Details

    • Technical task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.5.3
    • 10.6.0
    • Platform Windows
    • None

    Description

      In Windows installer sql/mysql_install_db.cc

      create a `SeLockMemoryPrivilege` for the created service account

      LsaAddAccountRights maybe.

      Attachments

        Issue Links

          Activity

            I added MDEV-22272 as prerequisite. So far, mariadb services run under NETWORK SERVICE account. For this predefined account, that runs a lot of Windows stuff besides MariaDB, I'd hesitate to change privileges. But for virtual (per-service) accounts, this should be fine.

            wlad Vladislav Vaintroub added a comment - I added MDEV-22272 as prerequisite. So far, mariadb services run under NETWORK SERVICE account. For this predefined account, that runs a lot of Windows stuff besides MariaDB, I'd hesitate to change privileges. But for virtual (per-service) accounts, this should be fine.
            danblack Daniel Black added a comment -

            Thank you wlad, I was fairly sure I was out of my depth to attempt this myself.

            danblack Daniel Black added a comment - Thank you wlad , I was fairly sure I was out of my depth to attempt this myself.
            wlad Vladislav Vaintroub added a comment - - edited

            Fixed in the latest 10.6

            the new parameter name is --large-pages
            The MSI does not know about it yet, also, there is no autocleanup, i.e after you throw your database away, and remove the NT service, there is still a stale entry in secpol.msc, under Local Security Policy /User Rights Assignment /Lock Pages in memory. I do not know why Windows would not autoremove the privileges for the service user, associated with Windows service that was removed, but maybe we can add some --uninstall to the mysql_install_db.exe later to do better cleanup.

            wlad Vladislav Vaintroub added a comment - - edited Fixed in the latest 10.6 the new parameter name is --large-pages The MSI does not know about it yet, also, there is no autocleanup, i.e after you throw your database away, and remove the NT service, there is still a stale entry in secpol.msc, under Local Security Policy /User Rights Assignment /Lock Pages in memory. I do not know why Windows would not autoremove the privileges for the service user, associated with Windows service that was removed, but maybe we can add some --uninstall to the mysql_install_db.exe later to do better cleanup.
            danblack Daniel Black added a comment -

            Thank you wlad

            danblack Daniel Black added a comment - Thank you wlad

            People

              wlad Vladislav Vaintroub
              danblack Daniel Black
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.