Replying to myself.
Apparently, in the past, the initscript was relying on the mysqld_safe
script to drop root rights. Any reasons this has been changed? Again I
would revert that.
Cheers,
Laurent Bigonville
Le 26/03/16 11:12, Laurent Bigonville a écrit :
severity 798080 serious
tag 798080 + patch
thanks
Hi,
I think the following patch should fix this (not tested though).
If I'm not wrong, the mysqld_safe already switch the mysql user during
the startup process. So instead of allowing the mysql group to access
the debian.cnf file, let the mysqld_safe script run as root. If I'm
not wrong other distributions are already doing like that.
Also I quickly look at the initscript, and I see the following line:
su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"
I'm not sure that using "su" here is a good idea as in that case a PAM
session is opened. I would suggest to user either "runuser" or not
manually switching the user and let the mysqld_safe script do the
switch, again need to be tested.
Cheers,
Laurent Bigonville
