mirror of
https://github.com/MariaDB/server.git
synced 2025-12-21 11:01:08 +03:00
a9a7e6ea24
Currently SHOW MASTER LOGS and SHOW BINARY LOGS require the SUPER privilege. Monitoring tools (such as MEM) often want to check this output - for instance MEM generates the SUM of the sizes of the logs reported here, and puts that in the Replication overview within the MEM Dashboard. However, because of the SUPER requirement, these tools often have an account that holds open the connection whilst monitoring, and can lock out administrators when the server gets overloaded and reaches max_connections - there is already another SUPER privileged account connected, the "monitor". As SHOW MASTER STATUS, and all other replication related statements, return with either REPLICATION CLIENT or SUPER privileges, this worklog is to make SHOW MASTER LOGS and SHOW BINARY LOGS be consistent with this as well, and allow both of these commands with either SUPER or REPLICATION CLIENT. This allows monitoring tools to not require a SUPER privilege any more, so is safer in overloaded situations, as well as being more secure, as lighter privileges can be given to users of such tools or scripts.
80 lines
1.8 KiB
Plaintext
80 lines
1.8 KiB
Plaintext
# Test grants for various objects (especially variables) related to
|
|
# the binary log
|
|
|
|
source include/have_log_bin.inc;
|
|
|
|
connection default;
|
|
--disable_warnings
|
|
reset master;
|
|
--enable_warnings
|
|
|
|
set @saved_binlog_format = @@global.binlog_format;
|
|
create user mysqltest_1@localhost;
|
|
show grants for mysqltest_1@localhost;
|
|
|
|
connect (plain,localhost,mysqltest_1,,test);
|
|
connect (root,localhost,root,,test);
|
|
|
|
# Testing setting both session and global SQL_LOG_BIN variable both as
|
|
# root and as plain user.
|
|
|
|
--echo **** Variable SQL_LOG_BIN ****
|
|
|
|
connection root;
|
|
--echo [root]
|
|
--error ER_LOCAL_VARIABLE
|
|
set global sql_log_bin = 1;
|
|
set session sql_log_bin = 1;
|
|
|
|
connection plain;
|
|
--echo [plain]
|
|
--error ER_LOCAL_VARIABLE
|
|
set global sql_log_bin = 1;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
set session sql_log_bin = 1;
|
|
|
|
|
|
# Testing setting both session and global BINLOG_FORMAT variable both
|
|
# as root and as plain user.
|
|
|
|
--echo **** Variable BINLOG_FORMAT ****
|
|
|
|
connection root;
|
|
--echo [root]
|
|
set global binlog_format = row;
|
|
set session binlog_format = row;
|
|
|
|
connection plain;
|
|
--echo [plain]
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
set global binlog_format = row;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
set session binlog_format = row;
|
|
|
|
--echo **** Clean up ****
|
|
disconnect plain;
|
|
disconnect root;
|
|
|
|
connection default;
|
|
set global binlog_format = @saved_binlog_format;
|
|
drop user mysqltest_1@localhost;
|
|
|
|
|
|
# Testing if REPLICATION CLIENT privilege is enough to execute
|
|
# SHOW MASTER LOGS and SHOW BINARY.
|
|
GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
|
|
--connect(rpl,localhost,mysqltest_1,,)
|
|
|
|
--connection rpl
|
|
# We are only interested if the following commands succeed and not on
|
|
# their output.
|
|
--disable_result_log
|
|
SHOW MASTER LOGS;
|
|
SHOW BINARY LOGS;
|
|
--enable_result_log
|
|
|
|
# clean up
|
|
--disconnect rpl
|
|
connection default;
|
|
DROP USER 'mysqltest_1'@'localhost';
|