[CentOS] Why does 'mysql' user has /bin/bash shell?
Warren Young
warren at etr-usa.com
Fri Jan 10 19:51:15 UTC 2014
On 1/10/2014 12:14, Reindl Harald wrote:
>
> Am 10.01.2014 20:11, schrieb Warren Young:
>>
>> I just tested here on an EL6 VM that didn't have mysql-server on it before:
>>
>> # grep mysql /etc/shadow
>> mysql:!!:16079::::::
>
> in the config file where the users shell is defined you may find more :-)
>
> grep mysql /etc/passwd
You've misunderstood the point of that test. It is proof that John
Doe's guess is right: the mysql user's account is locked (!!). This
means that only way you can "log in as mysql" and thus make use of the
/bin/bash setting is to first be root, then "su - mysql". You can't su
to mysql from a non-root account since that would require a password.
That's why I guess this is a symptom of a wooly-headed change to the
spec file, rather than some nefarious security breach.
By the way, vault.centos.org is back. Here's what we find in the spec file:
/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \
-c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :
More information about the CentOS
mailing list