Public bug reported:
1. Ubuntu release:
# lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
2. Version of package
# apt-cache policy mysql-server
mysql-server:
Installed: 5.5.24-0ubuntu0.12.04.1
Candidate: 5.5.24-0ubuntu0.12.04.1
Version table:
*** 5.5.24-0ubuntu0.12.04.1 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
100 /var/lib/dpkg/status
5.5.22-0ubuntu1 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
3. Expected behaviour
mysql debian-sys-maint user has all mysql priviliges.
4. What happened instead
mysql debian-sys-maint user has all mysql priviliges except
create_tablespace, causing creation of new users and grant of *.*
privileges to fail.
5. Details.
This bug concerns privileges granted to the debian-sys-maint user under
Precise, which represents a regression as compared to Lucid and mysql-
server-5.0.
Unde Lucid, the debian-sys-maint user has all privileges granted to it.
This means it is possible for a package which needs to autoinstall
without asking for password credentials interactively to use the debian-
sys-maint user to create another user and grant that user appropriate
privileges. On an appliance type install, the following might be used:
CREATE USER 'mypackageadminuser'@'localhost' IDENTIFIED BY
'randomlygeneratedpassword';
GRANT ALL PRIVILEGES ON *.* TO 'mypackageadminuser'@'localhost' WITH GRANT
OPTION;
This approach succeeds on Lucid.
However, a change in Precise means that this process now fails. mysql
5.5 has added another privilege (create_tablespace), and for some reason
debiansysmaint does not have that. That means the second grant statement
fails as (from the MySQL reference manual at
http://dev.mysql.com/doc/refman/5.5/en/grant.html ):
"To use GRANT, you must have the GRANT OPTION privilege, ***and you must
have the privileges that you are granting.***" (my emphasis)
The grant of *.* privileges fails (I believe) because of the lack of the
create_tablespace privileges (that is the only difference in privileges
between that and the root user). This causes such packages to fail to
install even if rebuilt on Precise. I can see no particular reason why
the debian-sys-maint user should not have this privilege.
** Affects: mysql-5.5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1062716
Title:
Regression in privileges of mysql debian-sys-maint user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1062716/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
