From: Michael Widenius Date: March 17 1999 2:01am Subject: Mode setting on my_mkdir List-Archive: http://lists.mysql.com/mysql/379 Message-Id: <14063.3156.404052.669574@monty.pp.sci.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit >>>>> "Jeff" == Jeff Morrow writes: Jeff> In mysql_create_db (in sql/sql_db.cc), a new directory is created with mode Jeff> 0700. Is this intentional? It seems to me like the mode should be either Jeff> 711 or 755, since the table files inside each database directory are Jeff> world-readable, but can't be accessed due to directory permissions. Jeff> My MySQL server needs to be backed up over a network, but the NFS-mounted Jeff> directories won't allow my backup script to read the database files until I Jeff> go in and change each directory to world-executable by hand. Jeff> Is this an oversight or an intentionally strict security model? If the Jeff> former, then I think that the directories should be created with mode 755. Jeff> If the latter, then the .ISD, .ISM, and .frm files should be created with Jeff> mode 500. We have made MySQL intentionally quite strict on demand from users on the MySQL mailing lists. One can however affect the privilege for the database files with the UMASK environment variable. One could also add another variable to affect how the directories are created... What do you mean with mode 500? In this case mysqld wouldn't be able to update the database tables! Regards, Monty