Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 593046

Summary: dev-db/mysql-init-scripts /etc/init.d/mysql ignore 'user' paramater from my.cnf
Product: Gentoo Linux Reporter: Dmitry A. Bakshaev <dab1818>
Component: Current packagesAssignee: Gentoo Linux MySQL bugs team <mysql-bugs>
Status: IN_PROGRESS ---    
Severity: normal CC: anthonyryan1
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/8151
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: /etc/init.d/mysql read mysql user from my.conf
PR patch of files/init.d-2.2

Description Dmitry A. Bakshaev 2016-09-07 13:58:34 UTC 
Created attachment 445136 [details, diff]
/etc/init.d/mysql read mysql user from my.conf

set mysql user in my.cnf:
user = other_mysql_user

/etc/init.d/mysql script ignore it, and always use 'mysql',
hardcoded in:
checkpath -d --owner mysql:mysql --mode 0755 "$piddir"

mysqld can't start because "Permission denied" for pid-file and other files.
Comment 1 Anthony Ryan 2018-04-26 16:00:24 UTC 
Pull request created for this and related issues: https://github.com/gentoo/gentoo/pull/8151
Comment 2 Brian Evans (RETIRED) gentoo-dev 2018-04-26 17:22:46 UTC 
Created attachment 528594 [details, diff]
PR patch of files/init.d-2.2

(In reply to Anthony Ryan from comment #1)
> Pull request created for this and related issues:
> https://github.com/gentoo/gentoo/pull/8151

For reference, the attached is what basically the PR is about.

In IRC, the author claims that Galera is broken on Gentoo Hardened.

Could someone else in the MySQL team more familiar with such a situation comment on these issues?

I don't see a point in either suggestion personally.  More insight is needed.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2018-04-26 23:31:42 UTC 
Here's a completely untested patch that tries to workaround the root problem. Apply it and with mysqld with --dumpable:
https://dev.gentoo.org/~robbat2/mariadb-10.3.5_rc-prctl-dumpable.patch

The real root problem fix would be to fix wsrep_sst_rsync, so that it doesn't bail out when it thinks mysqld isn't running under KSPP w/ hidepid=2.
Comment 4 Jan Hudoba 2019-04-14 10:32:23 UTC 
PR patch:
dev-db/mysql-init-scripts update init.d script for other than default running user 
https://github.com/gentoo/gentoo/pull/11643
Comment 5 Dmitry A. Bakshaev 2020-04-19 11:51:09 UTC 
file_593046.txt is invalid.
--user "${user}" are not needed.
because this:
https://github.com/gentoo/gentoo/pull/8151#issuecomment-384783074
"This change breaks parts of mysqld that need root privileges during startup (before the setuid fires)."

mysqld drop privileges to user according to my.cnf