MDEV-29596 Separate SUPER and READ ONLY ADMIN privileges

montywi · montywi · commit 47dccace135f · 2022-09-21T19:16:33.000+03:00
The benefit of this is that one can remove the READ ONLY ADMIN privilege
from all users and this way ensure that no one can do any changes on
any non-temporary tables.

This is good option to use on slaves when one wants to ensure that the
slave is kept identical to the master.
diff --git a/mysql-test/main/grant_read_only.result b/mysql-test/main/grant_read_only.result
@@ -46,7 +46,7 @@ SET @@GLOBAL.read_only=0;
 DROP USER user1@localhost;
 DROP TABLE t1;
 #
-# Test that @@read_only is ignored with SUPER
+# Test that @@read_only is not ignored with SUPER
 #
 CREATE TABLE t1 (a INT);
 CREATE USER user1@localhost IDENTIFIED BY '';
@@ -61,7 +61,13 @@ SELECT @@read_only;
 @@read_only
 1
 UPDATE t1 SET a=11 WHERE a=10;
+ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
 DELETE FROM t1 WHERE a=11;
+ERROR HY000: The MariaDB server is running with the --read-only option so it cannot execute this statement
+connection default;
+grant read only admin on *.* to user1@localhost;
+disconnect con1;
+connect  con1,localhost,user1,,;
 INSERT INTO t1 VALUES (20);
 disconnect con1;
 connection default;
diff --git a/mysql-test/main/grant_read_only.test b/mysql-test/main/grant_read_only.test
@@ -55,7 +55,7 @@ DROP TABLE t1;
 
 
 --echo #
---echo # Test that @@read_only is ignored with SUPER
+--echo # Test that @@read_only is not ignored with SUPER
 --echo #
 
 CREATE TABLE t1 (a INT);
@@ -68,8 +68,14 @@ SET @@GLOBAL.read_only=1;
 connect (con1,localhost,user1,,);
 connection con1;
 SELECT @@read_only;
+--error ER_OPTION_PREVENTS_STATEMENT
 UPDATE t1 SET a=11 WHERE a=10;
+--error ER_OPTION_PREVENTS_STATEMENT
 DELETE FROM t1 WHERE a=11;
+connection default;
+grant read only admin on *.* to user1@localhost;
+disconnect con1;
+connect (con1,localhost,user1,,);
 INSERT INTO t1 VALUES (20);
 disconnect con1;
 
diff --git a/mysql-test/main/mysqld--help.result b/mysql-test/main/mysqld--help.result
@@ -1003,7 +1003,7 @@ The following specify which files/extra groups are read (specified before remain
  value
  --read-only         Make all non-temporary tables read-only, with the
  exception for replication (slave) threads and users with
- the SUPER privilege
+ the 'READ ONLY ADMIN' privilege
  --read-rnd-buffer-size=# 
  When reading rows in sorted order after a sort, the rows
  are read through this buffer to avoid a disk seeks
diff --git a/sql/privilege.h b/sql/privilege.h
@@ -390,10 +390,10 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_BINLOG=
 
 /* Privileges related to --read-only */
 // Was super prior to 10.5.2
-constexpr privilege_t PRIV_IGNORE_READ_ONLY= READ_ONLY_ADMIN_ACL | SUPER_ACL;
+constexpr privilege_t PRIV_IGNORE_READ_ONLY= READ_ONLY_ADMIN_ACL;
 // Was super prior to 10.5.2
 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_READ_ONLY=
-  READ_ONLY_ADMIN_ACL | SUPER_ACL;
+  READ_ONLY_ADMIN_ACL;
 
 /*
   Privileges related to connection handling.
diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
@@ -3030,7 +3030,8 @@ static Sys_var_on_access_global<Sys_var_mybool,
 Sys_readonly(
        "read_only",
        "Make all non-temporary tables read-only, with the exception for "
-       "replication (slave) threads and users with the SUPER privilege",
+       "replication (slave) threads and users with the 'READ ONLY ADMIN' "
+       "privilege",
        GLOBAL_VAR(read_only), CMD_LINE(OPT_ARG), DEFAULT(FALSE),
        NO_MUTEX_GUARD, NOT_IN_BINLOG,
        ON_CHECK(check_read_only), ON_UPDATE(fix_read_only));
