Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-24-2009, 02:10 PM   #1
Registered: Mar 2009
Posts: 33

Rep: Reputation: 15
Can MySQL log on via SSH/bash? mysql:x:27:101:MySQL Server:/var/lib/mysql:/bin/bash

mysql:x:27:101:MySQL Server:/var/lib/mysql:/bin/bash
  • What does this mean?
  • Why do people often advise to set to /bin/false, but did that crash my Nagios until I gave it /bin/bash again?
  • Mysql user has no password set. Only users with /bin/bash (or /bin/sh etc) and a password set can log in via SSH, can they?
Just looking to understand Linux Security.
Old 04-24-2009, 02:16 PM   #2
Registered: Dec 2008
Location: Newark Ohio
Distribution: Fedora Core
Posts: 269

Rep: Reputation: 37
It's safe like that.

At times you may need to su to that user to debug also. Just leave no password and it will be fine.
Old 04-24-2009, 02:21 PM   #3
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,946
Blog Entries: 14

Rep: Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161
What you're showing is a simply "user" entry in /etc/passwd. The user name is mysql. The comment has mysql as well. It might as easily have been named ralph or wilhelmina.

Typically if it is not a real person it is an "administrative account". That is to say an account that was created simply to be the "owner" of files for a specific application. In this case it is most likely mysql based on the name and comment.

The reason people recommend setting the shell to /bin/false is that for administrative accounts you often don't want a real user to login to that account. Setting it to /bin/false makes any login attempt faile and exit immediately.

Sometimes you DO want another user (nagios for example) to be able to switch user (with the su command) to this user. If it is set to /bin/false then that su will fail because it tries to invoke the shell.

Setting a password on the account that no one knows helps to insure no real user will login to the account. You can then use something like ssh trust to allow the nagios user permission to run commands as mysql. Also you can setup sudoers to allow real users to "sudo su" to the admin user. We do quite a bit of the latter as there are many administrative accounts our DBAs need access to but we won't to log access which sudo does by default.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. NoviceW Linux - Networking 17 09-17-2014 02:13 PM
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. suziecorbett Linux - Software 8 10-09-2008 01:52 AM
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. SpellChainz Linux - Newbie 1 06-23-2007 03:35 PM
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. Dannux Linux - Software 3 03-24-2006 08:44 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:10 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration