Bug #75288 MySQL Workbench requires unlimited sudo to be able to browse audit logs
Submitted: 22 Dec 2014 13:49 Modified: 9 Mar 2015 21:25
Reporter: Jim Parks Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:6.2.3 OS:Any
Assigned to: CPU Architecture:Any

[22 Dec 2014 13:49] Jim Parks 
Description:
MySQL Workbench requires unlimited sudo to be able to browse audit logs.  This requires users to choose between either following best security practices or getting full functionality of the Workbench product.  Many customers are not willing to provide unlimited root access to every DBA user who can use Workbench to analyze audit logs.  Related to Bug 19802094.

How to repeat:
Don't give unlimited sudo powers to the user running WB on the server, and try to browse audit logs.

Suggested fix:
A non-sudo option with access controlled in the normal way, via filesystem ownership and permissions and/or ACL's.
[9 Mar 2015 21:25] Philip Olson 
Posted by developer:
 
Fixed as of the upcoming MySQL Workbench 6.3.2 release, and here's the changelog entry:

The Audit Log inspector no longer requires sudo access to read audit log
files, and will only prompt for sudo rights if the audit log is not
readable by the MySQL Workbench user.

Thank you for the bug report.