[MDEV-20577] Require lower privilege than SUPER to set rocksdb_create_checkpoint Created: 2019-09-12  Updated: 2022-05-05

Status: Open
Project: MariaDB Server
Component/s: Storage Engine - RocksDB
Fix Version/s: None

Type: Task Priority: Minor
Reporter: Geoff Montee (Inactive) Assignee: Sergei Petrunia
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-13122 Backup myrocks with mariabackup Closed
relates to MDEV-21743 Split up SUPER privilege to smaller p... Closed
relates to MDEV-20564 Mariabackup docs for privileges incom... Closed

 Description   

If you want to set the rocksdb_create_checkpoint system variable, then you need the SUPER privilege. This is not exactly unexpected since it is a GLOBAL system variable.

From the MySQL documentation:

Setting a global system variable runtime value requires the SUPER privilege.

https://dev.mysql.com/doc/refman/5.5/en/system-variable-privileges.html

The problem is that Mariabackup uses this system variable to backup MyRocks data. This limitation means that MyRocks data can only be backed up by Mariabackup if the user account has the SUPER privilege. See MDEV-20564.

This has been documented now:

https://mariadb.com/kb/en/library/mariabackup-overview/#authentication-and-privileges

I think some users would dislike the idea of making the backup user require SUPER privileges. Would it be possible and desirable to change MyRocks, so that a lower privilege than SUPER is required in order to set the rocksdb_create_checkpoint system variable? Should the system variable be made into a SESSION system variable?

 Comments   
Comment by Sergei Petrunia [ 2019-09-13 ]

I'm not aware of any way a plugin could specify that "this global variable can be set by a user other than SUPER" ( serg, any idea? ).

I'm wondering if other storage engines had a similar issue and how it was solved?

Comment by Sergei Golubchik [ 2019-09-13 ]

No, this is impossible. All global variables require SUPER, this is unconditionally checked in set_var::check()

Comment by Geoff Montee (Inactive) [ 2019-09-13 ]

No, this is impossible. All global variables require SUPER, this is unconditionally checked in set_var::check()

Some ideas:

  • Would it be reasonable to make rocksdb_create_checkpoint settable at a SESSION level, or would that have other problems?
  • Instead of making Mariabackup set the rocksdb_create_checkpoint system variable, would it be worthwhile to make a mysql.rocksdb_create_checkpoint UDF that requires lesser privileges to run?
  • Do we want to just leave it as-is, and not change anything?

Yes, see innodb_tmpdir variable and its innodb_tmpdir_validate
function.

I see that function checks for the FILE privilege:

https://github.com/MariaDB/server/blob/mariadb-10.4.8/storage/innobase/handler/ha_innodb.cc#L759

Comment by Sergei Golubchik [ 2019-09-14 ]

Ignore the "yes" comment, it was sent as an email and somehow arrived into jira much later than expected, after I've added the correct "no" one (even though "yes" was sent first).

Comment by Sergei Golubchik [ 2019-09-14 ]

Yes, making rocksdb_create_checkpoint a session variable looks like the easiest fix here.

Generated at Thu Feb 08 09:00:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.