Hello,
I want to create some feedbacks for the log messages for the access control checks before processing queries.
In the current design, for the SELECT command, mSQL will check whether the client has the READ_ACCESS permission bit. For all the other operations (CREATE_TABLE, CREATE_INDEX, etc), mSQL will check for the WRITE_ACCESS permission bit and whether the server is read-only.
However, the messages for the two kinds are all the same, which is simply "Access Denied". I am wondering if we can create better log messages so the sysadmins can spend less time debugging the errors. (e.g. in the log message, tell the users what operation is denied, because lack of read/write access, or the server is read-only)
I can also file for patches if that helps. Any feedback is appreciated!
(Not sure if this is a proper place for the discussions. If there is a dev mailing list, please let me know. Thank you!)
Kind regards,
Bingyu
better mSQL log messages for query commands
Re: better mSQL log messages for query commands
Hi
Thanks for raising this. We can look at making the English version of those messages more specific (the translations to other languages will need to stay the same as we don't have those language skills in house). We're looking at rolling up a new release in a few weeks. I'll see if we can add this before then.
And, yes, this is the appropriate place to raise questions like this.
David
...
Thanks for raising this. We can look at making the English version of those messages more specific (the translations to other languages will need to stay the same as we don't have those language skills in house). We're looking at rolling up a new release in a few weeks. I'll see if we can add this before then.
And, yes, this is the appropriate place to raise questions like this.
David
...
Re: better mSQL log messages for query commands
Hi David,
Thanks for your feedback. Yeah, these access control related denies are quite difficult to debug sometimes. It may be more helpful if the specific reasons are provided.
I created two patches related to the access log messages. (I did not find a place to submit patches, so I just paste them on the github gist.)
Looking forward to the new release!
Cheers,
Bingyu
Thanks for your feedback. Yeah, these access control related denies are quite difficult to debug sometimes. It may be more helpful if the specific reasons are provided.
I created two patches related to the access log messages. (I did not find a place to submit patches, so I just paste them on the github gist.)
- A patch related to function aclCheckPerm(), which basically tells the clients that read or write access is required, or the access is denied because of the read_only configuration.
https://gist.github.com/byshen/ba22626e ... 1e321e39e3
- A patch related to function aclCheckLocal(), which all resulted in the PERM_DENIED_ERROR message. I added some more words to remind the sysadmin that the operation is only allowed on localhost and the admin user.
https://gist.github.com/byshen/6b14fe2c ... df16044974
Looking forward to the new release!
Cheers,
Bingyu
Re: better mSQL log messages for query commands
Hi David,
Thanks a lot for the update. Is it possible for you to take a look at the above patch and give some feedback?
I can contribute more if you find the patches helpful. Please feel free to contact me if I can help anything with the
next release of mSQL.
Thanks,
Bingyu