Bug #71943 Please create a new privilege to allow stopping/starting slaves without SUPER
Submitted: 5 Mar 2014 16:22 Modified: 6 Mar 2014 19:49
Reporter: Simon Mudd (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Replication Severity:S4 (Feature request)
Version:5.7.3 OS:Any
Assigned to: CPU Architecture:Any
Tags: privileges, replication

[5 Mar 2014 16:22] Simon Mudd 
Description:
There are reasons on some slaves to want to stop replication in order to do processing on a "Stable" database.  Later, after processing, replication can be continued.

Currently to do this you need to have SUPER privileges which provides the ability to do many other things and is thus not desirable (such as writing to a READ_ONLY slave).

so providing a new privilege which would allow a user to stop and start replication would be most useful.
The current REPLICATION CLIENT privilege http://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html#priv_replication-client does not have enough privileges to do the required operations, and for some people it may be ok to see the replication status but not to stop or change replication behaviour.

How to repeat:
see above.

Suggested fix:
see above.
[5 Mar 2014 16:34] Simon Mudd 
So to be clear: I'd like to see an extra privilege where replication can be started or stopped, but the configuration can not be changed.

This would be a superset of the current REPLICATION CLIENT and additionally allowing the replication threads to be started or stopped.

It would be good to log who stops or starts any threads as currently the logging shows killed threads exiting or starting but no reason why:

2014-03-05 17:28:47 24596 [Note] Slave SQL thread exiting, replication stopped in log 'binlog.004332' at position 545686956
2014-03-05 17:28:47 24596 [ERROR] Error reading packet from server: Lost connection to MySQL server during query ( server_errno=2013)
2014-03-05 17:28:47 24596 [Note] Slave I/O thread killed while reading event
2014-03-05 17:28:47 24596 [Note] Slave I/O thread exiting, read up to log 'binlog.004332', position 545686956

It might be nice to have an entry before this of the form:
2014-03-05 17:28:47 24596 [Note] User XXX stopping SQL/IO thread(s).

And later:

2014-03-05 17:28:49 24596 User XXXX started SQL/IO thread(s).
...
2014-03-05 17:28:50 24596 [Warning] Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
2014-03-05 17:28:50 24596 [Note] Slave I/O thread: connected to master 'replication-user@master-host:3306',replication started in log 'binlog.004332' at position 545686956
2014-03-05 17:28:50 24596 [Note] Slave SQL thread initialized, starting replication in log 'binlog.004332' at position 545686956, relay log '/path/to/log/relaylog.012462' position: 545687112