[MDEV-9996] Do not replicate debian-sys-maint user setup in Debian postinst Created: 2016-04-26  Updated: 2020-10-01  Resolved: 2020-10-01

Status: Closed
Project: MariaDB Server
Component/s: Platform Debian
Affects Version/s: 5.5.49
Fix Version/s: N/A

Type: Bug Priority: Minor
Reporter: Tim Gokcen Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 0
Labels: None
Environment:

Debian 7, Debian 8

Issue Links:
Relates
relates to MDEV-5116 MariaDB upgrade breaks replication Closed

 Description   

The postinst scripts for Debian (and Ubuntu) run several statements using the --bootstrap option to mysqld:

# update privilege tables
 
password_column_fix_query=`/bin/echo -e \
 
        "USE mysql;\n" \
 
        "ALTER TABLE user CHANGE Password Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL;"`
 
replace_query=`/bin/echo -e \
 
        "USE mysql;\n" \
 
        "SET sql_mode='';\n" \
 
        "REPLACE INTO user SET " \
 
        "  host='localhost', user='debian-sys-maint', password=password('$pass'), " \
 
        "  Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
 
        "  Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
 
        "  Process_priv='Y',  File_priv='Y', Grant_priv='Y', References_priv='Y', " \
 
        "  Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\
 
        "  Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\
 
        "  Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\
 
        "  Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\
 
        "  Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y',"\
 
        "  ssl_cipher='', x509_issuer='', x509_subject='';"`;
 
# Engines supported by etch should be installed per default. The query sequence is supposed
 
# to be aborted if the CREATE TABLE fails due to an already existent table in which case the
 
# admin might already have chosen to remove one or more plugins. Newlines are necessary.
 
install_plugins=`/bin/echo -e \
 
        "USE mysql;\n" \
 
        "CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \
 
        "  dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \
 
        "  PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';" `

Because these statements will normally be sent to the binary log, these statements will be replicated – including, crucially, the setting of a new password for debian-sys-maint, which will break the /etc/init.d/mysql script on mysql slaves. The ALTER TABLE statement is also problematic.

The debian-sys-maint problem is particularly bad in master-master setups, as each upgrade of MariaDB server will reset the debian-sys-maint user and cause a mismatch with the /etc/mysql/debian.cnf file on the "other" server.

These three blocks should have SET SQL_LOG_BIN=0; added to the top so that these statements are never replicated. This is a similar issue to MDEV-5116.

 Comments   
Comment by Elena Stepanova [ 2016-05-02 ]

Hi,

Do you actually see it happen on 10.0.23, as the 'Affect Version/s' field says?
It was supposed to be fixed in scope of MDEV-7520, and a quick check did not produce any binlog events for me. If you are still getting them on 10.0, could you please describe in more detail what exactly you are doing, and attach your cnf file(s)?
Thanks.

Comment by Tim Gokcen [ 2016-05-02 ]

My mistake; I saw it happen in 5.5.49 and checked the source for 10.0.23, but I missed the --disable-log-bin that was added and thought it was still present.

Comment by Elena Stepanova [ 2016-05-02 ]

Thanks.
I'll leave it to serg to decide whether he wants to backport the fix to 5.5, I'm not sure it's necessary.

Comment by Daniel Black [ 2020-10-01 ]

fixed in 10.0.17+ per https://github.com/MariaDB/server/commit/dc94bd09b875b7aac106761f1a398c1c6de036f9
MDEV-7520

5.5. eol

Generated at Thu Feb 08 07:38:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.