Commit 3d3d876c authored by unknown's avatar unknown

Fixed that --open-files-limit works on Linux


Docs/manual.texi:
  Update of security and replication sections
sql/ha_berkeley.cc:
  More documentation
sql/sql_base.cc:
  Fixed overflow bug
sql/sql_parse.cc:
  Variable name change
parent 08637701
......@@ -316,3 +316,4 @@ sasha@work.mysql.com|BitKeeper/etc/logging_ok|20001214015456|29919|32b6551b8288c
serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.dummy.result|20001206231604|05053|bf7e6d609f22b897
serg@serg.mysql.com|mysql-test/r/3.23/mrg000001.result|20001206231609|46662|db2ef2e717ab8332
mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b9394876
mwagner@evoq.home.mwagner.org|mysql-test/chew_on_this/select.res|20001014084759|41327|1295456b93948768
......@@ -347,6 +347,7 @@ The MySQL Access Privilege System
* General security:: General security
* Security:: How to make @strong{MySQL} secure against crackers
* Privileges options::
* What Privileges:: What the privilege system does
* User names:: @strong{MySQL} user names and passwords
* Connecting:: Connecting to the @strong{MySQL} server
......@@ -615,7 +616,7 @@ MySQL Utilites
* mysql:: The command line tool
* mysqladmin:: Administering a @strong{MySQL} server
* mysqldump:: Dumping the structure and data from @strong{MySQL} databases and tables
* mysqlhotcopy:: Copying @code{MySQL} Databases and Tables
* mysqlhotcopy:: Copying @strong{MySQL} Databases and Tables
* mysqlimport:: Importing data from text files
* perror:: Displaying error messages
* mysqlshow:: Showing databases, tables and columns
......@@ -2030,25 +2031,25 @@ Big changes made in @strong{MySQL} Version 3.22.12.
@item @strong{MyODBC} (uses ODBC SDK 2.5) --- Gamma
It seems to work well with some programs.
@item Replication -- Alpha / Beta
@item Replication -- Beta / Gamma
We are still working on replication, so don't expect this to be rock
solid yet. On the other hand, some @strong{MySQL} users are already
using this with good results.
@item BDB Tables -- Alpha / Beta
@item BDB Tables -- Beta
The Berkeley DB code is very stable, but we are still improving the interface
between @strong{MySQL} and BDB tables, so it will take some time before this
is as tested as the other table types.
@item Automatic recovery of MyISAM tables - Alpha.
@item Automatic recovery of MyISAM tables - Beta.
This only affects the new code that checks if the table was closed properly
on open and executes an automatic check/repair of the table if it wasn't.
@item MERGE tables -- Alpha / Beta
@item MERGE tables -- Beta / Gamma
The usage of keys on @code{MERGE} tables is still not that tested. The
other part of the @code{MERGE} code is quite well tested.
@item FULLTEXT -- Alpha / Beta
@item FULLTEXT -- Beta
Text search seams to work, but is still not widely used.
@end table
......@@ -8178,6 +8179,7 @@ On NT you can get the following service error messages:
@multitable @columnfractions .3 .7
@item Permission Denied @tab Means that it cannot find @code{mysqld-nt.exe}.
@item Cannot Register @tab Means that the path is incorrect.
@item Failed to install service. @tab Means that the service is already installed or that the Service Control Manager is in bad state.
@end multitable
If you have problems installing @code{mysqld-nt} as a service, try starting
......@@ -10901,6 +10903,7 @@ system. This section describes how it works.
@menu
* General security:: General security
* Security:: How to make @strong{MySQL} secure against crackers
* Privileges options::
* What Privileges:: What the privilege system does
* User names:: @strong{MySQL} user names and passwords
* Connecting:: Connecting to the @strong{MySQL} server
......@@ -11087,7 +11090,7 @@ actually mean that it is encrypted. If you need high security, you should
consult with a security expert.
@end itemize
@node Security, What Privileges, General security, Privilege system
@node Security, Privileges options, General security, Privilege system
@section How to Make MySQL Secure Against Crackers
@cindex crackers, security against
@cindex security, against crackers
......@@ -11190,6 +11193,9 @@ careful about creating grant table entries using hostname values that
contain wild cards!
