List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 22 2000 5:37pm
Subject:Re: Run MySQL as root?
View as plain text  
At 5:03 PM +0200 2000-03-22, sinisa@stripped wrote:
>Chuck Braidwood writes:
>  > Are there any security issues with running the MySQL daemon as root? 
>  > We are setting up a web-based database application with MySQL, Apache,
>  > and PHP.  I have found in the documentation HOW to run MySQL under
>  > a different account, but should I?  Thanks.
>  >
>  > Chuck Braidwood
>  > cbraidwo@stripped
>  >
>  >
>
>
>HI!
>
>There are some security issues, like exporting data to files,
>e.g. with select ... into . If MySQL is run under root uid, then any
>file could be overwritten.


?

It's true that you shouldn't run anything as root that doesn't need
to be run as root (and the MySQL server doesn't need to be), but
I thought that SELECT ... INTO requires that the output file not
exist, to prevent files from being overwritten.  On the other hand,
a root-privilege server can *read* any file on the server, which is
enough of a security risk in itself.  And being able to write files,
even if they don't yet exist, is bad.  Suppose the machine doesn't
have an /etc/hosts.equiv file -- you could get the server to create
one.  Yow.

-- 
Paul DuBois, paul@stripped
Thread
Run MySQL as root?Chuck Braidwood22 Mar
  • Re: Run MySQL as root?sinisa22 Mar
    • Re: Run MySQL as root?Paul DuBois22 Mar
      • Install DecAlpha Binary Problem?Richard Spangenberg8 Apr
        • Re: Install DecAlpha Binary Problem?sinisa8 Apr
  • Re: Run MySQL as root?sasha22 Mar
Re: Run MySQL as root?Hood Gardner22 Mar