MDEV-4068 rpm scriptlet chown command dangerous

add --mysqld option to my_print_defaults
change server-postin script to use that

9 files changed, 63 insertions, 42 deletions

diff --git a/cmake/cpack_rpm.cmake b/cmake/cpack_rpm.cmake
index 0931af5e09b..246f9a54d15 100644
--- a/cmake/cpack_rpm.cmake
+++ b/cmake/cpack_rpm.cmake
@@ -49,6 +49,7 @@ MariaDB bug reports should be submitted through https://mariadb.atlassian.net/
 SET(CPACK_RPM_SPEC_MORE_DEFINE "
 %define mysql_vendor ${CPACK_PACKAGE_VENDOR}
 %define mysqlversion ${MYSQL_NO_DASH_VERSION}
+%define mysqlbasedir ${CMAKE_INSTALL_PREFIX}
 %define mysqldatadir ${INSTALL_MYSQLDATADIR}
 %define mysqld_user  mysql
 %define mysqld_group mysql
diff --git a/extra/my_print_defaults.c b/extra/my_print_defaults.c
index 8a16e677cb9..7558d6d00ae 100644
--- a/extra/my_print_defaults.c
+++ b/extra/my_print_defaults.c
@@ -26,8 +26,13 @@
 #include <my_sys.h>
 #include <m_string.h>
 #include <my_getopt.h>
+#include <mysql_version.h>
 
+#define load_default_groups mysqld_groups
+#include <mysqld_default_groups.h>
+#undef load_default_groups
 
+my_bool opt_mysqld;
 const char *config_file="my";			/* Default config file */
 uint verbose= 0, opt_defaults_file_used= 0;
 const char *default_dbug_option="d:t:o,/tmp/my_print_defaults.trace";
@@ -78,6 +83,8 @@ static struct my_option my_long_options[] =
    (void *)&my_defaults_extra_file,
    (void *)&my_defaults_extra_file, 0, GET_STR,
    REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+  {"mysqld", 0, "Read the same set of groups that the mysqld binary does.",
+   &opt_mysqld, &opt_mysqld, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
   {"no-defaults", 'n', "Return an empty string (useful for scripts).",
    0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
   {"help", '?', "Display this help message and exit.",
@@ -98,11 +105,12 @@ static void usage(my_bool version)
     return;
   puts("This software comes with ABSOLUTELY NO WARRANTY. This is free software,\nand you are welcome to modify and redistribute it under the GPL license\n");
   puts("Prints all arguments that is give to some program using the default files");
-  printf("Usage: %s [OPTIONS] groups\n", my_progname);
+  printf("Usage: %s [OPTIONS] [groups]\n", my_progname);
   my_print_help(my_long_options);
   my_print_default_files(config_file);
   my_print_variables(my_long_options);
   printf("\nExample usage:\n%s --defaults-file=example.cnf client client-server mysql\n", my_progname);
+  exit(0);
 }
 
 
@@ -115,17 +123,15 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
       opt_defaults_file_used= 1;
       break;
     case 'n':
-    exit(0);
+      exit(0);
     case 'I':
     case '?':
-    usage(0);
-    exit(0);
+      usage(0);
     case 'v':
       verbose++;
       break;
     case 'V':
-    usage(1);
-    exit(0);
+      usage(1);
     case '#':
       DBUG_PUSH(argument ? argument : default_dbug_option);
       break;
@@ -141,11 +147,6 @@ static int get_options(int *argc,char ***argv)
   if ((ho_error=handle_options(argc, argv, my_long_options, get_one_option)))
     exit(ho_error);
 
-  if (*argc < 1)
-  {
-    usage(0);
-    return 1;
-  }
   return 0;
 }
 
@@ -153,9 +154,10 @@ static int get_options(int *argc,char ***argv)
 int main(int argc, char **argv)
 {
   int count, error, args_used;
-  char **load_default_groups, *tmp_arguments[6];
+  char **load_default_groups= 0, *tmp_arguments[6];
   char **argument, **arguments, **org_argv;
   char *defaults, *extra_defaults, *group_suffix;
+  int nargs, i= 0;
   MY_INIT(argv[0]);
 
   org_argv= argv;
@@ -169,13 +171,25 @@ int main(int argc, char **argv)
   arguments[count]= 0;
 
   /* Check out the args */
-  if (!(load_default_groups=(char**) my_malloc((argc+1)*sizeof(char*),
-					       MYF(MY_WME))))
-    exit(1);
   if (get_options(&argc,&argv))
     exit(1);
-  memcpy((char*) load_default_groups, (char*) argv, (argc + 1) * sizeof(*argv));
 
+  nargs= argc + 1;
+  if (opt_mysqld)
+    nargs+= array_elements(mysqld_groups);
+
+  if (nargs < 2)
+    usage(0);
+
+  load_default_groups=(char**) my_malloc(nargs*sizeof(char*), MYF(MY_WME));
+  if (!load_default_groups)
+    exit(1);
+  if (opt_mysqld)
+  {
+    for (; mysqld_groups[i]; i++)
+      load_default_groups[i]= (char*) mysqld_groups[i];
+  }
+  memcpy(load_default_groups + i, argv, (argc + 1) * sizeof(*argv));
   if ((error= load_defaults(config_file, (const char **) load_default_groups,
 			   &count, &arguments)))
   {
@@ -198,6 +212,6 @@ int main(int argc, char **argv)
       puts(*argument);
   my_free(load_default_groups);
   free_defaults(arguments);
-
+  my_end(0);
   exit(0);
 }
diff --git a/include/mysqld_default_groups.h b/include/mysqld_default_groups.h
new file mode 100644
index 00000000000..a2e94ddd854
--- /dev/null
+++ b/include/mysqld_default_groups.h
@@ -0,0 +1,8 @@
+const char *load_default_groups[]= {
+#ifdef WITH_NDBCLUSTER_STORAGE_ENGINE
+"mysql_cluster",
+#endif
+"mysqld", "server", MYSQL_BASE_VERSION,
+"mariadb", MARIADB_BASE_VERSION,
+"client-server",
+0, 0};
diff --git a/scripts/mysql_install_db.sh b/scripts/mysql_install_db.sh
index b28e8a3ba1c..241cb84a399 100644
--- a/scripts/mysql_install_db.sh
+++ b/scripts/mysql_install_db.sh
@@ -257,7 +257,7 @@ fi
 
 # Now we can get arguments from the groups [mysqld] and [mysql_install_db]
 # in the my.cfg file, then re-run to merge with command line arguments.
-parse_arguments `"$print_defaults" $defaults mysqld mariadb mysql_install_db client-server`
+parse_arguments `"$print_defaults" $defaults --mysqld mysql_install_db`
 parse_arguments PICK-ARGS-FROM-ARGV "$@"
 
 # Configure paths to support files
diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh
index 81015746ae9..cd1b6fc18b7 100644
--- a/scripts/mysqld_multi.sh
+++ b/scripts/mysqld_multi.sh
@@ -237,7 +237,7 @@ sub defaults_for_group
 
 sub init_log
 {
-  foreach my $opt (defaults_for_group('mysqld mariadb'))
+  foreach my $opt (defaults_for_group('--mysqld'))
   {
     if ($opt =~ m/^--datadir=(.*)/ && -d "$1" && -w "$1")
     {
diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
index 222279cc8ff..572a08781c8 100644
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@@ -503,7 +503,7 @@ append_arg_to_args () {
 args=
 