@end itemize
@node Privileges options, What Privileges, Security, Privilege system
@section Startup options to mysqld which concerns security
The following @code{mysqld} options affect networking security:
@table @code
......@@ -11218,15 +11224,22 @@ Don't allow TCP/IP connections over the network. All connections to
@code{mysqld} must be made via Unix sockets. This option is unsuitable for
systems that use MIT-pthreads, because the MIT-pthreads package doesn't
support Unix sockets.
@item --skip-show-database
@code{SHOW DATABASE} command doesn't return anything.
@item --safe-show-database
@code{SHOW DATABASE} only returns databases for which the user have
some kind of privilege.
@end table
@node What Privileges, User names, Security, Privilege system
@node What Privileges, User names, Privileges options, Privilege system
@section What the Privilege System Does
@cindex system, privilege
@cindex privilege system
@cindex passwords, security
The primary function of the @strong{MySQL} privilege system is to
authenticate a user connecting from a given host, and to associate that user
with privileges on a database such as
......@@ -22898,6 +22911,8 @@ client. We plan to partly fix this in 4.0.
tables.
@item
Optimize performance.
@item
Change to not use page locks at all when we are scanning tables.
@end itemize
@node BDB errors, , BDB TODO, BDB
......@@ -25690,7 +25705,7 @@ connect to the master.
@cindex @code{my.cnf} file
@cindex files,@code{my.cnf}
@node Replication Features, Replication Options, Replication HOWTO, Replication
@section Replication Features
@section Replication Features and known problems
Below is an explanation of what is supported and what is not:
......@@ -25703,7 +25718,16 @@ Replication will be done correctly with @code{AUTO_INCREMENT},
still resides on the master server at the time of update
propagation. @code{LOAD LOCAL DATA INFILE} will be skipped.
@item
Update queries that use user variables are not replication-safe (yet).
The master and slave is not synchronizing @code{RAND()}. This means
that you should not use @code{RAND()} with any statement that updates a
table. As fixing this will require a change in the protocol, we will
delay fixing this until 4.0. A workaround is using @code{RAND(#)}, where
# is a random integer genearated by your application or by first
executing @code{LAST_INSERT_ID(RAND())} and then using
@code{LAST_INSERT_ID()} in the next statement.
@item
Update queries that use user variables (@code{@@variable}) are not yet
replication-safe.
@item
Temporary tables starting in 3.23.29 are replicated properly with the
exception of the case when you shut down slave server ( not just slave thread),
......@@ -25718,6 +25742,12 @@ In earlier versions temporary tables are not being replicated properly - we
recommend that you either upgrade, or execute @code{SET SQL_LOG_BIN=0} on
your clients before all queries with temp tables.
@item
@strong{MySQL} only supports one master and many slaves. We will in 4.x
add a voting algorithm to automaticly change master if something goes
wrong with the current master. We will also introduce 'agent' processes
to help doing load balancing by sending select queries to different
slaves.
@item
Starting in Version 3.23.26, it is safe to connect servers in a circular
master-slave relationship with @code{log-slave-updates} enabled.
Note, however, that many queries will not work right in this kind of
......@@ -25728,9 +25758,10 @@ so that pre-3.23.26 slaves will not be able to read it.
@item
If the query on the slave gets an error, the slave thread will
terminate, and a message will appear in the @code{.err} file. You should
then connect to the slave manually, fix the cause of the error
(for example, non-existent table), and then run @code{SLAVE START} sql command (available starting in Version 3.23.16). In Version 3.23.15, you will have
to restart the server.
then connect to the slave manually, fix the cause of the error (for
example, non-existent table), and then run @code{SLAVE START} sql
command (available starting in Version 3.23.16). In Version 3.23.15, you
will have to restart the server.
@item
If connection to the master is lost, the slave will retry immediately,
and then in case of failure every @code{master-connect-retry} (default
......@@ -28515,6 +28546,7 @@ Most of the options to @code{safe_mysqld} are the same as the options to
@table @code
@item --basedir=path
@item --core-file-size=#
Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}.
