Make the "Configure MySql for easy access as root user" step opt-in

Question

Make the "Configure MySql for easy access as root user" step opt-in

boosh opened this issue 9 years ago · 2 comments

I think it's a bad idea to have the root DB pw written to disk, even in /root. Arguably if a user has got root access you're screwed anyway, but since I only found that this file was being written while working on something else I think it should be opt-in only for extra security.

Answer 1 · 2015-07-30T08:09:52.000Z

Hmmm yeah I see that point.

@pjan Any specific thoughts about that or did you had some special use cases in mind when writing that file to disk?

The mysql password is stored in the playbook anyway and nothing randomly generated which the user may doesn't know

Answer 2 · 2015-08-13T20:39:34.000Z

This would be simple to add right?

- name: MySQL | Configure MySql for easy access as root user
  template:
    src: root_dot_my.cnf.j2
    dest: /root/.my.cnf
    owner: root
    group: root
    mode: 0600
  when: mysql_create_root_conf is defined and mysql_create_root_conf == true