从 mysql 执行系统命令 [英] Executing a system command from mysql
问题描述
我正在尝试从 mysql 内(从过程或触发器或 mysql 的命令行内)执行 shell 命令.
I am trying to execute a shell command from within mysql (from within a procedure or a trigger or the command line for mysql).
我已将 lib_mysqludf_sys 添加到 mysql 插件并创建了该库可用的函数.(图书馆)主页
I have added lib_mysqludf_sys to the mysql plugins and created the functions that are available with the library. (the library) home page
该库有 5 个函数.
- sys_set - 设置 $PATH - 这可以工作并存储我稍后可以检查的 $PATH.
- sys_get - 获取 $PATH 的存储值 - 这也有效并返回我存储的值.
- sys_exec - 在系统中执行命令并返回退出代码.
- sys_eval - 在系统中执行命令并返回标准输出.
- lib_mysqludf_sys_info - 返回库的当前版本 - 这也有效.
我需要 sys_exec 和 sys_eval 才能正常工作.
I need sys_exec and sys_eval to work correctly.
我想我在搜索中发现了问题,但无法解决.
I think I have found the problem in my search but cannot solve it.
mysql 受到 apparmor 的限制,默认的 apparmor 没有被授予执行系统命令的权限轮廓.我已尝试使用文档中的命令禁用单个配置文件、禁用框架、将除一个配置文件以外的所有配置文件置于强制模式并将所有配置文件置于抱怨模式.什么都行不通.命令
mysql is limited by apparmor and is not granted access to execute system commands by the default apparmor profile. I have tried the commands in the documentation to disable a single profile, disable the framework, putting all profiles except one into enforce mode and putting all profiles in complain mode. Nothing works. the command
sudo apparmor_status
总是给我相同的输出.
20 profiles are loaded.
20 profiles are in enforce mode.
/opt/extras.ubuntu.com/unity-lens-askubuntu/unity-askubuntu-daemon
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//launchpad_integration
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince-thumbnailer//sanitized_helper
/usr/bin/evince//launchpad_integration
/usr/bin/evince//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
/usr/lib/telepathy/mission-control-5
/usr/lib/telepathy/telepathy-*
/usr/sbin/cupsd
/usr/sbin/mysqld
/usr/sbin/tcpdump
/usr/share/gdm/guest-session/Xsession
0 profiles are in complain mode.
5 processes have profiles defined.
5 processes are in enforce mode.
/sbin/dhclient (2537)
/usr/lib/telepathy/mission-control-5 (2709)
/usr/sbin/cupsd (12245)
/usr/sbin/cupsd (12250)
/usr/sbin/mysqld (12675)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
请告诉我如何禁用 apparmor 或更改 mysql 的配置文件,以便它可以访问执行系统命令.
Please tell me how I could disable apparmor or change the profile for mysql so that it has access to executing system commands.
我这样做的原因是,当数据库中发生某些事情时,我可以执行系统命令(通过数据库触发器),如果您有其他一些可以轻松实现的方法的建议,请提及那些也是.
The reason I am doing all this is so that I can execute a system command when somethings happen in the DB (via a DB trigger), if you have suggestion for some other ways in which this can be easily implemented then please mention those too.
谢谢.
推荐答案
设法使此工作正常进行.首先为必要的配置文件将 apparmor 置于抱怨模式,然后使用 apparmor 的交互工具 (aa-genprof/aa-logprof) 为 mysqld 配置配置文件
managed to get this working. First put apparmor in complain mode for the necessary profiles then used apparmor's interactive tools (aa-genprof/aa-logprof) to configure the profile for mysqld
这篇关于从 mysql 执行系统命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!