/ Register

Welcome to Centmin Mod Community
Become a Member

Beta Branch centos 6 maraidb error log & logrotation in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jan 20, 2017.

Tags:
Previous Thread Next Thread
Loading...
  1. Jan 20, 2017 #1
    eva2000

    eva2000 Administrator Staff Member

    42,791
    9,685
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,945
    Local Time:
    5:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    centos 6 maraidb error log & logrotation in 123.09beta01

    MariaDB 10.0.29+ and 10.1.21+ changed the way mysql log-error is setup by mysqld_safe. The mysqld_safe prior to those versions use to create the defined log-error file and chown mysql user permissions to it i.e. if you set in /etc/my.cnf log-error=/var/log/mysqld.log, mysqld_safe would chown the /var/log/mysqld.log file with apprioriate permssions for mysql user. The latest MariaDB versions removed the chown ability due to a potential security issue of being able to change permission of root owned files to whatever you want. So it's up to MariaDB end users to create the log-error defined mysql error log with the appropriate permissions yourself. This update does just that manual creates /var/log/mysqld.log error log and chown to mysql user and group ownership with 640 file permissions. The update also sets up apprioriate updated mysql logrotation config files /etc/logrotate.d/mysql and /etc/logrotate.d/mysql-slowlog to ensure proper log rotation with the mysql user/group ownership and 640 file permissions. This issue comes up for CentOS 6 and prevents MariaDB mysql server from starting up with MariaDB 10.0.29+ and 10.1.21+ so the committed fixes allow you set in /etc/my.cnf log-error=/var/log/mysqld.log and start up MariaDB mysql server properly.

    This doesn't really affect CentOS 7 as MariaDB on CentOS 7 uses systemd and mysql error logging is done via journalctl instead via command
    Code (Text):
    journalctl -u mariadb --no-pager


    Continue reading...

    123.09beta01 branch

     
  2. Jan 20, 2017 #2
    eva2000

    eva2000 Administrator Staff Member

    42,791
    9,685
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,945
    Local Time:
    5:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    manual test of new mysql logrotation
    Code (Text):
    logrotate -d /etc/logrotate.d/mysql
reading config file /etc/logrotate.d/mysql
reading config info for /var/log/mysqld.log 

Handling 1 logs

rotating pattern: /var/log/mysqld.log  after 1 days (8 rotations)
empty log files are not rotated, log files >= 0 are rotated earlier, old logs are removed
considering log /var/log/mysqld.log
  log does not need rotating
not running postrotate script, since no logs were rotated
     
    Last edited: Jan 20, 2017
  3. Jan 20, 2017 #3
    eva2000

    eva2000 Administrator Staff Member

    42,791
    9,685
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,945
    Local Time:
    5:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  4. Jan 20, 2017 #4
    eva2000

    eva2000 Administrator Staff Member

    42,791
    9,685
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,945
    Local Time:
    5:53 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    And more info related to the changes at Security Vulnerability CVE-2016-6664 / CVE-2016-5617 | MariaDB

     
Previous Thread Next Thread
Loading...

.