On 1/10/2014 12:14, Reindl Harald wrote: > > Am 10.01.2014 20:11, schrieb Warren Young: >> >> I just tested here on an EL6 VM that didn't have mysql-server on it before: >> >> # grep mysql /etc/shadow >> mysql:!!:16079:::::: > > in the config file where the users shell is defined you may find more :-) > > grep mysql /etc/passwd You've misunderstood the point of that test. It is proof that John Doe's guess is right: the mysql user's account is locked (!!). This means that only way you can "log in as mysql" and thus make use of the /bin/bash setting is to first be root, then "su - mysql". You can't su to mysql from a non-root account since that would require a password. That's why I guess this is a symptom of a wooly-headed change to the spec file, rather than some nefarious security breach. By the way, vault.centos.org is back. Here's what we find in the spec file: /usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \ -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :