If you install MySQL on Linux, then a new user account called ‘
mysql‘ will be created for running
mysqld service. But why does the mysql user has bash shell in
/etc/passwd? Generally, services are run as nologin user, where the shell will be set to
/etc/passwd file. It means, the account is eligible for running a service, but does not have a shell access. I strongly believed (correct me, if my understanding is wrong in the comment section) this setting will improve security. Was shell access provided to mysql user is intentional (or has some real purpose)? Let’s find out.
According to the bug report submitted in Redhat, the mysql pre-install script does seems to create a user using useradd command and has used ‘-s‘ option set to /bin/bash.
/usr/sbin/useradd -M -o -r -d /var/lib/mysql -s /bin/bash \ -c "MySQL Server" -u 27 mysql > /dev/null 2>&1 || :
The issue was reported by Mike Rubel@Redhat, who says mysql user should be nologin user by default.
But it seems like the Tom Lane (probably one of the MySQL developer) refuses to accept the bug report. He says mysql account is created with no password and will ultimately restrict login access.
Mike responded – the behavior is still unusual, because a vulnerable mysqld would allow an attacker to install a SSH key into
/var/lib/mysql/.ssh/authorized_keys (the mysql’s home directory), to allow remote shell access (which makes an account with no password meaning less).
Though there were plenty of support for Mike, Tom continued to justify the reason for mysql account having shell access. He says, there are utilities such as mysqlhotcopy, mysqluc require shell access. Also the MySQL administrator might want to switch to mysql user to perform backup operations.
Denying shell access to MySQL user will affect the service?
Well, I agree some commands might require shell access. But the most popular MySQL backup command mysqldump does not require shell as mysql user isn’t? The MySQL administrator need not switch to mysql user account to run a backup, instead mysqldump can be run as any user by providing valid mysql username, password & database. I do run a backup of my website via cron that uses mysqldump. I don’t switch to mysql user to do that.
According to Tom, if that’s the only reason why mysql user has shell access, then I’m strongly against it.
So I changed
mysql user shell to
/etc/passwd. I didn’t see any issue till now (hopefully not in the future). In case, if I see any problem, I’ll get back to this article & update it.
Will you allow mysql user to have shell access? I appreciate your thoughts.
I love bugs and I love fixing them!