List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:July 14 1999 4:50pm
Subject:Re: .my.cnf, security, and permissions
View as plain text  
At 5:38 PM +0500 7/13/99, Peter F. Brown wrote:
>Hi Folks.. and Monty?
>   Thanks for all the response... but the fundamental security issue
>is still unsolved. My understanding is that Monty's docs suggested
>setting .my.cnf to 600 so that no one but the owner could read it. That
>makes sense. Then... Apache usually runs as nobody. Even if we run
>Apache as 'someone', and add the Apache user to a group file that can
>then read .my.cnf, it's still very bad for security, I think.
>   Especially in a server that has virtual servers, and multiple
>users, we don't want .my.cnf to be readable by anyone else -- especially
>not the blind web server.
>   Monty... I've looked through the 3 or 4 options for security mentioned
>in the MySQL docs, and it seems that .my.cnf is the best option -- but
>it gets blown apart when it's accessed by web scripts. Is this is an
>issue that is on the todo list, or has anyone come up with some amazingly
>clever low-level solution? :-)

You can start your scripts using a setuid wrapper program that changes
to the proper user id, and make the .my.cnf file readable only to that user.

Paul DuBois, paul@stripped
.my.cnf, security, and permissionsPeter F. Brown11 Jul
  • Re: .my.cnf, security, and permissionsBenjamin Pflugmann11 Jul
    • Re: .my.cnf, security, and permissionsPeter F. Brown13 Jul
  • Re: .my.cnf, security, and permissionsSasha Pachev14 Jul
    • Re: .my.cnf, security, and permissionsPaul DuBois14 Jul
  • Re: .my.cnf, security, and permissionsRonald Beck14 Jul
    • Re: .my.cnf, security, and permissionsPeter F. Brown14 Jul
      • Re: .my.cnf, security, and permissionsPaul DuBois14 Jul
Re: .my.cnf, security, and permissionsPeter F. Brown14 Jul