[MDEV-10399] custom tmpdir permission denied only in 10.1.16 Created: 2016-07-19  Updated: 2016-07-22  Resolved: 2016-07-19

Status: Closed
Project: MariaDB Server
Component/s: Scripts & Clients
Affects Version/s: 10.1.16
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: George L Assignee: Sergei Golubchik
Resolution: Not a Bug Votes: 1
Labels: None
Environment:

CentOS 7.2 64bit

Issue Links:
Problem/Incident
is caused by MDEV-10298 Improve systemd service hardening Closed

 Description   

I have custom tmpdir defined in /etc/my.cnf which has worked fine on MariaDB 5.2/5.5/10.0 and up to 10.1.14 and even on bugged 10.1.15. Downgrading back to 10.1.14 works and restarts mysql fine

    tmpdir=/home/mysqltmp

But on upgrade from 10.1.14 to 10.1.16, mysql server doesn't start up at all and i get the complaint of

    Jul 19 15:59:33 centos7 mysqld: 2016-07-19 15:59:33 140702605535360 [ERROR] mysqld: Can't create/write to file '/home/mysqltmp/ibrjyVha' (Errcode: 13 "Permission denied")
 
    Jul 19 15:59:33 centos7 mysqld: 2016-07-19 15:59:33 7ff7e0d26880  InnoDB: Error: unable to create temporary file; errno: 13

permissions

    stat /tmp /home/mysqltmp/
 
      File: ‘/tmp’
 
      Size: 4096            Blocks: 8          IO Block: 4096   directory
 
    Device: fd01h/64769d    Inode: 50331777    Links: 13
 
    Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
 
    Access: 2016-07-19 15:57:54.581779695 +0000
 
    Modify: 2016-07-19 16:01:52.715423173 +0000
 
    Change: 2016-07-19 16:01:52.715423173 +0000
 
     Birth: -
 
      File: ‘/home/mysqltmp/’
 
      Size: 6               Blocks: 0          IO Block: 4096   directory
 
    Device: fd01h/64769d    Inode: 51183635    Links: 2
 
    Access: (1777/drwxrwxrwt)  Uid: (  995/   mysql)   Gid: (  994/   mysql)
 
    Access: 2016-07-19 15:55:33.114206806 +0000
 
    Modify: 2016-07-19 15:55:32.923200134 +0000
 
    Change: 2016-07-19 16:00:38.720451448 +0000
 
     Birth: -

repo file

    cat /etc/yum.repos.d/mariadb.repo 
    [mariadb]
 
    name = MariaDB
 
    baseurl = http://yum.mariadb.org/10.1/centos7-amd64
 
    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
 
    gpgcheck=1
 
    exclude=MariaDB-Galera-server

full error message

Jul 19 16:33:47 centos7 systemd: Stopped MariaDB database server.
 
Jul 19 16:33:50 centos7 systemd: Starting MariaDB database server...
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] /usr/sbin/mysqld (mysqld 10.1.16-MariaDB) starting as process 6958 ...
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Using mutexes to ref count buffer pool pages
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: The InnoDB memory heap is disabled
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Memory barrier is not used
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Compressed tables use zlib 1.2.7
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Using Linux native AIO
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] InnoDB: Using generic crc32 instructions
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [ERROR] mysqld: Can't create/write to file '/home/mysqltmp/ibPELAkd' (Errcode: 13 "Permission denied")
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 7ff05a877880  InnoDB: Error: unable to create temporary file; errno: 13
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [ERROR] Plugin 'InnoDB' init function returned error.
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [Note] Plugin 'FEEDBACK' is disabled.
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [ERROR] Unknown/unsupported storage engine: InnoDB
 
Jul 19 16:33:50 centos7 mysqld: 2016-07-19 16:33:50 140670287706240 [ERROR] Aborting
 
Jul 19 16:33:50 centos7 systemd: mariadb.service: main process exited, code=exited, status=1/FAILURE



 Comments   
Comment by Sergei Golubchik [ 2016-07-19 ]

A possible suspect is MDEV-10298. Indeed, it adds ProtectHome=true to mariadb.service, and that prevents any writes to /home.

I'm hesitant to call that a bug, the intention, precisely, was not to allow mysqld to write anywhere under /home. This is the secure default, that a user can override to match his specific use case.

Comment by George L [ 2016-07-19 ]

ah thanks Sergei just what i needed !

my use case is auto installed setups of mariadb on low end vps so usually /tmp is very very small in size insufficient for mysql so moved it to the more likely larger disk free space available /home

awk '/Protect/' /usr/lib/systemd/system/mariadb.service
 
ProtectSystem=full
 
ProtectHome=true

this works for me as a workaround

/etc/systemd/system/mariadb.service.d/protecthome.conf
 
[Service]
 
ProtectHome=false

thanks !

Comment by George L [ 2016-07-19 ]

was ProtectHome only added to MariaDB 10.1.16 and higher or was it back ported to MariaDB 10.0.x branch on CentOS 7/systemd systems too ?

Comment by Sergei Golubchik [ 2016-07-19 ]

Only in 10.1 (MDEV-10298 lists only 10.1.16 in the “Fix Version/s” field)

Comment by George L [ 2016-07-19 ]

thanks Sergei for clarification

Generated at Thu Feb 08 07:41:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.