#65 - Use auth_socket for passwordless localhost authentication

joomlatools · May 28, 2022 · 1f0aee8 · 1f0aee8
1 parent 628716d
commit 1f0aee8
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 11 deletions.
diff --git a/config/mysql/my.cnf b/config/mysql/my.cnf
@@ -19,6 +19,10 @@ lower_case_table_names = 1
 # Custom config should go here
 !includedir /etc/mysql/conf.d/
 
+# Load the auth_socket plugin
+# https://dev.mysql.com/doc/refman/8.0/en/socket-pluggable-authentication.html
+plugin-load-add=auth_socket.so
+
 # Performance optimisations
 # http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html
 # https://www.woktron.com/secure/knowledgebase/272/How-to-optimize-MySQL-performance.html

diff --git a/config/s6/cont-init.d/110-mysql.sh b/config/s6/cont-init.d/110-mysql.sh
@@ -46,12 +46,4 @@ if [[ ! -f $MYSQL_VOLUME/mysql.ibd ]]; then
   chmod 1777 $MYSQL_VOLUME
 
   /usr/sbin/mysqld --initialize-insecure --datadir=${MYSQL_VOLUME}
-fi
-
-# Create option file to allow passwordless login for clients
-# https://dev.mysql.com/doc/refman/8.0/en/option-files.html
-USER_FILE=~/.my.cnf
-echo '[client]' >> $USER_FILE
-echo "user=${MYSQL_USER}" >> $USER_FILE
-echo "password=${MYSQL_PASS}" >> $USER_FILE
-chmod 0400 ~/.my.cnf
+fi
diff --git a/config/s6/mysql-init.d/101-perm.sh b/config/s6/mysql-init.d/101-perm.sh
@@ -8,14 +8,15 @@ then
   /usr/bin/mysql -e "
     CREATE USER IF NOT EXISTS '${MYSQL_USER}'@'%';
     ALTER USER '${MYSQL_USER}'@'%' IDENTIFIED WITH mysql_native_password BY '${MYSQL_PASS}';
-    ALTER USER '${MYSQL_USER}'@'localhost' IDENTIFIED WITH mysql_native_password BY '${MYSQL_PASS}';
+    ALTER USER '${MYSQL_USER}'@'localhost' IDENTIFIED WITH auth_socket;
     GRANT ALL ON *.* TO '${MYSQL_USER}'@'%';
     FLUSH PRIVILEGES;
     "
 else
   echo "[mysql-init.d] ${file}: Revoking remote access of MySQL database from any IP address for ${MYSQL_USER}"
    /usr/bin/mysql -e -f "
-      ALTER USER '${MYSQL_USER}'@'localhost' IDENTIFIED WITH mysql_native_password BY '${MYSQL_PASS}';
+      ALTER USER '${MYSQL_USER}'@'%' IDENTIFIED WITH mysql_native_password BY '${MYSQL_PASS}';
+      ALTER USER '${MYSQL_USER}'@'localhost' IDENTIFIED WITH auth_socket;
       REVOKE ALL PRIVILEGES, GRANT OPTION FROM '${MYSQL_USER}'@'%';
       DROP USER IF EXISTS '${MYSQL_USER}'@'%';
       "