Aron Bhand writes:

> That solved my immediate problem. But I have a bad feeling about
> the whole affair. Can someone confirm whether this step is really
> necessary. If yes, why and how to minimize the obvious risks
> involved?

You probably haven't read the relevant README.Debian for mysql-server
(it should be in /usr/share/doc/mysql-server-/README.Debian.gz
..) Let me cite the relevant bit:

,----[ /usr/share/doc/mysql-server-5.0/README.Debian.gz ]
| * MYSQL WON'T START OR STOP?
| ============================
| You may never ever delete the special mysql user "debian-sys-maint". This
| user together with the credentials in /etc/mysql/debian.cnf are used by the
| init scripts to stop the server as they would require knowledge of the mysql
| root users password else.
| So in most of the times you can fix the situation by making sure that the
| debian.cnf file contains the right password, e.g. by setting a new one
| (remember to do a "flush privileges" then).
`----

In the future, when installing new packages, kindly read the relevant
README.Debian for those packages (especially for packages providing
services like databases or webservers; there's almost always a
Debian-specific hint that you should keep in mind.) Same goes for
upstream READMEs and the changelog.Debian.gz and/or NEWS.Debian.gz .

--
I like the idea of 256 bits, though: 32 for the (Unicode) character leaves
room for 224 Bucky bits, which ought to be enough for anyone.
-- Roland Hutchinson, in alt.folklore.computers

Hi

Zak B. Elep wrote:
> Aron Bhand writes:
>
>> That solved my immediate problem. But I have a bad feeling about
>> the whole affair. Can someone confirm whether this step is really
>> necessary. If yes, why and how to minimize the obvious risks
>> involved?
>
> You probably haven't read the relevant README.Debian for mysql-server
> (it should be in /usr/share/doc/mysql-server-/README.Debian.gz
> .) Let me cite the relevant bit:
>
> ,----[ /usr/share/doc/mysql-server-5.0/README.Debian.gz ]
> | * MYSQL WON'T START OR STOP?
> | ============================
> | You may never ever delete the special mysql user "debian-sys-maint". This
> | user together with the credentials in /etc/mysql/debian.cnf are used by the
> | init scripts to stop the server as they would require knowledge of the mysql
> | root users password else.
> | So in most of the times you can fix the situation by making sure that the
> | debian.cnf file contains the right password, e.g. by setting a new one
> | (remember to do a "flush privileges" then).
> `----

Thanks for confirming that this user with full privileges on the
database server is necessary.

> In the future, when installing new packages, kindly read the relevant
> README.Debian for those packages (especially for packages providing
> services like databases or webservers; there's almost always a
> Debian-specific hint that you should keep in mind.) Same goes for
> upstream READMEs and the changelog.Debian.gz and/or NEWS.Debian.gz .
>

Yes, that is a good idea. I'm new to Debian and currently struggling
to understand its packaging concept. (A couple of threads still runnning
in this NG.)

Now what I would like to know is the answers to these questions:
>> If yes, why and how to minimize the obvious risks involved?

There must be a strong reason for this step, which is worth the price
of the fragility and the risks it has introduced.

regards
Aron

Aron Bhand writes:

> Yes, that is a good idea. I'm new to Debian and currently struggling
> to understand its packaging concept. (A couple of threads still runnning
> in this NG.)
>
> Now what I would like to know is the answers to these questions:
>>> If yes, why and how to minimize the obvious risks involved?
>
> There must be a strong reason for this step, which is worth the price
> of the fragility and the risks it has introduced.

It is a separation of concerns, or in this case, privileges. The
README.Debian.gz indicates that the "debian-sys-maint" MySQL user is
used only by the initscripts to startup/shutdown the database server,
and hence should only have those privileges. There is still a separate
"root" MySQL user with full privileges whose customizations are placed
in /root/.my.cnf (separate from "debian-sys-maint" in
/etc/mysql/debian.cnf .) The idea is for the MySQL initscripts to be
run in a pristine state, as opposed to be under a possibly-customized
"root" user state that could break these scripts.

In the original mail, it read that you moved a MySQL database from a
server (presumably non-Debian) to a Debian MySQL server, via SQL dump.
The "debian-sys-maint" user is typically created on fresh installs of
the mysql-server package at postinst. In order to properly regenerate
it, you can run `dpkg-reconfigure -plow mysql-server-'.

--
I like the idea of 256 bits, though: 32 for the (Unicode) character leaves
room for 224 Bucky bits, which ought to be enough for anyone.
-- Roland Hutchinson, in alt.folklore.computers