| Bug #46569 | Backup fails even when all privileges are assigned to user on db.* | ||
|---|---|---|---|
| Submitted: | 5 Aug 2009 16:03 | Modified: | 21 Apr 2010 17:33 |
| Reporter: | Hema Sridharan | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Backup | Severity: | S3 (Non-critical) |
| Version: | mysql-5.4.4 | OS: | Any |
| Assigned to: | Chuck Bell | CPU Architecture: | Any |
[5 Aug 2009 16:03]
Hema Sridharan
[5 Aug 2009 17:54]
MySQL Verification Team
Thank you for the bug report. Verified as described: c:\temp>mysql\bin\mysql -ujoe Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.4.4-alpha-Win X64-debug Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> backup database db1 to 'db2.bak'; ERROR 1748 (HY000): Can't enumerate grants in database 'db1'. mysql>
[5 Aug 2009 18:04]
Chuck Bell
This is not a bug. The code is expected to behave this way if the user does not have appropriate permissions to backup all of the objects. BUG#44787 is designed to change this behavior but it is currently part of a larger discussion regarding how to handle elevation and/or privilege checking in general. Note: Restore can also fail in the middle for similar privilege issues.
[5 Aug 2009 18:18]
Peter Laursen
To me the last reply is completely non-understandable 1) it contradicts what documentation says 2) all privleges were granted to that database If details of things are stil discussed then leave this open as a verified bug for as long.
[26 Aug 2009 14:38]
Lars Thalmann
Re-opening this bug. The manual (for 6.0) and the code do not seem to correspond to each other. We need to fix either the privs, the manual, or both.
[27 Aug 2009 15:26]
Chuck Bell
When one executes a GRANT ALL to a user for a given database (or all databases), it gives the user all privileges on all objects in the database including BACKUP and RESTORE. However, it does *not* grant the user SELECT or any semblance of access to the mysql database. Currently, a user needs access to certain tables in the mysql database in order to do a complete backup. This is how the system works today. Thus, this is not a bug because GRANT ALL does *not* give the user all of the rights for all of the metadata (such as grants) for a given database and can therefore fail if the user does not have sufficient rights to the mysql database. There is a similar case for restore.
[10 Sep 2009 13:21]
Chuck Bell
Per 8 September backup meeting: - Close this bug as not a bug
[10 Sep 2009 14:21]
Chuck Bell
Please disregard last post. I was a bit premature in marking it as not a bug. There are still those who object to that decision. Asked that this be added to next backup meeting agenda.
[10 Sep 2009 14:33]
Peter Laursen
;-) .. but I'd like to add comment the comment that current situation is inconsistent with mysqldump and all 3rd party tools generating backups as SQL statements.
[29 Sep 2009 14:46]
Chuck Bell
It was decided on 29 September that we should do a discrete privilege elevation for backup that allows anyone with the BACKUP_PRIV on a given database to backup that database. Thus, this case of granting ALL to a user will give the user all of the privileges needed to do backup.
[29 Sep 2009 18:40]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/85097 2875 Chuck Bell 2009-09-29 BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup. @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Changed previously failing tests to passed due to new privilege elevation for backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. @ sql/si_objects.h Primitives for new elevation methods.
[2 Oct 2009 13:52]
Ingo Strüwing
Please see questions by email.
[2 Oct 2009 21:58]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/85610 2875 Chuck Bell 2009-10-02 BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup. @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Removed previous step-wise privilege check on backup with new test cases for the elevated privilege backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. @ sql/si_objects.h Primitives for new elevation methods.
[5 Oct 2009 19:47]
Chuck Bell
Updated reviewers.
[6 Oct 2009 20:53]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/85959 2875 Chuck Bell 2009-10-06 BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup. @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Removed previous step-wise privilege check on backup with new test cases for the elevated privilege backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. The code is designed to hide the elevation and is only used for elevating SELECT and SHOW CREATE statements.
[15 Oct 2009 15:16]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/86999 2875 Chuck Bell 2009-10-15 BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup. @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Removed previous step-wise privilege check on backup with new test cases for the elevated privilege backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. The code is designed to hide the elevation and is only used for elevating SELECT and SHOW CREATE statements.
[16 Oct 2009 5:36]
Rafal Somla
Approved.
[23 Oct 2009 20:30]
Thava Alagu
Patch approved.
[23 Oct 2009 21:19]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/88057 2884 Chuck Bell 2009-10-23 [merge] BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup.x @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Removed previous step-wise privilege check on backup with new test cases for the elevated privilege backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. The code is designed to hide the elevation and is only used for elevating SELECT and SHOW CREATE statements.
[23 Oct 2009 21:27]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/88058 2884 Chuck Bell 2009-10-23 [merge] BUG#46569 : Backup fails even when all privileges are assigned to user on db.* When an admin issues GRANT ALL on a database and the database contains objects other than tables (such as stored procedures and database-level grants), the default privileges granted by GRANT ALL are not enough to successfully execute backup. This is because there are additional privileges users need to read the mysql database tables that contain procedure, event, triggers, and grant information. On 29 September, the backup team decided to overcome this limitation by introducing temporary privilege elevation for backup. This patch includes code to temporarily give the user the privileges needed to read all metadata for all objects in the database. This is granted only during the execution of the SELECT statements inside si_objects.cc and does not infer any additional privileges outside of the execution of backup.x @ mysql-test/suite/backup/r/backup_security.result Corrected result file. @ mysql-test/suite/backup/r/backup_security_check.result Corrected result file. @ mysql-test/suite/backup/t/backup_security.test Removed previous step-wise privilege check on backup with new test cases for the elevated privilege backup. @ mysql-test/suite/backup/t/backup_security_check.test Changed tests that failed due to insufficient rights to passed tests. This is because so long as a user has BACKUP granted on a database, she can execute backup. Also added test case to show one only needs BACKUP to execute the backup database command. @ sql/si_objects.cc Implements backup privilege elevation for execution of internal SELECTs against the mysql and information_schema databases. The code is designed to hide the elevation and is only used for elevating SELECT and SHOW CREATE statements.
[20 Feb 2010 9:18]
Bugs System
Pushed into 6.0.14-alpha (revid:ingo.struewing@sun.com-20100218152520-s4v1ld76bif06eqn) (version source revid:ingo.struewing@sun.com-20100119103538-wtp5alpz4p2jayl5) (merge vers: 6.0.14-alpha) (pib:16)
[21 Apr 2010 17:33]
Paul DuBois
Noted in 6.0.14 changelog. For changelog entry, see Bug#44787.
