Mysql

即使設置了密碼,chroot 中的 mariadb 也會為使用者 ‘root’@’localhost’ 拒絕訪問

  • July 3, 2018

我有一個在 chroot 中執行 mariadb 的腳本,它是一個 qemu-arm-static rasoberrypi chroot,但我認為這不會有太大變化。

該腳本安裝並設置 mariadb root 使用者的密碼,然後嘗試使用設置的密碼以使用者 ‘pi’ 的身份創建數據庫。

這是腳本:

apt-get install -y mariadb-server
mysqld_safe &
echo "waiting for sql server to go online"
sleep 10

mysql -u root <<-EOF
UPDATE mysql.user SET Password=PASSWORD('root') WEHRE User='root';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.db WHERE Db='test' OR Db='test_%';
FLUSH PRIVILEGES;
EOF

mysql --user=root -e "select user, host, password, plugin, authentication_string from mysql.user where user='root';"
mysql --user=root -e "show grants for 'root'@'localhost';"

mysqladmin shutdown
sleep 10
mysqld_safe &
echo "waiting for sql server to go online"
sleep 10
su pi -c 'mysql --user=root --password=root -e "CREATE DATABASE dbname;"'
mysqladmin shutdown

這是輸出:

update-alternatives: using /usr/bin/xterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/lxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Processing triggers for systemd (232-25+deb9u2) ...
W: chown to _apt:root of directory /var/cache/apt/archives/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
W: Not using locking for nfs mounted lock file /var/cache/apt/archives/lock
+ echo 'waiting for sql server to go online'
waiting for sql server to go online
+ sleep 10
+ mysqld_safe
180628 08:27:53 mysqld_safe Logging to syslog.
180628 08:27:54 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
+ mysql -u root
+ mysql --user=root -e 'select user, host, password, plugin, authentication_string from mysql.user where user='\''root'\'';'
user    host    password        plugin  authentication_string
root    localhost       *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B       unix_socket
+ mysql --user=root -e 'show grants for '\''root'\''@'\''localhost'\'';'
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+ mysqladmin shutdown
+ sleep 10
+ echo 'waiting for sql server to go online'
waiting for sql server to go online
+ sleep 10
+ mysqld_safe
180628 08:28:18 mysqld_safe Logging to syslog.
180628 08:28:18 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
+ su pi -c 'mysql --user=root --password=root -e "CREATE DATABASE dbname;"'
ERROR 1698 (28000): Access denied for user 'root'@'localhost'

以 root 身份執行mysql始終有效,並且不要求輸入密碼。

如果我將密碼從“root”更改為其他密碼,我可以看到密碼雜湊會發生變化,但我仍然會收到“訪問被拒絕”,是否還有其他需要做的事情才能讓 root 登錄?

好的,所以問題是,感謝#maria IRC 頻道,我認為 Debian 系統(可能還有其他 posix 系統)有一個名為 unix_socket 的身份驗證外掛。此外掛不允許您使用密碼訪問 root 使用者。因此,您可以做的是創建另一個使用者,並為其授予 root 擁有的所有權限(或您想要的權限)。

這使得上面的腳本看起來像這樣,它現在是 CustomPiOS mysql 安裝模組的一部分

# Mysql user (not root, because root is only accessible from command-line)
MYSQL_USER=pi
MYSQL_USER_PASSWORD=raspberry

apt-get install -y mariadb-server

mysqld_safe &

echo "waiting for sql server to go online"
sleep 10

mysql --user=root -e "CREATE USER '"${MYSQL_USER}"'@'localhost' IDENTIFIED BY '${MYSQL_USER_PASSWORD}';"
mysql --user=root -e "GRANT ALL PRIVILEGES ON  *.* to 'pi'@'localhost' WITH GRANT OPTION;"

# Debug
# mysql --user=root -e "select user, host, password, plugin, authentication_string from mysql.user;"
# mysql --user=root -e "show grants for '"${MYSQL_USER}"'@'localhost';"

mysqladmin shutdown

# Example to create a new DB
# mysqld_safe &
# echo "waiting for sql server to go online"
# sleep 10
# su pi -c 'mysql --user=pi --password=raspberry -e "CREATE DATABASE dbname;"'
# mysqladmin shutdown

echo "Done installing mysql"

引用自:https://serverfault.com/questions/918619