FOG 1.5.9.57 on Debian 10 mysql root password is blank

george1421

I noticed when I installed 1.5.9.57 it never prompted me to enter a custom root password for mysql. I thought I just missed the question during the installation. While doing some reverse engineering I found that the root password for mysql was blank.

Tom Elliott

@george1421 forgive me if my thoughts are incorrect, but I don’t think this is a big issue, though it should ask for it, I like that it doesn’t set a password like it did for me a while back.

The root user is usually defaulted to only be allowed by the local host now, so it not having a password isn’t a huge issue. As fog now defined and sets up a separate user, and doesn’t rely on the root for fog related items, I think this is okay.

Maybe running mysql_secure_installation should be run or suggested to run after fog installs?

george1421

@tom-elliott I like that fog users a different user account for FOG db access. But I think the fog installer was programmed to either prompt for the root user ID to install FOG (because it needs initially root level access to create the fog database). I’m just noting that I noticed a change but its not clear if it is intentional or not. If the installer has been reverted back to not ask then that is the way is it, no problem.

Tom Elliott

@george1421 I understood what were saying. I think, however the issue is a simple oversight. What I think should happen is attempt to do the database using the root user with a blank password. If it cannot function then prompt for password.

Asking for a password before this point seems useless.

So examples (all three assuming new fog installs, not upgrades):

1. We are a fully clean install. Meaning no packages except git are installed. No Apache, php, or MySQL. Why should the installer ask for root password here? It has never been setup before this point. There would be no password. FOG, in my opinion, should not be defining the root user password here either.

2. Admin had basic server items configured before hand to include installing php, http, and MySQL. Root user is not configured with password. When fog installs no issues with setting up the db and what not.

3. Admin had basic server items configured but also has set root password.

Both 1 and 2 installs will complete relatively fast. 3 would fail, and on that failure should request the root password but not store it.

Hopefully this makes sense. After the install of 1 or 2, you can setup root password without impacting subsequent upgrades.

Sebastian Roth

@george1421 Good you are bringing this up. I really hope I got that stuff all right but you never can be sure with just two eyes looking at it.

As far as I can tell from the top of my head Debian and Ubuntu changed to a DB root user that should only be able to connect to the DB through a socket but not via network. The idea is that if you have Linux root access to the machine then connecting to the DB through a socket is allowed without (or with empty) DB root password.

That’s why on current Debian and Ubuntu you are not asked to give/set the DB root password.

The mysql_secure_installation command mentioned by Tom is just a shell script running some SQL commands and I looked through that script and put all of that right into the FOG installer because it was a pain to run that script without user interaction.

Sebastian Roth

@tom-elliott said in FOG 1.5.9.57 on Debian 10 mysql root password is blank:

We are a fully clean install. Meaning no packages except git are installed. No Apache, php, or MySQL. Why should the installer ask for root password here? It has never been setup before this point. There would be no password. FOG, in my opinion, should not be defining the root user password here either.

I think it should force the user to have a DB root password unless it’s a setup with local socket access as described below. That was one of the major points of re-writing that part of the installer. I tested a lot and would hope that the installer does what I say on all officially supported systems.