Bug #52522 Running mysql_upgrade loses trigger privileges
Submitted: 1 Apr 2010 11:43 Modified: 20 May 2010 9:41
Reporter: Nidhi Shrotriya Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.5.3-m3 OS:Any
Assigned to: CPU Architecture:Any

[1 Apr 2010 11:43] Nidhi Shrotriya 
Description:
In 5.1
----------

mysql> CREATE USER 'trig_user'@'localhost' IDENTIFIED BY 'trig_pass';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT INSERT, SELECT, UPDATE, DELETE  on trigdb.* to 'trig_user'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'trig_user'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for trig_user@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'trig_user'@'localhost' IDENTIFIED BY PASSWORD '*23815845E5E220C48E55A82C239022AF42F58660' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `trigdb`.* TO 'trig_user'@'localhost'                                    |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

After upgrade to 5.5.3-m3
---------------------------
mysql> create database trigdb;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE TABLE trigdb.t7(i int);
Query OK, 0 rows affected (0.02 sec)

mysql> GRANT TRIGGER ON trigdb.t7 to 'trig_user'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'trig_user'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for trig_user@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'trig_user'@'localhost' IDENTIFIED BY PASSWORD '*23815845E5E220C48E55A82C239022AF42F58660' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `trigdb`.* TO 'trig_user'@'localhost'                                    |
| GRANT TRIGGER ON `trigdb`.`t7` TO 'trig_user'@'localhost'                                                        |
+------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

Run mysql_upgrade now.

mysql> show grants for 'trig_user'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for trig_user@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'trig_user'@'localhost' IDENTIFIED BY PASSWORD '*23815845E5E220C48E55A82C239022AF42F58660' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `trigdb`.* TO 'trig_user'@'localhost'                                    |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

=>Trigger privilege is lost. 

Or After downgrade to 5.1 
----------------------------
mysql> show grants for 'trig_user'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for trig_user@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'trig_user'@'localhost' IDENTIFIED BY PASSWORD '*23815845E5E220C48E55A82C239022AF42F58660' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `trigdb`.* TO 'trig_user'@'localhost'                                    |
| GRANT TRIGGER ON `trigdb`.`t7` TO 'trig_user'@'localhost'                                                        |
+------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

Run mysql_upgrade (Not required after downgrade but let say you run it due to bug#50183)

mysql> show grants for 'trig_user'@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for trig_user@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'trig_user'@'localhost' IDENTIFIED BY PASSWORD '*23815845E5E220C48E55A82C239022AF42F58660' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `trigdb`.* TO 'trig_user'@'localhost'                                    |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Trigger privilege is lost. 

Same happens by just running mysql_upgrade on 5.5.3-m3 too before downgrading or on 5.1 after downgrading. 

How to repeat:
As mentioned in  how to repeat section.
[6 Apr 2010 19:03] Omer Barnir 
It appears that the trigger is added after the 5.5 server is started but before the upgrade is run. This is not a valid 'scenario' to follow.

Please clarify
==Omer
[6 May 2010 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[20 May 2010 9:41] Nidhi Shrotriya 
bug#53613 presents the valid scenario. So making it duplicate of the same.