List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:May 9 2001 3:36am
Subject:Re: FILE Permission Security Question
View as plain text  
At 11:13 PM -0400 5/8/01, A. Chris Nichols wrote:
>Hello everyone,
>
>I was wondering if anyone could help me out and explain a bit about 
>the FILE permissions and how they relate to two particular scenarios:
>
>In both cases MySQL is running on SunOS 5.7 and running MySQL client 
>version  3.22.23b
>MySQL UserA has permissions only on DatabaseA and is granted FILE 
>permissions to all tables in that database

Nope.  The FILE privilege is one of the global privileges.  You either
have it or you don't.  Doesn't depend on which databases you have access to.
(The indicator for whether or not you have the FILE privilege is stored in
the user table along with the other global privileges.  That table isn't
db-specific.)

>
>Scenario 1:
>If UserA connects to the database using the MySQL client
>
>	What are the restrictions on what files that user can access 
>using a LOAD DATA command?  Are they dependent at all on the UNIX 
>file permissions for the user who is logged in and actually connects 
>to the database using the "mysql -u..." etc command?  Do the UNIX 
>permissions for the user that started the MySQL server have any 
>effect on this?  Is there anything configuration wise that might 
>allow LOADing in other DBs or system files?  What defines where 
>outfiles can be written?

The user who is logged in has nothing to do with the LOAD DATA (this
is not true for LOAD DATA LOCAL, but that's not what you're asking about).
There are two reasons for this:
1) you connect to the server using a MySQL user name, not your UNIX login
name.  (They might be the same, but that's just coincidence.)
2) The server can only access files that are accessible by the account
whose ID the server runs as.  This has nothing to do with either your
MySQL user name *or* your UNIX login name.

What defines where outfiles can be written are the privileges of the
UNIX account under which the server runs.  There's nothing special about this.
If the server runs as root, it can access anything (which is why it's
a bad bad bad idea to run the server as root).  If the server runs as
an ordinary user, it has that user's privileges.

>
>Scenario 2:
>If UserA's credentials are used to connect to the MySQL database 
>using the Perl DBI
>
>	Same question, what factors influence what files can be read 
>in using a LOAD DATA command?  What defines where outfiles can be 
>written?

The privileges of the UNIX account under which the server runs.  Doesn't
matter what MySQL user you connect to the server as.

>
>In both scenarios is there anything that can compromise this 
>security such as the MySQL server running as root? (I know that's a 
>big no-no)

Right.  Don't run the server as root.  Run it as an ordinary user to limit
the amount of damage it can do.  (Or that users with the FILE privilege
can make it do.)

>
>Also, I know I'm running an ancient version of MySQL, can anyone 
>help me find out when that version was released?  3.22.23b?  It will 
>help me convince the right people that it's time for an upgrade! 
>I've checked in the release notes section but I can't find anything 
>about when particular releases were made...

Not sure exactly, but I know it was prior to December 1999.

>
>Thanks,
>
>-Chris


-- 
Paul DuBois, paul@stripped
Thread
FILE Permission Security QuestionA. Chris Nichols9 May
  • Re: FILE Permission Security QuestionPaul DuBois9 May