|
I can't reproduce it.
Please do the following:
- connect via MySQL client as the user with the privilege
- run SHOW GRANTS;
- run SELECT 1 INTO OUTFILE '<file_folder/file_name>';
- run system ls -ld '<file_folder>';
- paste the whole unabridged output of the session above.
Please also attach your cnf file(s) and the output of SHOW VARIABLES.
Thanks.
|
|
Thanks for your time. Here are the required information.
[hugo@hugofc ~] $ mysql -u betty -p
|
Enter password:
|
Welcome to the MariaDB monitor. Commands end with ; or \g.
|
Your MariaDB connection id is 1073
|
Server version: 10.0.23-MariaDB-log MariaDB Server
|
|
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
|
|
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
|
|
MariaDB [(none)]> show grants;
|
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| Grants for betty@127.0.0.1 |
|
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, RELOAD, FILE, LOCK TABLES, SHOW VIEW ON *.* TO 'betty'@'127.0.0.1' IDENTIFIED BY PASSWORD '*826A79AA75B60BF2E84BA49F01705562FC98F2EC' |
|
| GRANT ALL PRIVILEGES ON `bellivo`.* TO 'betty'@'127.0.0.1' |
|
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
2 rows in set (0.00 sec)
|
|
MariaDB [(none)]> select 1 into outfile '/home/hugo/htdocs/betty_pf/archives/getreception/test_01.txt';
|
ERROR 1 (HY000): Can't create/write to file '/home/hugo/htdocs/betty_pf/archives/getreception/test_01.txt' (Errcode: 13 "Permission denied")
|
MariaDB [(none)]> system ls -ld '/home/hugo/htdocs/betty_pf/archives/getreception/';
|
drwxrwxrwt. 2 hugo betty 4096 Jul 24 2015 /home/hugo/htdocs/betty_pf/archives/getreception/
|
my.cnf
|
--------------------------------------------------
|
[mysqld]
|
bind-address=0.0.0.0
|
skip_name_resolve
|
collation-server=utf8mb4_unicode_ci
|
init-connect='SET NAMES utf8mb4'
|
character-set-server=utf8mb4
|
datadir=/var/lib/mysql
|
socket=/var/lib/mysql/mysql.sock
|
general_log
|
general_log_file = /var/log/mariadb/query.log
|
|
# Disabling symbolic-links is recommended to prevent assorted security risks
|
symbolic-links=0
|
|
log-error=/var/log/mysqld.log
|
pid-file=/var/run/mysqld/mysqld.pid
|
|
[mysqld_safe]
|
|
#
|
# include all files from the config directory
|
#
|
!includedir /etc/my.cnf.d
|
|
[client]
|
socket=/var/lib/mysql/mysql.sock
|
port=3306
|
protocol=TCP
|
|
|
Thank you.
Is the problem reproducible on a clean new folder without specific extended attributes / security context and without the sticky bit?
|
|
[hugo@hugofc ~] $ pwd
|
/home/hugo
|
[hugo@hugofc ~] $ mkdir newfolder
|
[hugo@hugofc ~] $ ls -ld newfolder/
|
drwxrwxr-x 2 hugo hugo 4096 May 10 06:41 newfolder/
|
[hugo@hugofc ~] $ mysql -u root -p
|
Enter password:
|
Welcome to the MariaDB monitor. Commands end with ; or \g.
|
Your MariaDB connection id is 1215
|
Server version: 10.0.23-MariaDB-log MariaDB Server
|
|
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
|
|
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
|
|
MariaDB [(none)]> select 1 into outfile '/home/hugo/newfolder';
|
ERROR 1 (HY000): Can't create/write to file '/home/hugo/newfolder' (Errcode: 13 "Permission denied")
|
MariaDB [(none)]> quit
|
Bye
|
[hugo@hugofc ~] $ chmod 777 newfolder/
|
[hugo@hugofc ~] $ mysql -u root -p
|
Enter password:
|
Welcome to the MariaDB monitor. Commands end with ; or \g.
|
Your MariaDB connection id is 1216
|
Server version: 10.0.23-MariaDB-log MariaDB Server
|
|
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
|
|
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
|
|
MariaDB [(none)]> select 1 into outfile '/home/hugo/newfolder';
|
ERROR 1 (HY000): Can't create/write to file '/home/hugo/newfolder' (Errcode: 13 "Permission denied")
|
MariaDB [(none)]> system ls -ld '/home/hugo/newfolder'
|
drwxrwxrwx 2 hugo hugo 4096 May 10 06:41 /home/hugo/newfolder
|
|
|
Hi,
I've just been hit by this very frustrating bug, except I'm using MariaDB 10.1.22+maria-1~xenial on Ubuntu Xenial 16.04.2 LTS.
Should I raise a new issue or continue commenting on this one?
I am able to dump to the OS' /tmp directory which is owned root:root, permissions 777 with sticky bit set... does this imply that the entire directory tree up to the root must be writeable by mysql system user? In any case, /tmp folder is less than ideal because the files created are owned mysql:mysql meaning the regular user can't remove them (which is required to do the mysqldump using same filenames again).
The bug is very frustrating because it means a regular user cannot use mysqldump via CLI easily at all (or SELECT INTO OUTFILE from the mysql cli). Any chance of some love here please?
Thanks...
|
|
jclifford,
Is your use case is similar to what hugochouinard described above?
First of all, please note that in the test case above, /home/hugo/newfolder is already an existing folder, and then we have select 1 into outfile '/home/hugo/newfolder' – that is, it attempts to create a file with a name of an existing folder, it will not succeed either way.
