Is it normal that one can access MySQL as root without entering password, although password is set?

Ubuntu's MySQL packages (which are based on Debian's) use by default the auth_socket plugin. With this plugin when connecting from the local machine no password is required, but the server identifies the operating system user and matches that user. So if you are root on the system and login you become root. This avoids having to setup a MySQL root password first.

See also https://wiki.debian.org/MySql

You should run SHOW GRANTS FOR 'root'@'localhost';

If it shows this line in the results:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION

and not this line:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' WITH GRANT OPTION

that means the root user is automatically authenticated by the unix socket credential. If you don't want this, you can issue a manual GRANT command (don't shoot yourself in the foot doing this) that will override the previous, eg:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'mysecurepassword' WITH GRANT OPTION;

Now mysql will ask a password, but can be used by any user able to access the unix socket (so by default just using mysql -u root -p without being root but of course knowing the password). You have to ponder which one is more secure.

I don't know why the mysql_secure_installation doesn't explain about this.

Is it normal that one can access MySQL as root without entering password, although password is set?

Tags:

Mysql

Ubuntu 18.04

Related

Recent Posts