Not unusually, I’m confused.
If I go to Webmin>Servers>MySQL Database Server and in the “Global Options” click “Change Administration Password” I find that the existing password is not the Root Password but another password.
Should this password be the same as the Root password?
Thanks for reading
So, just to be clear – you’re saying that your MySQL root password is one thing… but when you look in the “Change Administration Password” area, it’s showing a password that you don’t believe is your MySQL root password?
What about if you go into System Settings -> Re-Check Config – does it notice anything unusual, or possibly complain that the MySQL root password isn’t working?
Hi Eric, Thanks for your reply.
Sorry, that wasn’t very clear.
I was expecting the root MySQL Password to be the same as the root user for the server.
The password currently given for the root MySQL is the same as the password for one of the mailboxes and the admin of that site is just about to start using MySQL. Is there a potential that he could log in as the MySQL root user in error?
Or am I worrying without cause ?
The password is quite secure using a mix of numbers/upper/lower characters.
I am not sure how the Root MySQL became the same. Can I simply change it without affecting any other users or the system ?
Sorry so many questions.
Thanks for reading
The MySQL root/master administrator password doesn’t have to be the same as the servers root password (aka virtualmins master administrator). They can be the same for your convenience though, but isn’t preferred from a security perspective.
However it shouldnt be set with a password from a users mailbox, so far must be clear, as the mailbox user can then login to your MySQL server as root/master administrator and control all databases.
You should change the MySQL master admin password and only you need to know it.
Also make sure users can log in as a user and see only their databases. Then you need to find out how this was possible to prevent future issues.
I really don’t know how the password was set at that but it is a password that I use for non-important things. I obviously set the users mailbox at that without thinking.
I have changed the root MySQL password now and will test to see that users can only see their own database. So far this is the only client on this server using it/intending to use it but it looks like they haven’t done so yet.
Again, thanks for your expert and as always, reliable reply. :o)