Skip to content

Allow adapting MySQL configuration file's permissions mode #1278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 13, 2020
Merged

Allow adapting MySQL configuration file's permissions mode #1278

merged 2 commits into from
Feb 13, 2020

Conversation

unki
Copy link
Contributor

@unki unki commented Feb 6, 2020
edited
Loading

Sometimes more restrictive file-permissions on the MySQL configuration file are required.

e.g. in case of a Galera cluster, where you need to store wsrep_sst_auth credentials in the configuration. In that specific case it's a rather powerful MySQL user and you do not want the file to be be world-readable then.

It would be great if we can support this with puppetlabs-mysql too.

PS: In respect of #32, where it was changed from a restrictive permission to 0644.

@unki unki requested a review from a team as a code owner February 6, 2020 10:03
@unki unki changed the title allow adapting permission mode of the MySQL configuration file allow adapting permissions mode of the MySQL configuration file Feb 6, 2020
@unki unki changed the title allow adapting permissions mode of the MySQL configuration file allow adapting MySQL configuration file's permissions mode Feb 6, 2020
@codecov-io
Copy link

Codecov Report

❗ No coverage uploaded for pull request base (master@07e0873). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1278   +/-   ##
=========================================
  Coverage          ?   50.97%           
=========================================
  Files             ?       19           
  Lines             ?      718           
  Branches          ?        0           
=========================================
  Hits              ?      366           
  Misses            ?      352           
  Partials          ?        0

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 07e0873...61eb2ec. Read the comment docs.

@carabasdaniel
Copy link
Contributor

Hello @unki,

Thank you for your contribution.

This seems like a feature that would be very helpful, but it would be great if you could add a test for different permissions.

@unki unki force-pushed the allow-adapt-config-file-permissions branch 2 times, most recently from 97f8c20 to 07abe6b Compare February 7, 2020 18:45
@unki unki force-pushed the allow-adapt-config-file-permissions branch from 07abe6b to 36f75fc Compare February 7, 2020 18:49
@unki
Copy link
Contributor Author

unki commented Feb 7, 2020

Hi @carabasdaniel

This seems like a feature that would be very helpful, but it would be great if you could add a test for different permissions.

Thanks for considering this PR!
I've added some test-cases just now.

@carabasdaniel carabasdaniel changed the title allow adapting MySQL configuration file's permissions mode Allow adapting MySQL configuration file's permissions mode Feb 13, 2020
@carabasdaniel carabasdaniel force-pushed the allow-adapt-config-file-permissions branch from bc06568 to 67c7375 Compare February 13, 2020 12:03
@carabasdaniel
Copy link
Contributor

Hi @unki
Thanks, merging this PR now.

@carabasdaniel carabasdaniel merged commit fccde9e into puppetlabs:master Feb 13, 2020
@unki unki deleted the allow-adapt-config-file-permissions branch February 18, 2020 09:32
@unki unki mentioned this pull request Feb 26, 2020
Merged
@TwizzyDizzy
Copy link

TwizzyDizzy commented Mar 5, 2020
edited
Loading

Am I right in assuming, that this basically fixes https://tickets.puppetlabs.com/browse/MODULES-8305? If so: thank you :) If not: meh, but still: thank you :D

I'll also leave my side note from the ticket here, because I think this might cause issues for people, if they don't consider the implication of setting the o= bit as indicated.

setting the mode to o= prevents MariaDB from starting up (or to be precise: it starts up, but cannot read the config file, so it uses default values). This can be mitigated by changing mysql::server::root_group to mysql (in my case, I'm on RedHat, might be different on your platform).

Cheers
Thomas

@unki
Copy link
Contributor Author

unki commented Mar 6, 2020

I would say yes - it can be tackled with this change and #1284. Just that I've left the default-values for the permissions on my.cnf as they were before - 0644, root: root.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@unki @codecov-io @carabasdaniel @TwizzyDizzy