Mihamina Rakotomandimby
2014-Jan-09 09:27 UTC
[CentOS] Why does 'mysql' user has /bin/bash shell?
Hello, Default MySQL installation on CentOS sets /bin/bash as shell. I'm on a user cleanup task where I want reduce unneeded privileges to users. What is the "mysql" user shell for? (What will happen if I change it to /bin/false or whatever would disable it's shell?) It's not only a matter of SSH (I'm aware I can AllowUsers in sshd_config for example).
From: Mihamina Rakotomandimby <mihamina at rktmb.org>> Default MySQL installation on CentOS sets /bin/bash as shell. > I'm on a user cleanup task where I want reduce unneeded privileges to users.Its password should be locked. So you cannot login as mysql but you can "su - mysql" or run scripts as mysql. I do not know if any of the "standard" tools needs a shell though. JD
Can you not set up a test system and try it out? Or, if this is your only system, could you not back it up, and test your suggestions out? The mysql "shell" is for viewing data in your databases and manipulating the data in required. You can also add tables and things like that. It is a powerful tool if you know what you are doing. Cheers, Cliff On Thu, Jan 9, 2014 at 10:27 PM, Mihamina Rakotomandimby <mihamina at rktmb.org> wrote:> Hello, > > Default MySQL installation on CentOS sets /bin/bash as shell. > I'm on a user cleanup task where I want reduce unneeded privileges to > users. > > What is the "mysql" user shell for? (What will happen if I change it to > /bin/false or whatever would disable it's shell?) > > It's not only a matter of SSH (I'm aware I can AllowUsers in sshd_config > for example). > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mihamina Rakotomandimby said the following on 09/01/2014 10:27:> Default MySQL installation on CentOS sets /bin/bash as shell.I checked in my CentOS 6 installations. Only one (the latest) has this issue, so it could be something added/modified in the lastest months. Other installations starting from June 2013 (included) does NOT have this issue and the shell of mysql user is /sbin/nologin Ciao, luigi - -- / +--[Luigi Rosa]-- \ A committee is a life form with six or more legs and no brain. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSz6PWAAoJEO5WT/qgw4yKF70P/j0xvasmHMcEiV4T9PDEXxSA 5gHR2VGQDCpgSqm2pmPZ1ppRtuNG7eE1J6pQetl9khIBCV79YokQ9o8PyLNkvOKP H4nPuSQMbAbWK5nifaAERzcMkY54hfwKmbFYyli8HusG0Ymq8O0dY1U3W2E1G0ku UnfsJq7tWclNhXfmTlPgh/sYyMgiuxclmomrZQSsVTyAN17WSHN8f+NjOsKkrNUt NUs+PAYaJNcQQWs0Z/oidTvmHF5eZkrlgZYBwOQC2166Rtk7OnX5aWLGClEv9b/d Pf5/0T6U1PvT68XqRaUDcB42SDml6rU3ZbtiZgZ7qpac9CQM0J10BXDsQO/d6jfL fF02cY34IzLdtb2ApU2c/eaGs2/q01WPouRzoOA/CDYyXy75BsdtC/xIMF2K+wuv JnUB/1dAuC16kC1PzEykEg9d4kJC5RePwi5PkNazR8yStfRKdrG//WyoMIYYeqAo ElBO9Nosn2/z+fl3QylAngngTfKD6CeWDOks4MkXFnqgfeoI1RkmfbUFYW9muSMB Z8CrRtStlhHZmzUMHqjHehIKiKpalNHUo5V8AiynRFySZm5sjthVPtOKeCjilQUt 9BCax0IGNbwpIw7tjAOk/3/uKpRadUbCJrEFyAB1mZdFGea8PkyVLPo7yZ4v0TaA rfJv1RsDOU1f4PUkCQgh =YTQY -----END PGP SIGNATURE-----