Bug #52213 installer assumes lenient umask
Submitted: 19 Mar 2010 11:31 Modified: 14 Jun 2010 9:26
Reporter: Richard Davies Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Installing Severity:S2 (Serious)
Version:2.1.1.1141 OS:Linux
Assigned to: BitRock Merlin CPU Architecture:Any

[19 Mar 2010 11:31] Richard Davies 
Description:
This is similar to bug #42584, but that appears to be closed.

The problem relates to umask. The installer assumes a default of 022, whereas server hardening may set this to something like 077. This will cause the monitor installer to fail on mysql_install_db.

This occurred on RHEL 5.4 x86_64, but would probably happen with any similarly hardened Linux.

How to repeat:
Run the installer on a hardened system (as root, /opt does not yet contain any mysql directories):

# umask
0077
# mysqlmonitor-2.1.1.1141-linux-x86_64-installer.bin
...
 Installing
 0% ______________ 50% ______________ 100%
 ########################################Warning: Problem running post-install step. Installation may not complete
correctly
 Error running /opt/mysql/enterprise/monitor/mysql/scripts/mysql_install_db
--defaults-file=/opt/mysql/enterprise/monitor/mysql/my.cnf --user=mysql : ERROR:
1  Can't create/write to file
'/opt/mysql/enterprise/monitor/mysql/data/mysql/db.MYI' (Errcode: 13)
100319 10:29:38 [ERROR] Aborting

Suggested fix:
Set correct permissions for the mysql installation, rather than assume directories will be created with mode 755.

A workaround (as root, /opt does not yet contain any mysql directories):

# umask
0077
# umask 0022
# mysqlmonitor-2.1.1.1141-linux-x86_64-installer.bin
...
 Installing
 0% ______________ 50% ______________ 100%
 #########################################

----------------------------------------------------------------------------
Completed installing files
...
# umask 0077 (only really matters for current session)
[19 Mar 2010 12:55] MySQL Verification Team 
Thank you for the bug report. Please see: http://bugs.mysql.com/bug.php?id=52197.
Thanks in advance.
[23 Mar 2010 14:36] BitRock Merlin 
Hi,

The installer could not modify the umask once it has been started. We suggest to throw an error to avoid this issue at the beginning of the installation:

"The installation has detected that the current umask is set to permissions of ${umaks}, the installation is now exiting. You should modify your umask to at least 0022 before launching the installer. After the installation has completed, reset the umask permissions to your original values."
[23 Mar 2010 14:49] Richard Davies 
http://bugs.mysql.com/bug.php?id=52197 isn't exactly the same problem.

Here mysql_install_db is being run by the Enterprise Monitor installer, and you can see from the error message that --user=mysql is being specified correctly when it is invoked.

As this is all run under a single monolithic installer, the installation options for each component are hidden from the end user anyway.

Also, the problem here is privileges, rather than ownership, as shown by the workaround.
[23 Mar 2010 14:55] Richard Davies 
Re: BitRock Merlin

The problem isn't the umask, but an assumption on the part of the installer as to what the default umask will be.

I would suggest that a better fix is to explicitly set the correct file permissions on the data directory when it is created.
[22 Apr 2010 8:20] BitRock Merlin 
Patch sent to Keith. Note that now the installer works properly with a 0022 or a 0077 umask, not a different one.
[23 Apr 2010 17:33] Enterprise Tools JIRA Robot 
Andy Bang writes: 
In build 2.2.0.1698.
[14 Jun 2010 9:26] MC Brown 
A note has been added to the 2.2.0 changelog: 

        When installing &merlin_server;, the incorrect permissions                                                                       
        could be applied to the embedded MySQL server.