List:BugsNext Message »
From:Michael Widenius Date:March 27 2001 8:38am
Subject:Re: INTO OUTFILE 'filename' creates world writeable files
View as plain text  

>>>>> "John" == John Warburton <John.Warburton@stripped> writes:

John> Hi Monty
John> Um, that is not my point. The examples I gave to reproduce the problem
John> and the subject of this bug report is that "SELECT INTO OUTFILE" is
John> creating *world writeable* (not just readable) files. I only found
John> this problem trying to use mysqldump.
>> Sorry for misunderstanding this.  I will see what I can do to fix so that
>> the file is only world readable in the next MySQL version.
John> Not a problem on the misunderstanding - that is usually the writer's
John> fault - not the reader's!

John> Rather than make the files world readable, could you please make the
John> files follow the UMASK environment variable that mysqld uses, or at
John> least use the umask of the user who is running the SELECT? 

John> I read in the manual under file permissions:
John> `UMASK'        The user-file creation mask when creating files.

This is used for database files; This is normally a very restricted
umask. Becasue of this we can't use this for files created with SELECT
INTO OUTFILE as the end user wouldn't then be able to access this

We can also not use the umask for the end user, as the MySQL demon is
a separate process and run as another user.

John> and assumed that it would be used when writing to ALL files.

Sorry, but this is not practical.

If you are concern about privileges, don't use SELECT INTO OUTFILE,
let the client create the file instead of the server. You can for
example use:  "mysql -e 'query' database > filename"

Re: INTO OUTFILE 'filename' creates world writeable filesMichael Widenius27 Mar