List:Internals« Previous MessageNext Message »
From:Paul DuBois Date:February 5 2002 4:29pm
Subject:Re: Jailed MySQL for hosting customers
View as plain text  
>  > 3) What about preventing  user from seeing other users data?
>>  Answer is not so easy like it seems to be.
>
>I thought my idea would solve that problem.  Only the mysql user has access
>to the databases, and users only have access to their databases when they
>authenticate.  Their databases would be in their directory.  Sort of a
>chroot or jail for the databases.
>
>>  Running mysqld for every user is not an option at all. For 3-5 users
>>  maybe it is possible, maybe you can run up to 8 mysqld, but regular
>>  hosting server can have hundreds of users.
>
>I agree.  This is the problem.
>
>>  So using 1 mysqld with several user DB means mysqld has access to all
>>  this DB. Currently this means you never want to give users File_priv and
>>  you lose functionality. - No LOAD DATA INFILE...., no SELECT INTO
>>  OUTFILE ...
>>  The problem is that User with File_Priv can read any file on server
>>  readable by mysqld !!
>
>Right.

This isn't really a MySQL-specific problem.  For example, if multiple
virtual domains are supported by the same Apache process, and each
domain has a user who can install cgi-bin scripts, those scripts all
run with the uid/gid of the Apache server.  Any given user can write a
script to access any file that any other user's scripts use.  ISPs don't
like to advertise this, but it's true.  suEXEC offers some relief, but
that's expensive.
Thread
Jailed MySQL for hosting customersDavid Phillips5 Feb
  • Re: Jailed MySQL for hosting customersSasha Pachev5 Feb
  • Re: Jailed MySQL for hosting customersDavid Phillips5 Feb
    • Re: Jailed MySQL for hosting customersSasha Pachev5 Feb
  • Re: Jailed MySQL for hosting customersAlexander Keremidarski5 Feb
    • Re: Jailed MySQL for hosting customersMichael Widenius10 Feb
  • Re: Jailed MySQL for hosting customersDavid Phillips5 Feb
    • Re: Jailed MySQL for hosting customersPaul DuBois5 Feb
    • Re: Jailed MySQL for hosting customersMichael Widenius10 Feb
  • Re: Jailed MySQL for hosting customersJeremy Zawodny6 Feb
  • Re: Jailed MySQL for hosting customersDavid Phillips6 Feb
    • Re: Jailed MySQL for hosting customersJeremy Zawodny6 Feb
    • Re: Jailed MySQL for hosting customersMichael Widenius10 Feb