 SET_USER=2
-parse_arguments `$print_defaults $defaults --loose-verbose mysqld mariadb server client-server`
+parse_arguments `$print_defaults $defaults --loose-verbose --mysqld`
 if test $SET_USER -eq 2
 then
   SET_USER=0
diff --git a/scripts/mysqldumpslow.sh b/scripts/mysqldumpslow.sh
index 0de4fe159f0..c04ffad7457 100644
--- a/scripts/mysqldumpslow.sh
+++ b/scripts/mysqldumpslow.sh
@@ -53,7 +53,7 @@ GetOptions(\%opt,
 $opt{'help'} and usage();
 
 unless (@ARGV) {
-    my $defaults   = `my_print_defaults mysqld mariadb`;
+    my $defaults   = `my_print_defaults --mysqld`;
 
     my $datadir = ($defaults =~ m/--datadir=(.*)/g)[-1];
     if (!$datadir or $opt{i}) {
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index d0e0c29a432..37e6a943d1c 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -3203,14 +3203,7 @@ pthread_handler_t handle_shutdown(void *arg)
 }
 #endif
 
-const char *load_default_groups[]= {
-#ifdef WITH_NDBCLUSTER_STORAGE_ENGINE
-"mysql_cluster",
-#endif
-"mysqld", "server", MYSQL_BASE_VERSION,
-"mariadb", MARIADB_BASE_VERSION,
-"client-server",
-0, 0};
+#include <mysqld_default_groups.h>
 
 #if defined(__WIN__) && !defined(EMBEDDED_LIBRARY)
 static const int load_default_groups_sz=
diff --git a/support-files/rpm/server-postin.sh b/support-files/rpm/server-postin.sh
index 156865b61ad..b5ba10bd265 100644
--- a/support-files/rpm/server-postin.sh
+++ b/support-files/rpm/server-postin.sh
@@ -5,41 +5,46 @@ if [ $1 = 1 ] ; then
           /sbin/chkconfig --add mysql
   fi
 
-  mysql_dirs=(`%{_sbindir}/mysqld --verbose --help 2>/dev/null|sed -ne 's/^\(basedir\|datadir\)[[:space:]]*\(.*\)$/\2/p'`)
-  basedir="${mysql_dirs[0]}"
-  datadir="${mysql_dirs[1]}"
-  # datadir may be relative to a basedir!
-  if expr $datadir : / > /dev/null; then
-    mysql_datadir=$datadir
+  basedir=`%{_bindir}/my_print_defaults --mysqld|sed -ne 's/^--basedir=//p'|tail -1`
+  if [ -z "$basedir" ] ; then
+    basedir=%{mysqlbasedir}
+  fi
+
+  datadir=`%{_bindir}/my_print_defaults --mysqld|sed -ne 's/^--datadir=//p'|tail -1`
+  if [ -z "$datadir" ] ; then
+    datadir=%{mysqldatadir}
   else
-    mysql_datadir=$basedir/$datadir
+    # datadir may be relative to a basedir!
+    if ! expr $datadir : / > /dev/null; then
+      datadir=$basedir/$datadir
+    fi
   fi
 
   # Create a MySQL user and group. Do not report any problems if it already
   # exists.
   groupadd -r %{mysqld_group} 2> /dev/null || true
-  useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true 
+  useradd -M -r -d $datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true 
   # The user may already exist, make sure it has the proper group nevertheless (BUG#12823)
   usermod -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
 
   # Change permissions so that the user that will run the MySQL daemon
   # owns all database files.
-  chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
+  chown -R %{mysqld_user}:%{mysqld_group} $datadir
 
-  if [ ! -e $mysql_datadir ]; then
+  if [ ! -e $datadir ]; then
     # Create data directory
-    mkdir -p $mysql_datadir/{mysql,test}
+    mkdir -p $datadir/{mysql,test}
 
     # Initiate databases
     %{_bindir}/mysql_install_db --rpm --user=%{mysqld_user}
   fi
 
   # Change permissions again to fix any new files.
-  chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
+  chown -R %{mysqld_user}:%{mysqld_group} $datadir
 
   # Fix permissions for the permission database so that only the user
   # can read them.
-  chmod -R og-rw $mysql_datadir/mysql
+  chmod -R og-rw $datadir/mysql
 fi
 
 # install SELinux files - but don't override existing ones