From clinton at unknownlamer.org Sat Nov 6 15:47:11 2021 From: clinton at unknownlamer.org (Clinton Ebadi) Date: Sat, 06 Nov 2021 15:47:11 -0400 Subject: [HCoop-Discuss] Mysql-fixperms has been eliminated Message-ID: <877ddlcbi8.fsf@drizzlehell> Greetings, As has been planned for over a year but never implemented, MySQL default behavior should be much more sensible going forward: https://git.hcoop.net/hcoop/domtool2.git/commit/d505bba1ca42e447925faa4f4d042d8378b77980 Members will have "ALL ON $db.*" permissions by default going forward, which should fix a lot of weird behavior with installation and migration scripts failing because they can't use constructs like 'DROP TABLE ... IF EXISTS' or make the reasonable assumption they can DROP database objects created in the same script. This comes with the risk of members dropping their own databses, but in this case the added safety is not worth the usability cost. We keep a week of daily database backups (https://wiki.hcoop.net/MemberManual/Databases#Database_Backups), so some risk is mitigated at least. The documentation at https://wiki.hcoop.net/MemberManual/Databases#MySQL has been updated to reflect the new default permission scheme. Background: Since at least 2007, we've avoided granting members DROP permissions at the database-wide level since this allows the database itself to be dropped. This is an unpleasant risk, but unfortunately there is no way to avoid it -- almost all software is written with the assumption it can DROP objects within the database at will, and our safety precaution breaks a lot of installation and migraton scripts. For example, something as innocuous as "DROP TABLE ... IF EXISTS" for a table that does not actually exist fails with an error, since members cannot have DROP permissions to objects that don't exist. Given how much our permissions regime broke basic things like installation scripts, mysql-fixperms has been axed. Looking over our setup, I found nowhere where a member dropping their own database outside of `dbtool' would actually be a problem, except obviously in the case of an accidental drop. Anyway, sorry about taking so long to get to this, I hope this improves the default experience a bit. -- ntk is currently using "telnet fyodor 25" to send email