Postinst overrides permissions on /var/lib/mysql-files

Bug #1734129 reported by Sigurd Urdahl on 2017-11-23
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.5 (Ubuntu)
Wishlist
Unassigned
mysql-5.6 (Ubuntu)
Wishlist
Unassigned
mysql-5.7 (Ubuntu)
Wishlist
Unassigned

Bug Description

Description: Ubuntu 14.04.5 LTS
Release: 14.04

mysql-server-5.5:
  Installed: 5.5.58-0ubuntu0.14.04.1
  Candidate: 5.5.58-0ubuntu0.14.04.1

Postinst sets 0700 permissions on /var/lib/mysql-files regardless of current permissions, thus overriding local changes.

DEBIAN/postinst:
135: chmod 700 $mysql_filesdir

Expected behaviour: If directory exists; preserve permissions.

Ownership is treated the same way with a recursive "chown mysql.mysql". Ownership should probably be preserved too.

ChristianEhrhardt (paelzer) wrote :

Hi Sigurd,
this is present up to the latest version of mysql.
So I'm adding tasks for them as well.

I remember having seen the discussion about ucf or something else to be used for that but it was low-gain/high-effort and therefore so far neglected. I can't find that old bug, I will update here if I do so.

In my (personal and humble) opinion this is a valid, but low prio issue.
Leaving it for Lars (Maintainer) to decide on it.

Changed in mysql-5.5 (Ubuntu):
status: New → Confirmed
Changed in mysql-5.6 (Ubuntu):
status: New → Confirmed
Changed in mysql-5.7 (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Changed in mysql-5.6 (Ubuntu):
importance: Undecided → Wishlist
Changed in mysql-5.7 (Ubuntu):
importance: Low → Wishlist
Changed in mysql-5.5 (Ubuntu):
importance: Undecided → Wishlist
ChristianEhrhardt (paelzer) wrote :

In general I think if one comes up with a working patch people are willing to review&test but I'd not expect dev's to jump onto this as it might cause as much trouble (e.g. fail after upgrade as it can#t start on the custom permission dir).

Sigurd Urdahl (sigurdur) wrote :

Thank you Christian! And sorry for the late follow-up.

I agree that this is low prio, but low hanging fruit can be tasty too:-)

I have made a simple patch that envelopes the chmod and chown inside the if that runs mkdir.

I can't see any scenario where this change will have negative effects.

kind regards,
-sigurd

The attachment "Diff for DEBIAN/postinst for mysql-5.*" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Lars Tangvald (lars-tangvald) wrote :

This is basically how upstream packaging does it (with some additional restrictions: https://github.com/mysql/mysql-server/blob/5.7/packaging/deb-in/extra/mysql-helpers#L76); if the directory already exists it isn't touched.
There are some restrictions on what the permissions on the secure-file-priv location should be (the server will log a warning if it considers the directory insecure), but the proposed change will just make it more in line with the upstream packaging.

The patch needs an indentation fix, though :)

Sigurd Urdahl (sigurdur) wrote :

Thanks Lars!

And indeed it was that pesky indentation again;-) This new one should be better

-sig

Robie Basak (racb) on 2018-02-20
Changed in mysql-5.7 (Ubuntu):
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers