LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 04-24-2009, 03:10 PM   #1
Ujjain
Member
 
Registered: Mar 2009
Posts: 33

Rep: Reputation: 15
Can MySQL log on via SSH/bash? mysql:x:27:101:MySQL Server:/var/lib/mysql:/bin/bash


/etc/passwd:
Code:
mysql:x:27:101:MySQL Server:/var/lib/mysql:/bin/bash
  • What does this mean?
  • Why do people often advise to set to /bin/false, but did that crash my Nagios until I gave it /bin/bash again?
  • Mysql user has no password set. Only users with /bin/bash (or /bin/sh etc) and a password set can log in via SSH, can they?
Just looking to understand Linux Security.
 
Old 04-24-2009, 03:16 PM   #2
kentyler
Member
 
Registered: Dec 2008
Location: Cleveland Ohio
Distribution: CentOS
Posts: 235

Rep: Reputation: 36
It's safe like that.

At times you may need to su to that user to debug also. Just leave no password and it will be fine.
 
Old 04-24-2009, 03:21 PM   #3
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
What you're showing is a simply "user" entry in /etc/passwd. The user name is mysql. The comment has mysql as well. It might as easily have been named ralph or wilhelmina.

Typically if it is not a real person it is an "administrative account". That is to say an account that was created simply to be the "owner" of files for a specific application. In this case it is most likely mysql based on the name and comment.

The reason people recommend setting the shell to /bin/false is that for administrative accounts you often don't want a real user to login to that account. Setting it to /bin/false makes any login attempt faile and exit immediately.

Sometimes you DO want another user (nagios for example) to be able to switch user (with the su command) to this user. If it is set to /bin/false then that su will fail because it tries to invoke the shell.

Setting a password on the account that no one knows helps to insure no real user will login to the account. You can then use something like ssh trust to allow the nagios user permission to run commands as mysql. Also you can setup sudoers to allow real users to "sudo su" to the admin user. We do quite a bit of the latter as there are many administrative accounts our DBAs need access to but we won't to log access which sudo does by default.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. NoviceW Linux - Networking 17 09-17-2014 03:13 PM
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. suziecorbett Linux - Software 8 10-09-2008 02:52 AM
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. SpellChainz Linux - Newbie 1 06-23-2007 04:35 PM
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. Dannux Linux - Software 3 03-24-2006 09:44 AM


All times are GMT -5. The time now is 11:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration