> Lars Tangvald <lars.tangv...@oracle.com> hat am 8. November 2016 um 12:28 > geschrieben:
Hi Lars, thanks for the quick reply. > It's probably something with your setup the upgrade logic can't handle > correctly. > In 5.5.53, MySQL changes the inbuilt secure-file-priv (determined where > the server can read/write data for import/export operations) default > setting from blank, meaning the server has read/write access anywhere, > to /var/lib/mysql-files, which should be automatically created by the > postinst. This is a fairly big change, but it was felt the old behavior > was a big enough security risk to justify it. > Do you have a special setup (partition, symlink, etc) for your /var/lib > folders, so the default directory might not be possible to create/access? > > Finally, setting secure-file-priv to your datadir is very strongly > recommended against, as it pretty much gives any database user full > database access. > We recommend either setting it to a separate location, or to NULL (only > available in 5.5.53+), which will disable import/export operations for > the server. I've investigated and indeed /var/lib/mysql-files did not exist. The reason was that another third-party (gitlab-ee) package depending on the mysql-server package broke the apt-get upgrade, leaving mysql-server's postinst script not executed. I've reinstalled the mysql-server package, removed my hack and now it works again. Thanks again, especially about mentioning the security implications about my hack, Thomas > On 11/08/2016 11:58 AM, Thomas Braun wrote: > > Package: mysql-server-5.5 > > Version: 5.5.53-0+deb8u1 > > Severity: important > > > > Dear Maintainer, > > > > after tonights security update my mysql server does not start anymore. > > > > Looking in /var/log/mysql/error.log gives: > > 161108 11:18:02 mysqld_safe Starting mysqld daemon with databases from > > /var/lib/mysql > > 161108 11:18:02 [Warning] Using unique option prefix key_buffer instead of > > key_buffer_size is deprecated and will be removed in a future release. > > Please > > use the full name instead. > > /usr/sbin/mysqld: Error on realpath() on '/var/lib/mysql-files' (Error 2) > > 161108 11:18:02 [ERROR] Failed to access directory for --secure-file-priv. > > Please make sure that directory exists and is accessible by MySQL Server. > > Supplied value : /var/lib/mysql-files > > 161108 11:18:02 [ERROR] Aborting > > > > So it looks like that the new secure-file-priv option defaults to a > > different > > folder than specified as datadir in my config. > > I've not touched the mysql settings manually. > > > > I've fixed the bug by adding the file > > /etc/mysql/conf.d/fix-security-update-bug.cnf with contents > > > > [mysqld] > > secure_file_priv=/var/lib/mysql > > > > Thanks for your work on the mysql packages, > > Thomas > > > > -- System Information: > > Debian Release: 8.6 > > APT prefers stable > > APT policy: (500, 'stable') > > Architecture: amd64 (x86_64) > > > > Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) > > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > Init: systemd (via /run/systemd/system) > > > > Versions of packages mysql-server-5.5 depends on: > > ii adduser 3.113+nmu3 > > ii debconf [debconf-2.0] 1.5.56 > > ii initscripts 2.88dsf-59 > > ii libc6 2.19-18+deb8u6 > > ii libdbi-perl 1.631-3+b1 > > ii libgcc1 1:4.9.2-10 > > ii libstdc++6 4.9.2-10 > > ii lsb-base 4.1+Debian13+nmu1 > > iu mysql-client-5.5 5.5.53-0+deb8u1 > > ii mysql-common 5.5.53-0+deb8u1 > > iu mysql-server-core-5.5 5.5.53-0+deb8u1 > > ii passwd 1:4.2-3+deb8u1 > > ii perl 5.20.2-3+deb8u6 > > ii psmisc 22.21-2 > > ii zlib1g 1:1.2.8.dfsg-2+b1 > > > > Versions of packages mysql-server-5.5 recommends: > > ii libhtml-template-perl 2.95-1 > > > > Versions of packages mysql-server-5.5 suggests: > > ii heirloom-mailx [mailx] 12.5-4 > > pn tinyca <none> > > > > -- debconf information: > > mysql-server-5.5/postrm_remove_databases: false > > mysql-server-5.5/start_on_boot: true > > mysql-server/error_setting_password: > > mysql-server-5.5/nis_warning: > > mysql-server/password_mismatch: > > mysql-server-5.5/really_downgrade: false > > mysql-server/no_upgrade_when_using_ndb: > > > > _______________________________________________ > > pkg-mysql-maint mailing list > > pkg-mysql-ma...@lists.alioth.debian.org > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint > >