>>>>> "Jeff" == Jeff Morrow <jmorrow@stripped> writes:
Jeff> In mysql_create_db (in sql/sql_db.cc), a new directory is created with mode
Jeff> 0700. Is this intentional? It seems to me like the mode should be either
Jeff> 711 or 755, since the table files inside each database directory are
Jeff> world-readable, but can't be accessed due to directory permissions.
Jeff> My MySQL server needs to be backed up over a network, but the NFS-mounted
Jeff> directories won't allow my backup script to read the database files until I
Jeff> go in and change each directory to world-executable by hand.
Jeff> Is this an oversight or an intentionally strict security model? If the
Jeff> former, then I think that the directories should be created with mode 755.
Jeff> If the latter, then the .ISD, .ISM, and .frm files should be created with
Jeff> mode 500.
We have made MySQL intentionally quite strict on demand from users on
the MySQL mailing lists. One can however affect the privilege for the
database files with the UMASK environment variable. One could also
add another variable to affect how the directories are created...
What do you mean with mode 500? In this case mysqld wouldn't be able
to update the database tables!