I never thought about this before. I use a password manager for all my accounts (web/server-admin/etc).
But today I was reading about installing a Nextcloud in a Debian server, and it's stated:
You should save your MariaDB root username and password in a .my.cnf file, as this will enable you to log in to MariaDB and execute SQL commands without a password prompt.
@ How to Install Nextcloud 12 Server on Debian 9 with HTTPS
Should I?
Looking for an answer to this question, I found this: mysql root password – where should it be stored?, where they imply this is a normal situation.
I already ran the mysql_secure_installation script. So, the root password is already changed. Should I put this password in this /root/.my.cnf file?
Is there more information about this somewhere? I find it really difficult to believe: storing password in plain text in my server seems a very bad idea to me.
Update: I think it wasn't clear enough. My mistake. So, I would like to clarify: I'm not logged in into my server as root. In fact, it is disabled, I have my user within the sudoers group. And I create a user database for each database I'm creating within the server. As I already stated: I ran the script to secure the database.
Best Answer
You can store the root password elsewhere, you normal password manager seems a useful place, and simply enter it whenever you need to log in as the MariaDB root user, which is probably not all that frequently once the database server has been configured.
I don't know if MariaDB is compatible with the MySQL feature to store your credentials encrypted with the MySQL config Editor in a
~/.mylogin.cnfbut that might be one option if you do want to store passwords on the server.Alternatively enabling the plugin for socket authentication for the root user (or your own user), where MariaDB trusts operating system credentials received over the socket and does not rely on a password (either submitted or stored in a plain text file) might be an option.