[MDEV-7247] service mysql status not availabe in standard user Created: 2014-12-02  Updated: 2020-05-19  Resolved: 2020-05-19

Status: Closed
Project: MariaDB Server
Component/s: Platform Debian, Scripts & Clients
Affects Version/s: 10.0
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Aurélien LEQUOY Assignee: Axel Schwenke
Resolution: Fixed Votes: 2
Labels: None
Environment:

ubuntu 12.04

Issue Links:
Duplicate
is duplicated by MDEV-5939 service mysql status command fails wh... Closed

 Description   

with standard user we coudln't run :

service mysql status (work only in root)

maybe is not a bug and you would this comportment but it's not standard.

I made the fix, just tell me how to procede.

 Comments   
Comment by Barthelemy Vessemont [ 2014-12-02 ]

+1
A user with no priviliges is not able to check service status (which is not standard, check with other projects like apache, nginx, ntp, sshd, oracle mysql ...) :

johndoe@mariadb-vagrant:/data$ service mysql status
 
cat: /var/run/mysqld/mysqld.pid: Permission denied
 
 * MariaDB is stopped.

It's ok with any sudoer/root account :

root@mariadb-vagrant:/data# service mysql status
 
 * /usr/bin/mysqladmin  Ver 9.1 Distrib 10.0.15-MariaDB, for debian-linux-gnu on x86_64
 
Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.
 
 
 
Server version		10.0.15-MariaDB-1~precise-log
 
Protocol version	10
 
Connection		Localhost via UNIX socket
 
UNIX socket		/var/run/mysqld/mysqld.sock
 
Uptime:			17 hours 4 min 25 sec
 
 
 
Threads: 2  Questions: 91  Slow queries: 0  Opens: 97  Flush tables: 1  Open tables: 78  Queries per second avg: 0.001

Comment by Elena Stepanova [ 2014-12-02 ]

Aurelien_LEQUOY,

You can attach your patch to this JIRA issue, or go through the process as described here: https://mariadb.com/kb/en/mariadb/community/contributing-code/ , whichever you prefer.
If the patch is small and only affects the script, I suppose the former is much easier.
You will also probably be asked for the MCA confirmation.

Comment by Barthelemy Vessemont [ 2014-12-03 ]

Hi,

In order to allow standard user to check service status we need 2 things :

  • Since /usr/bin/mysqladmin ping requires read access to /etc/mysql/debian.cnf (which is protected file), we need to bypass ping test when running status with non-root/sudo user, thus it will only run a minimal pid/ps check :
    => very simple if [ "$(id -u)" != "0" ] in bash init script will disable ping test for standard user
  • Change posix ACL for /var/run/mysqld/mysqld.pid pidfile ...
    => this file is currently 0660, and it should be 0664 or 0644 (like every other pidfile in /run/pid).
    => mysqld code is currently managing this file , but I can't find out why the file is still 0660 while pidfile looks to be created with 0644 mode : https://github.com/MariaDB/server/blob/mariadb-10.0.10/sql/mysqld.cc#L9231
Comment by Elena Stepanova [ 2015-02-08 ]

otto,

Please consider the report/request. If it shouldn't be implemented according to Debian policies or on any other reason, please close as 'Won't fix' with the explanation why not.

Thanks.

Comment by Otto Kekäläinen [ 2015-02-08 ]

In official Debian/Ubuntu packages service status looks the same no matter if it is run as root or not:

}}
 
$ service mysql status
 
mysql start/running, process 4480
 
$ sudo service mysql status
 
mysql start/running, process 4480
 
{{

But it is true that even there the chmod is 0660 and not 0644 which is the standard. The pid file is however not created by the init script or anything in packaging, but by the mysqld daemon itself.

Comment by Jean Weisbuch [ 2015-02-09 ]

The fact that the file isnt created with the right permission is due to the fact that a "umask" value is set and is "substracted" from the CreateFlags (permission for the new file(s) created).

Adding "umask(0000);" before open() is called on the my_create function located on "mysys/my_create.c" makes the created pid file to have the right chmod (0664).
This is not a solution but it helps understand why the permission provided at mysql_file_create() on mysqld.cc gets modified.

Comment by Otto Kekäläinen [ 2016-11-25 ]

cvicentiu Can you do this {{"umask(0000);" before open() is called }} as suggested above if you think it makes sense?

Current status for 10.2:

test@otto-testi:~$ systemctl status mariadb
 
● mariadb.service - MariaDB database server
 
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled)
 
  Drop-In: /etc/systemd/system/mariadb.service.d
 
           └─migrated-from-my.cnf-settings.conf
 
   Active: active (running) since Sat 2016-11-26 00:53:12 EET; 24s ago
 
 Main PID: 31101 (mysqld)
 
   Status: "Taking your SQL requests now..."
 
   CGroup: /system.slice/mariadb.service
 
           └─31101 /usr/sbin/mysqld
 
 
 
 
 
 
 
root@otto-testi:~# systemctl status mariadb
 
● mariadb.service - MariaDB database server
 
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled)
 
  Drop-In: /etc/systemd/system/mariadb.service.d
 
           └─migrated-from-my.cnf-settings.conf
 
   Active: active (running) since Sat 2016-11-26 00:53:12 EET; 9s ago
 
 Main PID: 31101 (mysqld)
 
   Status: "Taking your SQL requests now..."
 
   CGroup: /system.slice/mariadb.service
 
           └─31101 /usr/sbin/mysqld
 
 
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] InnoDB: 5.7.14 started; log sequence number 1628839
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139916679804672 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139916679804672 [Note] InnoDB: Buffer pool(s) load completed at 161126  0:53:12
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] Plugin 'FEEDBACK' is disabled.
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] Server socket created on IP: '127.0.0.1'.
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] Reading of all Master_info entries succeded
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] Added new Master_info '' to hash table
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: 2016-11-26  0:53:12 139917843728320 [Note] /usr/sbin/mysqld: ready for connections.
 
Nov 26 00:53:12 otto-testi.seravo.fi mysqld[31101]: Version: '10.2.3-MariaDB-10.2.3+maria~jessie-log'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.o...stribution
 
Nov 26 00:53:12 otto-testi.seravo.fi systemd[1]: Started MariaDB database server.
 
Hint: Some lines were ellipsized, use -l to show in full.

Comment by Otto Kekäläinen [ 2020-05-19 ]

This is a duplicate of https://jira.mariadb.org/browse/MDEV-5939.

Both that and this should be closed, as the new systemd based service allows 'service mysql status' to work as expected for also non-root users. See longer explanation in https://jira.mariadb.org/browse/MDEV-5939 why I am closing this issue.

Generated at Thu Feb 08 07:18:07 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.