Join the community today
Become a Member

Beta Branch centos 6 maraidb error log & logrotation in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jan 20, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,613
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,304
    Local Time:
    8:49 PM
    Nginx 1.13.x
    MariaDB 5.5
    centos 6 maraidb error log & logrotation in 123.09beta01

    MariaDB 10.0.29+ and 10.1.21+ changed the way mysql log-error is setup by mysqld_safe. The mysqld_safe prior to those versions use to create the defined log-error file and chown mysql user permissions to it i.e. if you set in /etc/my.cnf log-error=/var/log/mysqld.log, mysqld_safe would chown the /var/log/mysqld.log file with apprioriate permssions for mysql user. The latest MariaDB versions removed the chown ability due to a potential security issue of being able to change permission of root owned files to whatever you want. So it's up to MariaDB end users to create the log-error defined mysql error log with the appropriate permissions yourself. This update does just that manual creates /var/log/mysqld.log error log and chown to mysql user and group ownership with 640 file permissions. The update also sets up apprioriate updated mysql logrotation config files /etc/logrotate.d/mysql and /etc/logrotate.d/mysql-slowlog to ensure proper log rotation with the mysql user/group ownership and 640 file permissions. This issue comes up for CentOS 6 and prevents MariaDB mysql server from starting up with MariaDB 10.0.29+ and 10.1.21+ so the committed fixes allow you set in /etc/my.cnf log-error=/var/log/mysqld.log and start up MariaDB mysql server properly.

    This doesn't really affect CentOS 7 as MariaDB on CentOS 7 uses systemd and mysql error logging is done via journalctl instead via command
    Code (Text):
    journalctl -u mariadb --no-pager
    


    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,613
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,304
    Local Time:
    8:49 PM
    Nginx 1.13.x
    MariaDB 5.5
    manual test of new mysql logrotation
    Code (Text):
    logrotate -d /etc/logrotate.d/mysql
    reading config file /etc/logrotate.d/mysql
    reading config info for /var/log/mysqld.log 
    
    Handling 1 logs
    
    rotating pattern: /var/log/mysqld.log  after 1 days (8 rotations)
    empty log files are not rotated, log files >= 0 are rotated earlier, old logs are removed
    considering log /var/log/mysqld.log
      log does not need rotating
    not running postrotate script, since no logs were rotated
    
     
    Last edited: Jan 20, 2017
  3. eva2000

    eva2000 Administrator Staff Member

    30,613
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,304
    Local Time:
    8:49 PM
    Nginx 1.13.x
    MariaDB 5.5
  4. eva2000

    eva2000 Administrator Staff Member

    30,613
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,304
    Local Time:
    8:49 PM
    Nginx 1.13.x
    MariaDB 5.5
    And more info related to the changes at Security Vulnerability CVE-2016-6664 / CVE-2016-5617 | MariaDB