Hi Alex, MariaDB / MySQL maintainer here. Historically, when the 'mariadb-admin' / 'mysql-admin' was used, it first needed to be configured, so the 'mariadb-admin' / 'mysql-admin' would have the necessary login credentials available. That changed starting MariaDB 10.4, with the unix socket authentication, as described in the logrotate file: https://github.com/MariaDB/server/blob/main/support-files/mariadb.logrotate.sh#L43 which we slightly patch for Fedora: https://src.fedoraproject.org/rpms/mariadb10.11/blob/rawhide/f/mariadb-logrotate.patch The unix socket authentication in MariaDB was designed in such a way that it automatically allows login from the system 'root user and the account owning the DB files - usually 'mysql' user. The logic behind being that both those accounts can tamper with the DB files in any way, so there's no point in denying them the access to the DB directly. https://mariadb.com/kb/en/authentication-plugin-unix-socket/ That said, it should work seamlessly out of the box. I tried to disable the unix socket authentication, which led to this output: | # mariadb-admin --local flush-error-log flush-engine-log flush-general-log flush-slow-log | mariadb-admin: connect to server at 'localhost' failed | error: 'Plugin 'unix_socket' is not loaded' So more likely, you configured a specific protocol to be used for the client as the preferred or only variant available. That can be configured for specific types of clients and tools, as can be seen in the '/etc/my.cnf.d/mysql-clients.cnf' configuration file. https://github.com/MariaDB/server/blob/main/support-files/rpm/mysql-clients.cnf When you configure e.g. | [mysqladmin] | user=mysql | protocol=tcp Then even when the server and the client use unix_socket naturally, you'll get this result from the mariadb-admin: | # mariadb-admin --local flush-error-log flush-engine-log flush-general-log flush-slow-log | mariadb-admin: connect to server at 'localhost' failed | error: 'Access denied for user 'mysql'@'localhost'' Please check all of your configuration files for configuration specific for the [mariadb-admin] and [mysql-admin] tools. Michal -- Michal Schorm Software Engineer Databases Team Red Hat -- On Sat, Apr 12, 2025 at 4:11 AM Alex <mysqlstudent@xxxxxxxxx> wrote: > > Hi, > I'm using fedora40 with mariadb and noticed my logs are being rotated, but not flushed to start logging to the new file. This is the bottom of /etc/logrotate.d/mariadb: > > # After each rotation, run this custom script to flush the logs. Note that > # this assumes that the mariadb-admin command has database access, which it > # has thanks to the default use of Unix socket authentication for the 'mysql' > # (or root on Debian) account used everywhere since MariaDB 10.4. > postrotate > if test -x /usr/bin/mariadb-admin > then > /usr/bin/mariadb-admin $EXTRAPARAM --local flush-error-log \ > flush-engine-log flush-general-log flush-slow-log > fi > endscript > > However, when I run that command manually as root or the mysql user, it fails with access denied. > > $ /usr/bin/mariadb-admin --local flush-error-log flush-engine-log flush-general-log flush-slow-log > /usr/bin/mariadb-admin: connect to server at 'localhost' failed > error: 'Access denied for user 'mysql'@'localhost' (using password: NO)' > > Where is access supposed to be provided securely for this? Do you know what privileges I should enable to allow the mysql user to flush the logs without privileges? > > > > > > > > > > > > -- > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
