Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Database Server
  • Search

Debian Maint permissions

Questions regarding the Database Server
MySQL, PostgreSQL, MariaDB, Percona Server, phpMyAdmin, phpPgAdmin
Post Reply
  • Print view
Advanced search
2 posts • Page 1 of 1
BBuchanan1013
Posts: 139
Joined: Thu Jan 07, 2016 12:01 am

Debian Maint permissions
  • Quote

Post by BBuchanan1013 » Wed Jan 20, 2016 7:03 pm

For all of those that have the Debian-sys-maint. user in their MySql user list, there is a security bug that needs to be addressed:

This user should only have "Reload" privileges. Not ALL. This user is only meant to rotate log files and restore root password in case you forget it.

Why do I say this is security risk? The password for this user is stored as plaintext on the system. Should an attacker gain access to this users password, they will be able to take over the mysql server and potentially the rest of the system, not to mention have access to your complete database.
Top
skurudo
VestaCP Team
Posts: 8099
Joined: Fri Dec 26, 2014 2:23 pm
Contact:
Contact skurudo
Website Facebook Google+ Skype
Twitter

Re: Debian Maint permissions
  • Quote

Post by skurudo » Tue Feb 16, 2016 7:38 pm

Ok, let's add this like a bug - https://bugs.vestacp.com/issues/150
Top
Post Reply
  • Print view
2 posts • Page 1 of 1

Return to “Database Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password