Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1042454: mariadb-server ignores bind-address
2 views
Skip to first unread message
zanyf...@t-online.de
Jul 28, 2023, 8:30:04 AM7/28/23
to
Package: mariadb-server
Version: 1:10.11.3-1
Severity: normal
Dear Maintainer,
after upgrading from Bullseye to Bookworm, MariaDB seems to ignore the
bind-address config option.
In /etc/mysql/mariadb.conf.d/50-server.cnf I have
bind-address = 127.0.0.1
in the [mysqld] section and apparently mariadbd accepted this option:
# mariadbd --help --verbose | grep ^bind
bind-address 127.0.0.1
Nevertheless it actually listens on 0.0.0.0:
# netstat -tlnp | grep mariadb
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4299/mariadbd
tcp6 0 0 :::3306 :::* LISTEN 4299/mariadbd
I tried MYSQLD_OPTS="--bind-address=127.0.0.1" in /etc/default/mysql to no avail.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mariadb-server depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii galera-4 26.4.13-1
ii gawk 1:5.2.1-2
ii iproute2 6.1.0-3
ii libc6 2.36-9+deb12u1
ii libdbi-perl 1.643-4
ii libpam0g 1.5.2-6
ii libssl3 3.0.9-1
ii libstdc++6 12.2.0-14
ii lsof 4.95.0-1
ii mariadb-client 1:10.11.3-1
ii mariadb-common 1:10.11.3-1
ii mariadb-server-core 1:10.11.3-1
ii passwd 1:4.13+dfsg1-1+b1
ii perl 5.36.0-7
ii procps 2:4.0.2-3
ii psmisc 23.6-1
ii rsync 3.2.7-1
ii socat 1.7.4.4-2
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages mariadb-server recommends:
ii libhtml-template-perl 2.97-2
ii mariadb-plugin-provider-bzip2 1:10.11.3-1
ii mariadb-plugin-provider-lz4 1:10.11.3-1
ii mariadb-plugin-provider-lzma 1:10.11.3-1
ii mariadb-plugin-provider-lzo 1:10.11.3-1
ii mariadb-plugin-provider-snappy 1:10.11.3-1
ii pv 1.6.20-1
Versions of packages mariadb-server suggests:
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
pn mariadb-test <none>
pn netcat-openbsd <none>
-- Configuration Files:
/etc/mysql/mariadb.conf.d/50-server.cnf changed:
[server]
[mysqld]
user = mysql
pid-file = /run/mysqld/mysqld.pid
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
lc-messages = en_US
skip-external-locking
bind-address = 127.0.0.1
log_error = /var/log/mysql/error.log
expire_logs_days = 10
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
[embedded]
[mariadb]
plugin_load_add = auth_ed25519
[mariadb-10.11]
-- debconf information:
mariadb-server/old_data_directory_saved:
mariadb-server/nis_warning:
mariadb-server/postrm_remove_databases: false
Thank you for using reportbug
Version: 1:10.11.3-1
Severity: normal
Dear Maintainer,
after upgrading from Bullseye to Bookworm, MariaDB seems to ignore the
bind-address config option.