It's just a side note though, the question is whether it fails with Errcode: 13 "Permission denied" as above, or with File '/home/hugo/newfolder' already exists.
The rest seems to be reproducible without MariaDB/MySQL. Please consider the following:
$ sudo getenforce
|
Disabled
|
$ pwd
|
/home/elenst2
|
$ ls -ld newfolder/
|
drwxrwxrwx 2 elenst2 elenst2 6 May 22 15:43 newfolder/
|
$ su - elenst
|
Password:
|
Last login: Mon May 22 16:00:44 UTC 2017 on pts/0
|
$ touch /home/elenst2/newfolder/1
|
touch: cannot touch ‘/home/elenst2/newfolder/1’: Permission denied
|
It comes from the parent directory being non-readable for anyone except for the user:
$ ls -ld /home/elenst2
|
drwx------. 5 elenst2 elenst2 186 May 22 15:56 /home/elenst2
|
$ chmod 755 /home/elenst2
|
$ su - elenst
|
Password:
|
Last login: Mon May 22 16:17:25 UTC 2017 on pts/0
|
$ touch /home/elenst2/newfolder/1
|
# => now it works all right
|
$ exit
|
logout
|
With MariaDB and OUTFILE you experience the same. mysqld process is run under mysql user, which simply cannot write into the folder, hence the problem.
Please refer to system-related sources of information to find a suitable way to resolve it.
|
|
Hi Elena,
I experience the same problem as Hugo. Your assessment is incorrect however and this bug still exists.
Even if the parent directories are group and others readable (chmod 755) and the child directory is world (group and others) writeable (chmod 777) SELECT INTO OUTFILE still does not work, whereas another user may create a file in the child directory using touch:
|
joetest@mariadbhost:~$ pwd
|
/home/joetest
|
joetest@mariadbhost:~$ ls -ld /home/joetest
|
drwxr-xr-x 3 joetest joetest 4096 May 22 17:44 /home/joetest
|
joetest@mariadbhost:~$ ls -ld newfolder
|
drwxrwxrwx 2 joetest joetest 4096 May 22 17:39 newfolder
|
joetest@mariadbhost:~$ su joetest2
|
Password:
|
joetest2@mariadbhost:/home/joetest$ touch newfolder/1
|
joetest2@mariadbhost:/home/joetest$ ls -ld newfolder/1
|
-rw-rw-r-- 1 joetest2 joetest2 0 May 22 17:50 newfolder/1
|
joetest2@mariadbhost:/home/joetest$ exit
|
exit
|
joetest@mariadbhost:~$ mysql -u root -p
|
|
MariaDB [(none)]> SELECT * FROM information_schema.ENGINES INTO OUTFILE "/home/joetest/newfolder/2";
|
ERROR 1 (HY000): Can't create/write to file '/home/joetest/newfolder/2' (Errcode: 13 "Permission denied")
|
|
I've done some folder and file permissions testing on my server and the results don't make any sense. The results of the test show that SELECT INTO OUTFILE will only fail if it is trying to write to any folder in /home/$user/:
|
root@mariadbhost:~# mkdir -p /home2/joetest/newfolder
|
root@mariadbhost:~# ls -ld /home
|
drwxr-xr-x 8 root root 4096 May 22 17:35 /home
|
root@mariadbhost:~# ls -ld /home2
|
drwxr-xr-x 3 root root 4096 May 22 18:13 /home2
|
root@mariadbhost:~# ls -ld /home/joetest
|
drwxr-xr-x 3 joetest joetest 4096 May 22 17:44 /home/joetest
|
root@mariadbhost:~# chown -R joetest:joetest /home2/joetest
|
root@mariadbhost:~# ls -ld /home2/joetest
|
drwxr-xr-x 3 joetest joetest 4096 May 22 18:13 /home2/joetest
|
root@mariadbhost:~# ls -ld /home2/joetest/newfolder/
|
drwxr-xr-x 2 joetest joetest 4096 May 22 18:13 /home2/joetest/newfolder/
|
root@mariadbhost:~# mysql -u root
|
|
MariaDB [(none)]> SELECT * FROM information_schema.ENGINES INTO OUTFILE "/home2/joetest/newfolder/1";
|
ERROR 1 (HY000): Can't create/write to file '/home2/joetest/newfolder/1' (Errcode: 13 "Permission denied")
|
MariaDB [(none)]> quit;
|
Bye
|
root@mariadbhost:~# chmod 777 /home2/joetest/newfolder
|
root@mariadbhost:~# ls -ld /home2/joetest/newfolder/
|
drwxrwxrwx 2 joetest joetest 4096 May 22 18:13 /home2/joetest/newfolder/
|
root@mariadbhost:~# mysql -u root
|
|
MariaDB [(none)]> SELECT * FROM information_schema.ENGINES INTO OUTFILE "/home2/joetest/newfolder/1";
|
Query OK, 8 rows affected (0.00 sec)
|
|
MariaDB [(none)]> quit;
|
Bye
|
|
Neither SELinux nor Apparmor are running on my server. I am at a loss to explain why this is happening.... any ideas?
Joe
|
|
jclifford,
Sorry, I missed that you were using 10.1, I was still thinking in terms of old Fedora and 10.0.
On modern systems 10.1+ gets installed with systemd support. Among other things, it has this setting in /etc/systemd/system/mysql.service:
# Prevent accessing /home, /root and /run/user
|
ProtectHome=true
|
That's what stops it from writing in /home.
However, there is no systemd support for 10.0, and much less so for Fedora 22, so Hugo's case must be different from yours.
|
SHOW_VARIABLES_OUTPUT.log