@item --datadir=path
@item --defaults-extra-file=path
@item --defaults-file=path
......@@ -28525,10 +28557,8 @@ Path to @code{mysqld}
@item --mysqld=mysqld-version
Name of the mysqld version in the @code{ledir} directory you want to start.
@item --no-defaults
@item --open-files=#
Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}.
@item --open-files=#
Size of the core file @code{mysqld} should be able to create. Passed to @code{ulimit -c}.
@item --open-files-limit=#
Number of files @code{mysqld} should be able to open. Passed to @code{ulimit -n}. Not that you need to start @code{safe_mysqld} as root for this to work properly!
@item --pid-file=path
@item --port=#
@item --socket=path
......@@ -33494,9 +33524,12 @@ number 256 to affect the number of file descriptors available to
@code{ulimit} (and @code{open-files-limit}) can increase the number of
file descriptors, but only up to the limit imposed by the operating
system. If you need to increase the OS limit on the number of file
descriptors available to each process, consult the documentation for
your operating system.
system. There is also a 'hard' limit that can only be overrided if you
start @code{safe_mysqld} or @code{mysqld} as root (Just remember that
you need to also use the @code{--user=..} option in this case). If you
need to increase the OS limit on the number of file descriptors
available to each process, consult the documentation for your operating
system.
Note that if you run the @code{tcsh} shell, @code{ulimit} will not work!
@code{tcsh} will also report incorrect values when you ask for the current
......@@ -39376,8 +39409,8 @@ An open source client for exploring databases and executing SQL. Supports
A query tool for @strong{MySQL} and PostgreSQL.
@item @uref{http://dbman.linux.cz/,dbMan}
A query tool written in Perl. Uses DBI and Tk.
@item @uref{http://www.mysql.com/Downloads/Win32/Msc18.exe, Mascon 2000.1.8}
@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc18.exe, Free Mascon 2000.1.8}
@item @uref{http://www.mysql.com/Downloads/Win32/Msc110.exe, Mascon 2000.1.10.48}
@item @uref{http://www.mysql.com/Downloads/Win32/FrMsc110.exe, Free Mascon 2000.1.10.48}
Mascon is a powerful Win32 GUI for the administering MySQL server
databases. Mascon's features include visual table design, connections to
multiple servers, data and blob editing of tables, security setting, SQL
......@@ -40248,6 +40281,9 @@ Our TODO section contains what we plan to have in 4.0. @xref{TODO MySQL 4.0}.
@itemize @bullet
@item
Added @code{ORDER BY} syntax to @code{UPDATE} and @code{DELETE}.
@item
Added @code{SELECT .. WITH UPDATE} and @code{SELECT ... IN SHARE MODE} to
get more locking options.
@end itemize
@node News-3.23.x, News-3.22.x, News-4.0.x, News
......@@ -40305,6 +40341,14 @@ though, so Version 3.23 is not released as a stable version yet.
@appendixsubsec Changes in release 3.23.31
@itemize @bullet
@item
Fixed security bug in something (please upgrade if you are using a earlier
MySQL 3.23 version).
@item
Fixed buffer overflow bug when writing a certain error message.
@item
Added usage of @code{getrlimit()} on Linux to get @code{-O --open-files-limit=#}
to work on Linux.
@item
Fixed bug when using expression of type
@code{SELECT ... FROM t1 left join t2 on (t1.a=t2.a) WHERE t1.a=t2.a}. In this
case the test in the @code{WHERE} clause was wrongly optimized away.
......@@ -45121,8 +45165,7 @@ The @code{mysqld} will support all standard @strong{MySQL} features and
one can use it in a threaded client to run different queries in each
thread.
@item
@code{SHOW DATABASES} should only show the database which you have some kind
of access privilege to.
Replication should work with @code{RAND()}.
@item
Online backup with very low performance penalty. The online backup will
make it easy to add a new replication slave without taking down the
......@@ -119,6 +119,8 @@ bool berkeley_init(void)
berkeley_tmpdir=mysql_tmpdir;
if (!berkeley_home)
berkeley_home=mysql_real_data_home;
DBUG_PRINT("bdb",("berkeley_home: %s",mysql_real_data_home));
/*
If we don't set set_lg_bsize() we will get into trouble when
trying to use many open BDB tables.
......@@ -1675,6 +1677,34 @@ int ha_berkeley::external_lock(THD *thd, int lock_type)
DBUG_RETURN(error);
}
/*
The idea with handler::store_lock() is the following:
The statement decided which locks we should need for the table
for updates/deletes/inserts we get WRITE locks, for SELECT... we get
read locks.
Before adding the lock into the table lock handler (see thr_lock.c)
mysqld calls store lock with the requested locks. Store lock can now
modify a write lock to a read lock (or some other lock), ignore the
lock (if we don't want to use MySQL table locks at all) or add locks
for many tables (like we do when we are using a MERGE handler).
Berkeley DB changes all WRITE locks to TL_WRITE_ALLOW_WRITE (which
signals that we are doing WRITES, but we are still allowing other
reader's and writer's.
When releasing locks, store_lock() are also called. In this case one
usually doesn't have to do anything.
In some exceptional cases MySQL may send a request for a TL_IGNORE;
This means that we are requesting the same lock as last time and this
should also be ignored. (This may happen when someone does a flush
table when we have opened a part of the tables, in which case mysqld
closes and reopens the tables and tries to get the same locks at last
time). In the future we will probably try to remove this.
*/
THR_LOCK_DATA **ha_berkeley::store_lock(THD *thd, THR_LOCK_DATA **to,
enum thr_lock_type lock_type)
......
......@@ -119,7 +119,7 @@ inline void reset_floating_point_exceptions()
#else
#include <my_pthread.h> // For thr_setconcurency()
#endif
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(__linux__) && !defined(HAVE_mit_thread)
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) && !defined(HAVE_mit_thread)
#define SET_RLIMIT_NOFILE
#endif
......
......@@ -1610,7 +1610,7 @@ find_field_in_tables(THD *thd,Item_field *item,TABLE_LIST *tables)
char buff[NAME_LEN*2+1];
if (db)
{
strxmov(buff,db,".",table_name,NullS);
strxnmov(buff,sizeof(buff)-1,db,".",table_name,NullS);
table_name=buff;
}
my_printf_error(ER_UNKNOWN_TABLE,ER(ER_UNKNOWN_TABLE),MYF(0),table_name,
......
......@@ -1784,8 +1784,8 @@ mysql_execute_command(void)
break;
case SQLCOM_SHOW_GRANTS:
res=0;
if ((thd->user && !strcmp(thd->user,lex->grant_user->user.str)) ||
!(check_access(thd, SELECT_ACL, "mysql")))
if ((thd->priv_user && !strcmp(thd->priv_user,lex->grant_user->user.str)) ||
!check_access(thd, SELECT_ACL, "mysql",0,1))
{
res = mysql_show_grants(thd,lex->grant_user);
}
......@@ -1854,7 +1854,7 @@ mysql_execute_command(void)
bool
check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
bool no_grant)
bool dont_check_global_grants)
{
uint db_access,dummy;
if (save_priv)
......@@ -1862,7 +1862,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
else
save_priv= &dummy;
if (!db && !thd->db && !no_grant)
if (!db && !thd->db && !dont_check_global_grants)
{
send_error(&thd->net,ER_NO_DB_ERROR); /* purecov: tested */
return TRUE; /* purecov: tested */
......@@ -1874,7 +1874,7 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
return FALSE;
}
if ((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL) ||
! db && no_grant)
! db && dont_check_global_grants)
{ // We can never grant this
net_printf(&thd->net,ER_ACCESS_DENIED_ERROR,
thd->priv_user,
......@@ -1892,8 +1892,11 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
db_access=thd->db_access;
want_access &= ~EXTRA_ACL; // Remove SHOW attribute
db_access= ((*save_priv=(db_access | thd->master_access)) & want_access);
/* grant_option is set if there exists a single table or column grant */
if (db_access == want_access ||
((grant_option && !no_grant) && !(want_access & ~TABLE_ACLS)))
((grant_option && !dont_check_global_grants) &&
!(want_access & ~TABLE_ACLS)))
return FALSE; /* Ok */
net_printf(&thd->net,ER_DBACCESS_DENIED_ERROR,
thd->priv_user,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment