[Maria-discuss] mysqld_safe and pid files
hello monty et al i'm trying to write an init script for maria and artix, which is using openrc I got it to start up but the pid-file is a problem and I think that the command line options for mysqld_safe is not working. it doesnt create the specified pid file [www3 ~]# /usr/bin/mysqld_safe --pid-file=/run/mariadb.pid 170926 10:41:52 mysqld_safe Logging to '/usr/local/var/www3.err'. 170926 10:41:52 mysqld_safe Starting mysqld daemon with databases from /usr/local/var [www3 ~]# cat /run/mariadb.pid cat: /run/mariadb.pid: No such file or directory [www3 ~]# tail -f /usr/local/var/www3.err 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: 128 rollback segment(s) are active. 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Waiting for purge to start 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.36-82.0 started; log sequence number 1601111 2017-09-26 10:41:53 139828287336192 [Note] Plugin 'FEEDBACK' is disabled. 2017-09-26 10:41:53 139827658368768 [Note] InnoDB: Dumping buffer pool(s) not yet started 2017-09-26 10:41:53 139828287171328 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1146: Table 'mysql.gtid_slave_pos' doesn't exist 2017-09-26 10:41:53 139828287336192 [Note] Server socket created on IP: '::'. 2017-09-26 10:41:53 139828286868224 [ERROR] mysqld: Can't create/write to file '/run/mariadb.pid' (Errcode: 13 "Permission denied") 2017-09-26 10:41:53 139828286868224 [ERROR] Can't start server: can't create PID file: Permission denied 170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended drwxr-xr-x 16 root root 620 Sep 25 21:45 run what do you recommend to do? The system is uniform -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Am 26.09.2017 um 20:03 schrieb Ruben Safir:
170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended drwxr-xr-x 16 root root 620 Sep 25 21:45 run
what do you recommend to do? The system is uniform
never write pid-files directly below /run make /run world-writeable is a terrible idea no idea about openrc, but systemd has https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html to create subfolders on tmpfs at boot with the correct permissions
If your not familiar with openrc then you can't me of much use with regard to this question. There are to things that will never see the light of day on my server, systemd, and freedesktop.org I've seen already far too many security breakins of systemd. On Tue, Sep 26, 2017 at 08:19:32PM +0200, Reindl Harald wrote:
Am 26.09.2017 um 20:03 schrieb Ruben Safir:
170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended drwxr-xr-x 16 root root 620 Sep 25 21:45 run
what do you recommend to do? The system is uniform
never write pid-files directly below /run make /run world-writeable is a terrible idea
no idea about openrc, but systemd has https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html to create subfolders on tmpfs at boot with the correct permissions
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Am 26.09.2017 um 20:22 schrieb Ruben Safir:
If your not familiar with openrc then you can't me of much use with regard to this question. There are to things that will never see the light of day on my server, systemd, and freedesktop.org
I've seen already far too many security breakins of systemd.
WTF - stop bitching and try to *understand* what people explain you you fool defined "/run/mariadb.pid" which is *directly* below /run and the mysqld user has no business to write there (especially when you talk about security) - create a subfolder with the correct permission like "/run/mariadb" is your job and then the path is simply "/run/mariadb/mariadb.pid" or just switch to a non tmpfs so that you can create that folder with the permissions and it stays - why do you use /run/ at all when you are so against systemd/freedkestop.org - guess where it was invented
On Tue, Sep 26, 2017 at 08:19:32PM +0200, Reindl Harald wrote:
Am 26.09.2017 um 20:03 schrieb Ruben Safir:
170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended drwxr-xr-x 16 root root 620 Sep 25 21:45 run
what do you recommend to do? The system is uniform
never write pid-files directly below /run make /run world-writeable is a terrible idea
no idea about openrc, but systemd has https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html to create subfolders on tmpfs at boot with the correct permissions
On Tue, Sep 26, 2017 at 08:27:56PM +0200, Reindl Harald wrote:
Am 26.09.2017 um 20:22 schrieb Ruben Safir:
If your not familiar with openrc then you can't me of much use with regard to this question. There are to things that will never see the light of day on my server, systemd, and freedesktop.org
I've seen already far too many security breakins of systemd.
