Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20226

Make plugin activation options into dynamic global system variables

    Details

      Description

      MariaDB Server currently dynamically constructs "plugin activation options", so that plugins can be unloaded at startup, or they can be prevented from being uninstalled, etc.

      https://mariadb.com/kb/en/library/plugin-overview/#configuring-plugin-activation-at-server-startup

      See here:

      https://github.com/MariaDB/server/blob/mariadb-10.4.7/sql/sql_plugin.cc#L3726

      Some users would like these options to be fully-fledged global system variables that can be changed dynamically, so you could do things like this:

      -- Unload the server_audit plugin dynamically,
      -- but don't use UNINSTALL PLUGIN/UNINSTALL SONAME,
      -- since that would remove the plugin's entry from mysql.plugins,
      -- and prevent it from being reloaded when the server restarts.
      SET GLOBAL server_audit=OFF;
       
      -- Unload the cracklib_password_check plugin dynamically, 
      -- but don't use UNINSTALL PLUGIN/UNINSTALL SONAME,
      -- since that would remove the plugin's entry from mysql.plugins,
      -- and prevent it from being reloaded when the server restarts.
      SET GLOBAL cracklib_password_check=OFF;
       
      -- Unload the unix_socket plugin dynamically.
      -- In MariaDB 10.4 and later, it is statically linked into
      -- the server, so UNINSTALL PLUGIN/UNINSTALL SONAME wouldn't work.
      SET GLOBAL unix_socket=OFF;
       
      -- Load the server_audit plugin dynamically,
      -- and prevent it from being uninstalled.
      SET GLOBAL server_audit='FORCE_PLUS_PERMANENT';
       
      -- Load the pam plugin dynamically,
      -- and prevent it from being uninstalled.
      SET GLOBAL pam='FORCE_PLUS_PERMANENT';
      

      The users who requested this also requested that if a plugin gets unloaded dynamically, then the server should remember the plugin's existing system variable values, and it should re-use those values if the plugin is later dynamically reloaded.

      However, I am unsure if changing these plugin activation options to dynamic global system variables would actually add value, or if it would actually create more problems.

      For example, one potential problem is that it might make 'FORCE_PLUS_PERMANENT' less secure. If a plugin is set to 'FORCE_PLUS_PERMANENT', then a DBA could just dynamically change it to OFF, and then they could uninstall the plugin anyway. i.e. they could do something like this:

      SET GLOBAL server_audit='FORCE_PLUS_PERMANENT';
      SET GLOBAL server_audit=OFF;
      UNINSTALL PLUGIN server_audit;
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                GeoffMontee Geoff Montee
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: