Re: securing mysql server on Fedora/CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sam,
I know yum does everything for me but I want to secure the mysql server following the guidelines given by mysql cert guide. Running the server as root, which is the way yum defines it is not recommended. Instead they recommend running the server as the mysql user.group. This can be done by modifying the /etc/my.cnf file. But they also recommend to secure the file system permissions of the where mysql was installed or from where it runs. The example given is the one when you install from a tar archive thus they focus on /usr/local/mysql.

My question is not how but if the /var/lib/mysql directory is the mysqld installation directory? Are there any other mysql directories I would need to secure? That's why I was looking if somebody have done this before so she/he could advise me what are the directories to secure. Thank you very much.

+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
|E|d|u|a|r|d|o| |L|a|n|d|a|v|e|r|i|
+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+
|G|N|U|-|L|i|n|u|x| |U|s|e|r| |4|3|3|5|1|2|
+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+


> -----Original Message-----
> From: mrsam@xxxxxxxxxxxxxxx
> Sent: Mon, 23 Nov 2009 20:50:49 -0500
> To: fedora-list@xxxxxxxxxx
> Subject: Re: securing mysql server on Fedora/CentOS
> 
> Ed Landaveri writes:
> 
>> Ladies, gentleman,
>> 
>> I'm trying to secure a mysql server and according to the MySQL
>> certification guide the file system mysql install directories should be
>> owned by the user/group mysql.mysql. Also the server should be started
>> using NOT the root account but the mysql account which easily can be
>> done
>> by modifying /etc/my.cnf file.
>> Assuming that /usr/local is the installation if you did install from a
>> tar ball to this directory this must be done:
>> 
>> chown -R mysql.mysql /usr/local
>> chmod u =rwx,go=rx /usr/local
> 
> Any particular reason you want to brew something yourself, instead of a
> simple "yum install mysql-server", which sets all of this up, for you?

____________________________________________________________
GET FREE 5GB EMAIL - Check out spam free email with many cool features!
Visit http://www.inbox.com/email to find out more!

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux