2

I have installed MySQL Community Server 5.7.28 on a CentOS 7. I have observed that there is an OS level user mysql created during installation. As per our security team, we can have only one operational user on a server. I have checked that the default shell for mysql user is /bin/false & its password is locked. Still we are not allowed to have this user on the server. Can we change the ownership of the files from mysql user to our operational user & then delete the mysql user ?

I am still a novice in mysql. Thanks for the help in advance!

Siddhesh Bakkar
  • 21
  • 1
  • 7
    https://dev.mysql.com/doc/refman/8.0/en/changing-mysql-user.html but seriously, your "security team" is bonkers... – Lenniey Dec 20 '19 at 12:10
  • Related: https://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants . Maybe this gives you pointers on how to convince your security team to keep the user. – Gerald Schneider Dec 20 '19 at 12:13
  • I honestly dont believe there is a security team. I highly doubt there is a world that exists that would have someone remove the mysql user since it owns the directories and all files under /var/lib/mysql as well on mac it would probably just recreate the user. – Chris Dec 20 '19 at 13:24
  • @Lenniey - Thanks for the link! I had tested it on a test environment but it didn't work. The mysql server refused to start after changing the ownership of the files. – Siddhesh Bakkar Dec 22 '19 at 12:17
  • @GeraldSchneider - Thanks for pointing out to this link. I have been trying to convince them on three counts : 1) mysql user shell is `/bin/false`, 2) It has UID 40 so it can be classified as a system user. 3) The password of the user is locked, so we can't login anyways. Hoping for the best ! – Siddhesh Bakkar Dec 22 '19 at 12:18
  • @Chris - I agree to your point. Just having a hard time convincing them. – Siddhesh Bakkar Dec 22 '19 at 18:21
  • Did you do all the steps or just the `chown`? – Lenniey Dec 23 '19 at 13:08

0 Answers0