|
Grepping for chmod finds some other places were we are doing bad things too that we should also fix.
|
|
On the first round of testing where the user:group was setup to the user where MCS was running, I could only get the logs to happen when the directories were set to 777 permissions. So that is teh reason its set to 777..
I will investigate further.. I noticed on my test, when it did get logged the user:group changed to syslog. This was on a ubuntu 16 system. Will test on centos 7 and other OS also.
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ /home/mysql/mariadb/columnstore/bin/cplogger -i 19 "***** MariaDB Columnstore Installed *****"
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxr-x--- 5 mysql mysql 4096 Nov 15 20:55 ./
drwxr-xr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ sudo chmod 755 /var/log/mariadb
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxr-x--- 5 mysql mysql 4096 Nov 15 20:55 ./
drwxr-xr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ /home/mysql/mariadb/columnstore/bin/cplogger -i 19 "***** MariaDB Columnstore Installed *****"
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxr-x--- 5 mysql mysql 4096 Nov 15 20:55 ./
drwxr-xr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxr-x--- 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ sudo chmod 755 -R /var/log/mariadb
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxr-xr-x 5 mysql mysql 4096 Nov 15 20:55 ./
drwxr-xr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ /home/mysql/mariadb/columnstore/bin/cplogger -i 19 "***** MariaDB Columnstore Installed *****"
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxr-xr-x 5 mysql mysql 4096 Nov 15 20:55 ./
drwxr-xr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxr-xr-x 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ sudo chmod 775 -R /var/log/mariadb
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxrwxr-x 5 mysql mysql 4096 Nov 15 20:55 ./
drwxrwxr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ /home/mysql/mariadb/columnstore/bin/cplogger -i 19 "***** MariaDB Columnstore Installed *****"
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxrwxr-x 5 mysql mysql 4096 Nov 15 20:55 ./
drwxrwxr-x 3 mysql mysql 4096 Nov 15 20:55 ../
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxrwxr-x 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ sudo chmod 777 -R /var/log/mariadb
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 20
drwxrwxrwx 5 mysql mysql 4096 Nov 15 20:55 ./
drwxrwxrwx 3 mysql mysql 4096 Nov 15 20:55 ../
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 corefiles/
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ /home/mysql/mariadb/columnstore/bin/cplogger -i 19 "***** MariaDB Columnstore Installed *****"
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ ll
total 28
drwxrwxrwx 5 mysql mysql 4096 Nov 15 21:01 ./
drwxrwxrwx 3 mysql mysql 4096 Nov 15 20:55 ../
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 archive/
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 corefiles/
rw-r---- 1 syslog syslog 125 Nov 15 21:01 debug.log
rw-r---- 1 syslog syslog 125 Nov 15 21:01 info.log
drwxrwxrwx 2 mysql mysql 4096 Nov 15 20:55 trace/
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$
|
|
Also in the testing. I did find out why it wasnt setting user:group to non-root user passed in.
Trying to keeping it as that user, if possible, so logs can be view from that user. When its not, you get this error when it syslog and 750
mysql@ip-172-31-29-61:/var/log/mariadb/columnstore$ cat debug.log
cat: debug.log: Permission denied
|
|
For a 1.2.1 centos 7 non-root install work-around, do the following after the sysylogSetup.sh is running on a node:
This example assumes the non-root user is 'mysql'
chown mysql:mysql -R /var/log/mariadb
chmod 750 -R /var/log/mariadb
|
|
I think you are missing the point. The exec bit should only been used for directories, not files.
Yes we can look into ownership but that is a different problem entirely. There are a couple of ways of fixing that.
|
|
I noticed in my testing that some of the Columnstore.xml* files had root user as owner after the syslogSetup.sh is run as part of the 1.2 upgrade. This is run as root user, but the owner needs to stay as the non-root user passed in as an argument.
