[MDEV-5500] init scripts use a special user Created: 2014-01-02  Updated: 2020-03-03  Resolved: 2020-03-03

Status: Closed
Project: MariaDB Server
Component/s: Platform Debian
Affects Version/s: 5.5.34-galera, 5.5.34
Fix Version/s: 10.4.1

Type: Bug Priority: Minor
Reporter: erkan yanar Assignee: Otto Kekäläinen
Resolution: Fixed Votes: 2
Labels: packaging
Environment:

Debian/Ubuntu

Issue Links:
PartOf
is part of MDEV-8375 Debian: Passwordless mysqld root logi... Closed

 Description   

The init scripts for debian and ubuntu rely on a special user:
'debian-sys-maint'@'localhost'
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"

It has three tasks:
1. Doing some local checks starting the mysqld.
2. Some fancy status reporting.
3. As mysqladmin is used to shutdown, the user is used to shutdown the mysqld.

The problem with this approach is the credentials has to be stored disjunct in the filesystem (/etc/init.d/debian.cnf). So everytime the data in the schema changes you got to fix it in the configfile.
So at least when you i.e.

  • Create a slave from a master dump
  • After an (initial) SST in Galera
    When you miss this, the most important thing is, you are not going to stop the mysqld.
    This is some kind of silly, as you don't even need mysqladmin to stop mysqld, as SIGTERM is sufficient.

 Comments   
Comment by erkan yanar [ 2014-01-02 ]

Hehe ok, this is related to https://mariadb.atlassian.net/browse/MDEV-703.
There is at least code to shutdown mysql but never touched.

Comment by Constantine Linnick [ 2014-01-28 ]

Issued this during upgrade 10.0.6 to 10.0.7 twice out of few dozen instances

Manual fix http://mirzmaster.wordpress.com/2009/01/16/mysql-access-denied-for-user-debian-sys-maintlocalhost/ after this "apt-get install -f" can proceed

Comment by Daniel Black [ 2014-03-04 ]

A warning is better than nothing. I tried to push the debian.cnf into the datadir however the wsrep_sst_rsync is quite fussy about what it copies.

--- mysql-new   2014-03-04 01:17:18.000000000 +0000
 
+++ /etc/init.d/mysql   2014-03-04 02:59:48.000000000 +0000
 
@@ -108,6 +108,22 @@
 
            # Start MariaDB!
 
            /usr/bin/mysqld_safe "${@:2}" > /dev/null 2>&1 &
 
 
 
+           sst_transfer=0
 
+           sst_progress_file=`mysqld_get_param datadir`/sst_in_progress
 
+           if [ -x "$sst_progress_file" ]; then
 
+               sst_transfer=1
 
+               log_daemon_msg "SST of MariaDB database server in progress" "mysqld"
 
+               for i in $(seq 1 "${MYSQLD_SST_TIMEOUT:-30}"); do
 
+                   sleep 1
 
+                   if [ ! -x "$sst_progress_file" ]; then
 
+                       break;
 
+                   fi
 
+                   log_progress_msg "."
 
+               done
 
+           fi
 
+           if [ $sst_transfer == 1 ]; then
 
+               log_warning_msg "$0: WARNING: SST occured. Ensure /etc/mysql/debian.cnf is updated from a Galera cluster member"
 
+           fi
 
            # 6s was reported in #352070 to be too few when using ndbcluster
 
            for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do
 
                 sleep 1

Comment by Elena Stepanova [ 2015-06-02 ]

otto,

Are you planning to make any radical changes around this debian-sys-maint user, or should we just apply the suggested warnings?

Comment by Otto Kekäläinen [ 2015-06-08 ]

elenst Yes, the whole debian-sys-maint user will be abandoned as we have transitioned to unix socket auth by default in Debian Sid.

Comment by Otto Kekäläinen [ 2016-11-25 ]

This is automatically solved once MDEV-8375 is implemented.

Comment by Otto Kekäläinen [ 2020-03-03 ]

Unix socket authentication has been default in upstream MariaDB.org Debian packaging since the release of 10.4, so this issue is thus fixed, as everything works via the root/mysql user now with unix socket authentication and the custom debian-sys-maint user is deprecated (although on upgrades of all installs it still works).

Generated at Thu Feb 08 07:04:51 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.