Jerry Schwartz wrote:
>> -----Original Message-----
>> From: Joerg Bruehe [mailto:joerg.bruehe@stripped]
>> Sent: Wednesday, January 19, 2011 10:43 AM
>> To: mysql@stripped
>> Cc: Jerry Schwartz
>> Subject: Re: Can't read dir of '.' (errno: 13)
>> Jerry Schwartz wrote:
>>> [JS] I have a related question: how can MySQL authenticate a user if file
>>> system permissions won't let it read any databases?
>> To me, your question sounds like you forgot the difference between
>> server and client:
> [JS] I don't think so, but perhaps I misunderstood the source of the error
> mysql> show databases ;
> ERROR 1018 (HY000): Can't read dir of '.' (errno: 13)
> Are you saying that the mysql CLI needs to read some directory ('.', in this
> case) in order to send mysqld a simple query like SHOW DATABASES? I would hope
> it doesn't need a temporary file for that.
No, I didn't say that.
You say that "the mysql CLI ... send(s) mysqld a simple query ...", and
that is correct: the client ("mysql") sends the command "show databases"
to the server ("mysqld").
To process this, the server has to check the file(s) and directory(ies)
used to store the database contents, and one of those actions is to read
the current directory.
> Who is issuing the errno 13, the client or the daemon?
AIUI, it is the server, encountering a permission problem.
So the server encounters a problem, and it reports this back to the
client who will then output the message.
Your question that triggered my original reply was:
how can MySQL authenticate a user if file system permissions
won't let it read any databases?
My original reply tried to make it obvious that the user (who is to be
authenticated) is just a database concept, so this (maybe non-existing)
user's (possibly missing) permissions in the operating system to read
any OS object (file, directory) do not matter at all when the MySQL
server does the authentication.
It is the server (process) that needs the permissions to read (and
write) database directories and files.
Of course, if these permissions are missing, then the server cannot
operate (and so also cannot authenticate a user), but that is a question
of server setup and not of database user privileges.
Joerg Bruehe, MySQL Build Team, joerg.bruehe@stripped
ORACLE Deutschland B.V. & Co. KG, Komturstrasse 18a, D-12099 Berlin
Geschaeftsfuehrer: Juergen Kunz, Marcel v.d. Molen, Alexander v.d. Ven
Amtsgericht Muenchen: HRA 95603