mysql best practices

[dwh]

There is a page of mysql best practices:
http://www.onlamp.com/pub/a/onlamp/2002/07/11/MySQLtips.html

One thing they refer to specifically is the root user...does cpanel use this root used for any of it's scripts or nightly processes? Will renaming it cause any problems? Here's the quote, thanx! :

MySQL is a complex piece of software that may seem overwhelming when you're first trying to learn it. This article describes a set of best practices for MySQL administrators, architects, and developers that should help in the security, maintenance, and performance of a MySQL installation.

1. Set a password for the &root& user and then rename the user.
The first thing you should do with a clean MySQL install is set a password for the root user:


[01:19:00] george@firenze$ mysqladmin -u root password
'somepassword'

Once you've set the password, change the name of the &root& user to something else. A hack attempt on a MySQL server might target the one user that exists on most systems, &root&, both because it has superuser powers and because it is a known user. By changing the name of the &root& user, you make it more difficult for would-be hackers to try a brute-force attack. The following sequence of commands will rename the &root& user:

[01:25:29] george@firenze$ mysql -u root -p mysql
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 72 to server version: 4.0.0-alpha-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql& UPDATE user set user = 'admin' where user = 'root';
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2 Changed: 2 Warnings: 0

mysql& quit;
Bye
[01:25:51] george@firenze$ mysqladmin -u root -p reload
Enter password:
Of course, you may want to select a more creative alternative name than &admin&.
[/quote[

 

[feanor]

I'm pretty sure all of the tie-ins to mysql administration, including the phpMyAdmin.... perhaps all of the cpanel tasks that require a socket connection to the mysql server happen with root authority.

I know this is a big deal, at any rate, they put in a ton of hooks and features in the backend to make sure you can keep a handle on the mysql root password...... and I know if you just haphazardly change the mysql root pass without &notifying& your cpanel software, it will break anything and everything mysql as far as the cpanel software is concerned.

perhaps Darkorb can elaborate more, they coded it.
:p

 

[dwh]

yeah. that's kind of what I thought. Should I make an enhancement/feature request that a future version of cpanel.net allows you to change the root user...or at least defaults a different user than &root& as default. (Of course anyone that knows the innards of cpanel and that a server runs it will be able to figure it out easily, it's still better than leaving the default..but then I'm no security expert).