Bug #60789 not correct owners and permissions on files
Submitted: 7 Apr 2011 7:53 Modified: 26 Sep 2011 21:26
Reporter: Pavel Dobryakov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Backup Documentation Severity:S1 (Critical)
Version:3.5.2 OS:Linux
Assigned to:
Triage: Needs Triage: D2 (Serious)

[7 Apr 2011 7:53] Pavel Dobryakov
Description:
I'm testing meb to see the need to purchase a subscription 
i have test server 
show databases; 
+--------------------+ 
| Database | 
+--------------------+ 
| information_schema | 
| kontrollbase | 
| mem | 
| mysql | 
| pmatest | 
| test1 | 
+--------------------+ 

/var/lib/mysql# ls -la 
итого 25692 
drwxrwxrwx 7 mysql mysql 4096 2011-04-07 10:36 . 
drwxr-xr-x 74 root root 4096 2011-03-15 12:27 .. 
-rw-rw---- 1 mysql mysql 10485760 2011-04-07 10:36 ibdata1 
-rw-rw---- 1 mysql mysql 5242880 2011-04-07 10:36 ib_logfile0 
-rw-rw---- 1 mysql mysql 5242880 2011-04-07 10:36 ib_logfile1 
-rw-rw---- 1 mysql mysql 5242880 2011-04-07 10:36 ib_logfile2 
drwx------ 2 mysql mysql 4096 2011-04-07 10:36 kontrollbase 
drwx------ 2 mysql mysql 12288 2011-04-07 10:36 mem 
drwx------ 2 mysql root 4096 2011-04-07 10:36 mysql 
-rw-rw---- 1 mysql mysql 6 2011-04-07 10:35 pavelvdobryakov.pid 
drwx------ 2 mysql mysql 4096 2011-04-07 10:36 pmatest 
drwx------ 2 mysql mysql 4096 2011-04-07 10:36 test1 

then I do a backup of the server: 
mysqlbackup --no-timestamp --ibbackup=/usr/local/bin/ibbackup --slave-info /etc/mysql/my.cnf /home/pavel/backup 
and see in backup folder this: 
/home/pavel/backup# ls -la 
итого 10408 
drwx------ 7 root root 4096 2011-04-07 10:42 . 
drwx------ 73 pavel pavel 24576 2011-04-07 10:42 .. 
-rw-r--r-- 1 root root 292 2011-04-07 10:42 backup-my.cnf 
-rw-r--r-- 1 root root 39 2011-04-07 10:42 ibbackup_binlog_info 
-rw-r--r-- 1 root root 152 2011-04-07 10:42 ibbackup_export_variables.txt 
-rw-r----- 1 root root 4096 2011-04-07 10:42 ibbackup_logfile 
-rw-r--r-- 1 root root 51 2011-04-07 10:42 ibbackup_slave_info 
-rw-r----- 1 root root 10485760 2011-04-07 10:42 ibdata1 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 kontrollbase 
drwxr-x--- 2 root root 28672 2011-04-07 10:42 mem 
drwx------ 2 root root 16384 2011-04-07 10:42 mysql 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 pmatest 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 test1 
already seen that the rights to the files differ 
then i do 
mysqlbackup --apply-log --ibbackup=/usr/local/bin/ibbackup /etc/mysql/my.cnf /home/pavel/backup 
and in the backup dir i see 
/home/pavel/backup# ls -la 
итого 25828 
drwx------ 7 root root 4096 2011-04-07 10:45 . 
drwx------ 73 pavel pavel 24576 2011-04-07 10:42 .. 
-rw-r--r-- 1 root root 292 2011-04-07 10:42 backup-my.cnf 
-rw-r--r-- 1 root root 39 2011-04-07 10:42 ibbackup_binlog_info 
-rw-r--r-- 1 root root 152 2011-04-07 10:42 ibbackup_export_variables.txt 
-rw-r----- 1 root root 4096 2011-04-07 10:42 ibbackup_logfile 
-rw-r--r-- 1 root root 51 2011-04-07 10:42 ibbackup_slave_info 
-rw-r----- 1 root root 10485760 2011-04-07 10:45 ibdata1 
-rw-r----- 1 root root 5242880 2011-04-07 10:45 ib_logfile0 
-rw-r----- 1 root root 5242880 2011-04-07 10:45 ib_logfile1 
-rw-r----- 1 root root 5242880 2011-04-07 10:45 ib_logfile2 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 kontrollbase 
drwxr-x--- 2 root root 28672 2011-04-07 10:42 mem 
drwx------ 2 root root 16384 2011-04-07 10:42 mysql 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 pmatest 
drwxr-x--- 2 root root 4096 2011-04-07 10:42 test1 
Next, I clear out the directory /var/lib/mysql 
and run 
mysqlbackup --copy-back /etc/mysql/my.cnf /home/pavel/backup 
and that's what I see in the directory /var/lib/mysql 
/var/lib/mysql# ls -la 
итого 25696 
drwxrwxrwx 7 mysql mysql 4096 2011-04-07 10:47 . 
drwxr-xr-x 74 root root 4096 2011-03-15 12:27 .. 
-rw-r--r-- 1 root root 39 2011-04-07 10:47 ibbackup_binlog_info 
-rw-r--r-- 1 root root 51 2011-04-07 10:47 ibbackup_slave_info 
-rw-r----- 1 root root 10485760 2011-04-07 10:47 ibdata1 
-rw-r----- 1 root root 5242880 2011-04-07 10:47 ib_logfile0 
-rw-r----- 1 root root 5242880 2011-04-07 10:47 ib_logfile1 
-rw-r----- 1 root root 5242880 2011-04-07 10:47 ib_logfile2 
drwx------ 2 root root 4096 2011-04-07 10:47 kontrollbase 
drwx------ 2 root root 12288 2011-04-07 10:47 mem 
drwx------ 2 root root 4096 2011-04-07 10:47 mysql 
drwx------ 2 root root 4096 2011-04-07 10:47 pmatest 
drwx------ 2 root root 4096 2011-04-07 10:47 test1 
/var/lib/mysql/mysql# ls -la 
итого 6380 
drwx------ 2 root root 4096 2011-04-07 10:47 . 
drwxrwxrwx 7 mysql mysql 4096 2011-04-07 10:47 .. 
-rw-r----- 1 root root 35 2011-04-07 10:47 backup_history.CSM 
-rw-r----- 1 root root 6410 2011-04-07 10:47 backup_history.CSV 
-rw-r----- 1 root root 71260 2011-04-07 10:47 backup_history.frm 
-rw-r----- 1 root root 35 2011-04-07 10:47 backup_progress.CSM 
-rw-r----- 1 root root 5627 2011-04-07 10:47 backup_progress.CSV 
-rw-r----- 1 root root 33370 2011-04-07 10:47 backup_progress.frm 
-rw-r----- 1 root root 8820 2011-04-07 10:47 columns_priv.frm 
-rw-r----- 1 root root 0 2011-04-07 10:47 columns_priv.MYD 
-rw-r----- 1 root root 4096 2011-04-07 10:47 columns_priv.MYI 
-rw-r----- 1 root root 9582 2011-04-07 10:47 db.frm 
-rw-r----- 1 root root 3520 2011-04-07 10:47 db.MYD 
-rw-r----- 1 root root 5120 2011-04-07 10:47 db.MYI 
-rw-r----- 1 root root 10223 2011-04-07 10:47 event.frm 
-rw-r----- 1 root root 0 2011-04-07 10:47 event.MYD 
.................... 
.................... 
.................... 

How to repeat:
write in description
[7 Apr 2011 13:58] Valerii Kravchuk
Verified just as described on Ubuntu 10.04. I had to use sudo to be able to read files from default 5.1.41 MySQL instance, and (after making mysqlbackup work, eventually), got the following ownership and permissions for the backup:

openxs@ubuntu:~$ sudo ls -l backup
total 256284
-rw-r--r-- 1 root root       300 2011-04-07 16:50 backup-my.cnf
-rw-r--r-- 1 root root        18 2011-04-07 16:51 ibbackup_binlog_info
-rw-r--r-- 1 root root       152 2011-04-07 16:51 ibbackup_export_variables.txt
-rw-r----- 1 root root      3072 2011-04-07 16:51 ibbackup_logfile
-rw-r----- 1 root root 262144000 2011-04-07 16:51 ibdata1
drwx------ 2 root root      4096 2011-04-07 16:51 mysql
drwx------ 2 root root      4096 2011-04-07 16:51 sisppg
drwx------ 2 root root      4096 2011-04-07 16:51 test

Compare this to original files:

openxs@ubuntu:~$ sudo ls -l /var/lib/mysql
total 266540
-rw-r--r-- 1 mysql mysql         0 2010-07-16 14:15 debian-5.0.flag
-rw-r--r-- 1 mysql mysql         0 2011-03-01 16:46 debian-5.1.flag
-rw-rw---- 1 mysql mysql 262144000 2011-04-07 16:51 ibdata1
-rw-rw---- 1 mysql mysql   5242880 2011-04-07 16:51 ib_logfile0
-rw-rw---- 1 mysql mysql   5242880 2011-04-07 16:51 ib_logfile1
drwx------ 2 mysql mysql      4096 2011-04-07 16:51 mysql
-rw------- 1 mysql mysql         6 2010-09-03 09:11 mysql_upgrade_info
drwx------ 2 mysql mysql      4096 2011-02-24 17:49 sisppg
drwx------ 2 mysql mysql      4096 2011-04-05 12:28 test
-rw-rw---- 1 mysql mysql         4 2011-04-07 10:17 ubuntu.pid
[19 Apr 2011 11:13] Pavel Dobryakov
have any plans to fix this problem?
[23 May 2011 8:06] Pavel Dobryakov
This bug prevents our company to make the final decision to purchase enterprise subscription. Is-there any plans to fix it?
[31 May 2011 19:55] Sveta Smirnova
Pavel,

we are not allowed to discuss any plans in public, nor discuss anything not related to how to repeat and/or fix bugs in this bug database. Please contact your account manager or Sales representative who works with you to discuss this case.
[21 Sep 2011 7:54] Santo Leto
Closing as "Not a bug".

