Details

    Description

      When changing the "root" username to another value for more security, I'm loosing ability to see any users on my phpMyAdmin.

      When trying to access to the "mysql.user" table, I get the error "#1449 - The user specified as a definer ('root'@'localhost') does not exist" that was NOT appearing on MariaDB 10.3.

      This bug is appearing when changing the "root" username after a fresh install, or after an upgrade from a previous version.

      Attachments

        Issue Links

          Activity

            I am trying to implement solution very similar to mysql one (with special user), so one will need to just run upgrade script to fix problem of absent root.

            sanja Oleksandr Byelkin added a comment - I am trying to implement solution very similar to mysql one (with special user), so one will need to just run upgrade script to fix problem of absent root.

            commit 15a750f2501b5ea8a5bc09c7047b8cef7e92d6ab (HEAD > bb-10.4MDEV-19650, origin/bb-10.4-MDEV-19650)
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            Date: Wed Feb 19 17:50:30 2020 +0100

            MDEV-19650: Privilege bug on MariaDB 10.4

            Also fixes:
            MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced
            MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced

            Add user mariadb.sys to be definer of user view
            (and has right on underlying table global_priv for
            required operation over global_priv
            (SELECT,UPDATE,DELETE))

            Also changed definer of gis functions in case of creation,
            but they work with any definer so upgrade script do not try
            to push this change.

            sanja Oleksandr Byelkin added a comment - commit 15a750f2501b5ea8a5bc09c7047b8cef7e92d6ab (HEAD > bb-10.4 MDEV-19650 , origin/bb-10.4- MDEV-19650 ) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Wed Feb 19 17:50:30 2020 +0100 MDEV-19650 : Privilege bug on MariaDB 10.4 Also fixes: MDEV-21487 : Implement option for mysql_upgrade that allows root@localhost to be replaced MDEV-21486 : Implement option for mysql_install_db that allows root@localhost to be replaced Add user mariadb.sys to be definer of user view (and has right on underlying table global_priv for required operation over global_priv (SELECT,UPDATE,DELETE)) Also changed definer of gis functions in case of creation, but they work with any definer so upgrade script do not try to push this change.

            ok to push

            serg Sergei Golubchik added a comment - ok to push

            For documentation sake :

            A new user was added : mariadb.sys (script of creation new database or upgrade will create it).
            mysql.user view belong now to it and executes with definer priveleges (SELECT,UPDATE,DELETE) which allow to remove root user without consequences.

            sanja Oleksandr Byelkin added a comment - For documentation sake : A new user was added : mariadb.sys (script of creation new database or upgrade will create it). mysql.user view belong now to it and executes with definer priveleges (SELECT,UPDATE,DELETE) which allow to remove root user without consequences.

            main.upgrade_MDEV-19650 doesn't restore PROXY privilege for root, that's what makes perfschema.column_privilege test fail later. Something like this should fix it:

            diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result main/upgrade_MDEV-19650.result
            --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result	2020-05-05 21:28:40.733008297 +0300
            +++ main/upgrade_MDEV-19650.result	2020-05-06 15:28:30.482277576 +0300
            @@ -3,6 +3,7 @@
             use mysqltest1;
             create table save_global_priv as select * from mysql.global_priv;
             create table save_tables_priv as select * from mysql.tables_priv;
            +create table save_proxies_priv as select * from mysql.proxies_priv;
             create table mysql.save_proc like mysql.proc;
             insert into mysql.save_proc select * from mysql.proc;
             set @save_sql_mode= @@sql_mode;
            @@ -145,6 +146,7 @@
             mtr.test_suppressions                              OK
             mysqltest1
             mysqltest1.save_global_priv                        OK
            +mysqltest1.save_proxies_priv                       OK
             mysqltest1.save_tables_priv                        OK
             performance_schema
             test
            @@ -190,9 +192,11 @@
             # restore environment
             delete from global_priv;
             delete from tables_priv;
            +delete from proxies_priv;
             delete from proc;
             insert into mysql.global_priv select * from mysqltest1.save_global_priv;
             insert into mysql.tables_priv select * from mysqltest1.save_tables_priv;
            +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv;
             rename table proc to bad_proc;
             rename table save_proc to proc;
             drop table bad_proc;
            diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test main/upgrade_MDEV-19650.test
            --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test	2020-05-05 21:28:40.733008297 +0300
            +++ main/upgrade_MDEV-19650.test	2020-05-06 15:27:45.034838619 +0300
            @@ -6,6 +6,7 @@
             use mysqltest1;
             create table save_global_priv as select * from mysql.global_priv;
             create table save_tables_priv as select * from mysql.tables_priv;
            +create table save_proxies_priv as select * from mysql.proxies_priv;
             create table mysql.save_proc like mysql.proc;
             insert into mysql.save_proc select * from mysql.proc;
             set @save_sql_mode= @@sql_mode;
            @@ -138,9 +139,11 @@
             
             delete from global_priv;
             delete from tables_priv;
            +delete from proxies_priv;
             delete from proc;
             insert into mysql.global_priv select * from mysqltest1.save_global_priv;
             insert into mysql.tables_priv select * from mysqltest1.save_tables_priv;
            +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv;
             rename table proc to bad_proc;
             rename table save_proc to proc;
             drop table bad_proc;
            

            elenst Elena Stepanova added a comment - main.upgrade_ MDEV-19650 doesn't restore PROXY privilege for root, that's what makes perfschema.column_privilege test fail later. Something like this should fix it: diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result main/upgrade_MDEV-19650.result --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result 2020-05-05 21:28:40.733008297 +0300 +++ main/upgrade_MDEV-19650.result 2020-05-06 15:28:30.482277576 +0300 @@ -3,6 +3,7 @@ use mysqltest1; create table save_global_priv as select * from mysql.global_priv; create table save_tables_priv as select * from mysql.tables_priv; +create table save_proxies_priv as select * from mysql.proxies_priv; create table mysql.save_proc like mysql.proc; insert into mysql.save_proc select * from mysql.proc; set @save_sql_mode= @@sql_mode; @@ -145,6 +146,7 @@ mtr.test_suppressions OK mysqltest1 mysqltest1.save_global_priv OK +mysqltest1.save_proxies_priv OK mysqltest1.save_tables_priv OK performance_schema test @@ -190,9 +192,11 @@ # restore environment delete from global_priv; delete from tables_priv; +delete from proxies_priv; delete from proc; insert into mysql.global_priv select * from mysqltest1.save_global_priv; insert into mysql.tables_priv select * from mysqltest1.save_tables_priv; +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv; rename table proc to bad_proc; rename table save_proc to proc; drop table bad_proc; diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test main/upgrade_MDEV-19650.test --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test 2020-05-05 21:28:40.733008297 +0300 +++ main/upgrade_MDEV-19650.test 2020-05-06 15:27:45.034838619 +0300 @@ -6,6 +6,7 @@ use mysqltest1; create table save_global_priv as select * from mysql.global_priv; create table save_tables_priv as select * from mysql.tables_priv; +create table save_proxies_priv as select * from mysql.proxies_priv; create table mysql.save_proc like mysql.proc; insert into mysql.save_proc select * from mysql.proc; set @save_sql_mode= @@sql_mode; @@ -138,9 +139,11 @@ delete from global_priv; delete from tables_priv; +delete from proxies_priv; delete from proc; insert into mysql.global_priv select * from mysqltest1.save_global_priv; insert into mysql.tables_priv select * from mysqltest1.save_tables_priv; +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv; rename table proc to bad_proc; rename table save_proc to proc; drop table bad_proc;

            People

              sanja Oleksandr Byelkin
              cliXtar Mathieu REHO
              Votes:
              2 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.