Is there some way to set up mysql, so that linux user joeblow can use
database joesdb, without specifying password, but other linux users
cannot?

Because most of my database access is done programmatically, and the
code is all in CVS, password secrecy becomes a pain in the ass and I
would rather use Linux account security.

i

>Is there some way to set up mysql, so that linux user joeblow can use
>database joesdb, without specifying password, but other linux users
>cannot?
>
>Because most of my database access is done programmatically, and the
>code is all in CVS, password secrecy becomes a pain in the ass and I
>would rather use Linux account security.

MySQL does not do Linux account security. That would require the
MySQL server to trust the code in the client to tell it (accurately,
without lying) what user is running it. If you trust the code in
a (possibly hacked) client (possibly running on the hacker's own
machine), you have no security at all.

[B[B[BOn 2008-02-06, Gordon Burditt <gordonb.pn4bw@burditt.org> wrote:
>>Is there some way to set up mysql, so that linux user joeblow can use
>>database joesdb, without specifying password, but other linux users
>>cannot?
>>
>>BecaBBBuse most of my database access is done programmatically, and the
>>code is all in CVS, password secrecy becomes a pain in the ass and I
>>would rather use Linux account security.
>
> MySQL does not do Linux account security. That would require the
> MySQL server to trust the code in the client to tell it (accurately,
> without lying) what user is running it. If you trust the code in
> a (possibly hacked) client (possibly running on the hacker's own
> machine), you have no security at all.
>
>

This is not true if both the db and user reside on the same machine.

i

On Tue, 05 Feb 2008 08:57:34 -0600, Ignoramus17624 wrote:
> Is there some way to set up mysql, so that linux user joeblow can use
> database joesdb, without specifying password, but other linux users
> cannot?

Not by linux ID, only by MySQL ID. MySQL doesn't care about linux ids.
It's all sockets as far as MySQL is concerned.

> Because most of my database access is done programmatically, and the
> code is all in CVS, password secrecy becomes a pain in the ass and I
> would rather use Linux account security.

You can't have unauthenticated and authenticated connections at the same
time. The usual means around this is to have the user's MySQL password
stored in an .ini/*rc file read BY YOUR APPLICATION that's owned by
each user and has permissions set such that only that linux user can
access the file. If the application is being run by user abbott and
abbott has no authority to anything in database joesdb, then abbbott
can't access the databse directly AND the application couldn't read user
joeblow's configuration file and will fail. If it's being run by joeblow
(or a superuser like root), then joeblow's rc file can be read and the
application uses the stored password to connect to the MySQL server.

--
95. My dungeon will have its own qualified medical staff complete with
bodyguards. That way if a prisoner becomes sick and his cellmate tells the
guard it's an emergency, the guard will fetch a trauma team instead of
opening up the cell for a look. --Peter Anspach's Evil Overlord List