Hello,
By looking into Nextcloud database, I’ve seen that the root user doesn’t have a password, but rely on mysql_native_password to authenticate.
As this plugin may be used by libraries, does NextCloud requires admin rights to work/perform updates?
If yes, I let this as is despite this authentication having a security warning by mariaDB .
if no, I prefer to set a robust password.
Technical details:
Nextcloud 20.0.3 installed
Best regards,
Does NextCloud requires root access to database?
No.
Normally
- Linux-root (e.g. sudo) installs MariaDB
- MariaDB has got an MariaDB-root-user with password (e.g. set on install for security reason)
- MariaDB-root-user creates user MariaDB-nextcloud-user
- MariaDB-root-user creates datase MariaDB-nextcloud-db
- MariaDB-root-user sets permissions for MariaDB-nextcloud-user for MariaDB-nextcloud-db
- set configuration in /path/to/nextcloud/config/config.php
Read installation guide:
https://www.howtoforge.com/tutorial/how-to-install-nextcloud-on-debian-10
https://www.howtoforge.com/tutorial/ubuntu-nginx-nextcloud
With no password for MariaDB-root-user and/or MariaDB-nextcloud-user there is a security risk.
Normally you can access MariaDB only from “localhost”. Than there is no high risk.
You can set the MariaDB-root-user-account after installation.
Sorry german:
https://canox.net/2017/08/passwort-fuer-den-root-benutzer-von-mariadb-setzen/
Or read:
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
Hello,
Thanks, I didn’t expect such fast answer ^^