[MDEV-27867] missing required privilege REPLICATION CLIENT by /usr/bin/mariabackup Created: 2022-02-17  Updated: 2022-08-26  Resolved: 2022-08-26

Status: Closed
Project: MariaDB Server
Component/s: Backup
Affects Version/s: 10.7.3
Fix Version/s: 10.5.18, 10.6.10, 10.7.6, 10.8.5, 10.9.3, 10.10.2

Type: Bug Priority: Minor
Reporter: Test Jetco Assignee: Daniel Black
Resolution: Fixed Votes: 0
Labels: None
Environment:

RedHat Enterprise Linux 8.5

Issue Links:
Relates
relates to MDEV-23607 Warning: missing required privilege R... Closed

 Description   

I am using mariadb 10.7.3. I tried to perform db backup using '/usr/bin/mariabackup' by user other than root. 

/usr/bin/mariabackup --backup -umariadbbackup -pxxxxxx --binlog-info=on --databases=all -h /mysql --galera-info --target-dir=/backup/`hostname`-mariadb-backup-${DATEVAR}

I have granted the following privileges to the backup db user, mariadbbackup:

> show grants for "mariadbbackup"@"localhost";
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| Grants for mariadbbackup@localhost                                                                                                                                                                                   |
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| GRANT SELECT, RELOAD, PROCESS, SHOW DATABASES, LOCK TABLES, BINLOG MONITOR, SHOW VIEW, EVENT, SLAVE MONITOR ON *.* TO `mariadbbackup`@`localhost` IDENTIFIED BY PASSWORD '......' |
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
1 row in set (0.000 sec)

After backup, I reviewed the backup log and found the following statement:

Warning: missing required privilege REPLICATION CLIENT on .
/usr/bin/mariabackup based on MariaDB server 10.7.3-MariaDB Linux (x86_64)

I have already granted 'REPLICATION CLIENT' but it didn't show up after using 'show grant' command. I already have both BINLOG MONITOR and REPLICA MONITOR privileges granted. But still the warning message appears.

How should I solve this issue?

 Comments   
Comment by Daniel Black [ 2022-08-24 ]

TODO for myself, ensure that https://github.com/MariaDB/server/pull/2211 covers this case and then can close this and linked PR.

Comment by Daniel Black [ 2022-08-25 ]

Tested with above branch, without grants initially:

$ ./extra/mariabackup/mariabackup --backup -ubackup --binlog-info=on --databases=all -S /tmp/build-mariadb-server-10.5.sock -h /tmp/build-mariadb-server-10.5-datadir --galera-info --target-dir=/tmp/b
 
[00] 2022-08-25 17:41:06 Connecting to MariaDB server host: localhost, user: backup, password: not set, port: not set, socket: /tmp/build-mariadb-server-10.5.sock
 
[00] 2022-08-25 17:41:06 Using server version 10.5.18-MariaDB-1:10.5.13+maria~stretch
 
[00] 2022-08-25 17:41:06 Error: missing required privilege RELOAD on *.*
 
[00] 2022-08-25 17:41:06 Error: missing required privilege PROCESS on *.*
 
[00] 2022-08-25 17:41:06 Warning: missing required privilege CONNECTION ADMIN on *.*
 
[00] 2022-08-25 17:41:06 Warning: missing required privilege SLAVE MONITOR on *.*
 
[00] 2022-08-25 17:41:06 Current privileges, as reported by 'SHOW GRANTS': 
[00] 2022-08-25 17:41:06   1.GRANT USAGE ON *.* TO `backup`@`localhost`

And with grants added (grant reload,process,CONNECTION ADMIN, replica monitor on . to backup@localhost;):

$ ./extra/mariabackup/mariabackup --backup -ubackup --binlog-info=on --databases=all -S /tmp/build-mariadb-server-10.5.sock -h /tmp/build-mariadb-server-10.5-datadir --galera-info --target-dir=/tmp/b
 
[00] 2022-08-25 17:41:25 Connecting to MariaDB server host: localhost, user: backup, password: not set, port: not set, socket: /tmp/build-mariadb-server-10.5.sock
 
[00] 2022-08-25 17:41:25 Using server version 10.5.18-MariaDB-1:10.5.13+maria~stretch
 
./extra/mariabackup/mariabackup based on MariaDB server 10.5.18-MariaDB debian-linux-gnu (x86_64)
 
[00] 2022-08-25 17:41:25 uses posix_fadvise().
 
[00] 2022-08-25 17:41:25 cd to /tmp/build-mariadb-server-10.5-datadir/
 
[00] 2022-08-25 17:41:25 open files limit requested 0, set to 1024
 
[00] 2022-08-25 17:41:25 mariabackup: using the following InnoDB configuration:
 
[00] 2022-08-25 17:41:25 innodb_data_home_dir = 
[00] 2022-08-25 17:41:25 innodb_data_file_path = ibdata1:12M:autoextend
 
[00] 2022-08-25 17:41:25 innodb_log_group_home_dir = ./
 
[00] 2022-08-25 17:41:25 InnoDB: Using Linux native AIO
 
2022-08-25 17:41:25 0 [Note] InnoDB: Number of pools: 1
 
[00] 2022-08-25 17:41:25 mariabackup: Generating a list of tablespaces
 
Skipping db: ./test
 
Skipping db: ./performance_schema
 
Skipping db: ./mysql
 
[00] 2022-08-25 17:41:25 >> log scanned up to (45106)
 
[01] 2022-08-25 17:41:25 Copying ibdata1 to /tmp/b/ibdata1
 
[01] 2022-08-25 17:41:25         ...done
 
[00] 2022-08-25 17:41:26 Acquiring BACKUP LOCKS...
 
[00] 2022-08-25 17:41:26 >> log scanned up to (45106)
 
[00] 2022-08-25 17:41:26 Starting to backup non-InnoDB tables and files
 
[00] 2022-08-25 17:41:26 Skipping db: ./test
 
[00] 2022-08-25 17:41:26 Skipping db: ./performance_schema
 
[00] 2022-08-25 17:41:26 Skipping db: ./mysql
 
[00] 2022-08-25 17:41:26 Finished backing up non-InnoDB tables and files
 
[01] 2022-08-25 17:41:26 Copying ./aria_log.00000001 to /tmp/b/aria_log.00000001
 
[01] 2022-08-25 17:41:26         ...done
 
[01] 2022-08-25 17:41:26 Copying ./aria_log_control to /tmp/b/aria_log_control
 
[01] 2022-08-25 17:41:26         ...done
 
[00] 2022-08-25 17:41:26 Waiting for log copy thread to read lsn 45106
 
[00] 2022-08-25 17:41:27 >> log scanned up to (45106)
 
[00] 2022-08-25 17:41:27 Failed to get master wsrep state from SHOW STATUS.
 
mariabackup: Stopping log copying thread.[00] 2022-08-25 17:41:27 >> log scanned up to (45106)

Its still a stand alone without galera (hence failed to get master wsrep status) message.

Comment by Daniel Black [ 2022-08-26 ]

fixed as part of MDEV-23607

Generated at Thu Feb 08 09:56:11 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.