Run restores and imports as non-root user

mysql/CHANGELOG

@@ -84,3 +84,5 @@ Fixed the input for setting the default value for fields.
 ---- Changes since 1.470 ----
 Added code to detect a password in /root/.my.cnf which overrides the MYSQL_PWD variable, and thus causes login failures.
 MySQL stored procedures are now included in backups, where supported.
+---- Changes since 1.480 ----
+Restores and imports from local files are now run as the Unix user configured for backups, rather than root.

mysql/exec_file.cgi

@@ -64,7 +64,8 @@ while(<SQL>) {
 close(SQL);
 
 print "<pre>";
-($ex, $out) = &execute_sql_file($in{'db'}, $file);
+($ex, $out) = &execute_sql_file($in{'db'}, $file,
+				undef, undef, $access{'buser'});
 print &html_escape($out);
 $got++ if ($out =~ /\S/);
 print "<i>$text{'exec_noout'}</i>\n" if (!$got);

mysql/import.cgi

@@ -29,10 +29,10 @@ else {
 	print &text('import_fileout', "<tt>$in{'file'}</tt>"),"<p>\n";
 	}
 
-# Execute the import command ..
+# Build the import command
 if ($in{'table'}) {
 	$nfile = &transname("$in{'table'}.txt");
-	system("cp $file $nfile");
+	&copy_source_dest($file, $nfile);
 	unlink($file) if ($need_unlink);
 	$file = $nfile;
 	$need_unlink = 1;
@@ -45,9 +45,15 @@ if ($in{'format'} == 0) {
 elsif ($in{'format'} == 1) {
 	$format = "--fields-terminated-by ,";
 	}
+
+# Execute the import command ..
 print "<pre>";
 &additional_log('exec', undef, "$config{'mysqlimport'} $authstr $delete $ignore $format $in{'db'} $file");
-&open_execute_command(SQL, "$config{'mysqlimport'} $authstr $delete $ignore $format ".quotemeta($in{'db'})." $file 2>&1", 1, 0);
+$cmd = "$config{'mysqlimport'} $authstr $delete $ignore $format ".quotemeta($in{'db'})." ".quotemeta($file);
+if ($access{'buser'} && $access{'buser'} ne 'root' && $< == 0) {
+	$cmd = &command_as_user($access{'buser'}, 0, $cmd);
+	}
+&open_execute_command(SQL, $cmd, 2, 0);
 while(<SQL>) {
 	print &html_escape($_);
 	$got++ if (/\S/);

mysql/lang/en

@@ -562,6 +562,7 @@ acl_edonly=Can only edit table data?
 acl_bnone=Disallow backups
 acl_indexes=Can view and manage indexes?
 acl_views=Can view and manage views?
+acl_files=Can execute SQL from local files?
 
 log_start=Started MySQL server
 log_stop=Stopped MySQL server

mysql/mysql-lib.pl

@@ -891,7 +891,7 @@ if (@auto) {
 return @sql;
 }
 
-# execute_sql_file(database, file, [user, pass])
+# execute_sql_file(database, file, [user, pass], [unix-user])
 # Executes some file of SQL commands, and returns the exit status and output
 sub execute_sql_file
 {
@@ -902,6 +902,10 @@ local ($db, $file, $user, $pass) = @_;
 local $authstr = &make_authstr($user, $pass);
 local $cmd = "$config{'mysql'} $authstr -t ".quotemeta($db)." <".quotemeta($file);
 -r $file || return (1, "$file does not exist");
+if ($_[4] && $_[4] ne 'root' && $< == 0) {
+	# Restoring as a Unix user
+	$cmd = &command_as_user($_[4], 0, $cmd);
+	}
 local $out = &backquote_logged("$cmd 2>&1");
 local @rv = ($?, $? ? $out || "$cmd failed" : $out);
 &make_authstr();	# Put back old password environment variable