docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon docker

Can't sign into mariadb when using docker swarm secrets due to unix socket authentication

Open 3bsalcedo opened this issue 10 months ago • 2 comments

Is this a docs issue?

  • [x] My issue is about the documentation content or website

Type of issue

I can't find what I'm looking for

Description

Unable to log into the root user of MariaDB after setting up a docker swarm service for MariaDB using secrets. When I type the root password in, I get an access denied error.

Location

https://docs.docker.com/engine/swarm/secrets/

Suggestion

I think it should be mentioned in the secrets section of the docs that MariaDB 10.4+ defaults to unix socket authentication. With Unix socket authentication in MariaDB, only users mapped to a system (Linux) user account can log in without a password. This authentication method allows users to connect if they are logged into the system as a user that matches a MariaDB user. If not it will not log you in. You can pass the password secret file inline with the command to sign into MariaDB and it will log into root. I didn't see any mention of this in the secrets section of the docs. I may have missed it, in which case, I'm sorry for taking up your time.

Image

A fix for this would be disabling unix_socket and switching back to password authentication in MariaDB. With more help from AI, I found that adding this command: ["--skip-grant-tables", "--skip-networking"] to the MariaDB service section of the .yml worked, allowing me to sign into root by typing the password stored in the secrets file.

Example docker config file for a test MariaDB swarm service:

Image

Testing MariaDB root sign in with ["--skip-grant-tables", "--skip-networking"] added to the config:

Image

Chat GPT also mentions this as a fix but I have not tried it and you would have to already have a mariadb shell: ALTER USER 'root'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('yourpassword');

3bsalcedo avatar Feb 11 '25 08:02 3bsalcedo

There hasn't been any activity on this issue for a long time. If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment. If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

docker-robot[bot] avatar May 15 '25 01:05 docker-robot[bot]

/remove-lifecycle stale

3bsalcedo avatar May 17 '25 19:05 3bsalcedo