OUTFILE ownership under mysqld 3.23.36-debug

Tue, 10 Apr 2001 12:37:43 -0700 

Ok, this is confusing me.  Under FreeBSD 4.2 and MySQL 3.23.36-debug:

The mysqld process is not running as root, but as 'mysqld:mysqld'.

  bmdb2# ps -orgid,ruid,command -eww -p 46884
   RGID  RUID COMMAND
   6724  6724 MYSQL_TCP_PORT=3306 OLDPWD=/var/mysqld/db/mojo
  log_dir=/var/mysqld/log TMPDIR=/var/tmp
  PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin MYSQLD_DB=/var/mysqld/db
  UMASK=0644 DBI_HOST=localhost MYSQL_BASE_DIR=/usr/local
  PWD=/var/mysqld/supervise UMASK_DIR=0777 /usr/local/libexec/mysqld
  --language=/usr/local/share/mysql/english --port=3306
  --pid-file=/var/mysqld/db/mysqld.pid --datadir=/var/mysqld/db
  --basedir=/var/mysqld/db/mysql --tmpdir=/var/tmp --exit-info
  --set-variable=max_connections=1000 --log-update=/var/mysqld/log/bmdb2

The 'RGID RUID' is the real (as opposed to 'effective') GID and
UID of the process.  Then there's the environment.  Then the
arguments to the server itself.  (You may not that I'm not using
/etc/my.cnf to configure the server; I prefer to see the arguments.)

Also, the server was lauched outright as UID mysqld, so I'm not using
'--user'.

The user 'mysqld' has it's own group, and that's the only group it's in:

  bmdb2# id mysqld
  uid=6724(mysqld) gid=6724(mysqld) groups=6724(mysqld)

Yet, somehow, an SQL command such as this:

  select username from user limit 5 into outfile '/var/tmp/mysqld/sample';

creates a file with the 'wheel' group:

  bmdb2# ls -ld /var/tmp/mysqld/sample
  -rw-rw-rw-  1 mysqld  wheel  65 Apr 10 19:36 /var/tmp/mysqld/sample

I have no idea how a non-root process can set a different group
than it's own.

I can't find any suid/sgid code in the installed MySQL code.  Does
anyone have any insight on this?

-- 
Brian 'you Bastard' Reichert            <[EMAIL PROTECTED]>
37 Crystal Ave. #303                    Daytime number: (603) 434-6842
Derry NH 03038-1713 USA                 Intel architecture: the left-hand path

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to