List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:August 6 2002 2:20am
Subject:Re: safe_mysqld -u root & But"Don't run the MySQL daemon as the
Unix root user?"
View as plain text  
At 19:10 -0700 8/5/02, Cliff wrote:
>You should have created a user named mysql and the proper permissions on the
>files.

More likely the problem is due to safe_mysqld trying to write a file
in /var/log, which is almost certainly owned by root.  I'd take a look
at safe_mysqld and see if it's directly trying to create that file,
and if so, change it to write the file in a directory owned by the
account used to run the server.  If it's not opening the file itself,
then presumarly mysqld is doing so.  In that case, mysqld should be
told to write this file in some directory owned by the account used
to run the server.

>
>----- Original Message -----
>From: "david" <david@stripped>
>To: <mysql@stripped>
>Sent: Monday, August 05, 2002 6:19 PM
>Subject: safe_mysqld -u root & But"Don't run the MySQL daemon as the Unix
>root user?"
>
>
>>  Ok, i seem to be a little confused, please advise. The SQL Docs state not
>to
>>  run MySQL daemon as root.
>>
>>
>http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Adm
>inistration.html#Option_files
>>  4.2.2 How to Make MySQL Secure Against Crackers
>>   "Don't run the MySQL daemon as the Unix root user. This is very
>dangerous,
>>  because any user with the FILE privilege will be able to create files as
>root
>>  (for example, ~root/.bashrc),....
>>   To start mysqld as another Unix user, add a user line that specifies the
>>  user name to the [mysqld] group of the `/etc/my.cnf' option file or the
>>  `my.cnf' option file in the server's data directory. For example:
>>  [mysqld]
>>  user=mysql"
>>
>>
>>  The only way i can get MySQL to work is to run as root, otherwise i don't
>>  have the nesessary file permissions:
>>  [davidwri@localhost davidwri]$ safe_mysqld
>>  Starting mysqld daemon with databases from /var/lib/mysql
>>  /usr/bin/safe_mysqld: /var/log/mysqld.log: Permission denied
>>  /usr/bin/safe_mysqld: /var/log/mysqld.log: Permission denied
>>  tee: /var/log/mysqld.log: Permission denied
>>  020805 21:00:07  mysqld ended
>>  tee: /var/log/mysqld.log: Permission denied
>>
>>  Because MySQL and related directories are all owned by root:root which as
>i
>>  understand is how it should be:
>>  [davidwri@localhost davidwri]$ l /var/log/mysqld.log
>>  -rw-rw-r--    1 mysql    root         2598 Aug  5 20:59
>/var/log/mysqld.log
>>
>>
>>  The only way i can run MySQL is:
>>  To start it as:
>>  safe_mysqld -u root &
>>
>>  then to connect to it as:
>>  mysql -u root -p mysql
>>  with my 'root' user's password.
>>
>>  Then everything is fine but i don't think this is 'correct' or secure.
>>  I'm not using the SQL box on a network (just un-networked workstation) but
>i
>>  would like to know how to set this up correctly.
>>  I have been reading for several hours and i don't seem to be getting the
>>  clear answer i seek, i would appreciate any help and/or info you could
>>  provide.
>>
>>  Thank you
>  > -david

Thread
safe_mysqld -u root & But"Don't run the MySQL daemon as the Unix root user?"david6 Aug
  • Re: safe_mysqld -u root & But"Don't run the MySQL daemon as the Unix root user?"Cliff6 Aug
    • Re: safe_mysqld -u root & But"Don't run the MySQL daemon as theUnix root user?"Paul DuBois6 Aug