Make the "Configure MySql for easy access as root user" step opt-in
boosh opened this issue · 2 comments
boosh commented
I think it's a bad idea to have the root DB pw written to disk, even in /root. Arguably if a user has got root access you're screwed anyway, but since I only found that this file was being written while working on something else I think it should be opt-in only for extra security.
soupdiver commented
Hmmm yeah I see that point.
@pjan Any specific thoughts about that or did you had some special use cases in mind when writing that file to disk?
The mysql password is stored in the playbook anyway and nothing randomly generated which the user may doesn't know
patrickheeney commented
This would be simple to add right?
- name: MySQL | Configure MySql for easy access as root user
template:
src: root_dot_my.cnf.j2
dest: /root/.my.cnf
owner: root
group: root
mode: 0600
when: mysql_create_root_conf is defined and mysql_create_root_conf == true