Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.0.20
-
Fix Version/s: 10.0.21
-
Component/s: Scripts & Clients
-
Labels:None
Description
mysql_secure_installation doesn't pass "socket" to the "mysql" client. It doesn't matter if the argument is set in the configuration file provided as --defaults-file or if it is set with --socket via the command-line.
e.g., Let's start with some setup with a binary tarball installation:
sudo ./scripts/mysql_install_db --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data sudo ./bin/mysqld_safe --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --user=ec2-user sudo cp ./bin/mysql /usr/bin # temporarily get around MDEV-8498
Contents of /etc/my.cnf:
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # # include all files from the config directory # !includedir /etc/my.cnf.d
Contents of /home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf:
[client] socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock [mysqld] datadir=/home/ec2-user/mariadb-10.0.20-linux-x86_64/data socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.log pid-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mariadb.pid # # include all files from the config directory # #!includedir /etc/my.cnf.d
Now, try to call mysql_secure_installation. It should use the "socket" value in the file provided by --defaults-file.
$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")
So, let's try setting it with --socket instead:
$ sudo ./bin/mysql_secure_installation --defaults-file=/home/ec2-user/mariadb-10.0.20-linux-x86_64/my.cnf --basedir=/home/ec2-user/mariadb-10.0.20-linux-x86_64 --socket=/home/ec2-user/mariadb-10.0.20-linux-x86_64/mysql.sock
print: /home/ec2-user/mariadb-10.0.20-linux-x86_64/bin/my_print_defaults
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
The pull request now also has a commit that passes "--defaults-file", "--defaults-extra-file", and "--no-defaults" to the mysql client.
Geoff Montee, thanks for the fix. Unfortunately, it was for 10.1, so I couldn't merge it into 10.0. I've applied it as a patch. And your patch didn't pass defaults-file to parse_arguments as the old code did. I've fixed that.
Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.
Hi Sergei Golubchik,
Unfortunately, it was for 10.1, so I couldn't merge it into 10.0.
Sorry about that. If I submit a fix in the future that should apply to both 10.0 and 10.1, should I submit pull requests for both branches, or should I submit a pull request for just 10.0, and it will get merged into 10.1 later?
And your patch didn't pass defaults-file to parse_arguments as the old code did.
My code did pass defaults-file to parse_arg, but it did it inside parse_arguments instead of inside make_config. The way you did it makes more sense to me though, since now parse_arguments treats all of the defaults variables in a similar way.
Pushed into bb-10.0-serg, please check if mysql_secure_installation is ok now.
I just tested it out, and it worked for me. Thanks for reviewing and committing the patch!
Geoff Montee, correct, if you have a fix for 10.0 and 10.1 — only create a pull request for 10.0. If you have a fix for 5.5, 10.0, and 10.1 — only create a patch for 5.5. That is, always in the lowest version, then it'll be merged upwards.
It only makes sense to create pull requests for both 10.0 and 10.1 if these two patches are significantly different.
Thanks! I'm closing the bug now.
The fix for "--socket" appears to be easy. I submitted a pull request for that here:
https://github.com/MariaDB/server/pull/88
I have not tried to fix the problem with --defaults-file yet.