[Maria-discuss] mysql_install_db as user
Hello, Is this script supposed to be runnable as a normal (i.e., non-root) user? In MySQL 5.6 there is logic that prevents the chown() of the mysql data dir when running as non-root. MariaDB 10.1.8 doesn’t seem to have this logic, so the script fails when chown() fails. Is this change intended? We have tests that verify functionality of user-created, UNIX-socket-only MySQL/MariaDB servers. These work on MySQL 5.6 but not on MariaDB 10.1. Here is the command-line output: --------------- ~/temp $ /usr/bin/mysql_install_db --datadir=mysqldata chown: changing ownership of `mysqldata': Operation not permitted Cannot change ownership of the database directories to the 'mysql' user. Check that you have the necessary permissions and try again. bash: __git_ps1: command not found --------------- Thank you for your time! -Felipe Gasper Houston, TX
Hi, Felipe! On Nov 12, Felipe Gasper wrote:
Hello,
Is this script supposed to be runnable as a normal (i.e., non-root) user?
In MySQL 5.6 there is logic that prevents the chown() of the mysql data dir when running as non-root. MariaDB 10.1.8 doesn’t seem to have this logic, so the script fails when chown() fails.
Is this change intended? We have tests that verify functionality of user-created, UNIX-socket-only MySQL/MariaDB servers. These work on MySQL 5.6 but not on MariaDB 10.1.
There's no special logic around it in MySQL 5.6 and no changes in MariaDB 10.1. chown is done if user=xxx is specified on the command line or in the my.cnf file. And if chown fails, you'll see the error message and mysql_install_db will abort. Both in MySQL and MariaDB. What is different, though, in MySQL mysql_install_db will only read the [mysqld] section in my.cnf, while in MariaDB it will read all sections that the server will (for me it's: mysqld server mysqld-10.1 mariadb mariadb-10.1 client-server galera). So if one of those sections in your my.cnf contains "user=mysql", then MariaDB's mysql_install_db will see it, but MySQL's mysql_install_db won't. Regards, Sergei Chief Architect MariaDB and security@mariadb.org
On 13 Nov 2015 2:51 AM, Sergei Golubchik wrote:
On Nov 12, Felipe Gasper wrote:
Hello,
Is this script supposed to be runnable as a normal (i.e., non-root) user?
In MySQL 5.6 there is logic that prevents the chown() of the mysql data dir when running as non-root. MariaDB 10.1.8 doesn’t seem to have this logic, so the script fails when chown() fails.
Is this change intended? We have tests that verify functionality of user-created, UNIX-socket-only MySQL/MariaDB servers. These work on MySQL 5.6 but not on MariaDB 10.1.
There's no special logic around it in MySQL 5.6 and no changes in MariaDB 10.1.
chown is done if user=xxx is specified on the command line or in the my.cnf file. And if chown fails, you'll see the error message and mysql_install_db will abort. Both in MySQL and MariaDB.
Hi Sergei! Thanks for responding. :) I wonder, are we looking at the same things? Both scripts say: By default mysqld runs using your current login name and files and directories that it creates will be owned by you. The 5.6 box’s mysql_install_db has: ----------------- if ($opt_user and -w "/") { chown($pwnam[2], $pwnam[3], $dir) or error($opt, "Could not chown directory $dir"); } ----------------- … which will forgo chown() if it’s doomed to fail. … whereas the MariaDB box has: ----------------- chown $user "$dir" if test $? -ne 0 then echo "Cannot change ownership of the database directories to the '$user'" echo "user. Check that you have the necessary permissions and try again." exit 1 fi ------------------ … which has no safeguard around the chown(). (And is in a different language … ?) Even if I specify --user, MariaDB still errors: ------------------ ~/temp $ mysql_install_db --user=felipe mysqldata chown: changing ownership of `/var/lib/mysql': Operation not permitted Cannot change ownership of the database directories to the 'felipe' user. Check that you have the necessary permissions and try again. ------------------ Thank you for your time! -FG
Hi, Felipe! On Nov 13, Felipe Gasper wrote:
There's no special logic around it in MySQL 5.6 and no changes in MariaDB 10.1.
chown is done if user=xxx is specified on the command line or in the my.cnf file. And if chown fails, you'll see the error message and mysql_install_db will abort. Both in MySQL and MariaDB.
Hi Sergei! Thanks for responding. :)
I wonder, are we looking at the same things?
Ah, right. We are not. I was comparing shell script to a shell script. And perl script to a perl script. You've compared MySQL-5.6 perl script to MariaDB 10.1 shell script :)
The 5.6 box’s mysql_install_db has: ----------------- if ($opt_user and -w "/") { chown($pwnam[2], $pwnam[3], $dir) or error($opt, "Could not chown directory $dir"); } -----------------
In MariaDB 10.1 mysql_install_db.pl has ----------------- chown($opt->{user}, $dir) if -w "/" and !$opt->{user}; -----------------
… whereas the MariaDB box has: ----------------- chown $user "$dir" if test $? -ne 0 then echo "Cannot change ownership of the database directories to the '$user'" echo "user. Check that you have the necessary permissions and try again." exit 1 fi ------------------
In MySQL 5.6 mysql_install_db.sh has ----------------- chown $user $dir if test $? -ne 0 then echo "Cannot change ownership of the database directories to the '$user'" echo "user. Check that you have the necessary permissions and try again." exit 1 fi ----------------- which is almost exactly the same (only differece - it'll fail if $dir contains spaces) Regards, Sergei Chief Architect MariaDB and security@mariadb.org
Ahh. Ok, so something wrong with how we upgraded to 10.1, then .. thanks! Sent from my android device. -----Original Message----- From: Sergei Golubchik <serg@mariadb.org> To: Felipe Gasper <felipe@felipegasper.com> Cc: MariaDB discuss <maria-discuss@lists.launchpad.net> Sent: Fri, 13 Nov 2015 6:30 Subject: Re: [Maria-discuss] mysql_install_db as user Hi, Felipe! On Nov 13, Felipe Gasper wrote:
There's no special logic around it in MySQL 5.6 and no changes in MariaDB 10.1.
chown is done if user=xxx is specified on the command line or in the my.cnf file. And if chown fails, you'll see the error message and mysql_install_db will abort. Both in MySQL and MariaDB.
Hi Sergei! Thanks for responding. :)
I wonder, are we looking at the same things?
Ah, right. We are not. I was comparing shell script to a shell script. And perl script to a perl script. You've compared MySQL-5.6 perl script to MariaDB 10.1 shell script :)
The 5.6 box’s mysql_install_db has: ----------------- if ($opt_user and -w "/") { chown($pwnam[2], $pwnam[3], $dir) or error($opt, "Could not chown directory $dir"); } -----------------
In MariaDB 10.1 mysql_install_db.pl has ----------------- chown($opt->{user}, $dir) if -w "/" and !$opt->{user}; -----------------
… whereas the MariaDB box has: ----------------- chown $user "$dir" if test $? -ne 0 then echo "Cannot change ownership of the database directories to the '$user'" echo "user. Check that you have the necessary permissions and try again." exit 1 fi ------------------
In MySQL 5.6 mysql_install_db.sh has ----------------- chown $user $dir if test $? -ne 0 then echo "Cannot change ownership of the database directories to the '$user'" echo "user. Check that you have the necessary permissions and try again." exit 1 fi ----------------- which is almost exactly the same (only differece - it'll fail if $dir contains spaces) Regards, Sergei Chief Architect MariaDB and security@mariadb.org
participants (2)
-
Felipe Gasper -
Sergei Golubchik