MDEV-22159: Don't redirect as root to a tmp file not owned by root

Also add a check for tmp file being empty and bail out with a clear error message in such a case, as mysqld_safe prevents normal stderr from being displayed anywhere and would fail silently on this.
2020-04-21 21:14:54 +03:00 · 2020-04-21 21:14:54 +03:00 · 5951f4a174
commit 5951f4a174
parent 1483ea911c
1 changed files with 8 additions and 1 deletions
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@ -235,7 +235,9 @@ wsrep_recover_position() {
  fi

  if [ -f $wr_logfile ]; then
-    [ "$euid" = "0" ] && chown $user $wr_logfile
+    # NOTE! Do not change ownership of the temporary file, as on newer kernel
+    # versions fs.protected_regular is set to '2' and redirecting output with >
+    # as root to a file not owned by root will fail with "Permission denied"
    chmod 600 $wr_logfile
  else
    log_error "WSREP: mktemp failed"
@ -250,6 +252,11 @@ wsrep_recover_position() {

  eval "$mysqld_cmd --wsrep_recover $wr_options 2> $wr_logfile"

+  if [ ! -s "$wr_logfile" ]; then
+    log_error "Log file $wr_logfile was empty, cannot proceed. Is system running fs.protected_regular?"
+    exit 1
+  fi
+
  local rp="$(grep 'WSREP: Recovered position:' $wr_logfile)"
  if [ -z "$rp" ]; then
    local skipped="$(grep WSREP $wr_logfile | grep 'skipping position recovery')"