Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8534

[PATCH] mysql_secure_installation doesn't pass "socket" to "mysql"

Details

    Description

      mysql_secure_installation doesn't pass "socket" to the "mysql" client. It doesn't matter if the argument is set in the configuration file provided as --defaults-file or if it is set with --socket via the command-line.

      e.g., Let's start with some setup with a binary tarball installation:

      sudo ./scripts/mysql_install_db --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
      sudo ./bin/mysqld_safe --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user
      sudo cp ./bin/mysql /usr/bin # temporarily get around MDEV-8498

      Contents of /etc/my.cnf:

      [mysqld]
      datadir=/var/lib/mysql
      socket=/var/lib/mysql/mysql.sock
      # Disabling symbolic-links is recommended to prevent assorted security risks
      symbolic-links=0
      # Settings user and group are ignored when systemd is used.
      # If you need to run mysqld under a different user or group,
      # customize your systemd unit file for mariadb according to the
      # instructions in http://fedoraproject.org/wiki/Systemd
       
      [mysqld_safe]
      log-error=/var/log/mariadb/mariadb.log
      pid-file=/var/run/mariadb/mariadb.pid
       
      #
      # include all files from the config directory
      #
      !includedir /etc/my.cnf.d

      Contents of /home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf:

      [client]
      socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
       
      [mysqld]
      datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
      socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
      # Disabling symbolic-links is recommended to prevent assorted security risks
      symbolic-links=0
      # Settings user and group are ignored when systemd is used.
      # If you need to run mysqld under a different user or group,
      # customize your systemd unit file for mariadb according to the
      # instructions in http://fedoraproject.org/wiki/Systemd
       
      [mysqld_safe]
      log-error=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.log
      pid-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.pid
       
      #
      # include all files from the config directory
      #
      #!includedir /etc/my.cnf.d

      Now, try to call mysql_secure_installation. It should use the "socket" value in the file provided by --defaults-file.

      $ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64
      print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
       
      NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
            SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
       
      In order to log into MariaDB to secure it, we'll need the current
      password for the root user.  If you've just installed MariaDB, and
      you haven't set the root password yet, the password will be blank,
      so you should just press enter here.
       
      Enter current password for root (enter for none):
      ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")

      So, let's try setting it with --socket instead:

      $ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
      print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
       
      NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
            SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
       
      In order to log into MariaDB to secure it, we'll need the current
      password for the root user.  If you've just installed MariaDB, and
      you haven't set the root password yet, the password will be blank,
      so you should just press enter here.
       
      Enter current password for root (enter for none):
      ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")

      Attachments

        Activity

          The fix for "--socket" appears to be easy. I submitted a pull request for that here:

          https://github.com/MariaDB/server/pull/88

          I have not tried to fix the problem with --defaults-file yet.

          GeoffMontee Geoff Montee (Inactive) added a comment - The fix for "--socket" appears to be easy. I submitted a pull request for that here: https://github.com/MariaDB/server/pull/88 I have not tried to fix the problem with --defaults-file yet.
          GeoffMontee Geoff Montee (Inactive) added a comment - - edited

          The pull request now also has a commit that passes "--defaults-file", "--defaults-extra-file", and "--no-defaults" to the mysql client.

          GeoffMontee Geoff Montee (Inactive) added a comment - - edited The pull request now also has a commit that passes "--defaults-file", "--defaults-extra-file", and "--no-defaults" to the mysql client.

          GeoffMontee, thanks for the fix. Unfortunately, it was for 10.1, so I couldn't merge it into 10.0. I've applied it as a patch. And your patch didn't pass defaults-file to parse_arguments as the old code did. I've fixed that.

          Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.

          serg Sergei Golubchik added a comment - GeoffMontee , thanks for the fix. Unfortunately, it was for 10.1, so I couldn't merge it into 10.0. I've applied it as a patch. And your patch didn't pass defaults-file to parse_arguments as the old code did. I've fixed that. Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.
          GeoffMontee Geoff Montee (Inactive) added a comment - - edited

          Hi serg,

          Unfortunately, it was for 10.1, so I couldn't merge it into 10.0.

          Sorry about that. If I submit a fix in the future that should apply to both 10.0 and 10.1, should I submit pull requests for both branches, or should I submit a pull request for just 10.0, and it will get merged into 10.1 later?

          And your patch didn't pass defaults-file to parse_arguments as the old code did.

          My code did pass defaults-file to parse_arg, but it did it inside parse_arguments instead of inside make_config. The way you did it makes more sense to me though, since now parse_arguments treats all of the defaults variables in a similar way.

          Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.

          I just tested it out, and it worked for me. Thanks for reviewing and committing the patch!

          GeoffMontee Geoff Montee (Inactive) added a comment - - edited Hi serg , Unfortunately, it was for 10.1, so I couldn't merge it into 10.0. Sorry about that. If I submit a fix in the future that should apply to both 10.0 and 10.1, should I submit pull requests for both branches, or should I submit a pull request for just 10.0, and it will get merged into 10.1 later? And your patch didn't pass defaults-file to parse_arguments as the old code did. My code did pass defaults-file to parse_arg , but it did it inside parse_arguments instead of inside make_config . The way you did it makes more sense to me though, since now parse_arguments treats all of the defaults variables in a similar way. Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now. I just tested it out, and it worked for me. Thanks for reviewing and committing the patch!

          GeoffMontee, correct, if you have a fix for 10.0 and 10.1 — only create a pull request for 10.0. If you have a fix for 5.5, 10.0, and 10.1 — only create a patch for 5.5. That is, always in the lowest version, then it'll be merged upwards.

          It only makes sense to create pull requests for both 10.0 and 10.1 if these two patches are significantly different.

          Thanks! I'm closing the bug now.

          serg Sergei Golubchik added a comment - GeoffMontee , correct, if you have a fix for 10.0 and 10.1 — only create a pull request for 10.0. If you have a fix for 5.5, 10.0, and 10.1 — only create a patch for 5.5. That is, always in the lowest version, then it'll be merged upwards. It only makes sense to create pull requests for both 10.0 and 10.1 if these two patches are significantly different. Thanks! I'm closing the bug now.

          People

            serg Sergei Golubchik
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.