[MDEV-8598] failed MySQL DDL commands and Galera replication Created: 2015-08-11  Updated: 2015-08-13  Resolved: 2015-08-13

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Alter Table, Galera
Affects Version/s: 10.0.14, 10.0.16
Fix Version/s: 10.0.21-galera, 5.5.45-galera

Type: Bug Priority: Blocker
Reporter: aftab khan Assignee: Nirbhay Choubey (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Environment:

PROD


 Description   

We have observed that galera cluster replicates commands on all other nodes when it was actually refused on one node due to lack of database permissions:

Steps to reproduce this issue:

Set up 3x nodes cluster (db01, db02 and db03):

 
 
-- Add database user account with following permissions:
 
 
 
 GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'iayyaz'@'%' identified by '123';
 
 
 
-- Create dummy database + table
 
 
 
CREATE DATABASE test;
 
USE test;
 
create table t1 (a int);

– Login using user 'iayyaz' to node 'db01'
– Issue following commands:

 
 
rename table t1 to t2;
 
(this command would fail due to lack of permissions)
 
ERROR 1142 (42000): DROP, ALTER command denied to user 'iayyaz'@'10.10.16.7' for table 't1'
 
 

– Login to node 'db02'
You would find table has been renamed:

MariaDB [test]> show tables;
 
+----------------+
 
| Tables_in_test |
 
+----------------+
 
| t2             |
 
+----------------+
 
1 row in set (0.00 sec)
 
 



 Comments   
Comment by aftab khan [ 2015-08-11 ]

This is a serious issue, once table has been renamed on other nodes i,e, db02 and db03, Now if we issue DML on db01:

INSERT INTO t1 values (1); # This operation would succeed here but would cause db02/03 to crash

Comment by Nirbhay Choubey (Inactive) [ 2015-08-13 ]

https://github.com/MariaDB/server/commit/e998dffde7af2ac8b751b7d4ad22fd4bf08489f9

Generated at Thu Feb 08 07:28:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.