MDEV-22159: Don't redirect as root to a tmp file not owned by root

Also add a check for tmp file being empty and bail out with a clear error message in such a case, as mysqld_safe prevents normal stderr from being displayed anywhere and would fail silently on this.

MDEV-22159: Don't redirect as root to a tmp file not owned by root
Also add a check for tmp file being empty and bail out with a clear error message in such a case, as mysqld_safe prevents normal stderr from being displayed anywhere and would fail silently on this.
efa3b3de · Otto Kekäläinen · Jan Lindström · a6a8774d · efa3b3de
Commit efa3b3de authored Apr 21, 2020 by Otto Kekäläinen Committed by Jan Lindström Apr 22, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

scripts/mysqld_safe.sh scripts/mysqld_safe.sh +8 -1

No files found.
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@@ -263,7 +263,9 @@ wsrep_recover_position() {
  fi

  if [ -f $wr_logfile ]; then
-    [ "$euid" = "0" ] && chown $user $wr_logfile
+    # NOTE! Do not change ownership of the temporary file, as on newer kernel
+    # versions fs.protected_regular is set to '2' and redirecting output with >
+    # as root to a file not owned by root will fail with "Permission denied"
    chmod 600 $wr_logfile
  else
    log_error "WSREP: mktemp failed"
@@ -278,6 +280,11 @@ wsrep_recover_position() {

  eval "$mysqld_cmd --wsrep_recover $wr_options 2> $wr_logfile"

+  if [ ! -s "$wr_logfile" ]; then
+    log_error "Log file $wr_logfile was empty, cannot proceed. Is system running fs.protected_regular?"
+    exit 1
+  fi
+
  local rp="$(grep 'WSREP: Recovered position:' $wr_logfile)"
  if [ -z "$rp" ]; then
    local skipped="$(grep WSREP $wr_logfile | grep 'skipping position recovery')"