List:General Discussion« Previous MessageNext Message »
From:David R. Saunders Date:April 3 2000 4:44am
Subject:FILE privilege question
View as plain text  
MySQL folks,
  This question centers on the granting of FILE privilege
when coupled with the ability to run the MySQL daemon
as another user.

  Let's say I setup the unix user "mysql" which
I then use as the user to run the MySQL daemon as
(bin/safe_mysqld --user=mysql &).

  Let's also say that I create a corresponding
MySQL user account called "mysql" with is a
MySQL root-equivalent.

  Finally, I place the password for MySQL user "mysql"
into the unix file /home/mysql/.my.cnf:

	[client]
	password=somepass

and set the permissions to 0600.  This allows the
unix user "mysql" to login using bin/mysql without
having to supply a password, and, more importantly,
allows any perl scripts also running as unix user
"mysql" to read this password and connect to the
daemon when needed.

  All of this should be ok, safe and secure.  I
prefer this setup because the daemon runs non-root
and because many unix architectures have root's
home directory in "/", and I don't like putting 
.my.cnf here.

  But if I then grant any mysql user FILE privilege,
will I expose the /home/mysql/.my.cnf file?
The documentation (section 6.7) says that, "Any
user to whom this privilege is granted can read or
write any file that the MySQL server can read or 
write."  It seems that I would also be exposing
all databases, since they would all be owned by
unix user "mysql" as well.

  Can anyone tell me if I am correctly interpreting
this statement?

  Just being sure of my understanding.  If this is in fact
the case it might not be a bad idea to put some additional
comments in the manual in section 6.7, plus where
the --user= mysqld command-line option is detailed
(not to mention the mSQL/MySQL O'Reilly text as well).

  Thanks for your help,

Dave Saunders
drs8h@stripped

Thread
FILE privilege questionDavid R. Saunders3 Apr
Re: FILE privilege questionPaul DuBois3 Apr
  • Re: FILE privilege questionDavid R. Saunders4 Apr
    • Re: FILE privilege questionThimble Smith4 Apr
      • Re: FILE privilege questionPaul DuBois4 Apr
        • Re: FILE privilege questionDavid R. Saunders4 Apr
          • Re: FILE privilege questionThimble Smith4 Apr
        • Re: FILE privilege questionThimble Smith4 Apr