application, and I have earned an official 
certification for PHP – see signature.  What is *your* PHP certification?]



The main and *known* problem here appears to be that in the database setup 
process Virtualmin operates under the assumption that the password of the 
MySQL “root” user has not been set before.  However, that is not true for 
the majority of MySQL installations.



So in that case the password must be told to Virtualmin or reset in MySQL 
before Virtualmin can setup the database.



    
  
  1.   Google “Virtualmin” (“About 156.000 results (0,25 seconds)”)
  
  2.   First hit       → <https://www.virtualmin.com/>
  
  3.   “DOCUMENTATION” → <https://www.virtualmin.com/documentation>
  
  4.   “Installation Troubleshooting”
   → <https://www.virtualmin.com/documentation/installation/troubleshooting>

  
  5.   “DBI connect failed : Access denied for user 'root'_at_'localhost' (using
   password: NO)”






<https://www.virtualmin.com/documentation/installation/troubleshooting#toc-dbi-connect-failed--access-denied-for-user-rootlocalhost-j55YZQfp>



| Some virtual machine images, and some hosting providers set a

| MySQL/MariaDB root password, and thus it's impossible for Webmin to 

| login to MySQL/MariaDB, so the initial database setup during the post-

| install wizard will complain. The workaround this, you have a couple of 

| options. If you know the MySQL/MariaDB root password, you can configure 

| Webmin to connect with it in the MySQL module under 

| Webmin>Servers>MySQL, filling in the root password.

| 

| If you don't know the MySQL/MariaDB root password, you can set one from 

| the command line with the following steps:


| […]





If that does not help, then it is very likely a *bug* in Virtualmin (either 
in the installation script or the Web application), and needs to be reported 
to the Virtualmin developers:



<https://www.virtualmin.com/project/issues>



In any case, it is off-topic here.
 

-- 
PointedEars
Zend Certified PHP Engineer <http://www.zend.com/en/yellow-pages/ZEND024953>
<https://github.com/PointedEars> | <http://PointedEars.de/wsvn>
Twitter: _at_PointedEars2 | Please do not cc me./Bitte keine Kopien per E-Mail.


Received on Sat Mar 31 2018 - 19:17:55 CEST












Original text of this message