At 5:38 PM +0500 7/13/99, Peter F. Brown wrote:
>Hi Folks.. and Monty?
>
> Thanks for all the response... but the fundamental security issue
>is still unsolved. My understanding is that Monty's docs suggested
>setting .my.cnf to 600 so that no one but the owner could read it. That
>makes sense. Then... Apache usually runs as nobody. Even if we run
>Apache as 'someone', and add the Apache user to a group file that can
>then read .my.cnf, it's still very bad for security, I think.
>
> Especially in a server that has virtual servers, and multiple
>users, we don't want .my.cnf to be readable by anyone else -- especially
>not the blind web server.
>
> Monty... I've looked through the 3 or 4 options for security mentioned
>in the MySQL docs, and it seems that .my.cnf is the best option -- but
>it gets blown apart when it's accessed by web scripts. Is this is an
>issue that is on the todo list, or has anyone come up with some amazingly
>clever low-level solution? :-)
You can start your scripts using a setuid wrapper program that changes
to the proper user id, and make the .my.cnf file readable only to that user.
--
Paul DuBois, paul@stripped
| Thread |
|---|
| • .my.cnf, security, and permissions | Peter F. Brown | 11 Jul |
| • Re: .my.cnf, security, and permissions | Benjamin Pflugmann | 11 Jul |
| • Re: .my.cnf, security, and permissions | Peter F. Brown | 13 Jul |
| • Re: .my.cnf, security, and permissions | Sasha Pachev | 14 Jul |
| • Re: .my.cnf, security, and permissions | Paul DuBois | 14 Jul |
| • Re: .my.cnf, security, and permissions | Ronald Beck | 14 Jul |
| • Re: .my.cnf, security, and permissions | Peter F. Brown | 14 Jul |
| • Re: .my.cnf, security, and permissions | Paul DuBois | 14 Jul |
| • Re: .my.cnf, security, and permissions | Peter F. Brown | 14 Jul |
