MariaDB 10.3.38 does not start after change from MySQL 5.7.41

I replaces MySQL 5.7.41 with MariaDB 10.3.38 on Ubuntu 20.04.

Unfortunately MariaDB does not start by itself over systemctl:

sudo systemctl status mariadb ● mariadb.service - MariaDB 10.3.38 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-08-08 17:30:53 CEST; 15h ago
       Docs: man:mysqld(8)
             https://mariadb.com/kb/en/library/systemd/    Main PID: 1888 (mysqld)
     Status: "Taking your SQL requests now..."
      Tasks: 30 (limit: 9425)
     Memory: 70.9M
     CGroup: /system.slice/mariadb.service
             └─1888 /usr/sbin/mysqld

Aug 08 17:30:52 LicenseCentral systemd[1]: Starting MariaDB 10.3.38 database server... 
Aug 08 17:30:53 LicenseCentral systemd[1]: Started MariaDB 10.3.38 database server. 
Aug 08 17:30:53 LicenseCentral /etc/mysql/debian-start[1926]: Looking for 'mysql' as: /usr/bin/mysql 
Aug 08 17:30:53 LicenseCentral /etc/mysql/debian-start[1926]: Reading datadir from the MariaDB server failed. Got the following error when executing the 'mysql' command line client
Aug 08 17:30:53 LicenseCentral /etc/mysql/debian-start[1926]: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) 
Aug 08 17:30:53 LicenseCentral /etc/mysql/debian-start[1926]: FATAL ERROR: Upgrade failed 
Aug 08 17:30:53 LicenseCentral debian-start[1935]: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

If I try getting access with the command line I can access the databases and all tables are existing.

mariadb -u root -p<password>

In the MySQL 5.7.41 I see that this SQL code is executed:

sudo mysql -e "alter USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<password>';"\
"FLUSH PRIVILEGES;"

From MariaDB I got this result back:

MariaDB [(none)]> SHOW GRANTS FOR CURRENT_USER;
+---------------------------------------------+
| Grants for root@localhost                                                                                                              |
+---------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` IDENTIFIED BY PASSWORD '*9FA783C4FXXXXXX1ED0640ACBFDF68A2B354E18A' WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION                                                                          |
| SET DEFAULT ROLE `0` FOR `root`@`localhost`                                                                                            |
+---------------------------------------------+
3 rows in set (0.001 sec)

I assume that I do not understand the using password: NO hint. Does anybody know what's going on under the hood and how can I get MariaDB to start with the command sudo systemctl start mariadb without password authentication.

Thanks, Markus

When mysqld starts up it automatically runs mysql-upgrade (or mariadb-upgrade in your case) as root. This startup mechanism does not know the password for the root user. On a default installation, the root user is configured with SO_PEERCRED authentication (i.e. does not need a password for localhost).

You can revert to the default behaviour with:

ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;

...or add the username & password in /root/.my.cnf

...or ignore the error and just remember to edit & run mysql-upgrade manually after upgrades.

I would suggest not attempting to configure your system to try to exclude someone with root access from accessing the database - if he/she has even a basic level of competency they can bypass any hurdles you attempt.