MDEV-29596 Separate SUPER and READ ONLY ADMIN privileges

The benefit of this is that one can remove the READ ONLY ADMIN privilege from all users and this way ensure that no one can do any changes on any non-temporary tables. This is good option to use on slaves when one wants to ensure that the slave is kept identical to the master.
2025-08-08 11:22:35 +03:00 · 2022-09-21 19:16:33 +03:00
parent 49cee4e21a
commit 47dccace13
5 changed files with 19 additions and 6 deletions
--- a/mysql-test/main/grant_read_only.result
+++ b/mysql-test/main/grant_read_only.result
@@ -46,7 +46,7 @@ SET @@GLOBAL.read_only=0;
 DROP USER user1@localhost;
 DROP TABLE t1;
 #
-# Test that @@read_only is ignored with SUPER
+# Test that @@read_only is not ignored with SUPER
 #
 CREATE TABLE t1 (a INT);
 CREATE USER user1@localhost IDENTIFIED BY '';
@@ -61,7 +61,13 @@ SELECT @@read_only;
@@read_only
 1
 UPDATE t1 SET a=11 WHERE a=10;
+ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
 DELETE FROM t1 WHERE a=11;
+ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+connection default;
+grant read only admin on *.* to user1@localhost;
+disconnect con1;
+connect  con1,localhost,user1,,;
 INSERT INTO t1 VALUES (20);
 disconnect con1;
 connection default;
--- a/mysql-test/main/grant_read_only.test
+++ b/mysql-test/main/grant_read_only.test
@@ -55,7 +55,7 @@ DROP TABLE t1;


 --echo #
--echo # Test that @@read_only is ignored with SUPER
+--echo # Test that @@read_only is not ignored with SUPER
 --echo #

 CREATE TABLE t1 (a INT);
@@ -68,8 +68,14 @@ SET @@GLOBAL.read_only=1;
 connect (con1,localhost,user1,,);
 connection con1;
 SELECT @@read_only;
+--error ER_OPTION_PREVENTS_STATEMENT
 UPDATE t1 SET a=11 WHERE a=10;
+--error ER_OPTION_PREVENTS_STATEMENT
 DELETE FROM t1 WHERE a=11;
+connection default;
+grant read only admin on *.* to user1@localhost;
+disconnect con1;
+connect (con1,localhost,user1,,);
 INSERT INTO t1 VALUES (20);
 disconnect con1;

--- a/mysql-test/main/mysqld--help.result
+++ b/mysql-test/main/mysqld--help.result
@@ -1003,7 +1003,7 @@ The following specify which files/extra groups are read (specified before remain
 value
 --read-only         Make all non-temporary tables read-only, with the
 exception for replication (slave) threads and users with
- the SUPER privilege
+ the 'READ ONLY ADMIN' privilege
 --read-rnd-buffer-size=# 
 When reading rows in sorted order after a sort, the rows
 are read through this buffer to avoid a disk seeks
--- a/sql/privilege.h
+++ b/sql/privilege.h
@@ -390,10 +390,10 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_BINLOG=

 /* Privileges related to --read-only */
 // Was super prior to 10.5.2
-constexpr privilege_t PRIV_IGNORE_READ_ONLY= READ_ONLY_ADMIN_ACL | SUPER_ACL;
+constexpr privilege_t PRIV_IGNORE_READ_ONLY= READ_ONLY_ADMIN_ACL;
 // Was super prior to 10.5.2
 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_READ_ONLY=
-  READ_ONLY_ADMIN_ACL | SUPER_ACL;
+  READ_ONLY_ADMIN_ACL;

 /*
  Privileges related to connection handling.
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -3030,7 +3030,8 @@ static Sys_var_on_access_global<Sys_var_mybool,
 Sys_readonly(
       "read_only",
       "Make all non-temporary tables read-only, with the exception for "
-       "replication (slave) threads and users with the SUPER privilege",
+       "replication (slave) threads and users with the 'READ ONLY ADMIN' "
+       "privilege",
       GLOBAL_VAR(read_only), CMD_LINE(OPT_ARG), DEFAULT(FALSE),
       NO_MUTEX_GUARD, NOT_IN_BINLOG,
       ON_CHECK(check_read_only), ON_UPDATE(fix_read_only));