[#MDEV-20299] "sudo" feature in the server

[MDEV-20299] "sudo" feature in the server Created: 2019-08-08 Updated: 2023-08-01
Status:	Open
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Fix Version/s:	None

Type:

Task

Priority:

Major

Reporter:

Sergei Golubchik

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

beginner-friendly

Issue Links:

Blocks
is blocked by	~~MDEV-21743~~	Split up SUPER privilege to smaller p...	Closed

Description

SUPER privilege gives the ability to specify an arbitrary definer for views and stored routines. That basically means that a SUPER user can execute commands as any other user.

To make this functionalty more convenient to use, the server could allow SUPER user to "sudo" directly into any other user without authentication.

Practically this could work by making COM_CHANGE_USER to succeed if the old user had SUPER, even if the authentication for the new user failed.

Note: after MDEV-21743 it won't be SUPER but a different privilege

Generated at Thu Feb 08 08:58:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-20299] "sudo" feature in the server Created: 2019-08-08 Updated: 2023-08-01