Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
Description
MDEV-10004 introduced _WSREP_START_POSITION{,%I} as a mechanism to store the mysqld arguments required to recover after crashes. This 'systemctl set-environment' is the only operations that requires PermissionsStartOnly=true in the service file.
If we could replace this with another mechanism we can run as the ordinary User= and make the scripts less vulnerable to CVEs.
This will also enable a multi-instance where each user is different without the complication of re-acquiring the systemd user for the service.
Attachments
Issue Links
- relates to
-
MDEV-19210 use environment file in systemd units for _WSREP_*
- Closed
-
MDEV-10004 Galera's pc.recovery process fails in 10.1 with systemd
- Closed
-
MDEV-11494 galera_recovery script hard-codes the user
- Closed
Seems Debian has the following (from: cmake/systemd.cmake) which needs to be accounted for without PermissionsStartOnly=true:
SYSTEMD_EXECSTARTPRE ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld
This looks like it will be handled with tmpfiles.conf and should be removed.
And:
SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start"
Option 1
(from ./debian/additions/debian-start),
To make debian-start work, change the permissions/ownership as follows during installation:
chgrp mysql /etc/mysql/debian.cnf && chmod g+r /etc/mysql/debian.cnf
Also a SQL user```mysql`` with unix socket auth system user should be created and listed in /etc/mysql/debian.cnf
Option 2
Alternately Debian could inject PermissionsStartOnly=true into SYSTEMD_EXECSTARTPRE and not change anything.
Which parts of this are or are not acceptable otto or oerdnj?