Mageia forum

Hi,

Mageia 7, running KDE Plasma.

As above, I installed the latest updates, but when I try to follow the procedure to secure Mariadb

Code: Select all

 mysql_secure_installation

I get an error message:

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

I've tried hitting enter both with and without my root password, but I get the same result.

When I shut down the console, it tells me there is a process still running in the window.

I just run my computer as a desktop, so I only need the few programs I use and Internet access. Do I actually need Mariadb?

Can someone help me sort this out?

TIA

If you're unsure if you need it, then you probably don't need it. You can probably just ignore the setup, as you probably are not running anything on your system that depends on it. But to answer your other question, in order to run the secure installation you need to be logged into a terminal as root, or have sudo privileges setup for your user account.

DoubtingT wrote:I just run my computer as a desktop, so I only need the few programs I use and Internet access. Do I actually need Mariadb?

If you don't know if you actually need it, why do you run the setup for MariaDB hardening ?
From what it looks like MariaDB isn't even running, so I'd say it's safe to assume you don't need it.

z and Doktor5000,

Thanks for looking in.

You can probably guess that I didn't actively install MariaDB; I assumed it was just part of a default setup. The only reason I'm trying to secure it is because the system update tells me to - and the language it uses is pretty emphatic.

I do of course attempt to run the code from a terminal as root (sorry, I should have left the hash at the front of the code I posted). When I get notification of updates, I just go ahead and install everything - it seems the safest way to proceed. I believe that the need to follow this procedure for MariaDB first appeared in Mageia 6. In that version, the code ran as predicted. Now the new system isn't behaving as before, I wonder if I've done (or am doing) something wrong. It's just that sense of disquiet I feel when something doesn't work as before.

If you tell me I can ignore the update info box, that's what I'll do.

DoubtingT wrote:If you tell me I can ignore the update info box, that's what I'll do.

For this one, if you don't plan on using MariaDB, yes.

You could try removing mariadb and mariadb-core packages to see if it wants to remove any additional programs, as MariaDB (at least the server part) is not part of a default installation.

Thanks - as always - for the info, doktor5000.

These are the installed elements:

libmariadb3 10.3.20
mariadb 10.3.20
mariadb-client 10.3.20
mariadb-common 10.3.20
mariadb-common-core 10.3.20
mariadb-core 10.3.20
mariadb-extra 10.3.20

Should I uninstall all of them, or just the two you mentioned in your last post: mariadb and mariadb-core?

DoubtingT wrote:or just the two you mentioned in your last post: mariadb and mariadb-core?

I just checked again in a pretty default mga7 installation, and it seems mariadb and mariadb-core are required for akonadi, which in turn is required for kmail, korganizer and digikam.

I'd say at this point just leave it installed, and just ignore the update info box in the future.

I came to the same conclusion when I looked into uninstalling mariadb etc. It seems like more trouble than it's worth. There were numerous mariadb updates during the Magiea 6 lifespan, and I ran the securing code without issues. Something has clearly changed since then, I guess to do with the mysql. As mine is very close to being a default installation, it seems strange that nobody else has had issues.

If no one can help with my original query, I guess I'll just have to leave it unsecured. It does grate a bit though.

Thanks for your help.

Maybe you enabled mariadb for automatic start at some point? Because by default it's not started during bootup, from what I can tell.
Instead of securing it, maybe just disable it for startup on boot - if it's not running, then less to secure.

I didn't enable Mariadb for automatic startup - I wouldn't know how to do that. I've looked in Ksysguard and a search produces no results. I assume therefore it is not running, but I also assume that because it's installed, the updates come through automatically, along with the warning to secure it.

I do have a couple of widgets running on my desktop - clock and weather - and these run under akonadi, which we've now established has a dependency with Mariadb. Again, I have no idea how to alter the way that runs. I suppose I could just remove the widgets, but if Mariadb doesn't show up in Ksysguard, does it matter?

It's funny, up until the Mariadb update, I was thinking that Magiea 7 was the slickest version ever produced, but it does still have some holes. Aside from this issue, Clamav just doesn't launch (at least not with the GUI).

Maybe I'll Google again to see if other people managed to solve the error issue.

Note that multiple incarnations of the database server (mysqld) are involved.

The one that serves the sock: /var/lib/mysql/mysql.sock may be enabled and started using systemctl or "System/Manage System Services ... in MCC.
mysql_secure_installation by default tries to connect to this incarnation. Other applications, e.g, mythtv by default use this incarnation. I assume the upgrade text is mainly addressing this incarnation.

Other incarnations (one per plasma session) are started by Plasma (possibly not until needed by e.g. kmail). These are configured to only accept commands from a UNIX socket that is placed in a session specific tmp directory with access restricted to the user logged in to the session.

arnesp, thanks for your input.

I'm not a systems admin - I just prefer to use Mageia Linux rather than Windows for my day to day computing - so much (actually probably all) of what you've written is way over my head. However, I hope I'm correct in now assuming that before the procedure to secure mariadb will run I have to enable /var/lib/mysql/mysql.sock or Manage System Services through MCC. I don't really want to tinker with the system, and since I don't use digikam, kaddaressbook, kmail, korganizer or mythtv, it begins to look like a pointless exercise.

The final sentences of your explanation state that Plasma starts incarnations of mysqld but possibly not until needed. If access is restricted even in those circumstances to the user logged in to the session, I guess that means the system doesn't just open up for anyone looking in.

I think I'll follow doktor5000's advice and ignore the warning.