So this was fixed by a change in syslogSetup.sh to run chown after setConfig
|
|
ok, finished coding and testing.
changes:
1. change from the chmod -R to chmod on each directory
2. moved the cplogger from post-install to syslogSetup.sh. needed to be run from here for
non-root installs
3. Added logic around the running of cplogger to allow the most security permissions on the
log directories to allow logging to work. So on ubuntu I tested on, it required 777 for
logging directories. On centos 7, 750 worked with makes it more secure.
|
|
https://github.com/mariadb-corporation/mariadb-columnstore-engine/pull/637
|
|
Reviewed/Merged
|
|
How to test and see the difference between 1.2.1 and 1.2.2.
on centos 7 as non-root user, do the following:
install 1.2.1 centos 7 binary package as non-root user and run the following as root user.
You will see that all the directories is set to 777 permissions, which is what the BUG is about
rm -rf /var/log/mariadb/
/home/mysql/mariadb/columnstore/bin/syslogSetup.sh install --user=mysql
ll /var/log/mariadb/columnstore/
total 8
drwxrwxrwx 2 root root 6 Nov 29 22:41 archive
drwxrwxrwx 2 root root 6 Nov 29 22:41 corefiles
drwxrwxrwx 2 root root 6 Nov 29 22:41 trace
install 1.2.2 centos 7 binary package as non-root user and run the following.
The directories are now 750, which is more secure. 777 is wide open to all.
You will also notice that the debug/info logs are created with
"MariaDB Columnstore Installed". That wasnt in 1.2.1.
rm -rf /var/log/mariadb/
/home/mysql/mariadb/columnstore/bin/syslogSetup.sh install --user=mysql
ll /var/log/mariadb/columnstore/
drwxr-x--- 2 root root 6 Nov 29 22:46 archive
drwxr-x--- 2 root root 6 Nov 29 22:46 corefiles
rw------ 1 syslog adm 124 Nov 29 22:46 debug.log
rw------ 1 syslog adm 124 Nov 29 22:46 info.log
drwxr-x--- 2 root root 6 Nov 29 22:46 trace
|
|
Build tested: 1.2.2-1
Installed 1.2.2-1 as non-root (guest user) on centos 7. I got errors when running the command under the root user:
[root@localhost ~]# export COLUMNSTORE_INSTALL_DIR=/home/guest/mariadb/columnstore
[root@localhost ~]# export LD_LIBRARY_PATH=:/home/guest/mariadb/columnstore/lib:/home/guest/mariadb/columnstore/mysql/lib:/home/guest/mariadb/columnstore/lib:/home/guest/mariadb/columnstore/mysql/lib
[root@localhost ~]#
[root@localhost ~]# /home/guest/mariadb/columnstore/bin/syslogSetup.sh install --user=guest
/home/guest/mariadb/columnstore/bin/syslogSetup.sh: line 66: /usr/local/mariadb/columnstore/bin/getConfig: No such file or directory
System logging being used: rsyslog
cp: cannot stat ‘/usr/local/mariadb/columnstore/bin/columnstoreSyslog7’: No such file or directory
sed: can't read /etc/rsyslog.d/49-columnstore.conf: No such file or directory
sed: can't read /etc/rsyslog.d/49-columnstore.conf: No such file or directory
chmod: cannot access ‘/etc/rsyslog.d/49-columnstore.conf’: No such file or directory
chmod: cannot access ‘/etc/logrotate.d/columnstore’: No such file or directory
/home/guest/mariadb/columnstore/bin/syslogSetup.sh: line 245: /usr/local/mariadb/columnstore/bin/cplogger: No such file or directory
/home/guest/mariadb/columnstore/bin/syslogSetup.sh: line 245: /usr/local/mariadb/columnstore/bin/cplogger: No such file or directory
/home/guest/mariadb/columnstore/bin/syslogSetup.sh: line 245: /usr/local/mariadb/columnstore/bin/cplogger: No such file or directory
/home/guest/mariadb/columnstore/bin/syslogSetup.sh: line 245: /usr/local/mariadb/columnstore/bin/cplogger: No such file or directory
|
|
unknown why its failing. i tested as mysql user, will restest as guest user to see if i can reproduce
|
|
worked for me on ubuntu18 using the commands output by post-install:
/home/mysql/mariadb/columnstore/bin/syslogSetup.sh --installdir=/home/mysql/mariadb/columnstore --user=mysql install
--installdir is required.
|
|
Retested
|