New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Vesta leaves mysql with blank password?
Just installed Vesta on a clean centos install and I note I can do "mysql -u root" and get into mysql without a password. It doesn't do mysql_secure_installation. What's up with that?
It is buried in the installation logging that you need to set a password, but other panel and LEBscript installers I've seen automatically run it, and I can't think of a good reason not to.
Comments
Mine is ok, you can change it @ /usr/local/vesta/conf/mysql.conf
I can get to mysql from the command line as root without a password - can you? I also have the conf file with a password in it, but it doesn't seem to be in effect. This is he second time I installed vesta, and now I remember why I uninstalled it first time.
Found this dump of the install process here: http://tutorialspots.com/vesta-control-panel-installation-1233.html
Your best bet is to post on the Vesta forum.
I think I'll just avoid Vesta.
Open a thread? It is a younger project, you'd help them improve instead of cowering away.
Well, but leaving the MySQL root account password-less is more than negligent for a Control Panel project, no matter whether young or mature. Simple things like this should not happen...
Some things get overlooked. Even by the most intelligent people. Apple Maps, the Medicare website is a fail, The Pentium Math bug http://en.wikipedia.org/wiki/Pentium_FDIV_bug, Y2K. People screw up.
Are you logged in as root in SSH? If so, is there a particular reason that the root user having root access bothers you?
Did it create a /root/.my.cnf file?
I'm not cowering - I just want something I can use that closes the doors. I consider that mysql omission a fundamental flaw, and I have no confidence in the project now.
Do you need to be logged in as root to do "mysql -u root"?
Depends on the configuration. If a password is defined in ~/.my.cnf then you wouldn't need to pass a password to it.
This is normal.
You can login because Vesta writes the password to the my.cnf file in the home directory of root:
Vesta and Vestas MySQL is perfectly safe.
You changed your name!
Excellent. Thanks for the explanation. Makes sense. Now I'm happy to revisit Vesta.
Why?
Why what?
To be clear on this, there is no harm in doing this, only benefits. On a properly secured system, if a user can access /root they can just as easily restart MySQL with skip grants. This prevents the user from having to retype the password, but it loads from ~/.my.cnf so unless you have the ability to read a file in someone else's user directory you are as secure as the authentication/permissions for the unix account for which you are logged in.
Keep in mind cPanel does this, pretty sure Plesk as well. I configure this on all of my servers.
Also make sure to remember to ask questions and research before causing a vulnerability scare, it's just good form
As for:
This is always stated on the first start of a MySQL installation and you cannot run mysql_secure_installation without having started MySQL.
And again, I learn.
@Jar: I meant the name change...
Ah, explained in the cest pit