Oleksandr Byelkin added a comment - 2020-02-18 13:02 I am trying to implement solution very similar to mysql one (with special user), so one will need to just run upgrade script to fix problem of absent root.

Oleksandr Byelkin added a comment - 2020-05-04 10:27 commit 15a750f2501b5ea8a5bc09c7047b8cef7e92d6ab (HEAD > bb-10.4 MDEV-19650 , origin/bb-10.4- MDEV-19650 ) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Wed Feb 19 17:50:30 2020 +0100 MDEV-19650 : Privilege bug on MariaDB 10.4 Also fixes: MDEV-21487 : Implement option for mysql_upgrade that allows root@localhost to be replaced MDEV-21486 : Implement option for mysql_install_db that allows root@localhost to be replaced Add user mariadb.sys to be definer of user view (and has right on underlying table global_priv for required operation over global_priv (SELECT,UPDATE,DELETE)) Also changed definer of gis functions in case of creation, but they work with any definer so upgrade script do not try to push this change.

Sergei Golubchik added a comment - 2020-05-05 09:07 ok to push

Oleksandr Byelkin added a comment - 2020-05-05 11:05 For documentation sake : A new user was added : mariadb.sys (script of creation new database or upgrade will create it). mysql.user view belong now to it and executes with definer priveleges (SELECT,UPDATE,DELETE) which allow to remove root user without consequences.

Elena Stepanova added a comment - 2020-05-06 12:31 main.upgrade_ MDEV-19650 doesn't restore PROXY privilege for root, that's what makes perfschema.column_privilege test fail later. Something like this should fix it: diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result main/upgrade_MDEV-19650.result --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.result 2020-05-05 21:28:40.733008297 +0300 +++ main/upgrade_MDEV-19650.result 2020-05-06 15:28:30.482277576 +0300 @@ -3,6 +3,7 @@ use mysqltest1; create table save_global_priv as select * from mysql.global_priv; create table save_tables_priv as select * from mysql.tables_priv; +create table save_proxies_priv as select * from mysql.proxies_priv; create table mysql.save_proc like mysql.proc; insert into mysql.save_proc select * from mysql.proc; set @save_sql_mode= @@sql_mode; @@ -145,6 +146,7 @@ mtr.test_suppressions OK mysqltest1 mysqltest1.save_global_priv OK +mysqltest1.save_proxies_priv OK mysqltest1.save_tables_priv OK performance_schema test @@ -190,9 +192,11 @@ # restore environment delete from global_priv; delete from tables_priv; +delete from proxies_priv; delete from proc; insert into mysql.global_priv select * from mysqltest1.save_global_priv; insert into mysql.tables_priv select * from mysqltest1.save_tables_priv; +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv; rename table proc to bad_proc; rename table save_proc to proc; drop table bad_proc; diff -u -r /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test main/upgrade_MDEV-19650.test --- /data/src/bb-10.4-MDEV-19650/mysql-test/main/upgrade_MDEV-19650.test 2020-05-05 21:28:40.733008297 +0300 +++ main/upgrade_MDEV-19650.test 2020-05-06 15:27:45.034838619 +0300 @@ -6,6 +6,7 @@ use mysqltest1; create table save_global_priv as select * from mysql.global_priv; create table save_tables_priv as select * from mysql.tables_priv; +create table save_proxies_priv as select * from mysql.proxies_priv; create table mysql.save_proc like mysql.proc; insert into mysql.save_proc select * from mysql.proc; set @save_sql_mode= @@sql_mode; @@ -138,9 +139,11 @@ delete from global_priv; delete from tables_priv; +delete from proxies_priv; delete from proc; insert into mysql.global_priv select * from mysqltest1.save_global_priv; insert into mysql.tables_priv select * from mysqltest1.save_tables_priv; +insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv; rename table proc to bad_proc; rename table save_proc to proc; drop table bad_proc;