1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WL#6236: Allow SHOW MASTER LOGS and SHOW BINARY LOGS with REPLICATION CLIENT

Browse Source 
Currently SHOW MASTER LOGS and SHOW BINARY LOGS require the SUPER
privilege. Monitoring tools (such as MEM) often want to check this 
output - for instance MEM generates the SUM of the sizes of the logs 
reported here, and puts that in the Replication overview within the MEM
Dashboard.
However, because of the SUPER requirement, these tools often have an 
account that holds open the connection whilst monitoring, and can lock
out administrators when the server gets overloaded and reaches
max_connections - there is already another SUPER privileged account
connected, the "monitor". 

As SHOW MASTER STATUS, and all other replication related statements,
return with either REPLICATION CLIENT or SUPER privileges, this worklog 
is to make SHOW MASTER LOGS and SHOW BINARY LOGS be consistent with this
as well, and allow both of these commands with either SUPER or 
REPLICATION CLIENT. 
This allows monitoring tools to not require a SUPER privilege any more,
so is safer in overloaded situations, as well as being more secure, as 
lighter privileges can be given to users of such tools or scripts.
This commit is contained in:
Nuno Carvalho 2012-04-18 10:08:01 +01:00
parent 81058259c7
commit a9a7e6ea24
3 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mysql-test/suite/binlog/r/binlog_grant.result
View File

@ -26,3 +26,7 @@ ERROR 42000: Access denied; you need the SUPER privilege for this operation
**** Clean up **** **** Clean up ****
set global binlog_format = @saved_binlog_format; set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost; drop user mysqltest_1@localhost;
GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
SHOW MASTER LOGS;
SHOW BINARY LOGS;
DROP USER 'mysqltest_1'@'localhost';

19
mysql-test/suite/binlog/t/binlog_grant.test
View File

@ -58,3 +58,22 @@ disconnect root;
connection default; connection default;
set global binlog_format = @saved_binlog_format; set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost; drop user mysqltest_1@localhost;
# Testing if REPLICATION CLIENT privilege is enough to execute
# SHOW MASTER LOGS and SHOW BINARY.
GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
--connect(rpl,localhost,mysqltest_1,,)
--connection rpl
# We are only interested if the following commands succeed and not on
# their output.
--disable_result_log
SHOW MASTER LOGS;
SHOW BINARY LOGS;
--enable_result_log
# clean up
--disconnect rpl
connection default;
DROP USER 'mysqltest_1'@'localhost';

2
sql/sql_parse.cc
View File

@ -3057,7 +3057,7 @@ end_with_restore_list:
goto error; goto error;
#else #else
{ {
if (check_global_access(thd, SUPER_ACL)) if (check_global_access(thd, SUPER_ACL | REPL_CLIENT_ACL))
goto error; goto error;
res = show_binlogs(thd); res = show_binlogs(thd);
break; break;