How to access MariaDB from a Linux systemd service without password
Hello,
I'm running MariaDB 10.3 on my Debian 10 (Buster) with configurations in /root/.my.cnf
[mysql]
<some users and password>
user=meyer
password=<root-password>
user=root
password=<root-password>
[mysqladmin]
user=root
password=<root-password>
[mysqldump]
user=root
password=<root-password>
[mysqlcheck]
user=root
password=<root-password>
[client]
user=root
password=<root-password>
I'm able to connect to the database without password from terminal or bash script with "mysql -u root" but not with "mysql -u meyer". This is what I want. But if I start the bash script as a service I get the error "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)" Do I have to configure something to enable passwordless root access from a service?
Thanks in advance Matthias
Answer Answered by Daniel Black in this comment.
The systemd service has ProtectHome=yes by default making the /root/.my.cnf file inaccessible to the systemd service.
While disabling with ProtectHome=false may seem like the easy option, consider the alternative:
ALTER USER root@localhost IDENTIFIED VIA unix_socket
Ref: unix socket authentication.
With this the /root/.my.cnf file is no longer needed, and the root unix user is the only one that can access the root@localhost MariaDB user account.
If your systemd service runs under a different user, say xyzservice, then;
CREATE USER xyservice@localhost IDENTIFIED VIA unix_socket
And then provide the sufficient grants to that user based on what the service needs.
