Fixed that --open-files-limit works on Linux

Docs/manual.texi: Update of security and replication sections sql/ha_berkeley.cc: More documentation sql/sql_base.cc: Fixed overflow bug sql/sql_parse.cc: Variable name change
2001-01-14 12:25:30 +02:00 · 2001-01-14 12:25:30 +02:00 · f62c9ed1e3
commit f62c9ed1e3
parent 686faae582
6 changed files with 110 additions and 33 deletions
--- a/BitKeeper/etc/gone
+++ b/BitKeeper/etc/gone
@ -316,3 +316,4 @@ sasha@work.mysql.com|BitKeeper/etc/logging_ok|20001214015456|29919|32b6551b8288c
 serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.dummy.result|20001206231604|05053|bf7e6d609f22b897
 serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.result|20001206231609|46662|db2ef2e717ab8332
 mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b9394876
 mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b93948768
--- a/Docs/manual.texi
+++ b/Docs/manual.texi
@ -347,6 +347,7 @@ The MySQL Access Privilege System
 * General security::            General security
 * Security::                    How to make @strong{MySQL} secure against crackers
 * Privileges options::          
 * What Privileges::             What the privilege system does
 * User names::                  @strong{MySQL} user names and passwords
 * Connecting::                  Connecting to the @strong{MySQL} server
@ -615,7 +616,7 @@ MySQL Utilites
 * mysql::                       The command line tool
 * mysqladmin::                  Administering a @strong{MySQL} server
 * mysqldump::                   Dumping the structure and data from @strong{MySQL} databases and tables
-* mysqlhotcopy::                Copying @code{MySQL} Databases and Tables
+* mysqlhotcopy::                Copying @strong{MySQL} Databases and Tables
 * mysqlimport::                 Importing data from text files
 * perror::                      Displaying error messages
 * mysqlshow::                   Showing databases, tables and columns
@ -2030,25 +2031,25 @@ Big changes made in @strong{MySQL} Version 3.22.12.
@item @strong{MyODBC} (uses ODBC SDK 2.5) --- Gamma
 It seems to work well with some programs.
-@item Replication -- Alpha / Beta
+@item Replication -- Beta / Gamma
 We are still working on replication, so don't expect this to be rock
 solid yet.  On the other hand, some @strong{MySQL} users are already
 using this with good results.
-@item BDB Tables -- Alpha  / Beta
+@item BDB Tables -- Beta
 The Berkeley DB code is very stable, but we are still improving the interface
 between @strong{MySQL} and BDB tables, so it will take some time before this
 is as tested as the other table types.
-@item Automatic recovery of MyISAM tables - Alpha.
+@item Automatic recovery of MyISAM tables - Beta.
 This only affects the new code that checks if the table was closed properly
 on open and executes an automatic check/repair of the table if it wasn't.
-@item MERGE tables -- Alpha / Beta
+@item MERGE tables -- Beta / Gamma
 The usage of keys on @code{MERGE} tables is still not that tested.  The
 other part of the @code{MERGE} code is quite well tested.
-@item FULLTEXT -- Alpha / Beta
+@item FULLTEXT -- Beta
 Text search seams to work, but is still not widely used.
@end table
@ -8178,6 +8179,7 @@ On NT you can get the following service error messages:
@multitable @columnfractions .3 .7
@item Permission Denied @tab Means that it cannot find @code{mysqld-nt.exe}.
@item Cannot Register   @tab Means that the path is incorrect.
@item Failed to install service. @tab Means that the service is already installed or that the Service Control Manager is in bad state.
@end multitable
 If you have problems installing @code{mysqld-nt} as a service, try starting
@ -10901,6 +10903,7 @@ system.  This section describes how it works.
@menu
 * General security::            General security
 * Security::                    How to make @strong{MySQL} secure against crackers
 * Privileges options::          
 * What Privileges::             What the privilege system does
 * User names::                  @strong{MySQL} user names and passwords
 * Connecting::                  Connecting to the @strong{MySQL} server
@ -11087,7 +11090,7 @@ actually mean that it is encrypted. If you need high security, you should
 consult with a security expert.
@end itemize
-@node Security, What Privileges, General security, Privilege system
+@node Security, Privileges options, General security, Privilege system
@section How to Make MySQL Secure Against Crackers
@cindex crackers, security against
@cindex security, against crackers
@ -11190,6 +11193,9 @@ careful about creating grant table entries using hostname values that
 contain wild cards!
@end itemize
@node Privileges options, What Privileges, Security, Privilege system
@section Startup options to mysqld which concerns security
 The following @code{mysqld} options affect networking security:
@table @code
@ -11218,15 +11224,22 @@ Don't allow TCP/IP connections over the network.  All connections to
@code{mysqld} must be made via Unix sockets. This option is unsuitable for
 systems that use MIT-pthreads, because the MIT-pthreads package doesn't
 support Unix sockets.
@item --skip-show-database
@code{SHOW DATABASE} command doesn't return anything.
@item --safe-show-database
@code{SHOW DATABASE} only returns databases for which the user have
 some kind of privilege.
@end table
-@node What Privileges, User names, Security, Privilege system
+@node What Privileges, User names, Privileges options, Privilege system
@section What the Privilege System Does
@cindex system, privilege
@cindex privilege system
@cindex passwords, security
 The primary function of the @strong{MySQL} privilege system is to
 authenticate a user connecting from a given host, and to associate that user
 with privileges on a database such as
@ -22898,6 +22911,8 @@ client.  We plan to partly fix this in 4.0.
 tables.
@item
 Optimize performance.
@item
 Change to not use page locks at all when we are scanning tables.
@end itemize
@node BDB errors,  , BDB TODO, BDB
@ -25690,7 +25705,7 @@ connect to the master.
@cindex @code{my.cnf} file
@cindex files,@code{my.cnf}
@node Replication Features, Replication Options, Replication HOWTO, Replication
-@section Replication Features
+@section Replication Features and known problems
 Below is an explanation of what is supported and what is not:
@ -25703,7 +25718,16 @@ Replication will be done correctly with @code{AUTO_INCREMENT},
 still resides on the master server at the time of update
 propagation. @code{LOAD LOCAL DATA INFILE} will be skipped.
@item
-Update queries that use user variables are not replication-safe (yet).
+The master and slave is not synchronizing @code{RAND()}.  This means
 that you should not use @code{RAND()} with any statement that updates a
 table.  As fixing this will require a change in the protocol, we will
 delay fixing this until 4.0. A workaround is using @code{RAND(#)}, where
 # is a random integer genearated by your application or by first
 executing @code{LAST_INSERT_ID(RAND())} and then using
@code{LAST_INSERT_ID()} in the next statement.
@item
 Update queries that use user variables (@code{@@variable}) are not yet
 replication-safe.
@item
 Temporary tables starting in 3.23.29 are replicated properly with the
 exception of the case when you shut down slave server ( not just slave thread),
@ -25718,6 +25742,12 @@ In earlier versions temporary tables are not being replicated properly - we
 recommend that you either upgrade, or execute @code{SET SQL_LOG_BIN=0} on
 your clients before all queries with temp tables.
@item
@strong{MySQL} only supports one master and many slaves. We will in 4.x
 add a voting algorithm to automaticly change master if something goes
 wrong with the current master. We will also introduce 'agent' processes
 to help doing load balancing by sending select queries to different
 slaves.
@item
 Starting in Version 3.23.26, it is safe to connect servers in a circular
 master-slave relationship with @code{log-slave-updates} enabled.
 Note, however, that many queries will not work right in this kind of
@ -25728,9 +25758,10 @@ so that pre-3.23.26 slaves will not be able to read it.
@item
 If the query on the slave gets an error, the slave thread will
 terminate, and a message will appear in the @code{.err} file. You should
-then connect to the slave manually, fix the cause of the error
+then connect to the slave manually, fix the cause of the error (for
-(for example, non-existent table), and then run @code{SLAVE START} sql command (available starting in Version 3.23.16). In Version 3.23.15, you will have
+example, non-existent table), and then run @code{SLAVE START} sql
-to restart the server.
+command (available starting in Version 3.23.16). In Version 3.23.15, you
 will have to restart the server.
