Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3.11
-
None
-
CentOS 6.10
Description
After upgrading from MariaDB 10.2.21 to MariaDB 10.3.11 users with the SUPER privilege acquire the DELETE HISTORY (aka DELETE VERSIONING ROWS) privilege.
State prior to upgrade:
MariaDB [(none)]> select @@version;
|
+-----------------+
|
| @@version |
|
+-----------------+
|
| 10.2.21-MariaDB |
|
+-----------------+
|
1 row in set (0.00 sec)
|
|
MariaDB [(none)]> GRANT SUPER ON *.* to 'testuser'@'localhost' identified by 'Password123';
|
Query OK, 0 rows affected (0.00 sec)
|
|
MariaDB [(none)]> show grants for 'testuser'@'localhost';
|
+-----------------------------------------------------------------------------------------------------------------+
|
| Grants for testuser@localhost |
|
+-----------------------------------------------------------------------------------------------------------------+
|
| GRANT SUPER ON *.* TO 'testuser'@'localhost' IDENTIFIED BY PASSWORD '*B867055C61BEA33BAB533EF0900D1B193FBE6844' |
|
+-----------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.00 sec)
|
|
MariaDB [(none)]>
|
Steps used to perform upgrade:
service mysql stop
|
rpm -qa |grep MariaDB |xargs rpm -e --nodeps
|
sed -i 's/10.2/10.3/' /etc/yum.repos.d/mariadb.repo
|
yum clean all
|
yum check-update
|
yum install MariaDB-server -y
|
service mysql start
|
After restarting but before mysql_upgrade, user still has the correct permissions:
MariaDB [(none)]> select @@version;
|
+-----------------+
|
| @@version |
|
+-----------------+
|
| 10.3.11-MariaDB |
|
+-----------------+
|
1 row in set (0.000 sec)
|
|
MariaDB [(none)]> show grants for 'testuser'@'localhost';
|
+-----------------------------------------------------------------------------------------------------------------+
|
| Grants for testuser@localhost |
|
+-----------------------------------------------------------------------------------------------------------------+
|
| GRANT SUPER ON *.* TO 'testuser'@'localhost' IDENTIFIED BY PASSWORD '*B867055C61BEA33BAB533EF0900D1B193FBE6844' |
|
+-----------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.005 sec)
|
Following mysql_upgrade, the additional privilege appears:
[root@dev ~]# mysql_upgrade
|
Phase 1/7: Checking and upgrading mysql database
|
Processing databases
|
mysql
|
mysql.column_stats OK
|
mysql.columns_priv OK
|
mysql.db OK
|
mysql.event OK
|
mysql.func OK
|
mysql.gtid_slave_pos OK
|
mysql.help_category OK
|
mysql.help_keyword OK
|
mysql.help_relation OK
|
mysql.help_topic OK
|
mysql.host OK
|
mysql.index_stats OK
|
mysql.innodb_index_stats OK
|
mysql.innodb_table_stats OK
|
mysql.plugin OK
|
mysql.proc OK
|
mysql.procs_priv OK
|
mysql.proxies_priv OK
|
mysql.roles_mapping OK
|
mysql.servers OK
|
mysql.table_stats OK
|
mysql.tables_priv OK
|
mysql.time_zone OK
|
mysql.time_zone_leap_second OK
|
mysql.time_zone_name OK
|
mysql.time_zone_transition OK
|
mysql.time_zone_transition_type OK
|
mysql.user OK
|
Phase 2/7: Installing used storage engines... Skipped
|
Phase 3/7: Fixing views
|
Phase 4/7: Running 'mysql_fix_privilege_tables'
|
Phase 5/7: Fixing table and database names
|
Phase 6/7: Checking and upgrading tables
|
Processing databases
|
information_schema
|
performance_schema
|
test
|
Phase 7/7: Running 'FLUSH PRIVILEGES'
|
OK
|
|
|
MariaDB [(none)]> show grants for 'testuser'@'localhost';
|
+-----------------------------------------------------------------------------------------------------------------------------------------+
|
| Grants for testuser@localhost |
|
+-----------------------------------------------------------------------------------------------------------------------------------------+
|
| GRANT SUPER, DELETE VERSIONING ROWS ON *.* TO 'testuser'@'localhost' IDENTIFIED BY PASSWORD '*B867055C61BEA33BAB533EF0900D1B193FBE6844' |
|
+-----------------------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|