Zabbix You do not have the SUPER privilege and binary logging is enabled
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Zabbix You do not have the SUPER privilege and binary logging is enabled相关的知识,希望对你有一定的参考价值。
背景:
服务器:Linux Centos 7
服务版本:mysql 8.0 ,zabbix-proxy 6.0
事件:
在执行 systemctl restart zabbix-proxy.service 报错
Job for zabbix-proxy.service failed because the control process exited with error code.
See "systemctl status zabbix-proxy.service" and "journalctl -xe" for details.
根据提示查看报错信息
# journalctl -xe
--
-- The unit zabbix-proxy.service has entered the failed state with result protocol.
Feb 2 03:40:20 systemd[1]: Failed to start Zabbix Proxy.
-- Subject: Unit zabbix-proxy.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit zabbix-proxy.service has failed.
--
-- The result is failed.
Feb 2 03:40:22 setroubleshoot[192927]: SELinux is preventing mysqld from create access on the sock_file mysqlx.sock. For comp>
Feb 2 03:40:22 setroubleshoot[192927]: SELinux is preventing mysqld from create access on the sock_file mysqlx.sock.
***** Plugin catchall_labels (83.8 confidence) suggests *******************
If you want to allow mysqld to have create access on the mysqlx.sock sock_file
Then you need to change the label on mysqlx.sock
Do
# semanage fcontext -a -t FILE_TYPE mysqlx.sock
where FILE_TYPE is one of the following: mysqld_db_t, mysqld_var_run_t.
Then execute:
restorecon -v mysqlx.sock
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that mysqld should be allowed create access on the mysqlx.sock sock_fil>
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c mysqld --raw | audit2allow -M my-mysqld
# semodule -X 300 -i my-mysqld.pp
Feb 2 03:40:22 setroubleshoot[192927]: AnalyzeThread.run(): Set alarm timeout to 10
根据提示执行下面步骤
# ausearch -c mysqld --raw | audit2allow -M my-mysqld
# semodule -X 300 -i my-mysqld.pp
尝试启动zabbix-proxy,启动失败
查看数据库状态,发现数据库也down了
# systemctl status mysql.service
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat Feb 2 03:40:23 -05; 1min 44s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 1619 ExecStart=/usr/sbin/mysqld (code=exited, status=2)
Process: 1602 ExecStartPre=/usr/share/mysql-8.0/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 1619 (code=exited, status=2)
Status: "Server startup in progress"
Feb 2 03:40:22 asus2016-vb01 systemd[1]: mysql.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Feb 2 03:40:22 asus2016-vb01 systemd[1]: mysql.service: Failed with result exit-code.
Feb 2 03:40:22 asus2016-vb01 systemd[1]: Failed to start MySQL Community Server.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: mysql.service: Service hold-off time over, scheduling restart.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: mysql.service: Scheduled restart job, restart counter is at 9.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: Stopped MySQL Community Server.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: mysql.service: Start request repeated too quickly.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: mysql.service: Failed with result exit-code.
Feb 2 03:40:23 asus2016-vb01 systemd[1]: Failed to start MySQL Community Server.
尝试启动mysql,启动失败
看了一下journalctl -xe,发现是selinux的原因,导致数据库启动失败
#查看一下selinux的状态
# getenforce
Enforcing
#临时关闭selinux
# selinux 0
再次尝试启动mysql,成功启动!
尝试启动zabbix-proxy,启动失败
查看zabbix-proxy.log发现报错
query failed: [1419] you do not have the super privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) [create trigger hosts_name_upper_insert。。。进入mysql修改zabbix权限
# mysql -uroot
mysql> SHOW VARIABLES LIKE log_bin_trust_function_creators;
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| log_bin_trust_function_creators | OFF |
+---------------------------------+-------+
1 row in set (0.00 sec)
mysql> SET GLOBAL log_bin_trust_function_creators = 1;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE log_bin_trust_function_creators;
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| log_bin_trust_function_creators | ON |
+---------------------------------+-------+
1 row in set (0.00 sec)
mysql> SELECT Host,User,Super_priv FROM mysql.user;
+-----------+------------------+------------+
| Host | User | Super_priv |
+-----------+------------------+------------+
| % | zabbix_monitor | N |
| localhost | mysql.infoschema | N |
| localhost | mysql.session | Y |
| localhost | mysql.sys | N |
| localhost | root | Y |
| localhost | zabbix | N |
+-----------+------------------+------------+
6 rows in set (0.00 sec)
mysql> UPDATE mysql.user SET Super_Priv=Y WHERE user=zabbix_monitor AND host=%;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT Host,User,Super_priv FROM mysql.user;
+-----------+------------------+------------+
| Host | User | Super_priv |
+-----------+------------------+------------+
| % | zabbix_monitor | Y |
| localhost | mysql.infoschema | N |
| localhost | mysql.session | Y |
| localhost | mysql.sys | N |
| localhost | root | Y |
| localhost | zabbix | N |
+-----------+------------------+------------+
6 rows in set (0.00 sec)
mysql> exit
此时尝试启动zabbix-proxy,启动成功!
!!!重点!!!⬇️
之前做的修改需要恢复到之前的状态
数据库权限恢复
# mysql -uroot
mysql> SET GLOBAL log_bin_trust_function_creators = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> UPDATE mysql.user SET Super_Priv=N WHERE user=zabbix_monitor AND host=%;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE log_bin_trust_function_creators;
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| log_bin_trust_function_creators | OFF |
+---------------------------------+-------+
1 row in set (0.00 sec)
mysql> SELECT Host,User,Super_priv FROM mysql.user;
+-----------+------------------+------------+
| Host | User | Super_priv |
+-----------+------------------+------------+
| % | zabbix_monitor | N |
| localhost | mysql.infoschema | N |
| localhost | mysql.session | Y |
| localhost | mysql.sys | N |
| localhost | root | Y |
| localhost | zabbix | N |
+-----------+------------------+------------+
6 rows in set (0.00 sec)
mysql> exit
selinux状态恢复
# selinux 1经验总结:
zabbix-proxy启动失败有两个原因:
1.selinux没关,导致服务启动失败。
2.数据库中zabbix没有 SUPER 权限并且启用了二进制日志记录,这个需要细心检查才能发现。
⚠️ 由于安全问题,刚刚做的selinux以SUPER权限在解决完问题后需要恢复原状!!!
以上是关于Zabbix You do not have the SUPER privilege and binary logging is enabled的主要内容,如果未能解决你的问题,请参考以下文章
You do not have the SUPER privilege and binary logging is enabled解决方法
You do not have the SUPER privilege and binary logging is enabled解决方法
发布npm包时报错:You do not have permission to publish “package-demo“.
mysql报错:You do not have the SUPER privilege and binary logging is enabled
码云clone提示“you do not have permission to pull from the repository”
SQL SERVER – Configuration Manager – Cannot Connect to WMI Provider. You Do Not Have Permission or T