[MDEV-8534] [PATCH] mysql_secure_installation doesn't pass "socket" to "mysql" Created: 2015-07-23  Updated: 2015-07-27  Resolved: 2015-07-25

Status: Closed
Project: MariaDB Server
Component/s: Scripts & Clients
Affects Version/s: 10.0.20
Fix Version/s: 10.0.21

Type: Bug Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None


 Description   

mysql_secure_installation doesn't pass "socket" to the "mysql" client. It doesn't matter if the argument is set in the configuration file provided as --defaults-file or if it is set with --socket via the command-line.

e.g., Let's start with some setup with a binary tarball installation:

sudo ./scripts/mysql_install_db --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
 
sudo ./bin/mysqld_safe --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user
 
sudo cp ./bin/mysql /usr/bin # temporarily get around MDEV-8498

Contents of /etc/my.cnf:

[mysqld]
 
datadir=/var/lib/mysql
 
socket=/var/lib/mysql/mysql.sock
 
# Disabling symbolic-links is recommended to prevent assorted security risks
 
symbolic-links=0
 
# Settings user and group are ignored when systemd is used.
 
# If you need to run mysqld under a different user or group,
 
# customize your systemd unit file for mariadb according to the
 
# instructions in http://fedoraproject.org/wiki/Systemd
 
 
 
[mysqld_safe]
 
log-error=/var/log/mariadb/mariadb.log
 
pid-file=/var/run/mariadb/mariadb.pid
 
 
 
#
 
# include all files from the config directory
 
#
 
!includedir /etc/my.cnf.d

Contents of /home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf:

[client]
 
socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
 
 
 
[mysqld]
 
datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data
 
socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
 
# Disabling symbolic-links is recommended to prevent assorted security risks
 
symbolic-links=0
 
# Settings user and group are ignored when systemd is used.
 
# If you need to run mysqld under a different user or group,
 
# customize your systemd unit file for mariadb according to the
 
# instructions in http://fedoraproject.org/wiki/Systemd
 
 
 
[mysqld_safe]
 
log-error=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.log
 
pid-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.pid
 
 
 
#
 
# include all files from the config directory
 
#
 
#!includedir /etc/my.cnf.d

Now, try to call mysql_secure_installation. It should use the "socket" value in the file provided by --defaults-file.

$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64
 
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
 
 
 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
 
 
In order to log into MariaDB to secure it, we'll need the current
 
password for the root user.  If you've just installed MariaDB, and
 
you haven't set the root password yet, the password will be blank,
 
so you should just press enter here.
 
 
 
Enter current password for root (enter for none):
 
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")

So, let's try setting it with --socket instead:

$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
 
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
 
 
 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
 
 
In order to log into MariaDB to secure it, we'll need the current
 
password for the root user.  If you've just installed MariaDB, and
 
you haven't set the root password yet, the password will be blank,
 
so you should just press enter here.
 
 
 
Enter current password for root (enter for none):
 
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")



 Comments   
Comment by Geoff Montee (Inactive) [ 2015-07-24 ]

The fix for "--socket" appears to be easy. I submitted a pull request for that here:

https://github.com/MariaDB/server/pull/88

I have not tried to fix the problem with --defaults-file yet.

Comment by Geoff Montee (Inactive) [ 2015-07-24 ]

The pull request now also has a commit that passes "--defaults-file", "--defaults-extra-file", and "--no-defaults" to the mysql client.

Comment by Sergei Golubchik [ 2015-07-25 ]

GeoffMontee, thanks for the fix. Unfortunately, it was for 10.1, so I couldn't merge it into 10.0. I've applied it as a patch. And your patch didn't pass defaults-file to parse_arguments as the old code did. I've fixed that.

Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.

Comment by Geoff Montee (Inactive) [ 2015-07-25 ]

Hi serg,

Unfortunately, it was for 10.1, so I couldn't merge it into 10.0.

Sorry about that. If I submit a fix in the future that should apply to both 10.0 and 10.1, should I submit pull requests for both branches, or should I submit a pull request for just 10.0, and it will get merged into 10.1 later?

And your patch didn't pass defaults-file to parse_arguments as the old code did.

My code did pass defaults-file to parse_arg, but it did it inside parse_arguments instead of inside make_config. The way you did it makes more sense to me though, since now parse_arguments treats all of the defaults variables in a similar way.

Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.

I just tested it out, and it worked for me. Thanks for reviewing and committing the patch!

Comment by Sergei Golubchik [ 2015-07-25 ]

GeoffMontee, correct, if you have a fix for 10.0 and 10.1 — only create a pull request for 10.0. If you have a fix for 5.5, 10.0, and 10.1 — only create a patch for 5.5. That is, always in the lowest version, then it'll be merged upwards.

It only makes sense to create pull requests for both 10.0 and 10.1 if these two patches are significantly different.

Thanks! I'm closing the bug now.

Generated at Thu Feb 08 07:27:52 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.