severity 798080 serious
tag 798080 + patch
thanks
Hi,
I think the following patch should fix this (not tested though).
If I'm not wrong, the mysqld_safe already switch the mysql user during
the startup process. So instead of allowing the mysql group to access
the debian.cnf file, let the mysqld_safe script run as root. If I'm not
wrong other distributions are already doing like that.
Also I quickly look at the initscript, and I see the following line:
su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"
I'm not sure that using "su" here is a good idea as in that case a PAM
session is opened. I would suggest to user either "runuser" or not
manually switching the user and let the mysqld_safe script do the
switch, again need to be tested.
Cheers,
Laurent Bigonville
diff -Nru mysql-5.6-5.6.28/debian/mysql-server-5.6.mysql.service mysql-5.6-5.6.28/debian/mysql-server-5.6.mysql.service
--- mysql-5.6-5.6.28/debian/mysql-server-5.6.mysql.service 2016-01-12 13:46:24.000000000 +0100
+++ mysql-5.6-5.6.28/debian/mysql-server-5.6.mysql.service 2016-03-26 11:01:27.000000000 +0100
@@ -8,9 +8,6 @@
WantedBy=multi-user.target
[Service]
-User=mysql
-Group=mysql
-PermissionsStartOnly=true
ExecStartPre=/usr/share/mysql/mysql-systemd-start pre
ExecStart=/usr/bin/mysqld_safe
ExecStartPost=/usr/share/mysql/mysql-systemd-start post
