Admins

/usr/share/doc/mariadb-server-10.3/README.Debian.gz

* ROOT USER AUTHENTICATION VIA UNIX SOCKET
==========================================
On new installs no root password is set and no debian-sys-maint user is
created anymore. Instead the MariaDB root account is set to be authenticated
using the unix socket, e.g. any mysqld invocation by root or via sudo will
let the user see the mysqld prompt.

You may never ever delete the mysql user "root". Although it has no password
is set, the unix_auth plugin ensure that it can only be run locally as the root
user.

The credentials in /etc/mysql/debian.cnf specify the user which is used by the
init scripts to stop the server and perform logrotation. This used to be the
debian-sys-maint user which is no longer used as root can run directly.

If you have start/stop problems make sure that the /etc/mysql/debian.cnf file
specifies the root user and no password.

Vu comment la conf est traitée dans le packaging, le do not touch semble un peu exagéré. Je vais essayer une modif à la main sur pad-test pour voir.
https://salsa.debian.org/search?utf8=%E2%9C%93&search=debian.cnf&group_id=2326&project_id=32690&scope=&search_code=true&snippets=false&repository_ref=buster&nav_source=navbar

Beh ça pas marche. Je vais essayer de demander aux mainteneurs.

La réponse est venu de l'IRC #mysql sur freenode.

PoluX    Hi. On debian buster I have legacy credential behavior on old installations (i.e. with debian-sys-maint) and I would like to migrate them to the new way of (no password as root on socket). I didn't found in docs how to do so. Any hint? I tried to move user to root and password to empty in debian.cnf but it didn't worked
thumbs    PoluX: just alter the root@localhost user
thumbs    PoluX: you can then get rid of the old debian nonsense
thumbs    !t PoluX root as root
ubiquity_bot    PoluX: If "mysql -u root" only works as the system root user, you might be using the auth_socket plugin. SELECT user, host, plugin FROM mysql.user; and see https://dev.mysql.com/doc/refman/5.7/en/socket-pluggable-authentication.html

thumbs    !m PoluX alter user
ubiquity_bot    PoluX: See https://dev.mysql.com/doc/refman/5.7/en/alter-user.html

PoluX    thumbs: thanks
thumbs    the debian folks really need to stop inventing nonsense and offloading support for their nonsense to other communities
PoluX    thumbs: it works, thanks

Il faut se connecter en root sur mysql et altérer l'user root pour l'authentifier via le plugin unix_socket. Le plus simple pour ça est de prendre les crédentials dans debian.cnf

# mysql -u debian-sys-maint -proot
MariaDB [(none)]> SELECT user, host, plugin FROM mysql.user;
+------------------+-----------+--------+
| user             | host      | plugin |
+------------------+-----------+--------+
| root             | localhost |        |

...

+------------------+-----------+--------+

MariaDB [(none)]> ALTER USER root@localhost IDENTIFIED WITH unix_socket;
Query OK, 0 rows affected (0.051 sec)

MariaDB [(none)]> SELECT user, host, plugin FROM mysql.user;
+------------------+-----------+-------------+
| user             | host      | plugin      |
+------------------+-----------+-------------+
| root             | localhost | unix_socket |

...

+------------------+-----------+-------------+

Suite à quoi on met dans debian.cnf le user=root et password= (rien) .

Suite à quoi on met dans debian.cnf le user=root et password= (rien) .

Ha beh en fait c'est même pas nécessaire. Du coup je ne vais pas propager ce changement de conf douteux qui peu embêter logrotate et/ou systemd, même si dans les Debian modernes c'est ainsi.