Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
None
Description
MariaDB Server currently dynamically constructs "plugin activation options", so that plugins can be unloaded at startup, or they can be prevented from being uninstalled, etc.
https://mariadb.com/kb/en/library/plugin-overview/#configuring-plugin-activation-at-server-startup
See here:
https://github.com/MariaDB/server/blob/mariadb-10.4.7/sql/sql_plugin.cc#L3726
Some users would like these options to be fully-fledged global system variables that can be changed dynamically, so you could do things like this:
-- Unload the server_audit plugin dynamically,
|
-- but don't use UNINSTALL PLUGIN/UNINSTALL SONAME,
|
-- since that would remove the plugin's entry from mysql.plugins,
|
-- and prevent it from being reloaded when the server restarts.
|
SET GLOBAL server_audit=OFF;
|
|
|
-- Unload the cracklib_password_check plugin dynamically,
|
-- but don't use UNINSTALL PLUGIN/UNINSTALL SONAME,
|
-- since that would remove the plugin's entry from mysql.plugins,
|
-- and prevent it from being reloaded when the server restarts.
|
SET GLOBAL cracklib_password_check=OFF;
|
|
|
-- Unload the unix_socket plugin dynamically.
|
-- In MariaDB 10.4 and later, it is statically linked into
|
-- the server, so UNINSTALL PLUGIN/UNINSTALL SONAME wouldn't work.
|
SET GLOBAL unix_socket=OFF;
|
|
|
-- Load the server_audit plugin dynamically,
|
-- and prevent it from being uninstalled.
|
SET GLOBAL server_audit='FORCE_PLUS_PERMANENT';
|
|
|
-- Load the pam plugin dynamically,
|
-- and prevent it from being uninstalled.
|
SET GLOBAL pam='FORCE_PLUS_PERMANENT';
|
The users who requested this also requested that if a plugin gets unloaded dynamically, then the server should remember the plugin's existing system variable values, and it should re-use those values if the plugin is later dynamically reloaded.
However, I am unsure if changing these plugin activation options to dynamic global system variables would actually add value, or if it would actually create more problems.
For example, one potential problem is that it might make 'FORCE_PLUS_PERMANENT' less secure. If a plugin is set to 'FORCE_PLUS_PERMANENT', then a DBA could just dynamically change it to OFF, and then they could uninstall the plugin anyway. i.e. they could do something like this:
SET GLOBAL server_audit='FORCE_PLUS_PERMANENT';
|
SET GLOBAL server_audit=OFF;
|
UNINSTALL PLUGIN server_audit;
|
Attachments
Issue Links
- relates to
-
MDEV-19625 Ambiguity between named_pipe system variable and named_pipe plugin activation option
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-