PATCH: mysql_fix_privilege_tables

Hi,
I've found that running mysql_fix_privilege_tables requires me to
specify my password on a commandline. That's quite unsafe. I've made a
some changes to the mysql_fix_privilege_tables script. Doesn't use
mysql(1) any environment variable like MY_CNF where it would look for
my.cnf file? I don't seem to find it in list of env variables in mysql
docs. :( I think it would be great feature.

Anyway, as I have in ~/.my.cnf admin user, I really don't need to
specify mysql root password. The patch is against version
mysql-20021125BK.

How-To-Repeat:
I hope this is the right place to submit patches. ;))
Get
http://www.natur.cuni.cz/~mmokrejs/mysql/mysql_fix_privilege _tables.patch

--
Martin Mokrejs ,
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585


------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail bugs-thread13267@lists.mysql.com
To unsubscribe, e-mail

Re: PATCH: mysql_fix_privilege_tables

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

thanks for your message and sorry for the late reply - things are a bit
hectic at the moment...

On Thu, 12 Dec 2002, [iso-8859-2] Martin MOKREJ=A9 wrote:

> I've found that running mysql_fix_privilege_tables requires me to
> specify my password on a commandline. That's quite unsafe. I've made a
> some changes to the mysql_fix_privilege_tables script. Doesn't use
> mysql(1) any environment variable like MY_CNF where it would look for
> my.cnf file?

Not that I am aware of.

> I don't seem to find it in list of env variables in mysql
> docs. :( I think it would be great feature.

Actually, there is one: http://www.mysql.com/doc/en/Environment_variables.h=
tml

> Anyway, as I have in ~/.my.cnf admin user, I really don't need to
> specify mysql root password. The patch is against version
> mysql-20021125BK.
>
> How-To-Repeat:
> I hope this is the right place to submit patches. ;))

Yes it is! Thanks.

> Get http://www.natur.cuni.cz/~mmokrejs/mysql/mysql_fix_privilege _tables.p=
atch

Thanks for pointing this out!

I first had to make some modifications to make apply (Your patch was
against the generated file included in the source distribution while I
needed to patch the file in our BK source tree before I could toy around
with it).

Some comments:

+if [ "$1" =3D "" ]; then

You should probably better change this to:

if test -z $1 ; then

I am not sure if the construct above is portable.

+ cmdline=3D"mysql -f mysql"
+else
+ root_password=3D"$1"
+ echo "Set root_password=3D$1"
+ cmdline=3D"mysql -f --user=3Droot --password=3D\"$root_password\" --host=
=3D$host mysql"
+fi

I don't think I can apply this as it is, since the script would then not
work for "normal" users anymore - how should the script handle a root user
without password, for example? Even though this is not recommended, there
could be installations out there where this is the case.

So I am sorry to tell you, that I don't consider applying this patch at
it's current state - breaking a more general case in favor of fixing a
special one is not an option :)

Bye,
=09LenZ
- --=20
For technical support contracts, visit https://order.mysql.com/?ref=3Dmlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
<___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE9/0K/SVDhKrJykfIRApFAAJ91Y/PxHnfGjmx0H7jdEXFqC6LuZgCd Gh1g
bEt3ivWoD/xX6rh7/tihk80=3D
=3D3Ud3
-----END PGP SIGNATURE-----


------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail bugs-thread13309@lists.mysql.com
To unsubscribe, e-mail

Re: PATCH: mysql_fix_privilege_tables

On Tue, 17 Dec 2002, Lenz Grimmer wrote:

Hi,

> On Thu, 12 Dec 2002, [iso-8859-2] Martin MOKREJ? wrote:
>
> > I've found that running mysql_fix_privilege_tables requires me to
> > specify my password on a commandline. That's quite unsafe. I've made a
> > some changes to the mysql_fix_privilege_tables script. Doesn't use
> > mysql(1) any environment variable like MY_CNF where it would look for
> > my.cnf file?
>
> Not that I am aware of.
>
> > I don't seem to find it in list of env variables in mysql
> > docs. :( I think it would be great feature.
>
> Actually, there is one: http://www.mysql.com/doc/en/Environment_variables.html
>
> > Anyway, as I have in ~/.my.cnf admin user, I really don't need to
> > specify mysql root password. The patch is against version
> > mysql-20021125BK.
> >
> > How-To-Repeat:
> > I hope this is the right place to submit patches. ;))
>
> Yes it is! Thanks.

[...]

> I don't think I can apply this as it is, since the script would then not
> work for "normal" users anymore - how should the script handle a root user
> without password, for example? Even though this is not recommended, there
> could be installations out there where this is the case.
>
> So I am sorry to tell you, that I don't consider applying this patch at
> it's current state - breaking a more general case in favor of fixing a
> special one is not an option :)

I've rewritten the patch so it now accepts empty passwords too. But it
requires ksh (or bash) to execute. But I hope that doesn't matter.

http://www.natur.cuni.cz/~mmokrejs/mysql/mysql_fix_privilege _tables.sh.patch20030128

Hope this is better now for you. ;)
--
Martin Mokrejs ,
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585

------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail bugs-thread13620@lists.mysql.com
To unsubscribe, e-mail

Re: PATCH: mysql_fix_privilege_tables

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

sorry for the late reply on this subject - I've been waiting for Monty to
comment on your proposal...

On Tue, 28 Jan 2003, [iso-8859-2] Martin MOKREJ? wrote:

> I've rewritten the patch so it now accepts empty passwords too. But it
> requires ksh (or bash) to execute. But I hope that doesn't matter.
>
> http://www.natur.cuni.cz/~mmokrejs/mysql/mysql_fix_privilege _tables.sh.patch20030128
>
> Hope this is better now for you. ;)

Here's Montys comments (paraphrased):

Unfortunately we can't require ksh or bash, as these don't exist on all
platforms by default.

Getopt is also not working, as it's not portable and you can achieve the
same under sh with just a little more work.

Check the script "mysql_install_db" on how this could be done.

I am sorry - we really appreciate your efforts!

Bye,
LenZ
- --
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
<___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SPKsSVDhKrJykfIRAmPAAJwJYNWuCxkODPvW2PZfQ+ianz/6aACf bPGK
KKJCDEgPJFi9C4NnLbE0z14=
=KGfT
-----END PGP SIGNATURE-----

------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail bugs-thread13742@lists.mysql.com
To unsubscribe, e-mail

Re: PATCH: mysql_fix_privilege_tables

Hi Lenz,
I thought I'll find time to have a look into this again, but it doesn't
seem so. I don't understand why you insist at all on the /bin/sh, I think
ksh or bash are quite acceptable. I consider this rather unimportant, as
the scripts have to be run only once after upgrade. Important is, that
they can be executed in a convient way, nd the current argument handling
is ugly. It's better to edit the script and set the username/password in
it directly, then to fiddle with them on command line. And I'm not talking
about "security". ;)

The patch doesn't apply cleanly anymore and I have no time to apply
manually line after line, sorry. If it get's applied to bitkeeper tree,
then I would spend the time to rewrite the GetOpt thing, if you really
insist so.

BTW, I'm asking again ... "What happened with my patch to
mysql_setpermission?"
http://lists.mysql.com/cgi-ez/ezmlm-cgi?9:mss:13270:200212:p cdoiifhiljkpjmemmob

Best regards,
Martin

On Tue, 11 Feb 2003, Lenz Grimmer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Martin,
>
> sorry for the late reply on this subject - I've been waiting for Monty to
> comment on your proposal...
>
> On Tue, 28 Jan 2003, [iso-8859-2] Martin MOKREJ? wrote:
>
> > I've rewritten the patch so it now accepts empty passwords too. But it
> > requires ksh (or bash) to execute. But I hope that doesn't matter.
> >
> > http://www.natur.cuni.cz/~mmokrejs/mysql/mysql_fix_privilege _tables.sh.patch20030128
> >
> > Hope this is better now for you. ;)
>
> Here's Montys comments (paraphrased):
>
> Unfortunately we can't require ksh or bash, as these don't exist on all
> platforms by default.
>
> Getopt is also not working, as it's not portable and you can achieve the
> same under sh with just a little more work.
>
> Check the script "mysql_install_db" on how this could be done.
>
> I am sorry - we really appreciate your efforts!
>
> Bye,
> LenZ
> - --
> For technical support contracts, visit https://order.mysql.com/?ref=mlgr
> __ ___ ___ ____ __
> / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer
> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
> /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
> <___/ www.mysql.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
> iD8DBQE+SPKsSVDhKrJykfIRAmPAAJwJYNWuCxkODPvW2PZfQ+ianz/6aACf bPGK
> KKJCDEgPJFi9C4NnLbE0z14=
> =KGfT
> -----END PGP SIGNATURE-----
>

--
Martin Mokrejs ,
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585

------------------------------------------------------------ ---------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail bugs-thread13948@lists.mysql.com
To unsubscribe, e-mail

Re: PATCH: mysql_fix_privilege_tables

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

sorry for the late reply.

On Tue, 11 Mar 2003, [iso-8859-2] Martin MOKREJ=A9 wrote:

> I thought I'll find time to have a look into this again, but it doesn't
> seem so. I don't understand why you insist at all on the /bin/sh, I
> think ksh or bash are quite acceptable. I consider this rather
> unimportant, as the scripts have to be run only once after upgrade.
> Important is, that they can be executed in a convient way, nd the
> current argument handling is ugly. It's better to edit the script and
> set the username/password in it directly, then to fiddle with them on
> command line. And I'm not talking about "security". ;)

Well, I'm only the messenger here - that's how Monty wanted to have it.
Even though the script only has to be run once, we need to make sure, that
it actually runs on as much platforms as possible, hence the requirements
for /bin/sh.

> The patch doesn't apply cleanly anymore and I have no time to apply
> manually line after line, sorry. If it get's applied to bitkeeper tree,
> then I would spend the time to rewrite the GetOpt thing, if you really
> insist so.

I will try to take another look, maybe we can at least use some parts of
it.

> BTW, I'm asking again ... "What happened with my patch to
> mysql_setpermission?"
> http://lists.mysql.com/cgi-ez/ezmlm-cgi?9:mss:13270:200212:p cdoiifhiljkpj=
memmob

It fell through the cracks - sorry about that. I've applied it to the 4.0
tree now. Thanks!

In the future, please use our bug tracking database at
http://bugs.mysql.com instead - that makes it easier for us to track bugs
and patches instead of a mailing list. Thank you!

Bye,
=09LenZ
- --=20
For technical support contracts, visit https://order.mysql.com/?ref=3Dmlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
<___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+qY8ASVDhKrJykfIRAoLeAJ0a7gEshhLUpzdHNqsTBRI7qUG4BwCe L7LW
/WX8al02KSZt8fAsN0MiO1Y=3D
=3DDSjN
-----END PGP SIGNATURE-----

--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=3Dgcdmb-bugs@m.gmane.org