Re: Why does 'mysql' user has /bin/bash shell?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/10/2014 12:14, Reindl Harald wrote:
>
> Am 10.01.2014 20:11, schrieb Warren Young:
>>
>> I just tested here on an EL6 VM that didn't have mysql-server on it before:
>>
>>       # grep mysql /etc/shadow
>>       mysql:!!:16079::::::
>
> in the config file where the users shell is defined you may find more :-)
>
> grep mysql /etc/passwd

You've misunderstood the point of that test.  It is proof that John 
Doe's guess is right: the mysql user's account is locked (!!).  This 
means that only way you can "log in as mysql" and thus make use of the 
/bin/bash setting is to first be root, then "su - mysql".  You can't su 
to mysql from a non-root account since that would require a password.

That's why I guess this is a symptom of a wooly-headed change to the 
spec file, rather than some nefarious security breach.

By the way, vault.centos.org is back.  Here's what we find in the spec file:

/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \
     -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux