Bug #3316 Can't chroot and run as "mysql" user
Submitted: 27 Mar 2004 18:28 Modified: 12 Jul 2005 7:22
Reporter: Steve Slater Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:4.1.1-alpha OS:Linux (suse 9)
Assigned to: Assigned Account CPU Architecture:Any

[27 Mar 2004 18:28] Steve Slater 
Description:
Can't do both chroot and run as "mysql" user

How to repeat:
I saw a few other random postings of the problem but no solutions. If you start mysqld with both:

--user=mysql --chroot=/path/to/chroot

You'll get this:

Fatal error: Can't change to run as user 'mysql' ;  Please check that the user exists!
040327 18:00:48  Aborting

If you start it with --user=root --chroot=/path/to/chroot

it works fine.

Suggested fix:
There was a posting online referencing the comments about shared library and these lines in mysqld.cc:

  if (!strcmp(user,"root"))
    return;                             // Avoid problem with dynamic libraries

  uid_t uid;
  if (!(ent = getpwnam(user)))

Someone was thinking that the getpwnam won't work, even if the chroot jail has the passwd/shadow entries. 

But I really don't know if that applies here or not.
[5 Apr 2004 16:00] Timothy Smith 
Can you please give step-by-step instructions on what you tried?  It works fine on FreeBSD 5.2 for me as follows.  Perhaps this is Linux-specific.  If so, one of my colleagues will test this.  An explicit test case (like I give below) will save us time, if you can provide it.

I tried this:

tim@sand:~/m/41m$ mkdir ../chroot41
tim@sand:~/m/chroot41$ ls etc
group         master.passwd passwd        pwd.db        spwd.db
tim@sand:~/m/41m$ cp -r ../chroot40/etc ../chroot41
tim@sand:~/m/41m$ cp -r bin data share ../chroot41
tim@sand:~/m/41m$ cd ../chroot41
tim@sand:~/m/chroot41$ (sudo ./bin/mysqld --chroot=$PWD --basedir=. --datadir=./
data --skip-networking --user=tim --tmpdir=. --socket=./mysql.sock &)
tim@sand:~/m/chroot41$ ./bin/mysqld: ready for connections.
Version: '4.1.2-alpha-debug'  socket: './mysql.sock'  port: 0

tim@sand:~/m/chroot41$ ./bin/mysql -S ./data/mysql.sock 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.2-alpha-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show variables like '%dir';
+---------------------------+------------------------+
| Variable_name             | Value                  |
+---------------------------+------------------------+
| basedir                   | /                      |
| character-sets-dir        | /share/mysql/charsets/ |
| datadir                   | /data/                 |
| innodb_data_home_dir      |                        |
| innodb_log_arch_dir       | ./                     |
| innodb_log_group_home_dir | ./                     |
| tmpdir                    | .                      |
+---------------------------+------------------------+
7 rows in set (0.00 sec)

mysql> Bye
tim@sand:~/m/chroot41$ 

This is on FreeBSD 5.2, using a static mysqld binary of 4.1.2-alpha (code from a few weeks ago).
[12 Apr 2004 23:56] Steve Slater 
I have a little more information now. It turns out it does work correctly with the mysql binary. The problem is just with my build so there is no bug. 

But is there any chance you would know why a build with this configure line would not work?

./configure --enable-shared --with-embedded-
server --with-berkeley-db --with-innodb --with-openssl --enable-assembler --enab
le-local-infile --with-mysqld-user=mysql --with-unix-socket-path=/tmp/mysql.sock
 --prefix=/usr/local/mysql --with-extra-charsets=complex --exec-prefix=/usr/loca
l/mysql --libexecdir=/usr/local/mysql/sbin --libdir=/usr/local/mysql/lib --sysco
nfdir=/etc --datadir=/usr/local/mysql/share --localstatedir=/usr/local/mysql/dat
a --infodir=/usr/local/mysql/share/info --includedir=/usr/local/mysql/include --
mandir=/usr/local/mysql/share/man --enable-thread-safe-client 

An strace shows very little:

....
open("/usr/lib/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "Fatal error: Can\'t change to run"..., 87Fatal error: Can't change to run as user 'mysql' ;  Please check that the user exists!

Thanks anyway!
Steve
[14 Feb 2005 22:54] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[12 Jul 2005 7:21] Aleksey Kishkin 
reopened as closed by mistake
[12 Jul 2005 7:22] Aleksey Kishkin 
looks like a duplicate of http://bugs.mysql.com/bug.php?id=9244