[MDEV-22198] Different behaviours for skip-symbolic-links and secure_file_priv Created: 2020-04-08  Updated: 2021-11-18  Resolved: 2020-04-14

Status: Closed
Project: MariaDB Server
Component/s: Configuration
Affects Version/s: 10.4.12
Fix Version/s: 10.4.12

Type: Bug Priority: Major
Reporter: Wagner Bianchi (Inactive) Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: None


 Description   

Folks,

Working on defining configurations for CentOS and Debian, I see differences on both systems concerning two system variables as seen below:

#
 
#: CentOS and RPM packages setup with YUM
 
#
 
[ansible@opmdb01 my.cnf.d]$ cat /etc/redhat-release
 
CentOS Linux release 7.7.1908 (Core)
 
[ansible@opmdb01 my.cnf.d]$ rpm -qa | grep -i mariadb
 
MariaDB-common-10.4.12-1.el7.centos.x86_64
 
MariaDB-compat-10.4.12-1.el7.centos.x86_64
 
MariaDB-client-10.4.12-1.el7.centos.x86_64
 
MariaDB-server-10.4.12-1.el7.centos.x86_64
 
MariaDB-backup-10.4.12-1.el7.centos.x86_64
 
[ansible@opmdb01 my.cnf.d]$ cat server.cnf | egrep 'secure_file|symbolic' #: defined under the [mysqld] section
 
skip-symbolic-links
 
secure_file_priv='/tmp'
 
[ansible@opmdb01 my.cnf.d]$ mariadb -e 'select @@global.have_symlink, @@global.secure_file_priv'
 
+-----------------------+---------------------------+
 
| @@global.have_symlink | @@global.secure_file_priv |
 
+-----------------------+---------------------------+
 
| DISABLED              | /tmp/                     |
 
+-----------------------+---------------------------+
 
 
 
#: server.cnf on CentOS 7.7
 
[mysqld]
 
plugin_maturity="beta"
 
user=mysql
 
basedir=/usr
 
datadir=/var/lib/mysql
 
socket=/var/lib/mysql/mysql.sock
 
server_id=1
 
report_host=opmdb01
 
binlog_format=ROW
 
default_storage_engine=InnoDB
 
innodb_autoinc_lock_mode=2
 
log_bin=/var/lib/mysql/mariadb-bin.log
 
log_bin_index=/var/lib/mysql/mariadb-bin.index
 
relay_log=/var/lib/mysql/mariadb-relay.log
 
relay_log_index=mariadb-relay.index
 
log_error=/tmp/mysqld.err
 
log_slave_updates=1
 
gtid_strict_mode=1
 
bind-address=0.0.0.0
 
 
 
skip-symbolic-links
 
secure_file_priv='/tmp'
 
 
 
[mysql]
 
socket=/var/lib/mysql/mysql.sock
 
prompt="\H [\d]>\_"
 
 
 
#
 
#: Debian 9 and DEB packages setup with APT
 
#
 
root@opmdb02:/etc/mysql/conf.d# lsb_release -a
 
No LSB modules are available.
 
Distributor ID:	Debian
 
Description:	Debian GNU/Linux 9.12 (stretch)
 
Release:	9.12
 
Codename:	stretch
 
 
 
root@opmdb02:/etc/mysql/conf.d# dpkg -l | grep -i mariadb | awk '{print $2,$3}'
 
libdbd-mysql-perl 4.041-2
 
libmariadb3:amd64 1:10.4.12+maria~stretch
 
libmariadbclient18 1:10.4.12+maria~stretch
 
mariadb-backup 1:10.4.12+maria~stretch
 
mariadb-client 1:10.4.12+maria~stretch
 
mariadb-client-10.1 10.1.44-0+deb9u1
 
mariadb-client-10.4 1:10.4.12+maria~stretch
 
mariadb-client-core-10.4 1:10.4.12+maria~stretch
 
mariadb-common 1:10.4.12+maria~stretch
 
mariadb-server 1:10.4.12+maria~stretch
 
mariadb-server-10.4 1:10.4.12+maria~stretch
 
mariadb-server-core-10.4 1:10.4.12+maria~stretch
 
 
 
root@opmdb02:/etc/mysql/conf.d# cat server.cnf | egrep 'secure_file|symbolic'
 
skip-symbolic-links
 
secure_file_priv='/tmp'
 
root@opmdb02:/etc/mysql/conf.d# mariadb -e 'select @@global.secure_file_priv, @@global.have_symlink'
 
+---------------------------+-----------------------+
 
| @@global.secure_file_priv | @@global.have_symlink |
 
+---------------------------+-----------------------+
 
| NULL                      | YES                   |
 
+---------------------------+-----------------------+
 
 
 
#: server.cnf on Debain 9
 
[mysqld]
 
user=mysql
 
basedir=/usr
 
datadir=/var/lib/mysql
 
socket=/var/lib/mysql/mysql.sock
 
server_id=2
 
report_host=opmdb02
 
binlog_format=ROW
 
default_storage_engine=InnoDB
 
innodb_autoinc_lock_mode=2
 
log_bin=/var/lib/mysql/mariadb-bin.log
 
log_bin_index=/var/lib/mysql/mariadb-bin.index
 
relay_log=/var/lib/mysql/mariadb-relay.log
 
relay_log_index=mariadb-relay.index
 
log_error=/tmp/mysqld.err
 
log_slave_updates=1
 
gtid_strict_mode=1
 
bind-address=0.0.0.0
 
 
 
skip-symbolic-links
 
secure_file_priv='/tmp'
 
 
 
[mysql]
 
socket=/var/lib/mysql/mysql.sock
 
prompt="\H [\d]>\_"

Are there any issues on it or am I missing something? Thanks!

 Comments   
Comment by Elena Stepanova [ 2020-04-13 ]

Your server.cnf works fine for me on stretch. 

buildbot@debian-9-stretch-amd64:~$ sudo systemctl restart mariadb
 
buildbot@debian-9-stretch-amd64:~$ sudo mysql
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
 
Your MariaDB connection id is 9
 
Server version: 10.4.12-MariaDB-1:10.4.12+maria~stretch-log mariadb.org binary distribution
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
debian-9-stretch-amd64 [(none)]> select @@global.secure_file_priv, @@global.have_symlink;
 
+---------------------------+-----------------------+
 
| @@global.secure_file_priv | @@global.have_symlink |
 
+---------------------------+-----------------------+
 
| /tmp/                     | DISABLED              |
 
+---------------------------+-----------------------+
 
1 row in set (0.000 sec)

I would recommend making sure that

  • your server certainly got restarted after you added the config;
  • the main cnf file does source the include conf.d and nothing overrides it.

Both points aren't 100%-guaranteed, given that you must have had an installation of 10.1 packaged by Debian before (as mariadb-client-10.1 10.1.44-0+deb9u1 suggests).

Comment by Wagner Bianchi (Inactive) [ 2020-04-14 ]

Hey elenstthanks for testing it, it should be something else on my environment running it I will investigate further. This ticket can be closed by now. Thanks again!

Generated at Thu Feb 08 09:12:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.