FROM THE CURRENT DIRECTORY
DESCRIPTION
===========
When 'mysqlaccess' tool is run, it reads (and executes) the
content of its configuration file 'mysqlaccess.conf' from
the current directory. This is not a recommended behaviour
as someone with ill intentions can insert malicious
instructions into this file which could be executed
whenever this tool is run.
ANALYSIS
========
The configuration file is presently looked for, in the
following folders (in given order):
1. Current directory
2. SYSCONFDIR //This gets expanded
3. /etc/
Owing to the reasons mentioned above, we should not permit
the file to be in the current directory. Since the other
two folders are assumed to be accessible only to authorized
people, the config file is safe to be read from there.
FIX
===
Modified the script so that it looks for the config file
now in the following two folders (in the given order):
1. SYSCONFDIR
2. /etc/
If it's absent from above locations but present in current
directory, an error is thrown asking the user to move the
file to one of the above locations and retry.
NOTE
====
The location paths and their precedence are not documented
for this tool. It needs to be noted as part of the
associated documentation.
mysqld_safe is working on real files, however passing these file paths
as is to mysqld as options gives different meaning when paths are
relative.
mysqld_safe uses current working directory as basedir for relative paths,
while mysqld uses $datadir as basedir.
Revoked executable bit from files that are not supposed to be executed directly.
Removed interpreted from files that are not supposed to be executed directly.
Added interpreter to files that are supposed to be executed directly.
Fatal error: mysql.user table is damaged or in unsupported 3.20 format
The problem stems from MySQL 5.7.6. According to MySQL documentation:
In MySQL 5.7.6, the Password column was removed and all credentials are
stored in the authentication_string column.
If opening a MySQL 5.7.6 (and up) datadir with MariaDB 10.2, the user table
appears corrupted. In order to fix this, the server must be started with
--skip-grant-tables and then a subsequent mysql_upgrade command must be
issued.
This patch updates the mysql_upgrade command to also add the removed
Password column. The password column is necessary, otherwise
the mysql_upgrade script fails due to the Event_scheduler not being able
to start, as it can't find Event_priv in the table where it ought to be.
MySQL's version has column position 28 (0 index) vs our datadir version
expects position 29.
Fix of Bug#25088048 caused paths to be relative, not absolute, this
proved to be problematic.
Fix is to still ignore current working directory, however switch to
using full path of basedir, which is set to parent directory of bin/
directory where mysqld_safe is located.
References to legacy tool mysql_print_defaults are removed, only
my_print_defaults is used these days.
This will also fix:
Bug#11745176 (11192) MYSQLD_SAFE ONLY EVALUATES --DEFAULTS-FILE OPTION WHEN IT IS THE FIRST OP
Bug#23013510 (80866) MYSQLD_SAFE SHOULD NOT SEARCH $MY_BASEDIR_VERSION/VAR AS DATADIR
Bug#25244898 (84173) MYSQLD_SAFE --NO-DEFAULTS & SILENTLY DOES NOT WORK ANY MORE
Bug#25261472 (84219) INITSCRIPT ERRORS WHEN LAUCHING MYSQLD_SAFE IN NON DEFAULT BASEDIR
Bug#25319392 (84263) MYSQL.SERVER (MYSQL SERVER STARTUP SCRIPT) CAN NOT WORK,AND EXPORT SOME ERROR.
Bug#25319457 MYSQLD_SAFE MIGHT FAIL IF $DATADIR HAS TRAILING /
Bug#25341981 MYSQLD_SAFE ASSUMES INCORRECT BASEDIR WHEN EXECUTED WITH ABSOLUTE PATH
Bug#25356221 (84427) MYSQLD_SAFE FAILS TO START WHEN USING A FIFO FOR LOG-ERROR (REGRESSION)
Bug#25365194 (84447) MYSQLD_SAFE DOESN'T CHECK EXISTENCE OF GIVEN BASEDIR PARAMETER
Bug#25377815 ERRORS WHILE STARTING MYSQLD_SAFE WITH SYM LINK ENABLED
In Debian, the default install is made more secure by omitting the anonymous
user and by making the root account authenticate by unix socket
authentication instead of the default password-less root. However, Debian
hard-codes this change in mysql_install_db, which breaks that program for
other users.
This commit instead implements new general options for mysql_install_db that
can be used by anyone to similarly perform a more secure install:
--skip-auth-anonymous-user: omits the anonymous user.
--auth-root-authentication-method=normal: Keeps the existing behaviour
with a password-less root account. Currently on by default.
--auth-root-socket-user=USER
--auth-root-authentication-method=socket: creates the MariaDB root user
with the name USER (defaults to 'root') and using unix socket
authentication. This way, only that user has MariaDB root access
after install.
