[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: myqsl dummy needs help



On Monday 16 February 2009, Craig White wrote:
>On Mon, 2009-02-16 at 11:06 -0500, Robert L Cochran wrote:
>> All the heavier-weight database engines have their own user accounts, so
>> they can grant or restrict permissions to various databases and tables
>> based on who the user is. MySQL does this. Even though mysql has a root
>> user that user is totally separate from the OS root account. You can
>> also have a mysql user account named mickey even though your host box
>> does not have such a user. So think only in terms of the defined MySQL
>> users.
>>
>> You need to reset the MySQL root user password.
>>
>> There may be no password to start with. I wonder what happens if you
>> just press enter when prompted for the password. If there is no
>> password, then you can set one using mysqladmin. When you first start
>> the mysqld server using 'service start mysqld' the syntax of the command
>> is explained to you right on the terminal window.
>>
>> One more point. If you want to assign a password to a user on a specific
>> host machine, such as 'mickey'@'mickeymouse.m1.org' then I believe that
>> at the time someone attempts to log in with that username the actual
>> machine name must resolve correctly on dns to 'mickeymouse.m1.org' or
>> the user 'mickey' must have a password defined for the localhost machine
>> ('mickey'@'localhost').
>>
>> To do reset the root password correctly, you can find copious details on
>> the MySQL knowledgebase. Go to www.mysql.com and search off their
>> knowledgebase. There is a method described for changing the password for
>> the root user, but it is fairly complicated. I've used it successfully
>> once or twice before when I made a mess of my own mysql root password.
>>
>> Another great resource is to read Paul DuBois book "MySQL". It is really
>> the bible of all things MySQL. If you intend to use MySQL seriously then
>> this book is mandatory purchasing and reading.
>
>----
>I think original setup for mysql is for root user via local socket and
>not via localhost so there actually isn't an account for root localhost
>thus attempting to connect via tcp/ip as root is doomed to fail out of
>the box.
>
>Craig

With all due respect Craig, what the hell use is it then when ALL the 
documentation is wrong?

Now, I just had the bright idea of looking at the mysqld.log after ripping 
it all out and putting even more of it back in, and see this:

[root coyote etc]# cat /var/log/mysqld.log
090216 13:30:36  mysqld ended

090216 13:30:45  mysqld started
/usr/libexec/mysqld: Can't create/write to file '/tmp/ibnoIZas' (Errcode: 13)
090216 13:30:45  InnoDB: Error: unable to create temporary file; errno: 13
090216 13:30:45 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.45'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source distribution

So obviously /tmp doesn't have the right perms.  Or at least I assume (there 
is that word again) that an error 13 is permissions related.  Selinux is in 
targeted mode, enabled, and it isn't fussing.

/tmp itself is drwxr-xr-x  amanda disk   system_u:object_r:tmp_t:s0       tmp
but nearly everything in it is root:root except the amanda and amanda-debug 
directories.  So I just changed tmp to drwxrwxrwx  But that also didn't change
anything. Or did it, now the log shows this when I restart mysqld:

090216 13:51:44  mysqld started
InnoDB: The first specified data file ./ibdata1 did not exist:
InnoDB: a new database to be created!
090216 13:51:44  InnoDB: Setting file ./ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
090216 13:51:45  InnoDB: Log file ./ib_logfile0 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
090216 13:51:45  InnoDB: Log file ./ib_logfile1 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
090216 13:51:46  InnoDB: Started; log sequence number 0 0
090216 13:51:46 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.45'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source distribution

Which says one problem seems to be sorted, at the expense of a huge security 
hole in /tmp as anyone can do anything there now.

Ok, so now try a login again:
[root coyote /]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root coyote /]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root coyote /]#

Seems like this is where I started, isn't it?

Now that the tmp perms is sorted, I suppose I need to go back and do all that 
other stuff again...

Which I just did, and didn't change a thing.  WTF?
Thanks Craig

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Chicken Little only has to be right once.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]