Bug #2163 bogus user warning caused by redundant my.cnf inheritance
Submitted: 18 Dec 2003 12:33 Modified: 19 Dec 2003 14:00
Reporter: [ name withheld ] Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S4 (Feature request)
Version:4.0.14 OS:Linux (Linux/i386)
Assigned to: Sergei Golubchik CPU Architecture:Any
Triage: D5 (Feature request)

[18 Dec 2003 12:33] [ name withheld ]
Description:
If you set the user to run mysqld as in the mysqld section, then mysqld_safe inherits the argument, and explicitly passes it to mysqld.  Then when mysql is parsing it's config, it throws the bogus warning:

Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line

So, in order to get rid of this unsightly warning from the log, I would have to add the user to the mysqld_safe section instead.  The problem with that is that my distro first runs mysqld directly in bootstrap mode to automatically set the root password in the db - so this invocation needs a "--user mysql" argument if I move the user option to the [mysqld_safe] section.

How to repeat:
Set:

   [mysqld]
    user=mysql
   ...

in /etc/my.cnf, then stop/start mysqld and view the error. 

Suggested fix:
   mysqld_safe shouldn't inherit options from the [mysqld] section, as it is redundant and unnecessary.

AND/OR

   The mysqld binary shouldn't care if we are trying to set the user to the same username twice.
[19 Dec 2003 8:28] Dean Ellis
The reported behavior occurs, of course, but as the inheritance is documented and intended I am suggesting some changes to this issue...

Bug:

user option in [mysqld_safe] or specified via mysqld_safe --user is ignored (4.0.18 and 4.1.2) when user option is also in [mysqld] group.  mysqld_safe instead passes the value from [mysqld].  The reported behavior is partially a side-effect of this bug.

Feature request:

Have mysqld only log command-line --user overrides when configured to log warnings.
[19 Dec 2003 13:59] Sergei Golubchik
no, real bug is that user=xxx settings from [mysqld] group is put into command line - this causes the warning. This is fixed in 4.0.18

the fact that only the first user=xxx option is used and that the warning is generated if there're several user=xxx in option files (or command line) is not a bug but a feature. The warning should be treated as a security warning and could indicate that a user with FILE privileges created DATADIR/my,cnf (using SELECT ... INTO DUMPFILE) with user=xxx entry, trying to elevate mysqld's privileges - planning to exploit them further. This is also the reason for user=xxx option to behave differently from others (only first user=xxx is used, while last option=xxx is used for any other option).
[19 Dec 2003 14:00] Sergei Golubchik
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html