Unable to use MariaDB/MySQL Unix Socket authentication

[bertvandepoel]

I'm migrating my Seafile installation to a new VPS. Since Seafile has a separate (Unix) system user and separate database user, I thought it would be sensible to use Unix Socket authentication https://mariadb.com/kb/en/authentication-plugin-unix-socket/ for logins, since it's convenient, straightforward, yet secure. Sadly, I've been unable to convince Seafile that this is the right way of doing things. When running seaf-fsck.sh as a test, I either get complaints about the lack of a password (e.g. [07/25/22 00:34:11] ../../common/seaf-utils.c(86): DB passwd not set in config.), or when I fill in garbage neither localhost nor the direct path of the socket works. The first yields: [07/25/22 00:36:20] ../../common/seaf-db.c(124): Failed to get database connection: Failed to connect to MySQL: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2). The latter yields [07/25/22 00:34:44] ../../common/seaf-db.c(124): Failed to get database connection: Failed to connect to MySQL: Unknown MySQL server host '/var/run/mysqld/mysqld.sock' (-2)..

Does Seafile not support this or how am I supposed to achieve the desired result. Using Unix Socket auth is becoming more popular, now beyond PostgreSQL it's also becoming the default for MariaDB/MySQL, so that's why I expected Seafile to be able to do it. Hopefully it's already supported and I just did something wrong!

[heull001]

This is a bug, I created a fix.

[98h398hrpohpoai]

As of December 2023 this appears to still be broken on Pro 10.0.11.

[killing]

To use Unix socket authentication, you need to change the configuration a bit. Refer to https://manual.seafile.com/config/seafile-conf/#database-configuration . This should have been fixed.

[98h398hrpohpoai]

With Seafile Pro 10.0.11 on bare metal Debian 12 w/ MariaDB 10.9.8. TCP connection works.

[database]
type = mysql
host = 127.0.0.1
port = 3306
#user = seafile
#password = seafile
unix_socket = /run/mysqld/mysqld.sock
db_name = seafile_db
connection_charset = utf8

---

Dec 11 23:02:58 becks seafile-control[1444585]: seafile-controller.c(1023): loading seafdav config from /srv/seafile/conf/seafdav.conf
Dec 11 23:02:58 becks seafile.sh[1444585]: failed to run "seaf-server -t" [65280]
Dec 11 23:02:58 becks seafile.sh[1444585]: 2023-12-11 23:02:58 ../common/seaf-utils.c(93): DB user not set in config.
Dec 11 23:02:58 becks seafile.sh[1444585]: 2023-12-11 23:02:58 seafile-session.c(250): Failed to load database config.
Dec 11 23:02:58 becks seafile.sh[1444585]: Error: failed to create ccnet session
Dec 11 23:02:58 becks systemd[1]: seafile.service: Control process exited, code=exited, status=1/FAILURE

Errors whether host, port, user, and/or pass are specified. ccnet.conf and seafevents.conf pass similiar errors when configured for the same.

Of interest, is postgres supported? My understanding is postgres support was dropped some time ago and produces the following error: seafile.sh[1476024]: 2023-12-11 23:18:44 ../common/seaf-utils.c(308): Unsupported db type postgresql. However, the official doc page still references it. The whole database configuration is stored in the [database] section of the configuration file, whether you use SQLite, MySQL or PostgreSQL.

[heull001]

This patch is not included in the current release (10.0.1) of community edition. If you use seafile ce, you have to wait for the next release.

[98h398hrpohpoai]

This patch is not included in the current release (10.0.1) of community edition. If you use seafile ce, you have to wait for the next release.

Hi! My post above notes this is on Pro 10.0.11. The documentation states this patch was implemented as of 10.0.7.

Since Seafile 10.0.3 and 10.0.7 Pro, you can use unix_socket authentication plugin provided by MariaDB/MySQL. To enable it, you need to specify the unix_socket option without user name and password.

[database]
#user = root
#password = root
unix_socket = /var/run/mysqld/mysqld.sock

[heull001]

Ah sorry, haven't seen you wrote your version ...

