diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2018-12-14 23:36:21 +0100 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2018-12-14 23:36:21 +0100 |
commit | 5716c71c54d84d1f68bae8766ab51d186535c291 (patch) | |
tree | 27da511ed0e6d28ccfd90e5bfc47cf42400c68dc /mysql-test/suite/mariabackup | |
parent | 94fa02f4d067285a57abb125829bfecd219df8fa (diff) | |
download | mariadb-git-5716c71c54d84d1f68bae8766ab51d186535c291.tar.gz |
MDEV-14975 mariabackup starts with unprivileged user.
ported privilege checking from xtrabackup.
Now, mariabackup would terminate early if either RELOAD or PROCESS privilege
is not held, not at the very end of backup
The behavior can be disabled with nre setting --check-privileges=0.
Also , --no-lock does not need all of these privileges, since it skips
FTWRL and SHOW ENGINE STATUS INNODB.
Diffstat (limited to 'mysql-test/suite/mariabackup')
-rw-r--r-- | mysql-test/suite/mariabackup/backup_grants.result | 5 | ||||
-rw-r--r-- | mysql-test/suite/mariabackup/backup_grants.test | 30 |
2 files changed, 35 insertions, 0 deletions
diff --git a/mysql-test/suite/mariabackup/backup_grants.result b/mysql-test/suite/mariabackup/backup_grants.result new file mode 100644 index 00000000000..d8869b7ac82 --- /dev/null +++ b/mysql-test/suite/mariabackup/backup_grants.result @@ -0,0 +1,5 @@ +CREATE user backup@localhost; +FOUND 1 /missing required privilege RELOAD/ in backup.log +FOUND 1 /missing required privilege PROCESS/ in backup.log +GRANT RELOAD, PROCESS on *.* to backup@localhost; +DROP USER backup@localhost; diff --git a/mysql-test/suite/mariabackup/backup_grants.test b/mysql-test/suite/mariabackup/backup_grants.test new file mode 100644 index 00000000000..1c0c3f89346 --- /dev/null +++ b/mysql-test/suite/mariabackup/backup_grants.test @@ -0,0 +1,30 @@ +let $targetdir=$MYSQLTEST_VARDIR/tmp/backup; +CREATE user backup@localhost; + +# backup possible for unprivileges user, with --no-lock +--disable_result_log +exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --no-lock --target-dir=$targetdir; +--enable_result_log +rmdir $targetdir; + +# backup fails without --no-lock, because of FTWRL +--disable_result_log +error 1; +exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir > $MYSQLTEST_VARDIR/tmp/backup.log; +--enable_result_log + +let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log; +--let SEARCH_PATTERN= missing required privilege RELOAD +--source include/search_pattern_in_file.inc +--let SEARCH_PATTERN= missing required privilege PROCESS +--source include/search_pattern_in_file.inc + +# backup succeeds with RELOAD privilege +GRANT RELOAD, PROCESS on *.* to backup@localhost; +--disable_result_log +exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup -ubackup --target-dir=$targetdir; +--enable_result_log + +DROP USER backup@localhost; +# Cleanup +rmdir $targetdir; |