View Issue Details

IDProjectCategoryView StatusLast Update
0014306CentOS-7mariadbpublic2017-12-24 13:52
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014306: mariadb.service fails to start if /var/log/mysql perms are root:mysql
DescriptionMariaDB fails to start if user 'mysql' is not the owner of the log file. This is in lieu of the group 'mysql' having read-write permission on the log file.

The trace below was generated with `set -x` in mariadb-prepare-db-dir; and using root:mysql as owner and group on mariadb.log.

# ls -l /var/log/mariadb/mariadb.log
-rw-rw---- 1 root mysql 1126 Dec 23 21:00 /var/log/mariadb/mariadb.log

To add insult to injury, that crappy systemd does not display the message "The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions". systemd just swallows it and reports a failed start.


In the bigger picture, I'm not sure about the test for /var/log/mariadb/mariadb.log writeability. It seems like it should perform the write using a benign message like "Preparing {MySQL|MariaDB} environment" and catch an exception or look for the EACCES or EPERM error code.

The "just do it" strategy is the pattern used in modern programming languages, like Java and C++. They recommend to avoid the test, and go right to the operation. Java and C++ must catch the exception if the operation could fail.

Another [weak] point is, given the time between mariadb-prepare-db-dir and when the database starts operations and logs messages, it seems like there's a Time-of-Check Time-of-Use (TOCTOU) design error. TOCTOU's beg for the modern pattern of "just do it" and catch the exception.


# sudo -u mysql -g mysql /usr/libexec/mariadb-prepare-db-dir
+ get_mysql_option mysqld datadir /var/lib/mysql
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--datadir=//p'
++ /usr/bin/my_print_defaults mysqld
+ result=/var/lib/mysql
+ '[' -z /var/lib/mysql ']'
+ datadir=/var/lib/mysql
+ get_mysql_option mysqld_safe log-error /var/log/mariadb/mariadb.log
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--log-error=//p'
++ /usr/bin/my_print_defaults mysqld_safe
+ result=/var/log/mariadb/mariadb.log
+ '[' -z /var/log/mariadb/mariadb.log ']'
+ errlogfile=/var/log/mariadb/mariadb.log
+ get_mysql_option mysqld socket /var/lib/mysql/mysql.sock
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--socket=//p'
++ /usr/bin/my_print_defaults mysqld
+ result=/var/lib/mysql/mysql.sock
+ '[' -z /var/lib/mysql/mysql.sock ']'
+ socketfile=/var/lib/mysql/mysql.sock
+ '[' x = x ']'
+ SERVICE_NAME=mysqld.service
++ sed 's/^User=//'
++ systemctl show -p User mysqld.service
+ myuser=
+ '[' x = x ']'
+ myuser=mysql
++ sed 's/^Group=//'
++ systemctl show -p Group mysqld.service
+ mygroup=
+ '[' x = x ']'
+ mygroup=mysql
++ dirname /var/log/mariadb/mariadb.log
+ '[' '!' -e /var/log/mariadb/mariadb.log -a '!' -h /var/log/mariadb/mariadb.log -a x/var/log/mariadb = x/var/log ']'
++ dirname /var/log/mariadb/mariadb.log
+ errlogdir=/var/log/mariadb
+ '[' -d /var/log/mariadb ']'
+ '[' -e /var/log/mariadb/mariadb.log -a '!' -w /var/log/mariadb/mariadb.log ']'
+ echo 'The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions.'
The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions.
+ echo 'The daemon will be run under mysql:mysql'
The daemon will be run under mysql:mysql
+ exit 1
Steps To Reproducechown root:mysql /var/log/mariadb/mariadb.log
chmod ug+rw /var/log/mariadb/mariadb.log
chmod o-rwx /var/log/mariadb/mariadb.log
Additional InformationIts not clear to me or many other people who have experienced the problem why MariaDB has read-write access to the file but mariadb-prepare-db-dir fails because the script claims it does not have access to the file.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-12-24 02:23 noloader New Issue