The discussion about under what user privileges the server should run is also ongoing in MySQL context. Actually I agree with Vlad that a 'mysql' user and group (like unix) would be preferable sometimes (live sites). It can also be done on Windows just like on Unix. Problem is that for many Windows users it will be a completely new thing and a mystery to some. I am not sure it is the time to change this now. On Sat, Oct 17, 2009 at 01:38, Vladislav Vaintroub <wlad@sun.com> wrote:
Hi,
I noticed there is a lot of activity around installer right now. There are couple of things in the Sun/MySQL installer that I believe were done wrong. I thought it is a good idea to point to some mistakes in MySQL and share thoughts on what can be done better in MariaDB.
MySQL installs and runs under SYSTEM account. It is a big no-no by all security measures (the account is akin to Unix root). I think I should not explain what a can happen if there is some buffer overflow in the server code that can be exploited by sending a specially crafted packet. Installations of server software I have seen, do not do that. They create a special group, a special non-privileged user and are running service under that non-privileged user. Sounds familiar?(yes, this is what has been recommended for mysql on Unix since ever) .
So MariaDB installer - could create a user mariadbuser if not exists. - create a group mariadb if not exists. - add mariadbuser to the group mariadb. - add user who runs the installer to the group mariadb, maybe asking with a pre-checked checkbox (this is for convenience, because this user will likely want to edit the config files) - when creating a database directory, - assuming C:\ProgramData\MariaDB will be default root directory for databases, assign read/write permissions to the mariadb group (+ Administrators). - store config file in the database directory . In MySQL, my.cnf is stored it in ProgramFiles, which makes it all but non-trivial to edit the file with an editor, even for admins (they need a to run editor under Windows equivalent of "sudo", i.e with elevation). This is a big usability problem and source of couple of bugs. This is what Peter (who if I remember correctly filed one of these bugs) refers to as "UAC Problem". - Of course, user and group should be documented.
Re. ConfigWizard, I do not know. MySQL's one has a nice UI, but the functionality is really very basic. Maybe it just makes sense not to ask user at all, set reasonable defaults and allow people to edit config file afterwards (this would already make MariaDB much friendly towards users than Sun/MySQL installation. Personally, I'd be happy even if generated my.cnf would contain the bare minimum required mysqld to run( datadir and basedir), nothing else.
Lastly, it would be cool, if Maria had a native mysql_install_db on Windows .Batch wrapper around JScript, VBScript, command line executable, whatever, just no bash and no perl please ;)It should do a bit more than on Unix, i.e create a minimalistic my.cnf and register the new service. As the things stand today, currently with Windows there is no documented way for people to create a non-default mysql instance, except copying the directory which comes with installation (and after user tables are created, the directory it is not very usable anymore). And this is pretty ugly. And yes, the new mysql_install_db.bat can/should can be integrated into the installer . It obsoletes then the build-time "cross-bootstrap", where mysql_install_db that runs on Unix with a single purpose is to generate initial database to be used inside Windows zip and installer.
Vladislav.
PS: Don't know whether it is interesting for MariaDB, but I just noticed that a high profile MS-installer guru and an open-source friendly guy is offering his consulting services. http://robmensching.com/
It is Rob Mensching, the author of Wix toolkit, the first and one of the most widely known Open Source products by Microsoft. If I understood correctly, his main job is still at Microsoft in Office installer team , and he is doing consulting in his free time. Disclaimer: I do not know him personally, (but if I used WiX back in the days) so it is not a shameless plug:) But I really believe that if someone like him helps with installer, then the result would be good:) It might make sense to get in touch.
_______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : maria-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp