10744 – mariadb 5.5.28 error if using "load_file" or "load file into"

Bug 10744 - mariadb 5.5.28 error if using "load_file" or "load file into"

Summary: mariadb 5.5.28 error if using "load_file" or "load file into"

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	New RPM package request (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-07-10 05:53 CEST by bozonius
Modified:	2013-07-10 07:28 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description bozonius 2013-07-10 05:53:36 CEST

Description of problem:
MariaDB/MySQL 5.5.28 do not permit the use of the LOAD_FILE or "INTO OUTFILE" constructs, and possibly others related to secure-file-priv, which is supposed to specify which directory external files may be read from or written to from an SQL command.  

This version seems to parse the syntax, but always results in a failure.  The errors seem to vary, and not consistently.

I have experimented setting the secure-file-priv= and --secure-file-priv options to my.cnf and mysqld, respectively, but they do not seem to have any effect.

Anecdotal reports found by googling reveal that this is a common issue.

Anyone trying to export data tables to CSV format, or trying to load a binary file into a table field will be frustrated by this issue.  There is not really any alternative or simple workaround; for this reason, I am giving this Major severity.  

However, version 5.6.12 (used on Debian 6.0.4) does work correctly with LOAD_FILE and INTO OUTFILE constructs, and I am guessing the others restricted by secure-file-priv would be as well.

I also used mysql 5.5.31 on a CentOS 6.4 system and both LOAD_FILE and INTO OUTFILE worked correctly there as well.

Version-Release number of selected component (if applicable):
MySQL/MariaDB 5.5.28

How reproducible:
Very

Steps to Reproduce:
1. Execute any SQL statement using the LOAD_FILE() or "INTO OUTFILE" construct


Reproducible: 

Steps to Reproduce:

bozonius 2013-07-10 05:54:17 CEST

CC: (none) => bozonius
Summary: mariadb 5.5.28 does not allow "load_file" or "load file into" => mariadb 5.5.28 error if using "load_file" or "load file into"

Comment 1 bozonius 2013-07-10 05:56:48 CEST

Also see bug 9878 as these may be related to the same (buggy?) release.

Comment 2 bozonius 2013-07-10 07:27:40 CEST

Never mind.  Turns out that the MySQL "user" trying to use these operations must have file privileges.  Those are not listed or available at the database privileges level, only at the user privileges level.  I missed those, which led me to think this was the same problem other users were seeing.

Another thing to be aware of is that the directory where the files are to be written to must be writable by the Unix user "mysql".

These issues and advisos are "documented" but it takes a lot of hunt-and-peck to find out.  Another problem is that the error messages from mysql are not too specific.  The secure-file-priv variable was introduced since MySQL 5.0, and the documentation on it seems less than thorough to me.

I guess close this, unless we want to make a request for better documentation.

Comment 3 bozonius 2013-07-10 07:28:39 CEST

See previous comment.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.