@item
 If connection to the master is lost, the slave will retry immediately,
 and then in case of failure every @code{master-connect-retry} (default
@ -28515,6 +28546,7 @@ Most of the options to @code{safe_mysqld} are the same as the options to
@table @code
@item --basedir=path
@item --core-file-size=#
 Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}.
@item --datadir=path
@item --defaults-extra-file=path
@item --defaults-file=path
@ -28525,10 +28557,8 @@ Path to @code{mysqld}
@item --mysqld=mysqld-version
 Name of the mysqld version in the @code{ledir} directory you want to start.
@item --no-defaults
-@item --open-files=#
+@item --open-files-limit=#
-Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}.
+Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}. Not that you need to start @code{safe_mysqld} as root for this to work properly!
@item --open-files=#
 Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}.
@item --pid-file=path
@item --port=#
@item --socket=path
@ -33494,9 +33524,12 @@ number 256 to affect the number of file descriptors available to
@code{ulimit} (and @code{open-files-limit}) can increase the number of
 file descriptors, but only up to the limit imposed by the operating
-system.  If you need to increase the OS limit on the number of file
+system. There is also a 'hard' limit that can only be overrided if you
-descriptors available to each process, consult the documentation for
+start @code{safe_mysqld} or @code{mysqld} as root (Just remember that
-your operating system.
+you need to also use the @code{--user=..} option in this case).  If you
 need to increase the OS limit on the number of file descriptors
 available to each process, consult the documentation for your operating
 system.
 Note that if you run the @code{tcsh} shell, @code{ulimit} will not work!
@code{tcsh} will also report incorrect values when you ask for the current
@ -39376,8 +39409,8 @@ An open source client for exploring databases and executing SQL. Supports
 A query tool for @strong{MySQL} and PostgreSQL.
@item @uref{http://dbman.linux.cz/,dbMan}
 A query tool written in Perl. Uses DBI and Tk.
-@item @uref{http://www.mysql.com/Downloads/Win32/Msc18.exe, Mascon 2000.1.8}
+@item @uref{http://www.mysql.com/Downloads/Win32/Msc110.exe, Mascon 2000.1.10.48}
-@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc18.exe, Free Mascon 2000.1.8}
+@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc110.exe, Free Mascon 2000.1.10.48}
 Mascon is a powerful Win32 GUI for the administering MySQL server
 databases. Mascon's features include visual table design, connections to
 multiple servers, data and blob editing of tables, security setting, SQL
@ -40248,6 +40281,9 @@ Our TODO section contains what we plan to have in 4.0. @xref{TODO MySQL 4.0}.
@itemize @bullet
@item
 Added @code{ORDER BY} syntax to @code{UPDATE} and @code{DELETE}.
@item
 Added @code{SELECT .. WITH UPDATE} and @code{SELECT ... IN SHARE MODE} to
 get more locking options.
@end itemize
@node News-3.23.x, News-3.22.x, News-4.0.x, News
@ -40305,6 +40341,14 @@ though, so Version 3.23 is not released as a stable version yet.
@appendixsubsec Changes in release 3.23.31
@itemize @bullet
@item
 Fixed security bug in something (please upgrade if you are using a earlier
 MySQL 3.23 version).
@item
 Fixed buffer overflow bug when writing a certain error message.
@item
 Added usage of @code{getrlimit()} on Linux to get @code{-O --open-files-limit=#}
 to work on Linux.
@item
 Fixed bug when using expression of type
@code{SELECT ... FROM t1 left join t2 on (t1.a=t2.a) WHERE t1.a=t2.a}. In this
 case the test in the @code{WHERE} clause was wrongly optimized away.
@ -45121,8 +45165,7 @@ The @code{mysqld} will support all standard @strong{MySQL} features and
 one can use it in a threaded client to run different queries in each
 thread.
@item
-@code{SHOW DATABASES} should only show the database which you have some kind
+Replication should work with @code{RAND()}.
 of access privilege to.
@item
 Online backup with very low performance penalty.  The online backup will
 make it easy to add a new replication slave without taking down the
--- a/sql/ha_berkeley.cc
+++ b/sql/ha_berkeley.cc
@ -119,6 +119,8 @@ bool berkeley_init(void)
    berkeley_tmpdir=mysql_tmpdir;
  if (!berkeley_home)
    berkeley_home=mysql_real_data_home;
  DBUG_PRINT("bdb",("berkeley_home: %s",mysql_real_data_home));
  /*
    If we don't set set_lg_bsize() we will get into trouble when
    trying to use many open BDB tables.
