I'm using Mandrake 7.2, MySQL 3.23.23.

Since I installed mysql a few days ago I have had logrotate complaining to root that it cannot get access to the logs to rotate them. I followed the instructions and set up a /root/.my.cnf file so that the rotate could happen, but no go.

After trying various combinations of secret and plain and no and null passwords for root I have hit on a combination that appears to work, that is using an SQL update instruction to the user table in mysql database to put a plain password in there for root and have a plain password in the .my.cnf file.

Now of course the issue is that root with its plain password does not get access to the databases since it tries to compare a command line password with a non-secret one but is expecting it to be secret. Not much of an issue at this point since there are other users will full permissions on everything that I can think of. Any one of these accounts can reset the passwords for 'root'.

Are there any items that you positively have to log in as root from the cli to get them done? Any gotchas that I am likely to run into down the way with this setup?

    18 days later

    Hmm, good ??

    On my BSD servers, mysqladmin takes care of most stuff that requires lots of privileges, like flush, restart, shutdown, etc. You have to be "root" on the box to use mysqladmin, of course. I'm
    pretty MySQL stupid though; don't take my word for it, necessarily. There's lots of stuff that mysqladmin doesn't do...the question would just be, can you do it with some other mysqluser?

    I'd actually recommend trying to figure out what's really up with logrotate. Generally, a workaround is not the best longterm solution, IMO.

      Thanks for your response.

      After I posted that message I thought my logrotate was working with my new password setup, however it was not. Just that the method I used to force logrotate into action to test it did not in fact copy the error messages to stdout.

      After quite a lot of experimentation I decided that my setup was, for some odd reason, just not able to pick up the username and password from .my.cnf

      I am now following the rather widely recommended suggestion to place both username and password in the actual invocation of mysqladmin from the logrotate script, ensuring that permissions keep the script safe from outside reads.

      This too is a workaround :-( since it is not in accordance with the mysql helpfile. Finding the real reason why mysqladmin cannot get access to the contents of .my.cnf is on my list, but fairly low down on the priorities.

        Write a Reply...