KB4533497 - FIX: External satellite process scripts like R, Python are unable to access any directories outside of their working directory in SQL Server 2019

Applies to: SQL Server 2019 on Linux

Symptoms


In SQL Server 2019 on Linux, the external satellite process scripts like R, Python areunable to access any directories outside of their working directory.

Resolution


This issue is fixed in the following cumulative update for SQL Server:
About cumulative updates for SQL Server:
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

More information


You can customize the directories to which the external processes have access to byusing mssql-conf tool to set or unset the "datadirectories" setting inthe extensibility section of the /var/opt/mssql/mssql.conf configuration file.

Thevalue of the setting is a colon separated directory list which will be exposedto satellite scripts. Microsoft SQL Server Launchpad Daemon needs to berestarted when you set or unset this setting.

The satellite processes run as mssql_satellitespecial user, so they would inherit the same Read/Write/Execute permissions tothe directories specified in this setting as given to this special user.

Example:
#/bin/bash:/opt/mssql/bin/mssql-conf set extensibility.datadirectories"/opt/mssql/bin:/home/user/rscripts"
SQLServer Extensibility Launchpad Daemon needs to be restarted in order to applythis setting. Please run 'systemctl restart mssql-launchpadd.service'.

Contents of /var/opt/mssql/mssql.conf
[extensibility]
datadirectories= /opt/mssql/bin:/var

#/bin/bash:/opt/mssql/bin/mssql-conf unset extensibility.datadirectories
SQLServer Extensibility Launchpad Daemon needs to be restarted in order to applythis setting. Please run
'systemctlrestart mssql-launchpadd.service'.
 
Contentsof /var/opt/mssql/mssql.conf
[extensibility]

Status


This is by default designed assuch so that external processes cannot randomly access any system directories.

References


Learn about the terminology that Microsoft uses to describe software updates.