Is having a root .my.cnf file a bad idea?

[David Colter]

After completing a long-overdue upgrade of database software from MariaDB 5.5 to 10.2 and cleaning up the broken pieces, I discovered that it is not necessary to enter a password for the root user from the command line any more.

# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 44
Server version: 10.2.19-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SELECT user,host,password FROM mysql.user WHERE user='';
Empty set (0.00 sec)

MariaDB [(none)]>

In researching how to fix this, it was apparent that there are two sides to the issue.

Searching further for the reason, I found the a file .my.cnf in the root directory with user and password. Aha!

# cat ~/.my.cnf
[client]
password="<the password>"
user=root
[mysqld]
#

Considering the server has disabled root "password" login (key only), is this opening a vulnerability? Is is mainly for the convenience?

Thanks for adding your view!

David

 

[dalem]

the risk is minimal

if a hacker has access to that file as root
you have bigger problems

 

[cPanelMichael]

Hello David,

Root access to the system is required in order to see the contents of the file. Additionally, the root password in the /root/.my.cnf file is not the same as the server's root password.

Let me know if you have any questions.

Thanks!