The idea with --auth-root-authentication-method=normal is that
applications that need this behaviour can give that option explicitly.
Then eventually we could make --auth-root-authentication-method=socket
the default, giving a more secure default installation.
Note that it is perfectly possible to do a secure install with
--auth-root-authentication-method=normal. For example, installing a
private server just for local access by a single OS-level user, by
using --skip-networking and putting the connection socket in a
location without public access. So it is important to preserve this
API for backwards compatibility.
* Remove duplicate lines from tests
* Use thd instead of current_thd
* Remove extra wsrep_binlog_format_names
* Correctly merge union patch from 5.5 wrt duplicate rows.
* Correctly merge SELinux changes into 10.1
* Update mysqld_safe script to remove duplicated parameter --crash-script
* Make --core-file-size accept underscores as well as dashes correctly.
* Add mysqld_safe_helper to Debian and Ubuntu files.
* Update innodb minor version to 35
IS STARTING: CONFUSING ERROR
DESCRIPTION
===========
When mysql server processes transactions but has not yet
committed and shuts down abnormally (due to crash, external
killing etc.), a recovery is due from Storage engine side
which takes place the next time mysql server (either
through mysqld or mysqld_safe) is run.
While the 1st server is in mid of recovery, if another
instance of mysqld_safe is made to run, it may result into
2nd instance killing the 1st one after a moment.
ANALYSIS
========
In the "while true" loop, we've a check (which is done
after the server stops) for the existence of pid file to
enquire if it was a normal shutdown or not. If the file is
absent, it means that the graceful exit of server had
removed this file.
However if the file is present, the scripts makes a plain
assumption that this file is leftover of the "current"
server. It misses to consider that it could be a valid pid
file belonging to another running mysql server.
We need to add more checks in the latter case. The script
should extract the PID from this existing file and check if
its running or not. If yes, it means an older instance of
mysql server is running and hence the script should abort.
FIX
===
Checking the status of process (alive or not) by adding a
@CHECK_PID@ in such a case. Aborting if its alive. Detailed
logic is as follows:
- The mysqld_safe script would quit at start only as soon
as it finds that there is an active PID i.e. a mysql server
is already running.
- The PID file creation takes place after InnoDb recovery,
which means in rare case (when PID file isn't created yet)
it may happen that more than 1 server can come up but even
in that case others will have to wait till the 1st server
has released the acquired InnoDb lock. In this case all
these servers will either TIMEOUT waiting for InnoDb lock
or after this they would find that the 1st server is
already running (by reading $pid_file) and would abort.
- Our core fix is that we now check the status of mysql
server process (alive or not) after the server stops
running within the loop of "run -> shutdown/kill/abort ->
run ... ", so that only the script who owns the mysql
server would be able to bring it down if required.
NOTE
====
Removed the deletion of pid file and socket file from entry
of the loop, as it may result in 2nd instance deleting
these files created by 1st instance in RACE condition.
Compensated this by deleting these files at end of the loop
Reverted the changes made in patch to Bug#16776528. So
after this patch is pushed, the concept of mysqld_safe.pid
would go altogether. This was required as the script was
deleting other instance's mysqld_safe.pid allowing multiple
mysqld_safe instances to run in parallel. This patch would
fix Bug#16776528 as well as the resources would be guarded
anyway by InnoDb lock + our planned 5.7 patch.
- Replace #!/bin/bash with #!/bin/sh
- Split username:password using POSIX compat %% and ##
- Don't use array for FILTERS
- Replace == tests with POSIX-compat =
Don't read --ledir option from config file.
Ignore current working for finding location of mysqld
Remove use of chown/chmod in scripts.
Be helpful only when basedir is /var/log or /var/lib.
Removed unused systemd files for SLES.
Set explicit basedir in scripts.
- Remove use of touch and chmod.
- Restrict usage of chown to cases where target directory is /var/log.
- Due to limited feature set in /bin/sh on Solaris, /bin/bash will be
used on this platform.
- Give error if directory for UNIX socket file is missing.
- Privileged user should not log to files owned by different user
(mysqld will log as before).
* Out of tree build: mysql_install_db to see all .sql files
Since MDEV-7875 (da0991c6), not all sql source files are in the source
directory, maria_add_gis_sp_bootstrap.sql is in the build directory.
This corrects mysql_install_db{.sh} to be aware of the differing
locations.
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
* Out of tree build: scripts/mysql_install_db.pl.in
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
* Fix undefined database test error when running mysql_install_db
When using mariaDb in docker mode it can fail as it calls mysql_install_db but as we are going through a slightly different install process the test database has not been created, therefore we should fall back to the mysql database as per https://mariadb.com/kb/en/mariadb/mariadb-10112-mysql_install_db-aborts-on-unkown-file-test/
* Also fix mysql_install_db.pl.in