@ -1675,6 +1677,34 @@ int ha_berkeley::external_lock(THD *thd, int lock_type)
  DBUG_RETURN(error);
 }
 /*
  The idea with handler::store_lock() is the following:
  The statement decided which locks we should need for the table
  for updates/deletes/inserts we get WRITE locks, for SELECT... we get
  read locks.
  Before adding the lock into the table lock handler (see thr_lock.c)
  mysqld calls store lock with the requested locks.  Store lock can now
  modify a write lock to a read lock (or some other lock), ignore the
  lock (if we don't want to use MySQL table locks at all) or add locks
  for many tables (like we do when we are using a MERGE handler).
  Berkeley DB changes all WRITE locks to TL_WRITE_ALLOW_WRITE (which
  signals that we are doing WRITES, but we are still allowing other
  reader's and writer's.
  When releasing locks, store_lock() are also called. In this case one
  usually doesn't have to do anything.
  In some exceptional cases MySQL may send a request for a TL_IGNORE;
  This means that we are requesting the same lock as last time and this
  should also be ignored. (This may happen when someone does a flush
  table when we have opened a part of the tables, in which case mysqld
  closes and reopens the tables and tries to get the same locks at last
  time).  In the future we will probably try to remove this.
 */
 THR_LOCK_DATA **ha_berkeley::store_lock(THD *thd, THR_LOCK_DATA **to,
 					enum thr_lock_type lock_type)
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@ -119,7 +119,7 @@ inline void reset_floating_point_exceptions()
 #else
 #include <my_pthread.h>			// For thr_setconcurency()
 #endif
-#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(__linux__) && !defined(HAVE_mit_thread)
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(HAVE_mit_thread)
 #define SET_RLIMIT_NOFILE
 #endif
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -1610,7 +1610,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
      char buff[NAME_LEN*2+1];
      if (db)
      {
-	strxmov(buff,db,".",table_name,NullS);
+	strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS);
 	table_name=buff;
      }
      my_printf_error(ER_UNKNOWN_TABLE,ER(ER_UNKNOWN_TABLE),MYF(0),table_name,
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -1784,8 +1784,8 @@ mysql_execute_command(void)
    break;
  case SQLCOM_SHOW_GRANTS:
    res=0;
-    if ((thd->user && !strcmp(thd->user,lex->grant_user->user.str)) ||
+    if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) ||
-	!(check_access(thd, SELECT_ACL, "mysql")))
+	!check_access(thd, SELECT_ACL, "mysql",0,1))
    {
      res = mysql_show_grants(thd,lex->grant_user);
    }
@ -1854,7 +1854,7 @@ error:
 bool
 check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
-	     bool no_grant)
+	     bool dont_check_global_grants)
 {
  uint db_access,dummy;
  if (save_priv)
@ -1862,7 +1862,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
  else
    save_priv= &dummy;
-  if (!db && !thd->db && !no_grant)
+  if (!db && !thd->db && !dont_check_global_grants)
  {
    send_error(&thd->net,ER_NO_DB_ERROR);	/* purecov: tested */
    return TRUE;				/* purecov: tested */
@ -1874,7 +1874,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
    return FALSE;
  }
  if ((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL) ||
-      ! db && no_grant)
+      ! db && dont_check_global_grants)
  {						// We can never grant this
    net_printf(&thd->net,ER_ACCESS_DENIED_ERROR,
 	       thd->priv_user,
@ -1892,8 +1892,11 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
    db_access=thd->db_access;
  want_access &= ~EXTRA_ACL;			// Remove SHOW attribute
  db_access= ((*save_priv=(db_access | thd->master_access)) & want_access);
  /* grant_option is set if there exists a single table or column grant */
  if (db_access == want_access ||
-      ((grant_option && !no_grant) && !(want_access & ~TABLE_ACLS)))
+      ((grant_option && !dont_check_global_grants) &&
       !(want_access & ~TABLE_ACLS)))
    return FALSE;				/* Ok */
  net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
 	     thd->priv_user,