Bug #79328 super_read_only broken as a server option
Submitted: 18 Nov 2015 14:08 Modified: 24 Feb 2016 23:22
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.7.9, 5.7.11 OS:Any
Assigned to: CPU Architecture:Any
Tags: super_read_only

[18 Nov 2015 14:08] Laurynas Biveinis
Description:
super_read_only passed as a server option has no effect.

How to repeat:
foo-master.opt:

--read_only=1
--super_read_only=1

foo.test:

--source include/not_embedded.inc

select @@global.read_only;
select @@global.super_read_only;

# --Error ER_OPTION_PREVENTS_STATEMENT
create table t1(a int);

drop table t1;

Observe that create table does not fail
[18 Nov 2015 14:10] Laurynas Biveinis
Facebook patch, WebScaleSQL, and Percona Server all went through this bug in 5.6 due to shared implementation. Now you do too, in 5.7. If only contributor's licence were less restrictive... ;)
[18 Nov 2015 16:31] Umesh Shastry
Hello Laurynas,

Thank you for the report and test case.

Thanks,
Umesh
[18 Nov 2015 16:38] Umesh Shastry
Bug #78035 marked as duplicate of this
[18 Nov 2015 17:10] Laurynas Biveinis
Why this has been marked as private, since this concerns SUPER users, who can make configuration changes anyway?
[23 Dec 2015 17:14] Todd Farmer
This bug results in global status information reporting that super_read_only is enabled, when it is not:

mysql> show variables like '%read_only%';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| innodb_read_only | OFF   |
| read_only        | ON    |
| super_read_only  | ON    |
| tx_read_only     | OFF   |
+------------------+-------+
4 rows in set (0.00 sec)

mysql> CREATE TABLE test.t1 (a INT);
Query OK, 0 rows affected (0.47 sec)

Setting super_read_only dynamically is required to work around this.
[24 Feb 2016 23:22] Paul Dubois
Noted in 5.7.12, 5.8.0 changelogs.

Setting the super_read_only system variable at server startup had no
effect.