In /etc/mysql/mariadb.conf.d/50-server.cnf I have
bind-address = 127.0.0.1
in the [mysqld] section and apparently mariadbd accepted this option:
# mariadbd --help --verbose | grep ^bind
bind-address 127.0.0.1
Nevertheless it actually listens on 0.0.0.0:
# netstat -tlnp | grep mariadb
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4299/mariadbd
tcp6 0 0 :::3306 :::* LISTEN 4299/mariadbd
I tried MYSQLD_OPTS="--bind-address=127.0.0.1" in /etc/default/mysql to no avail.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mariadb-server depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii galera-4 26.4.13-1
ii gawk 1:5.2.1-2
ii iproute2 6.1.0-3
ii libc6 2.36-9+deb12u1
ii libdbi-perl 1.643-4
ii libpam0g 1.5.2-6
ii libssl3 3.0.9-1
ii libstdc++6 12.2.0-14
ii lsof 4.95.0-1
ii mariadb-client 1:10.11.3-1
ii mariadb-common 1:10.11.3-1
ii mariadb-server-core 1:10.11.3-1
ii passwd 1:4.13+dfsg1-1+b1
ii perl 5.36.0-7
ii procps 2:4.0.2-3
ii psmisc 23.6-1
ii rsync 3.2.7-1
ii socat 1.7.4.4-2
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages mariadb-server recommends:
ii libhtml-template-perl 2.97-2
ii mariadb-plugin-provider-bzip2 1:10.11.3-1
ii mariadb-plugin-provider-lz4 1:10.11.3-1
ii mariadb-plugin-provider-lzma 1:10.11.3-1
ii mariadb-plugin-provider-lzo 1:10.11.3-1
ii mariadb-plugin-provider-snappy 1:10.11.3-1
ii pv 1.6.20-1
Versions of packages mariadb-server suggests:
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
pn mariadb-test <none>
pn netcat-openbsd <none>
-- Configuration Files:
/etc/mysql/mariadb.conf.d/50-server.cnf changed:
[server]
[mysqld]
user = mysql
pid-file = /run/mysqld/mysqld.pid
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
lc-messages = en_US
skip-external-locking
bind-address = 127.0.0.1
log_error = /var/log/mysql/error.log
expire_logs_days = 10
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
[embedded]
[mariadb]
plugin_load_add = auth_ed25519
[mariadb-10.11]
-- debconf information:
mariadb-server/old_data_directory_saved:
mariadb-server/nis_warning:
mariadb-server/postrm_remove_databases: false
Thank you for using reportbug
Faustin Lammler
Aug 7, 2023, 7:30:05 AM8/7/23
to
Hi!
I am not able to reproduce this.
Can you make sure that there is no other "bind-address" directive in any
configuration file. For instance by verifying the output of:
| sudo grep -r bind-address /etc/mysql/*
Regards,
--
Faustin
GPG: F652 BCD1 1AA8 8975 F010 48A5 390A 2F27 832A 5C79
I am not able to reproduce this.
Can you make sure that there is no other "bind-address" directive in any
configuration file. For instance by verifying the output of:
| sudo grep -r bind-address /etc/mysql/*
Regards,
--
Faustin
GPG: F652 BCD1 1AA8 8975 F010 48A5 390A 2F27 832A 5C79
zanyf...@t-online.de
Aug 11, 2023, 3:50:04 PM8/11/23
to
# grep -r bind-address /etc/mysql/
/etc/mysql/my.cnf.migrated:# bind-address = 127.0.0.1
/etc/mysql/mariadb.conf.d/60-galera.cnf:#bind-address = 0.0.0.0
/etc/mysql/mariadb.conf.d/50-server.cnf:bind-address = 127.0.0.1
You can see that the other two are commented out.
I also noticed that skip-networking is ignored.
/etc/mysql/my.cnf.migrated:# bind-address = 127.0.0.1
/etc/mysql/mariadb.conf.d/60-galera.cnf:#bind-address = 0.0.0.0
/etc/mysql/mariadb.conf.d/50-server.cnf:bind-address = 127.0.0.1
You can see that the other two are commented out.
I also noticed that skip-networking is ignored.
zanyf...@t-online.de
Aug 12, 2023, 4:20:05 AM8/12/23
to
I have found the problem: /etc/mysql/ was only accessible by root. On Bullseye that wasn't a problem because I had SysV Init and apparently mariadb was started as root initially. The upgrade to Bookworm enforced systemd and now mariadb is started as mysql directly.
Unfortunately, mariadb didn't complain about missing permissions in any way.
Unfortunately, mariadb didn't complain about missing permissions in any way.
fau...@fala.red
Sep 20, 2023, 7:40:04 AM9/20/23
to
Hi!
"zanyf...@t-online.de" <zanyf...@t-online.de>,
12/08/2023 – 10:11:19 (+0200):
> I have found the problem: /etc/mysql/ was only accessible by root.
