Greetings All:
Received the following notification …
MySQL users have empty passwords: 1 user - [“mysql.pxc.sst.role”]
Thoughts?
Thanks so much,
Andy
Well, normally it’d mean you have a user with a blank password and there’s a possibility that the username could be used to connect to your mysql instance without needing to provide a password. But seeing the name, it looks like it’s for Xtrabackup to be able to grant the backup user authority to perform the backup. I believe roles are created locked with no password by default and if I recall correctly the user to perform the backup is created when needed and removed when done and inherits the permissions defined in the role…possible we need to fix something to exclude it as a false positive. I assume you’re running PXC 8.x with Xtrabackup? Can you give specific versions so we can get it checked on our side.
2 Likes
Hi @aredman thanks for your post!
I just confirmed on my own PXC 8.0.22 instance that I also have the same blank password entry:
mysql> select user,authentication_string from mysql.user where user ='mysql.pxc.sst.role';
+--------------------+-----------------------+
| user | authentication_string |
+--------------------+-----------------------+
| mysql.pxc.sst.role | |
+--------------------+-----------------------+
1 row in set (0.00 sec)
mysql> select @@version;
+-------------+
| @@version |
+-------------+
| 8.0.21-12.1 |
+-------------+
1 row in set (0.00 sec)
This looks like a false positive alert
2 Likes
Really appreciate it, gents …
mysql Ver 8.0.21-12.1 for Linux on x86_64 (Percona XtraDB Cluster (GPL), Releas e rel12, Revision 4d973e2, WSREP version 26.4.3)
Thanks much,
Andy
1 Like
I have prepared ticket to exclude this user from the check
https://jira.percona.com/browse/PMM-7506
2 Likes