View Issue Details

IDProjectCategoryView StatusLast Update
0014306CentOS-7mariadbpublic2017-12-24 13:52
Reporternoloader 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014306: mariadb.service fails to start if /var/log/mysql perms are root:mysql
DescriptionMariaDB fails to start if user 'mysql' is not the owner of the log file. This is in lieu of the group 'mysql' having read-write permission on the log file.

The trace below was generated with `set -x` in mariadb-prepare-db-dir; and using root:mysql as owner and group on mariadb.log.

# ls -l /var/log/mariadb/mariadb.log
-rw-rw---- 1 root mysql 1126 Dec 23 21:00 /var/log/mariadb/mariadb.log

To add insult to injury, that crappy systemd does not display the message "The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions". systemd just swallows it and reports a failed start.

************

In the bigger picture, I'm not sure about the test for /var/log/mariadb/mariadb.log writeability. It seems like it should perform the write using a benign message like "Preparing {MySQL|MariaDB} environment" and catch an exception or look for the EACCES or EPERM error code.

The "just do it" strategy is the pattern used in modern programming languages, like Java and C++. They recommend to avoid the test, and go right to the operation. Java and C++ must catch the exception if the operation could fail.

Another [weak] point is, given the time between mariadb-prepare-db-dir and when the database starts operations and logs messages, it seems like there's a Time-of-Check Time-of-Use (TOCTOU) design error. TOCTOU's beg for the modern pattern of "just do it" and catch the exception.

************

# sudo -u mysql -g mysql /usr/libexec/mariadb-prepare-db-dir
+ get_mysql_option mysqld datadir /var/lib/mysql
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--datadir=//p'
++ /usr/bin/my_print_defaults mysqld
+ result=/var/lib/mysql
+ '[' -z /var/lib/mysql ']'
+ datadir=/var/lib/mysql
+ get_mysql_option mysqld_safe log-error /var/log/mariadb/mariadb.log
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--log-error=//p'
++ /usr/bin/my_print_defaults mysqld_safe
+ result=/var/log/mariadb/mariadb.log
+ '[' -z /var/log/mariadb/mariadb.log ']'
+ errlogfile=/var/log/mariadb/mariadb.log
+ get_mysql_option mysqld socket /var/lib/mysql/mysql.sock
+ '[' 3 -ne 3 ']'
++ tail -n 1
++ sed -n 's/^--socket=//p'
++ /usr/bin/my_print_defaults mysqld
+ result=/var/lib/mysql/mysql.sock
+ '[' -z /var/lib/mysql/mysql.sock ']'
+ socketfile=/var/lib/mysql/mysql.sock
+ SERVICE_NAME=
+ '[' x = x ']'
+ SERVICE_NAME=mysqld.service
++ sed 's/^User=//'
++ systemctl show -p User mysqld.service
+ myuser=
+ '[' x = x ']'
+ myuser=mysql
++ sed 's/^Group=//'
++ systemctl show -p Group mysqld.service
+ mygroup=
+ '[' x = x ']'
+ mygroup=mysql
++ dirname /var/log/mariadb/mariadb.log
+ '[' '!' -e /var/log/mariadb/mariadb.log -a '!' -h /var/log/mariadb/mariadb.log -a x/var/log/mariadb = x/var/log ']'
++ dirname /var/log/mariadb/mariadb.log
+ errlogdir=/var/log/mariadb
+ '[' -d /var/log/mariadb ']'
+ '[' -e /var/log/mariadb/mariadb.log -a '!' -w /var/log/mariadb/mariadb.log ']'
+ echo 'The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions.'
The log file /var/log/mariadb/mariadb.log cannot be written, please, fix its permissions.
+ echo 'The daemon will be run under mysql:mysql'
The daemon will be run under mysql:mysql
+ exit 1
Steps To Reproducechown root:mysql /var/log/mariadb/mariadb.log
chmod ug+rw /var/log/mariadb/mariadb.log
chmod o-rwx /var/log/mariadb/mariadb.log
Additional InformationIts not clear to me or many other people who have experienced the problem why MariaDB has read-write access to the file but mariadb-prepare-db-dir fails because the script claims it does not have access to the file.
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-12-24 02:23 noloader New Issue