MDEV-12484 Enable unix socket authentication by default

Debian part. Do not ask to set a root password,
do not create debian-sys-maint user (but preserve an existing one
on upgrades - user scripts might be relying on it).

Just create an empty /etc/mysql/debian.cnf for --defaults-file not to fail

4 files changed, 17 insertions, 167 deletions

diff --git a/debian/mariadb-server-10.4.README.Debian b/debian/mariadb-server-10.4.README.Debian
index 1e8b86f867c..5a05f196042 100644
--- a/debian/mariadb-server-10.4.README.Debian
+++ b/debian/mariadb-server-10.4.README.Debian
@@ -2,12 +2,7 @@
 =============================
 You may never ever delete the mysql user "root". Although it has no password
 is set, the unix_auth plugin ensure that it can only be run locally as the root
-user. The credentials in /etc/mysql/debian.cnf specify the user are used by the
-init scripts to stop the server and perform logrotation. So in most of the
-time you can fix the situation by making sure that the /etc/mysql/debian.cnf
-file specifies the root user and no password.
-
-This used to be the debian-sys-maint user which is no longer used.
+user.
 
 * WHAT TO DO AFTER UPGRADES:
 ============================
@@ -57,7 +52,13 @@ the DB server over the network:
 
   sudo /usr/bin/mysql -e "GRANT ALL ON *.* TO 'USERNAME'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION"
 
-Scripts should run as a user have the required grants and be identified via unix_socket.
+Scripts should run as a user have the required grants and be authenticated via
+unix_socket.
+
+It is wise to run scripts as the "mysql" system user. Like root,
+mysql@localhost is created by default to have all privileges in MariaDB
+and to use unix_socket authentication. But scripts running under "mysql"
+won't have system-wide root so they won't be able to corrupt your system.
 
 If you are too tired to type the password in every time and unix_socket auth
 doesn't suit your needs, you can store it in the file $HOME/.my.cnf. It should
@@ -67,18 +68,6 @@ can read it.  Every other configuration parameter can be stored there, too.
 For more information in the MariaDB manual in/usr/share/doc/mariadb-doc or
 https://mariadb.com/kb/en/configuring-mariadb-with-mycnf/.
 
-ATTENTION: It is necessary, that a ~/.my.cnf from root always contains a "user"
-line wherever there is a "password" line, else, the Debian maintenance
-scripts, that use /etc/mysql/debian.cnf, will use the username
-"root" but the password that is in root's .my.cnf. Also note,
-that every change you make in the /root/.my.cnf will affect the mysql cron
-script, too.
-
-        # an example of $HOME/.my.cnf
-	[client]
-	user		= your-mysql-username
-	password	= enter-your-good-new-password-here
-
 * FURTHER NOTES ON REPLICATION
 ===============================
 If the MySQL server is acting as a replication slave, you should not
diff --git a/debian/mariadb-server-10.4.config b/debian/mariadb-server-10.4.config
index 44640f2a441..1929c370d6d 100644
--- a/debian/mariadb-server-10.4.config
+++ b/debian/mariadb-server-10.4.config
@@ -12,34 +12,3 @@ if test -n "`which ypwhich 2>/dev/null`"  &&  ypwhich >/dev/null 2>&1; then
   db_input high mariadb-server-10.0/nis_warning || true
   db_go
 fi
-# only ask this question on fresh installs, during "reconfiguration" and when 
-# not upgrading from an existing 5.0 installation.
-# there is also an additional check for empty root passwords in the
-# postinst script when the tools are available for us to use.
-if [ "$1" = "configure" ] && ([ -z "$2" ] && [ ! -e "/var/lib/mysql/debian-5.0.flag" ] ) || [ "$1" = "reconfigure" ]; then
-  while :; do
-    RET=""
-    db_input high mysql-server/root_password || true
-    db_go
-    db_get mysql-server/root_password
-    # if password isn't empty we ask for password verification
-    if [ -z "$RET" ]; then
-      db_fset mysql-server/root_password seen false
-      db_fset mysql-server/root_password_again seen false
-      break
-    fi
-    ROOT_PW="$RET"
-    db_input high mysql-server/root_password_again || true
-    db_go
-    db_get mysql-server/root_password_again
-    if [ "$RET" == "$ROOT_PW" ]; then
-      ROOT_PW=''
-      break
-    fi
-    db_fset mysql-server/password_mismatch seen false
-    db_input critical mysql-server/password_mismatch
-    db_set mysql-server/root_password "" 
-    db_set mysql-server/root_password_again ""
-    db_go
-  done
-fi
diff --git a/debian/mariadb-server-10.4.postinst b/debian/mariadb-server-10.4.postinst
index c813c9bd8b3..4532085169e 100644
--- a/debian/mariadb-server-10.4.postinst
+++ b/debian/mariadb-server-10.4.postinst
@@ -24,47 +24,6 @@ invoke() {
   fi
 }
 
-MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam"
-
-have_global_priv_table=
-
-set_mysql_rootpw() {
-       # forget we ever saw the password.  don't use reset to keep the seen status
-       db_set mysql-server/root_password ""
-       db_set mysql-server/root_password_again ""
-
-       tfile=`mktemp`
-       if [ ! -f "$tfile" ]; then
-               return 1
-       fi
-
-       cat << EOF > $tfile
-USE mysql;
-SET sql_log_bin=0;
-EOF
-       if test -n "$have_global_priv_table"; then
-           cat << EOF >> $tfile
-UPDATE global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD("$rootpw")) WHERE user='root';
-EOF
-       else
-           cat << EOF >> $tfile
-UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root';
-EOF
-       fi
-       cat << EOF >> $tfile
-FLUSH PRIVILEGES;
-EOF
-       # this avoids us having to call "test" or "[" on $rootpw
-       if grep -q 'PASSWORD("")' $tfile; then
-               retval=0
-       else
-               $MYSQL_BOOTSTRAP <$tfile
-               retval=$?
-       fi
-       rm -f $tfile
-       return $retval
-}
-
 case "$1" in
   configure)
     # This is needed because mysql_install_db removes the pid file in /var/run
@@ -161,91 +120,25 @@ EOF
                                    $ERR_LOGGER
     set -e
 
-    if test -f $mysql_datadir/mysql/global_priv.frm; then
-        have_global_priv_table=yes
-    fi
-
     # To avoid downgrades.
     touch $mysql_statedir/debian-$VER.flag
     
-    ## On every reconfiguration the maintenance user is recreated.
-    #
-    # - It is easier to regenerate the password every time but as people
-    #   use fancy rsync scripts and file alteration monitors, the existing
-    #   password is used and existing files not touched.
-    # - The mysqld statement is like that in mysql_install_db because the
-    #   server is not already running. This has some implications:
-    # 	- The amount of newlines and semicolons in the query is important!
-    #   - GRANT is not possible with --skip-grant-tables and "INSERT
-    #     (user,host..) VALUES" is not --ansi compliant
-    # - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
-    # - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv
-    #   may not be present as old Woody 3.23 databases did not have it and the
-    #   admin might not already have run mysql_upgrade which adds them.
-    #   As the binlog cron scripts to need at least the Super_priv, I do first
-    #   the old query which always succeeds and then the new which may or may not.
-
-    # recreate the credentials file if not present or without mysql_upgrade stanza
+    # On new installations root user can connect via unix_socket.
+    # But on upgrades, scripts rely on debian-sys-maint user and
+    # credentials in /etc/mysql/debian.cnf
+    # All tools use --defaults-file=/etc/mysql/debian.cnf
+    # And while it's not needed for new installations, we keep using
+    # --defaults-file option for tools (for the sake of upgrades)
+    # and thus need /etc/mysql/debian.cnf to exist, even if it's empty.
     dc=$mysql_cfgdir/debian.cnf;
-    if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
-        pass="`sed -n 's/^[     ]*password *= *// p' $dc | head -n 1`"
-    else
-	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
-        if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
-        umask 066
+    if [ ! -e "$dc" ]; then
         cat /dev/null > $dc
-        umask 022
         echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
-        echo "[client]"                                                    >>$dc
-        echo "host     = localhost"                                        >>$dc
-        echo "user     = debian-sys-maint"                                 >>$dc
-        echo "password = $pass"                                            >>$dc
-        echo "socket   = $mysql_rundir/mysqld.sock"                        >>$dc
-        echo "[mysql_upgrade]"                                             >>$dc
-        echo "host     = localhost"                                        >>$dc
-        echo "user     = debian-sys-maint"                                 >>$dc
-        echo "password = $pass"                                            >>$dc
-        echo "socket   = $mysql_rundir/mysqld.sock"                        >>$dc
-        echo "basedir  = /usr"                                             >>$dc
     fi
-    # If this dir chmod go+w then the admin did it. But this file should not.
+    # Keep it only root-readable, as it always was
     chown 0:0 $dc
     chmod 0600 $dc
 
-    if test -n "$have_global_priv_table"; then
-      replace_query=`/bin/echo -e \
-        "USE mysql;\n" \
-        "SELECT json_object('access',cast(-1 as unsigned), " \
-          "'plugin', 'mysql_native_password', " \
-          "'authentication_string', password('$pass')) INTO @all_privileges;\n"\
-        "REPLACE global_priv VALUES ('localhost', 'debian-sys-maint', @all_privileges);"`
-    else
-      replace_query=`/bin/echo -e \
-         "USE mysql;\n" \
-         "SET sql_mode='';\n" \
-         "REPLACE INTO user SET " \
-         "  host='localhost', user='debian-sys-maint', password=password('$pass'), " \
-         "  Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
-         "  Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
-         "  Process_priv='Y',  File_priv='Y', Grant_priv='Y', References_priv='Y', " \
-         "  Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\
-         "  Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\
-         "  Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\
-         "  Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\
-         "  Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y',"\
-         "  ssl_cipher='', x509_issuer='', x509_subject='';"`;
-    fi
-
-    db_get mysql-server/root_password && rootpw="$RET"
-    if ! set_mysql_rootpw; then
-      db_input high mysql-server/error_setting_password || true
-      db_go
-    fi
-
-    set +e
-    echo "$replace_query"                                    | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
-    set -e
-
     # If there is a real AppArmor profile, we reload it.
     # If the default empty profile is installed, then we remove any old
     # profile that may be loaded.
diff --git a/debian/mariadb-server-10.4.preinst b/debian/mariadb-server-10.4.preinst
index 7b0540506ae..08e424bc712 100644
--- a/debian/mariadb-server-10.4.preinst
+++ b/debian/mariadb-server-10.4.preinst
@@ -13,7 +13,6 @@ if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
 ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
 
 export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
-MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
 mysql_datadir=/var/lib/mysql
 mysql_upgradedir=/var/lib/mysql-upgrade