It is assumed that the user is familiar with the security mechanisms provided by the operating system. 
For example, on Unix-like systems the umask controls the file permissions for the new files created by MySQL server and mysqlbackup program. 

Please set umask correctly.
[26 Sep 2011 9:27] Santo Leto
It seems that this problem does not happen on Windows, at least as per "cacls" output.

I've tested this using the following commands:

- cacls *.* > d:\original.txt
- cacls *.* > d:\backup_dir.txt
- cacls *.* > d:\apply-log.txt
- cacls *.* > d:\copy-back.txt

and then comparing output files.

In my case, the content of the "original.txt" file is similar to the following:

db_12976288 BUILTIN\Administrators:F 
BUILTIN\Administrators:(OI)(CI)(IO)F 
NT AUTHORITY\SYSTEM:F 
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F 
NT AUTHORITY\Authenticated Users:C 
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C 
BUILTIN\Users:R 
BUILTIN\Users:(OI)(CI)(IO)(special access:)

                          GENERIC_READ
                          GENERIC_EXECUTE

ibdata1 BUILTIN\Administrators:F 
    NT AUTHORITY\SYSTEM:F 
    NT AUTHORITY\Authenticated Users:C 
    BUILTIN\Users:R 

ib_logfile0 BUILTIN\Administrators:F 
NT AUTHORITY\SYSTEM:F 
NT AUTHORITY\Authenticated Users:C 
BUILTIN\Users:R 

ib_logfile1 BUILTIN\Administrators:F 
NT AUTHORITY\SYSTEM:F 
NT AUTHORITY\Authenticated Users:C 
BUILTIN\Users:R 

mysql BUILTIN\Administrators:F 
  BUILTIN\Administrators:(OI)(CI)(IO)F 
  NT AUTHORITY\SYSTEM:F 
  NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F 
  NT AUTHORITY\Authenticated Users:C 
  NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C 
  BUILTIN\Users:R 
  BUILTIN\Users:(OI)(CI)(IO)(special access:)

                    GENERIC_READ
                    GENERIC_EXECUTE
 

performance_schema BUILTIN\Administrators:F 
       BUILTIN\Administrators:(OI)(CI)(IO)F 
       NT AUTHORITY\SYSTEM:F 
       NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F 
       NT AUTHORITY\Authenticated Users:C 
       NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C 
       BUILTIN\Users:R 
       BUILTIN\Users:(OI)(CI)(IO)(special access:)

                                 GENERIC_READ
                                 GENERIC_EXECUTE

SLETO-IT.log BUILTIN\Administrators:F 
 NT AUTHORITY\SYSTEM:F 
 NT AUTHORITY\Authenticated Users:C 
 BUILTIN\Users:R 

SLETO-IT.pid BUILTIN\Administrators:F 
 NT AUTHORITY\SYSTEM:F 
 NT AUTHORITY\Authenticated Users:C 
 BUILTIN\Users:R 

sr3 BUILTIN\Administrators:F 
BUILTIN\Administrators:(OI)(CI)(IO)F 
NT AUTHORITY\SYSTEM:F 
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F 
NT AUTHORITY\Authenticated Users:C 
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C 
BUILTIN\Users:R 
BUILTIN\Users:(OI)(CI)(IO)(special access:)

                  GENERIC_READ
                  GENERIC_EXECUTE

test BUILTIN\Administrators:F 
 BUILTIN\Administrators:(OI)(CI)(IO)F 
 NT AUTHORITY\SYSTEM:F 
 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F 
 NT AUTHORITY\Authenticated Users:C 
 NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C 
 BUILTIN\Users:R 
 BUILTIN\Users:(OI)(CI)(IO)(special access:)

                   GENERIC_READ
                   GENERIC_EXECUTE

The other 3 files have same content.
[26 Sep 2011 21:26] John Russell
Documentation is being updated with the requirement to be aware of the permission/ownership considerations and possibly do some combination of umask/chown/chmod.

Table 3.1. Information Needed to Back Up a Database
A.1. Limitations of mysqlbackup Command

The capability to automate this operation via the mysqlbackup command is being submitted as a product requirement. (Which is not a guarantee that the requirement will be accepted.)