Can you remember what the exact right was? On a clean install, it should
be like follow (debian11):
| $ stat /etc/mysql/
| File: /etc/mysql/
| Size: 4096 Blocks: 8 IO Block: 4096 directory
| Device: fe01h/65025d Inode: 261437 Links: 4
| Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
| Access: 2023-09-20 12:20:59.791411000 +0200
| Modify: 2023-09-20 11:20:09.508000000 +0200
| Change: 2023-09-20 11:20:09.508000000 +0200
| Birth: 2023-09-20 11:19:44.828000000 +0200
| $ ls -l /etc/mysql/
| total 24
| drwxr-xr-x 2 root root 4096 Sep 20 11:19 conf.d
| -rw------- 1 root root 544 Sep 20 11:20 debian.cnf
| -rwxr-xr-x 1 root root 1731 Feb 10 2023 debian-start
| -rw-r--r-- 1 root root 1126 Feb 10 2023 mariadb.cnf
| drwxr-xr-x 2 root root 4096 Sep 20 11:20 mariadb.conf.d
| lrwxrwxrwx 1 root root 24 Sep 20 11:19 my.cnf -> /etc/alternatives/my.cnf
| -rw-r--r-- 1 root root 839 Feb 8 2021 my.cnf.fallback
| $ ls -l /etc/mysql/mariadb.conf.d/
| total 20
| -rw-r--r-- 1 root root 575 Feb 10 2023 50-client.cnf
| -rw-r--r-- 1 root root 231 Feb 10 2023 50-mysql-clients.cnf
| -rw-r--r-- 1 root root 927 Feb 10 2023 50-mysqld_safe.cnf
| -rw-r--r-- 1 root root 3666 Feb 10 2023 50-server.cnf
| -rw-r--r-- 1 root root 570 Feb 10 2023 60-galera.cnf
So the mysql user shouldn't have any problem reading the configuration
files.
"zanyf...@t-online.de" <zanyf...@t-online.de>,
12/08/2023 – 10:11:19 (+0200):
> I have found the problem: /etc/mysql/ was only accessible by root.
be like follow (debian11):
| $ stat /etc/mysql/
| File: /etc/mysql/
| Size: 4096 Blocks: 8 IO Block: 4096 directory
| Device: fe01h/65025d Inode: 261437 Links: 4
| Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
| Access: 2023-09-20 12:20:59.791411000 +0200
| Modify: 2023-09-20 11:20:09.508000000 +0200
| Change: 2023-09-20 11:20:09.508000000 +0200
| Birth: 2023-09-20 11:19:44.828000000 +0200
| $ ls -l /etc/mysql/
| total 24
| drwxr-xr-x 2 root root 4096 Sep 20 11:19 conf.d
| -rw------- 1 root root 544 Sep 20 11:20 debian.cnf
| -rwxr-xr-x 1 root root 1731 Feb 10 2023 debian-start
| -rw-r--r-- 1 root root 1126 Feb 10 2023 mariadb.cnf
| drwxr-xr-x 2 root root 4096 Sep 20 11:20 mariadb.conf.d
| lrwxrwxrwx 1 root root 24 Sep 20 11:19 my.cnf -> /etc/alternatives/my.cnf
| -rw-r--r-- 1 root root 839 Feb 8 2021 my.cnf.fallback
| $ ls -l /etc/mysql/mariadb.conf.d/
| total 20
| -rw-r--r-- 1 root root 575 Feb 10 2023 50-client.cnf
| -rw-r--r-- 1 root root 231 Feb 10 2023 50-mysql-clients.cnf
| -rw-r--r-- 1 root root 927 Feb 10 2023 50-mysqld_safe.cnf
| -rw-r--r-- 1 root root 3666 Feb 10 2023 50-server.cnf
| -rw-r--r-- 1 root root 570 Feb 10 2023 60-galera.cnf
So the mysql user shouldn't have any problem reading the configuration
files.
0 new messages