我有一个在 chroot 中运行 mariadb 的脚本,它是一个 qemu-arm-static rasoberrypi chroot,但我认为这不会有太大改变。
该脚本安装并设置 mariadb 根用户的密码,然后尝试使用设置的密码以用户“pi”身份创建数据库。
脚本如下:
apt-get install -y mariadb-server
mysqld_safe &
echo "waiting for sql server to go online"
sleep 10
mysql -u root <<-EOF
UPDATE mysql.user SET Password=PASSWORD('root') WEHRE User='root';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.db WHERE Db='test' OR Db='test_%';
FLUSH PRIVILEGES;
EOF
mysql --user=root -e "select user, host, password, plugin, authentication_string from mysql.user where user='root';"
mysql --user=root -e "show grants for 'root'@'localhost';"
mysqladmin shutdown
sleep 10
mysqld_safe &
echo "waiting for sql server to go online"
sleep 10
su pi -c 'mysql --user=root --password=root -e "CREATE DATABASE dbname;"'
mysqladmin shutdown
输出如下:
update-alternatives: using /usr/bin/xterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/lxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Processing triggers for systemd (232-25+deb9u2) ...
W: chown to _apt:root of directory /var/cache/apt/archives/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
W: Not using locking for nfs mounted lock file /var/cache/apt/archives/lock
+ echo 'waiting for sql server to go online'
waiting for sql server to go online
+ sleep 10
+ mysqld_safe
180628 08:27:53 mysqld_safe Logging to syslog.
180628 08:27:54 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
+ mysql -u root
+ mysql --user=root -e 'select user, host, password, plugin, authentication_string from mysql.user where user='\''root'\'';'
user host password plugin authentication_string
root localhost *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B unix_socket
+ mysql --user=root -e 'show grants for '\''root'\''@'\''localhost'\'';'
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+ mysqladmin shutdown
+ sleep 10
+ echo 'waiting for sql server to go online'
waiting for sql server to go online
+ sleep 10
+ mysqld_safe
180628 08:28:18 mysqld_safe Logging to syslog.
180628 08:28:18 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
+ su pi -c 'mysql --user=root --password=root -e "CREATE DATABASE dbname;"'
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
以 root 身份运行mysql始终有效并且不需要输入密码。
如果我将密码从“root”更改为其他密码,我可以看到密码哈希值会发生变化,但仍然会出现“拒绝访问”的情况,是否还需要执行其他操作才能使 root 可以登录?
答案1
好的,问题是,我通过 #maria IRC 频道发现,Debian 系统(可能还有其他 posix 系统)有一个名为 unix_socket 的身份验证插件。此插件不允许您使用密码访问 root 用户。因此,您可以做的是创建另一个用户,并授予其 root 拥有的所有权限(或您想要的权限)。
这使得上面的脚本看起来像这样,现在CustomPiOS mysql 安装模块的一部分:
# Mysql user (not root, because root is only accessible from command-line)
MYSQL_USER=pi
MYSQL_USER_PASSWORD=raspberry
apt-get install -y mariadb-server
mysqld_safe &
echo "waiting for sql server to go online"
sleep 10
mysql --user=root -e "CREATE USER '"${MYSQL_USER}"'@'localhost' IDENTIFIED BY '${MYSQL_USER_PASSWORD}';"
mysql --user=root -e "GRANT ALL PRIVILEGES ON *.* to 'pi'@'localhost' WITH GRANT OPTION;"
# Debug
# mysql --user=root -e "select user, host, password, plugin, authentication_string from mysql.user;"
# mysql --user=root -e "show grants for '"${MYSQL_USER}"'@'localhost';"
mysqladmin shutdown
# Example to create a new DB
# mysqld_safe &
# echo "waiting for sql server to go online"
# sleep 10
# su pi -c 'mysql --user=pi --password=raspberry -e "CREATE DATABASE dbname;"'
# mysqladmin shutdown
echo "Done installing mysql"