问题
I try to install "mysqludf_sys". But i got this error:
ERROR 1126 (HY000) at line 29: Can't open shared library 'lib_mysqludf_sys.so' (errno: 0 /usr/lib/mysql/plugin/lib_mysqludf_sys.so: cannot open shared object file: No such file or directory)
ERROR: unable to install the UDF
So, i tried to solve it with the following mofification in Makefile:
LIBDIR=/usr/lib to LIBDIR=/usr/lib/mysql/plugin
Also make sure that gcc has the -fPIC option ie:
gcc -fPIC -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
But when i test sys_eval, i get:
mysql> SELECT sys_eval('id');
+----------------+
| sys_eval('id') |
+----------------+
| |
+----------------+
1 row in set (0.02 sec)
I should get:
mysql> SELECT sys_eval('id');
+-------------------------------------------------+
| sys_eval('id') |
+-------------------------------------------------+
| uid=105(mysql) gid=108(mysql) groups=108(mysql) |
+-------------------------------------------------+
1 row in set (0.01 sec)
I have tested "sys_exec" also to create a file, but no result
So, what should i do to run correctly these functions ? Regards
回答1:
Thanks Roland.
So, the answer for my question is "AppArmor".
From Wikipedia:
AppArmor allows the system administrator to associate with each program a security profile which restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC).
Since Ubuntu Hardy the MySQL 5.0 server package contains also an AppArmor profile file (/etc/apparmor.d/usr.sbin.mysqld) which limits MySQL server functionalities, like calling an UDF to execute commands.
So, to let MySQL run Linux commands, i should change the security level for MySql inside AppArmor.
[root@xxx ~]# aa-complain /usr/sbin/mysqld
To have a look at AppArmor's status:
[root@xxx ~]# aa-status
With this coonfiguration, i can excute sys_eval and sys_exec. But that still limited to mysql directory. So i can not create file or run a script from any directory.
So the solution is to add permissions to apparmor for mysql to access the new data directories.
sudo vi /etc/apparmor.d/usr.sbin.mysqld
Add:
/newdir/ r,
/newdir/** rwk,
Restart the servers:
sudo /etc/init.d/apparmor restart
sudo /etc/init.d/mysql restart
If that still does not work, check the nix permissions to be sure mysql is owner and group for the new directory recursively.
chown -R mysql:mysql “new datadir path”
I hope that's help someone.
Abid
回答2:
The id you're calling should be an executable. Scripts are generally not themselves executable, you should probably modify the line to read bash path/to/script.sh so that it becomes a valid executable command line.
Also, there have been many reports of sys_exec and friends not working because of app armor settings. Check if app armor is enabled and if it is, modify its configuration to allow the udfs to run.
HTH.
来源:https://stackoverflow.com/questions/18229938/udf-result-error