[MDEV-22874] Create user fails with non-descriptive error message Created: 2020-06-11 Updated: 2024-01-13 |
|
| Status: | Stalled |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System |
| Affects Version/s: | 10.4.13, 10.2, 10.3, 10.4, 10.5 |
| Fix Version/s: | 10.11 |
| Type: | Bug | Priority: | Minor |
| Reporter: | acsfer | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | beginner-friendly | ||
| Description |
|
https://mariadb.com/kb/en/mariabackup-sst-method/#passwordless-authentication-unix-socket states that user must be created, but i can't create it.
|
| Comments |
| Comment by acsfer [ 2020-06-11 ] | |
|
Should I understand that user is already created? via
If yes, just close this ticket (perhaps, the error message is not very clear...). | |
| Comment by Elena Stepanova [ 2020-07-08 ] | |
|
You can always check whether the user exists by running SHOW CREATE USER <username> or SHOW GRANTS FOR <username> or by selecting directly from privilege tables. | |
| Comment by Elena Stepanova [ 2020-07-08 ] | |
|
I'm keeping the bug report open for a better error message. | |
| Comment by Sergei Golubchik [ 2020-08-16 ] | |
|
Same for DROP USER, RENAME USER, ALTER USER, may be more. | |
| Comment by Anel Husakovic [ 2021-07-13 ] | |
|
What is the expectation of more descriptive error message here? Maybe to append at the end [user,role] doesn't exist like:
| |
| Comment by Daniel Black [ 2021-07-20 ] | |
|
anel I think that's right. But for `create {user/role}` -> ` .. [user, role] already exists`. | |
| Comment by Anel Husakovic [ 2021-07-27 ] | |
|
Patch: 420f846a1513ab528 danblack for review please. | |
| Comment by Daniel Black [ 2021-08-06 ] | |
|
Ultimately user error messages should appear in sql/share/errmsg-utf8.txt like ER_CANNOT_USER is. So ideally there should be ER_CANNOT_(USER,ROLE)_(MISSING,EXISTS) in order for the translation to come up with a consistent error message across languages. elenst, serg, what are the rules regarding the changing/addition of user error messages in GA releases? Given 97f7d4a9b4da77cb79699a0ea873e4a0e628e8a3 ( note sql/wsrep_var.cc perversely uses ER_CANNOT_USER in its messages and needs to be taken into account for corrections. | |
| Comment by Sergei Golubchik [ 2021-08-06 ] | |
|
Rules are we cannot change message numbers in GA versions. And any error message added in 10.2 will cause a shift in numbers in 10.3+. 1. Hacking in the message via %s for usernames is wrong, if the user would switch to German error messages it'd produce
2. errors can happen for many different reasons, not all of them are "user already exists" 3. even if the reason is that the user already exists, we very intentionally don't want to say it. CREATE USER is not a way to probe user list to detect what user accounts exist. | |
| Comment by Anel Husakovic [ 2021-09-06 ] | |
|
Per discussion with danblack, changed to 10.7 in order to introduce the new message in errmsg-utf8.txt. | |
| Comment by Daniel Black [ 2021-09-06 ] | |
|
Point 3 above, this is an information leak prevention. The acl is already checked that the user can do these functions so we're not giving anything way for free. Given CREATE USER IF NOT EXISTS and DROP USER IF EXISTS have specific warnings about a users existence/non-existance it would be odd for CREATE USER not to have a specific error of the same text. So reusing these {ER_[USER|ROLE]_[CREATE|DROP]_EXISTS}as they already exist for the warnings? Then we add 4 - {ER_[USER|ROLE]_[ALTER|RENAME]_EXISTS}? | |
| Comment by Anel Husakovic [ 2022-01-19 ] | |
|
Not sure in which direction to go? |