WTF - stop bitching and try to *understand* what people explain you
?? Thank you harald.
On 9/26/2017 2:03 PM, Ruben Safir wrote:
hello monty et al
i'm trying to write an init script for maria and artix, which is using openrc
I got it to start up but the pid-file is a problem and I think that the command line options for mysqld_safe is not working. it doesnt create the specified pid file
Gentoo's OpenRC startup script does not use mysqld_safe because of such limitations. We have start-stop-daemon create the pidfile and call mysqld directly instead. Alternatively, OpenRC's supervise-daemon could be used if one wanted to have the server "always available", but I believe that a database crash should be investigated by an admin.
[www3 ~]# tail -f /usr/local/var/www3.err 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: 128 rollback segment(s) are active. 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Waiting for purge to start 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.36-82.0 started; log sequence number 1601111 2017-09-26 10:41:53 139828287336192 [Note] Plugin 'FEEDBACK' is disabled. 2017-09-26 10:41:53 139827658368768 [Note] InnoDB: Dumping buffer pool(s) not yet started 2017-09-26 10:41:53 139828287171328 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1146: Table 'mysql.gtid_slave_pos' doesn't exist 2017-09-26 10:41:53 139828287336192 [Note] Server socket created on IP: '::'. 2017-09-26 10:41:53 139828286868224 [ERROR] mysqld: Can't create/write to file '/run/mariadb.pid' (Errcode: 13 "Permission denied") 2017-09-26 10:41:53 139828286868224 [ERROR] Can't start server: can't create PID file: Permission denied 170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended
MySQL and MariaDB attempt to create the pidfile as the user that mysqld is running as.. which may be a potential security issue if that user is compromised. Brian
On Tue, Sep 26, 2017 at 02:20:18PM -0400, Brian Evans wrote:
On 9/26/2017 2:03 PM, Ruben Safir wrote:
hello monty et al
i'm trying to write an init script for maria and artix, which is using openrc
I got it to start up but the pid-file is a problem and I think that the command line options for mysqld_safe is not working. it doesnt create the specified pid file
Gentoo's OpenRC startup script does not use mysqld_safe because of such limitations. We have start-stop-daemon create the pidfile and call mysqld directly instead.
I was considering doing it like that but I realized that would mean rewritting a significant part of my.conf and combing through mysqld_safe and try to lock it down as much as monty already has... I trust monty :) If I do this, I will make it all complaint to the current architecture and build a package. I finally got it to work by making a /run/mariadb directory, chowon to maria.mariadb, and changing the pid file in my.conf and /etc/init.d/mariadb (using the start-stop-daemon) to /run/mariadb/mariadb.pid Seems to work for the time being.
Alternatively, OpenRC's supervise-daemon could be used if one wanted to have the server "always available", but I believe that a database crash should be investigated by an admin.
100% I'm on board with that.
[www3 ~]# tail -f /usr/local/var/www3.err 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: 128 rollback segment(s) are active. 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Waiting for purge to start 2017-09-26 10:41:53 139828287336192 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.36-82.0 started; log sequence number 1601111 2017-09-26 10:41:53 139828287336192 [Note] Plugin 'FEEDBACK' is disabled. 2017-09-26 10:41:53 139827658368768 [Note] InnoDB: Dumping buffer pool(s) not yet started 2017-09-26 10:41:53 139828287171328 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1146: Table 'mysql.gtid_slave_pos' doesn't exist 2017-09-26 10:41:53 139828287336192 [Note] Server socket created on IP: '::'. 2017-09-26 10:41:53 139828286868224 [ERROR] mysqld: Can't create/write to file '/run/mariadb.pid' (Errcode: 13 "Permission denied") 2017-09-26 10:41:53 139828286868224 [ERROR] Can't start server: can't create PID file: Permission denied 170926 10:41:53 mysqld_safe mysqld from pid file /run/mariadb.pid ended
MySQL and MariaDB attempt to create the pidfile as the user that mysqld is running as.. which may be a potential security issue if that user is compromised.
Brian
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
participants (3)
-
Brian Evans -
Reindl Harald -
Ruben Safir