Bug #69482 mysql_upgrade does not check it has sufficient file permissions
Submitted: 15 Jun 2013 12:03 Modified: 17 Jun 2013 13:29
Reporter: Simon Mudd (OCA) Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Installing Severity:S3 (Non-critical)
Version:5.6.12 OS:Mac OS X (10.8.4)
Assigned to: CPU Architecture:Any

[15 Jun 2013 12:03] Simon Mudd
Description:
Prior to running mysql_upgrade does not check it has enough filesystem permission. This can lead to the following (assuming the MySQL permissions are good enough):

[sjmudd@mypc ~]$ /usr/local/mysql/bin/mysql_upgrade 
Looking for 'mysql' as: /usr/local/mysql/bin/mysql
Looking for 'mysqlcheck' as: /usr/local/mysql/bin/mysqlcheck
Running 'mysqlcheck' with connection arguments: '--socket=/tmp/mysql.sock' 
Warning: Using a password on the command line interface can be insecure.
Running 'mysqlcheck' with connection arguments: '--socket=/tmp/mysql.sock' 
Warning: Using a password on the command line interface can be insecure.
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.event                                        OK
mysql.func                                         OK
mysql.general_log                                  OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.innodb_index_stats                           OK
mysql.innodb_table_stats                           OK
mysql.ndb_binlog_index                             OK
mysql.plugin                                       OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.proxies_priv                                 OK
mysql.servers                                      OK
mysql.slave_master_info                            OK
mysql.slave_relay_log_info                         OK
mysql.slave_worker_info                            OK
mysql.slow_log                                     OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.user                                         OK
Running 'mysql_fix_privilege_tables'...
Warning: Using a password on the command line interface can be insecure.
Running 'mysqlcheck' with connection arguments: '--socket=/tmp/mysql.sock' 
Warning: Using a password on the command line interface can be insecure.
Running 'mysqlcheck' with connection arguments: '--socket=/tmp/mysql.sock' 
Warning: Using a password on the command line interface can be insecure.
db.app                                  OK
db.app_db_assignment                    OK
...
OK
Could not create the upgrade info file '/usr/local/mysql_data/data/mysql_upgrade_info' in the MySQL Servers datadir, errno: 13
[sjmudd@mypc ~]$ perror 13
OS error code  13:  Permission denied
[sjmudd@mypc ~]$ ls -l /usr/local/ | grep -i mysql
drwxrwxrwx  40 _mysql  wheel   1360 20 Oct  2012 data
lrwxr-xr-x   1 root    wheel     27 15 Jun 13:42 mysql -> mysql-5.6.12-osx10.7-x86_64
drwxr-xr-x  17 root    wheel    578 15 Jun 13:42 mysql-5.6.12-osx10.7-x86_64
drwxr-xr-x   5 _mysql  _mysql   170 20 Oct  2012 mysql_data
[sjmudd@mypc ~]$ 

My user was not in the _mysql group.
This is probably a generic issue though I experienced it on MacOS X 10.8.4

[sjmudd@mypc ~]$ uname -a
Darwin m7 12.4.0 Darwin Kernel Version 12.4.0: Wed May  1 17:57:12 PDT 2013; root:xnu-2050.24.15~1/RELEASE_X86_64 x86_64

My MySQL grants are:

mysql> show grants;
+------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for sjmudd@localhost                                                                                                              |
+------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'sjmudd'@'localhost' IDENTIFIED BY PASSWORD '*CDC006E5FCB22B379747XXXXXXXXXXXXXXXXXXXX' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'sjmudd'@'localhost' WITH GRANT OPTION                                                                           |
+------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

How to repeat:
Run mysql_upgrade as a user with no write access to the datadir but with sufficient privileges to run the SQL needed for mysql_upgrade.

Suggested fix:
Please check that the user running mysql_upgrade has permissions in the datadir to write, and complain before betting the error.
As suggested in a previous bug report it might be better putting this information into the database itself.
[15 Jun 2013 14:51] Shane Bester
This is a known artifact, also reported as bug #37169
Shall we mark this as a duplicate?
[17 Jun 2013 13:29] Simon Mudd
Yes, marking as a duplicate is fine. I guess I should have checked.