maria-developers team mailing list archive

[Peter Laursen <peter_laursen@xxxxxxxxxx>]

The discussion about under what user privileges the server should run is
also ongoing in MySQL context. Actually I agree with Vlad that a 'mysql'
user and group (like unix) would be preferable sometimes (live sites).  It
can also be done on Windows just like on Unix. Problem is that for many
Windows users it will be a  completely new thing and a mystery to some.  I
am not sure it is the time to change this now.

On Sat, Oct 17, 2009 at 01:38, Vladislav Vaintroub <wlad@xxxxxxx> wrote:

> Hi,
>
> I noticed there is a lot of activity around installer right now.  There are
> couple of things in the Sun/MySQL installer that I believe were done wrong.
> I thought it is a good idea to point to some mistakes in MySQL and  share
> thoughts on what can be done better in MariaDB.
>
>
> MySQL installs and runs under SYSTEM account. It is a big no-no by all
> security measures (the account is akin to Unix root). I think I should not
> explain what a can happen if there is some buffer overflow in the server
> code that can be exploited by sending a specially crafted packet.
> Installations of server software I have seen, do not do that. They create a
> special group, a special non-privileged user and are running service under
> that non-privileged user. Sounds familiar?(yes, this is what has been
> recommended for mysql on Unix since ever) .
>
> So MariaDB installer
> - could create a user mariadbuser if not exists.
> - create a group mariadb if not exists.
> - add mariadbuser to the group mariadb.
> - add user who runs the installer to the group mariadb, maybe asking with a
> pre-checked checkbox (this is for convenience, because this user will
> likely
> want to edit the config files)
> - when creating a database directory,
> - assuming C:\ProgramData\MariaDB will be default root directory for
> databases, assign read/write permissions to the mariadb group (+
> Administrators).
> - store config file in the database directory . In MySQL, my.cnf is stored
> it in ProgramFiles, which makes it all but non-trivial to edit the file
> with
> an editor, even for admins (they need a to run editor under Windows
> equivalent  of "sudo", i.e with elevation). This is a big usability problem
> and source of couple of bugs. This is what Peter (who if I remember
> correctly filed one of these bugs) refers to as "UAC Problem".
> - Of course, user and group should be documented.
>
>
> Re. ConfigWizard, I do not know.  MySQL's one has a nice UI, but the
> functionality is really very basic. Maybe it just makes sense not to ask
> user at all, set reasonable defaults and allow people to edit config file
> afterwards (this would already make MariaDB much friendly towards users
> than
> Sun/MySQL installation.  Personally, I'd be happy even if generated my.cnf
> would contain the bare minimum required mysqld to run( datadir and
> basedir),
> nothing else.
>
> Lastly, it would be cool, if Maria had a native mysql_install_db on Windows
> .Batch wrapper around JScript, VBScript, command line executable, whatever,
> just no bash and no perl please ;)It should do  a bit more than on Unix,
> i.e
> create a minimalistic my.cnf and register the new service.  As the things
> stand today, currently with Windows there is no documented way for people
> to
> create a non-default mysql instance, except copying the directory which
> comes with installation (and after user tables are created, the directory
> it
> is not very usable anymore). And this is pretty ugly. And yes, the new
> mysql_install_db.bat can/should can be integrated into the installer . It
> obsoletes then the build-time  "cross-bootstrap", where mysql_install_db
> that runs on Unix with a single purpose is to generate initial database to
> be used inside Windows zip and installer.
>
> Vladislav.
>
> PS: Don't know whether it is interesting for MariaDB, but I just noticed
> that a high profile MS-installer guru and an open-source friendly guy is
> offering his consulting services.
> http://robmensching.com/
>
> It is Rob Mensching, the author of Wix toolkit, the first and one of the
> most widely known Open Source products by Microsoft. If I understood
> correctly, his main job is still at Microsoft in Office installer team ,
> and
> he is doing consulting in his free time. Disclaimer: I do not know him
> personally, (but if I used WiX  back in the days)  so it is not a shameless
> plug:) But I really believe that if someone like him helps with installer,
> then the result would be good:) It might make sense to get in touch.
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-developers
> Post to     : maria-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-developers
> More help   : https://help.launchpad.net/ListHelp
>