UDF结果错误 [英] UDF result error
问题描述
我尝试安装"mysqludf_sys". 但是我得到了这个错误:
I try to install "mysqludf_sys". But i got this error:
ERROR 1126 (HY000) at line 29: Can't open shared library 'lib_mysqludf_sys.so' (errno: 0 /usr/lib/mysql/plugin/lib_mysqludf_sys.so: cannot open shared object file: No such file or directory)
ERROR: unable to install the UDF
因此,我尝试通过以下Makefile修正来解决该问题:
So, i tried to solve it with the following mofification in Makefile:
LIBDIR=/usr/lib to LIBDIR=/usr/lib/mysql/plugin
还要确保gcc具有-fPIC选项,即:
Also make sure that gcc has the -fPIC option ie:
gcc -fPIC -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
但是当我测试sys_eval时,我得到了:
But when i test sys_eval, i get:
mysql> SELECT sys_eval('id');
+----------------+
| sys_eval('id') |
+----------------+
| |
+----------------+
1 row in set (0.02 sec)
我应该得到:
mysql> SELECT sys_eval('id');
+-------------------------------------------------+
| sys_eval('id') |
+-------------------------------------------------+
| uid=105(mysql) gid=108(mysql) groups=108(mysql) |
+-------------------------------------------------+
1 row in set (0.01 sec)
我也测试了"sys_exec"来创建文件,但没有结果
I have tested "sys_exec" also to create a file, but no result
那么,我应该怎么做才能正确运行这些功能? 问候
So, what should i do to run correctly these functions ? Regards
推荐答案
感谢罗兰.
所以,我的问题的答案是"AppArmor".
So, the answer for my question is "AppArmor".
来自维基百科:
AppArmor允许系统管理员为每个程序关联一个安全配置文件,该文件限制了该程序的功能.它通过提供强制访问控制(MAC)来补充传统的Unix自主访问控制(DAC)模型.
AppArmor allows the system administrator to associate with each program a security profile which restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC).
自从Ubuntu Hardy开始,MySQL 5.0服务器软件包还包含一个AppArmor配置文件(/etc/apparmor.d/usr.sbin.mysqld),该文件限制了MySQL服务器的功能,例如调用UDF执行命令.
Since Ubuntu Hardy the MySQL 5.0 server package contains also an AppArmor profile file (/etc/apparmor.d/usr.sbin.mysqld) which limits MySQL server functionalities, like calling an UDF to execute commands.
因此,要让MySQL运行Linux命令,我应该在AppArmor中更改MySql的安全级别.
So, to let MySQL run Linux commands, i should change the security level for MySql inside AppArmor.
[root@xxx ~]# aa-complain /usr/sbin/mysqld
要查看AppArmor的状态:
To have a look at AppArmor's status:
[root@xxx ~]# aa-status
有了这个配置,我可以执行sys_eval和sys_exec.但这仍然仅限于mysql目录.因此,我无法从任何目录创建文件或运行脚本.
With this coonfiguration, i can excute sys_eval and sys_exec. But that still limited to mysql directory. So i can not create file or run a script from any directory.
因此,解决方案是为Apparmor添加权限以使mysql访问新数据目录.
So the solution is to add permissions to apparmor for mysql to access the new data directories.
sudo vi /etc/apparmor.d/usr.sbin.mysqld
添加:
/newdir/ r,
/newdir/** rwk,
重新启动服务器:
sudo /etc/init.d/apparmor restart
sudo /etc/init.d/mysql restart
如果仍然不起作用,请检查nix权限,以确保mysql递归地为新目录的所有者和组.
If that still does not work, check the nix permissions to be sure mysql is owner and group for the new directory recursively.
chown -R mysql:mysql "new datadir path"
我希望能对某人有所帮助.
I hope that's help someone.
遵守
这篇关于UDF结果错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!