When I installed the MySQL server RPM I got this message:
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
If I can only use the mysql root user from localhost (i.e after logging in over SSH), how does a password provide any additional security benefit? For example, if I'm already the root user I can delete the mysql data directory...
Thanks
The MySQL root user is the administrative user specifically for the MySQLinstance. While it shares a name with the default admin user on Linux systems, they share no commonality except in function. However, the fact that it is the MySQL instance admin is the important part and the very reason it needs to be protected. Consider the following situations:
Local Authorized User
Any person who is given ssh access to your system will be able to log into the MySQL instance as the root user simply by typing mysql -u root. Re-read that line again just to make sure it sinks in.
Remote Unauthorized User
Any malicious user will be able to gain full control of your MySQL instance simply by exploiting an 'arbitrary command execution' vulnerability. Have a look at CVE-2009-1151 to see exactly how easy this is. In this way they could take control of the www, httpd, apache, or whatever user user and grant themselves a local account. Then log into the MySQL instance as the root user simply by typing mysql -u root.
It is for reasons like this that one of the central tenants of Information Security is "Defense in Depth". That is, never trust a single control to protect you. And in this case, give the root user to your MySQL instance a strong password.
Not only root could use root@localhost mysql login, but any local user.
Mysql have it's own accounts, so mysql's root is not same as system root, leaving root@localhost with no password allows any user from localhost to log in as root to mysql, because there's no password.
