Bug #37169 "mysql_upgrade" needs write permission in the data directory
Submitted: 3 Jun 2008 19:05
Reporter: Joerg Bruehe Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Installing Severity:S3 (Non-critical)
Version:5.0 and up OS:Any
Assigned to: Kent Boortz CPU Architecture:Any
Triage: Triaged: D3 (Medium)

[3 Jun 2008 19:05] Joerg Bruehe
Description:
For local tests, I had MySQL 5.1.25 installed (as a RPM package).
For further tests, I uninstalled that and installed 5.0.62 (RPM).
This caused an error message:

   ERROR: 1136  Column count doesn't match value count at row 1
   080603 20:30:08 [ERROR] Aborting

   080603 20:30:08 [Note] /usr/sbin/mysqld: Shutdown complete

   Installation of system tables failed!

Ok, I consulted the manual, section about upograding, and found the advice to run "mysql_upgrade".
Starting it, I got several success messages, ending in

   mysql.user                                         OK
   test.test                                          OK
   Running 'mysql_fix_privilege_tables'...
   OK
   Could not create the upgrade info file 
      '/var/lib/mysql/mysql_upgrade_info'
          in the MySQL Servers datadir, errno: 13

Error 13 is EACCESS, so this was a permission problem.

I checked the server process was running as user "mysqld", and this was also the  user owning the data directory, so that was ok:

   > ls -ld /var/lib/mysql
   drwxr-xr-x  4 mysql mysql 4096 2008-06-03 20:30 /var/lib/mysql

Then I got the suspicion it might be the "mysql_upgrade" binary that tried to create this file, not the server:

   > strings -a /usr/bin/mysql_upgrade | fgrep mysql_upgrade_info
   mysql_upgrade_info
   create_mysql_upgrade_info_file

I tried using "sudo", and this worked.

How to repeat:
Call "mysql_upgrade" as a user who may call any MySQL client program, but has no write permission in the data directory.

With a default installation, this can be any user except "root" and "mysql".

Suggested fix:
I see several different approaches:

- Keep the "mysql_upgrade_info" file at some other place, where a non-privileged user calling the tool can store a file.

- Make the "mysql_upgrade" program a "setuid mysql" program, so that it may create a file in the data directory.

- Let the server create a dummy "mysql_upgrade_info" file in that directory and make that file world-writable, so that it may be changed by any user.

If all these are unacceptable:

- Add the requirement to the documentation that this program must be run by user "mysql" (or "root", which we should not encourage).
[10 Jun 2010 6:50] Shane Bester
see also bug #54387
[16 Jun 2013 12:46] Shane Bester
Another suggested fix in Bug #69482 which is a duplicate of this.