Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14707

systemd: remove PermissionsStartOnly=true (by removing environment _WSREP_START_POSITION)

Details

    Description

      MDEV-10004 introduced _WSREP_START_POSITION{,%I} as a mechanism to store the mysqld arguments required to recover after crashes. This 'systemctl set-environment' is the only operations that requires PermissionsStartOnly=true in the service file.

      If we could replace this with another mechanism we can run as the ordinary User= and make the scripts less vulnerable to CVEs.

      This will also enable a multi-instance where each user is different without the complication of re-acquiring the systemd user for the service.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19210 use environment file in systemd units for _WSREP_*

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-10004 Galera's pc.recovery process fails in 10.1 with systemd

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-11494 galera_recovery script hard-codes the user

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            danblack Daniel Black created issue -
            danblack Daniel Black made changes -
            Field Original Value New Value
            danblack Daniel Black added a comment - - edited

            Seems Debian has the following (from: cmake/systemd.cmake) which needs to be accounted for without PermissionsStartOnly=true:

            SYSTEMD_EXECSTARTPRE ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld

            This looks like it will be handled with tmpfiles.conf and should be removed.

            And:

            SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start"

            Option 1

            (from ./debian/additions/debian-start),
            To make debian-start work, change the permissions/ownership as follows during installation:
            chgrp mysql /etc/mysql/debian.cnf && chmod g+r /etc/mysql/debian.cnf

            Also a SQL user```mysql`` with unix socket auth system user should be created and listed in /etc/mysql/debian.cnf

            Option 2

            Alternately Debian could inject PermissionsStartOnly=true into SYSTEMD_EXECSTARTPRE and not change anything.

            Which parts of this are or are not acceptable otto or oerdnj?

            danblack Daniel Black added a comment - - edited Seems Debian has the following (from: cmake/systemd.cmake) which needs to be accounted for without PermissionsStartOnly=true: SYSTEMD_EXECSTARTPRE ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld This looks like it will be handled with tmpfiles.conf and should be removed. And: SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start" Option 1 (from ./debian/additions/debian-start), To make debian-start work, change the permissions/ownership as follows during installation: chgrp mysql /etc/mysql/debian.cnf && chmod g+r /etc/mysql/debian.cnf Also a SQL user```mysql`` with unix socket auth system user should be created and listed in /etc/mysql/debian.cnf Option 2 Alternately Debian could inject PermissionsStartOnly=true into SYSTEMD_EXECSTARTPRE and not change anything. Which parts of this are or are not acceptable otto or oerdnj ?
            serg Sergei Golubchik made changes -
            Description MDEV-10004 introduced _WSREP_START_POSITION{,%I} as a mechanism to store the mysqld arguments required to recover after crashes. This 'systemctl set-environment' is the only operations that requires PermissionsStartOnly=true in the service file.

            If we could replace this with another mechanism we can run as the ordinary User= and make the scripts less vulnerable to CVEs.

            This will also enable a multi-instance where each user is different without the complication of re-acquiring the systemd user for the service.             		MDEV-10004 introduced _WSREP_START_POSITION\{,%I} as a mechanism to store the mysqld arguments required to recover after crashes. This 'systemctl set-environment' is the only operations that requires PermissionsStartOnly=true in the service file.

            If we could replace this with another mechanism we can run as the ordinary User= and make the scripts less vulnerable to CVEs.

            This will also enable a multi-instance where each user is different without the complication of re-acquiring the systemd user for the service.
            danblack Daniel Black made changes -
            danblack Daniel Black added a comment -

            So I think the wsrep_start_position could be written to a datadir file however we'll need to ensure the sst mechanisms like rsync don't copy it.

            Implementing the mysqld --wsrep_start_position_init=file and handling this in wsrep_start_position_

            {init,valid}

            might be easier than too much scripting in the systemd service file.

            danblack Daniel Black added a comment - So I think the wsrep_start_position could be written to a datadir file however we'll need to ensure the sst mechanisms like rsync don't copy it. Implementing the mysqld --wsrep_start_position_init=file and handling this in wsrep_start_position_ {init,valid} might be easier than too much scripting in the systemd service file.
            serg Sergei Golubchik made changes -
            Fix Version/s 10.4 [ 22408 ]
            serg Sergei Golubchik made changes -
            Labels systemd
            danblack Daniel Black made changes -
            Assignee Daniel Black [ danblack ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 84507 ] MariaDB v4 [ 130758 ]
            faust Faustin Lammler added a comment -

            `PermissionsStartOnly=` is deprecated see: https://github.com/systemd/systemd/pull/10802#issuecomment-439446299

            Use of prefix is now suggested, see https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=

            faust Faustin Lammler added a comment - `PermissionsStartOnly=` is deprecated see: https://github.com/systemd/systemd/pull/10802#issuecomment-439446299 Use of prefix is now suggested, see https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
            danblack Daniel Black added a comment -

            MDEV-19210 can remove the need entirely.

            danblack Daniel Black added a comment - MDEV-19210 can remove the need entirely.
            danblack Daniel Black made changes -
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.3 [ 22126 ]
            danblack Daniel Black added a comment -

            was removed https://github.com/MariaDB/server/commit/aeffec60f6864bae5af04dac1184f2a0f2c77f38

            danblack Daniel Black added a comment - was removed https://github.com/MariaDB/server/commit/aeffec60f6864bae5af04dac1184f2a0f2c77f38
            danblack Daniel Black made changes -
            Component/s Scripts & Clients [ 11002 ]
            Fix Version/s 11.6.0 [ 29839 ]
            Fix Version/s 10.4(EOL) [ 22408 ]
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Closed [ 6 ]

            People

              danblack Daniel Black
              danblack Daniel Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.