-
Story
-
Resolution: Done
-
Minor
-
RH358 - RHEL 8.1 0
-
None
-
7
URL:
Reporter RHNID:
Section: -
Language:
Workaround: If students do set root's password using mysql_secure_installation, they can remove it with:
- mysql -u root -p
MariaDB [(none)]> USE mysql;
MariaDB [(mysql)]> UPDATE SET password=null WHERE user='root';
MariaDB [(mysql)]> exit;
I also ran FLUSH PRIVILEGES before exit, but I suspect it wasn't required since I didn't do anything with granting or revoking.
Description: Maybe we can add an instruction indicating that students should not run "mysql_secure_installation" or if they do, they should make sure not to set root's password. The solutions don't show doing either of these things, but since the ending labs are more open-ended, it's not inconceivable that a student might do it (I know I did when I ran through the lab). The grading script (lab mariadb grade), run from desktopX assumes that root's password hasn't been set. If it has, it errors for two of the tests. I believe it indicates that the legacy database hasn't been created and that it hasn't been restored from backup.
It wasn't clear to me (until I ran into this issue) that running "mysql_secure_installation" isn't required. Maybe this could be made clearer on page 251 under the "Improve MariaDB installation security" section. Maybe we could change the first sentence to read, "While installing the mariadb package group configures a working mysql server, MariaDB provides a program to improve security from the baseline install state."