Bug #76369 mysql_ssl_rsa_setup dont have user option
Submitted: 18 Mar 2015 8:39 Modified: 20 Apr 2015 20:24
Reporter: Terje Røsten Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.7.6 OS:Any
Assigned to: CPU Architecture:Any

[18 Mar 2015 8:39] Terje Røsten 
Description:
In default config on RPM/DEB the default mysql system user has shell /bin/false.

Hence, it's common to run mysql_ssl_rsa_setup as root user, package scripts will
also run as root.

If running mysql_ssl_rsa_setup as root, all certs files created in DATADIR will be owned
by root, which make them unusable for the server which runs as mysql user.

How to repeat:
Run mysql_ssl_rsa_setup as root user.

Suggested fix:
mysql_ssl_rsa_setup should read user= option from normal config files and also have a --user option
on the command line.

All created certs files should then be owned by the value of this option.
[20 Apr 2015 20:24] Paul DuBois 
Noted in 5.7.8, 5.8.0 changelogs.

mysql_ssl_rsa_setup now has a --uid=name option that enables
specifying the owner for any files created by the program (if the
program is executed as root).