Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12524

mysql* ignores runtime-specified "--defaults-extra-file" my.cnf override path

    XMLWordPrintable

Details

    Description

      I launch MariaDB 10.2 via systemd with

      	cat /etc/systemd/system/mariadb-custom.service
      		...
      		[Service]
      		...
      		User=mysql
      		Group=mysql
      		PermissionsStartOnly=true
       
      		PrivateDevices=true
      		PrivateNetwork=false
      		PrivateTmp=true
       
      		ProtectHome=true
      		ProtectSystem=full
       
      		CapabilityBoundingSet=CAP_IPC_LOCK
      		ExecStart=/usr/local/mariadb/bin/mysqld \
      		          --defaults-file=/usr/local/etc/mariadb/my.cnf \
      		          --defaults-extra-file=/usr/local/etc/mariadb/my.secure.cnf
      		...
      

      So that

      	ps ax | grep mariadb
      		16604 ?        Ssl    0:00 /usr/local/mariadb/bin/mysqld --defaults-file=/usr/local/etc/mariadb/my.cnf --defaults-extra-file=/usr/local/etc/mariadb/my.secure.cnf
      

      Noting in the kb

      Configuring MariaDB with my.cnf: Location in Linux, Unix, Mac

      identifies locations & inheritance hierarchy for my.cnf.

      With configs

      	cat /usr/local/etc/mariadb/my.cnf
      		...
      		[client]
      		user        = root
      		password    = 'mypasswd'
      		...
       
      	cat /usr/local/etc/mariadb/my.secure.cnf
      		(empty)
      

      on (re)exec

      	chown root:mysql /usr/local/etc/mariadb/my*.cnf
      	chmod 660        /usr/local/etc/mariadb/my.cnf
      	chmod 640        /usr/local/etc/mariadb/my.secure.cnf
      	systemctl restart mariadb
      	mysqlshow
      

      I can successfully connect as 'root'; e.g.

      	mysqlshow
      		+--------------------+
      		|     Databases      |
      		+--------------------+
      		| information_schema |
      		| mysql              |
      		| performance_schema |
      		| test               |
      		+--------------------+
      

      But, if I move credentials to the 'defaults-extra-file',

      	cat /usr/local/etc/mariadb/my.cnf
      		...
      		[client]
      		#user        = root
      		#password    = 'mypasswd'
      		...
       
      	cat /usr/local/etc/mariadb/my.secure.cnf
      		user        = root
      		password    = 'mypasswd'
      

      and (re)exec

      	systemctl restart mariadb
      

      client access fails

      	mysqlshow
      		mysqlshow: Access denied for user 'root'@'localhost' (using password: NO)
      

      However, if I instead

      	cp -af \
      	 /usr/local/etc/mariadb/my.secure.cnf \
      	 ~/.my.cnf
      

      It now succeeds

      	mysqlshow
      		+--------------------+
      		|     Databases      |
      		+--------------------+
      		| information_schema |
      		| mysql              |
      		| performance_schema |
      		| test               |
      		+--------------------+
      

      This since client does NOT appear to search the specified 'defaults-extra-file' path, but DOES '~/.my.cnf',

      	strace mysqlshow &> tmp.txt
      	grep cnf tmp.txt
      		stat("/usr/local/etc/mariadb/my.cnf", {st_mode=S_IFREG|0660, st_size=9918, ...}) = 0
      		open("/usr/local/etc/mariadb/my.cnf", O_RDONLY|O_CLOEXEC) = 3
      		stat("/root/.my.cnf", {st_mode=S_IFREG|0640, st_size=110, ...}) = 0
      		open("/root/.my.cnf", O_RDONLY|O_CLOEXEC) = 3
      

      Attachments

        Activity

          People

            greenman Ian Gilfillan
            pgnd pgnd
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.