Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
N/A
-
None
Description
I launch MariaDB 10.2 via systemd with
cat /etc/systemd/system/mariadb-custom.service
|
...
|
[Service]
|
...
|
User=mysql
|
Group=mysql
|
PermissionsStartOnly=true
|
|
PrivateDevices=true
|
PrivateNetwork=false
|
PrivateTmp=true
|
|
ProtectHome=true
|
ProtectSystem=full
|
|
CapabilityBoundingSet=CAP_IPC_LOCK
|
ExecStart=/usr/local/mariadb/bin/mysqld \
|
--defaults-file=/usr/local/etc/mariadb/my.cnf \
|
--defaults-extra-file=/usr/local/etc/mariadb/my.secure.cnf
|
...
|
So that
ps ax | grep mariadb
|
16604 ? Ssl 0:00 /usr/local/mariadb/bin/mysqld --defaults-file=/usr/local/etc/mariadb/my.cnf --defaults-extra-file=/usr/local/etc/mariadb/my.secure.cnf
|
Noting in the kb
Configuring MariaDB with my.cnf: Location in Linux, Unix, Mac
identifies locations & inheritance hierarchy for my.cnf.
With configs
cat /usr/local/etc/mariadb/my.cnf
|
...
|
[client]
|
user = root
|
password = 'mypasswd'
|
...
|
|
cat /usr/local/etc/mariadb/my.secure.cnf
|
(empty)
|
on (re)exec
chown root:mysql /usr/local/etc/mariadb/my*.cnf
|
chmod 660 /usr/local/etc/mariadb/my.cnf
|
chmod 640 /usr/local/etc/mariadb/my.secure.cnf
|
systemctl restart mariadb
|
mysqlshow
|
I can successfully connect as 'root'; e.g.
mysqlshow
|
+--------------------+
|
| Databases |
|
+--------------------+
|
| information_schema |
|
| mysql |
|
| performance_schema |
|
| test |
|
+--------------------+
|
But, if I move credentials to the 'defaults-extra-file',
cat /usr/local/etc/mariadb/my.cnf
|
...
|
[client]
|
#user = root
|
#password = 'mypasswd'
|
...
|
|
cat /usr/local/etc/mariadb/my.secure.cnf
|
user = root
|
password = 'mypasswd'
|
and (re)exec
systemctl restart mariadb
|
client access fails
mysqlshow
|
mysqlshow: Access denied for user 'root'@'localhost' (using password: NO)
|
However, if I instead
cp -af \
|
/usr/local/etc/mariadb/my.secure.cnf \
|
~/.my.cnf
|
It now succeeds
mysqlshow
|
+--------------------+
|
| Databases |
|
+--------------------+
|
| information_schema |
|
| mysql |
|
| performance_schema |
|
| test |
|
+--------------------+
|
This since client does NOT appear to search the specified 'defaults-extra-file' path, but DOES '~/.my.cnf',
strace mysqlshow &> tmp.txt
|
grep cnf tmp.txt
|
stat("/usr/local/etc/mariadb/my.cnf", {st_mode=S_IFREG|0660, st_size=9918, ...}) = 0
|
open("/usr/local/etc/mariadb/my.cnf", O_RDONLY|O_CLOEXEC) = 3
|
stat("/root/.my.cnf", {st_mode=S_IFREG|0640, st_size=110, ...}) = 0
|
open("/root/.my.cnf", O_RDONLY|O_CLOEXEC) = 3
|