[feiniks]

This patch is not included in the current release (10.0.1) of community edition. If you use seafile ce, you have to wait for the next release.

Hi! My post above notes this is on Pro 10.0.11. The documentation states this patch was implemented as of 10.0.7.

Since Seafile 10.0.3 and 10.0.7 Pro, you can use unix_socket authentication plugin provided by MariaDB/MySQL. To enable it, you need to specify the unix_socket option without user name and password.

[database]
#user = root
#password = root
unix_socket = /var/run/mysqld/mysqld.sock

Sorry, this should be a documentation error, this change was actually supported after 11.0.1 and we have updated the documentation.

[98h398hrpohpoai]

This patch is not included in the current release (10.0.1) of community edition. If you use seafile ce, you have to wait for the next release.

Hi! My post above notes this is on Pro 10.0.11. The documentation states this patch was implemented as of 10.0.7.

Since Seafile 10.0.3 and 10.0.7 Pro, you can use unix_socket authentication plugin provided by MariaDB/MySQL. To enable it, you need to specify the unix_socket option without user name and password.

[database]
#user = root
#password = root
unix_socket = /var/run/mysqld/mysqld.sock

Sorry, this should be a documentation error, this change was actually supported after 11.0.1 and we have updated the documentation.

That explains so much! Thanks for clarifying. ;)

[heull001]

Sorry, this should be a documentation error, this change was actually supported after 11.0.1 and we have updated the documentation.

It is broken in ce 11.0.3 too. seaf-server and fileserver work, but seafevents not.

[2023-12-23 11:04:08] Start seafevents.main No option 'password' in section: 'database' ERROR:root:Failed create tables, error: create db engine error: No option 'password' in section: 'database' Traceback (most recent call last): File "/usr/lib/python3.10/configparser.py", line 791, in get value = d[option] File "/usr/lib/python3.10/collections/init.py", line 986, in getitem return self.missing(key) # support subclasses that define missing File "/usr/lib/python3.10/collections/init.py", line 978, in missing raise KeyError(key) KeyError: 'password'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/db.py", line 128, in prepare_db_tables engine = create_engine_from_conf(seafile_config, db='seafile') File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/db.py", line 59, in create_engine_from_conf passwd = config.get(db_sec, 'password') File "/usr/lib/python3.10/configparser.py", line 794, in get raise NoOptionError(option, section) configparser.NoOptionError: No option 'password' in section: 'database'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/main.py", line 44, in main prepare_db_tables(seafile_config) File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/db.py", line 131, in prepare_db_tables raise RuntimeError("create db engine error: %s" % e) RuntimeError: create db engine error: No option 'password' in section: 'database'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main return _run_code(code, main_globals, None, File "/usr/lib/python3.10/runpy.py", line 86, in _run_code exec(code, run_globals) File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/main.py", line 75, in main() File "/home/seafile/seafile-server-11.0.3/pro/python/seafevents/main.py", line 47, in main raise RuntimeError('Failed create tables, error: %s' % e) RuntimeError: Failed create tables, error: create db engine error: No option 'password' in section: 'database'

There is also an error in the documentation at https://manual.seafile.com/config/seafile-conf/#database-configuration:

Since Seafile 11.0.1 and 11.0.1 Pro, you can use unix_socket authentication plugin provided by MariaDB/MySQL. To enable it, you need to specify the unix_socket option without user name and password.

[database]

user = root

password = root

unix_socket = /var/run/mysqld/mysqld.sock

This is wrong, user is needed.

[sphakka]

What's the status here? Why closed? I have Seafile 11.0.9 and socket connection doesn't work. @heull001, could you please post the full working configuration if any?

[killing]

Sorry, in recent versions we have removed the support for Unix socket auth. Originally we only implemented the seaf-server part. But later we find that it makes the code quite complicated and easy to make errors in the code. So we drop the support entirely. Users should use TCP connection if unix socket doesn't work.