problem understanding user priv system

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
On my FreeBSD system, apache would run under user: www
Apache would run php script which would accesses mysql as user: xyz,
passwd: pqr
Mysql server would itself run with --user=mysql command line variable..

So, what user would need to be setup in the privilege table ? xyz or
mysql ?

Or is mysql user removable in my case ? (it was defaultly installed)

I'm new to unix. Can someone please clarify whats going on here... what
user mysql can do and what xyz can do..


Re: problem understanding user priv system

siliconmike wrote:
Quoted text here. Click to load it


I suspect what is confusing you is that Unix and MySQL have
independent users and permissions.  I can be user abc as far as
Unix is concerned and have multiple MySQL logins -- none of
which are abc.  In fact another user, let's say Unix user id efg
could have the MySQL user id of abc.  There is no conflict
because the two login/password schemes are independent of each



Re: problem understanding user priv system

Oh I get it now.. The mysql daemon runs as a "mysql" system user.. The
logins are independent.

Then the data directories should have r and w privileges for the unix
user "mysql", right ?


Re: problem understanding user priv system

Quoted text here. Click to load it

Any one you want, including 'boastmaster'.

Quoted text here. Click to load it

The UNIX user 'mysql' is for the MySQL daemon to run as, and as an
owner of the database files.  I suggest you keep it around unless
you've got a good reason to change it.  DON'T run mysqld as root.
The MySQL daemon needs read/write privileges on its databases.
Anyone else (UNIX user) able to write the databases can bypass MySQL
privilege rules by adding entries to the privilege tables manually,
so this list should be short.

Quoted text here. Click to load it

MySQL users and UNIX users have no necessary relationship to each
other.  The MySQL daemon cannot determine what UNIX user a client
is running as, and it doesn't care.  That means that if you have
the MySQL user 'root' left with no password, *ANY* UNIX user on the
local machine can claim to be 'root' and use it.  Fortunately the
default setup doesn't allow access over the network.

The client library defaults the MySQL user to be the UNIX user if
it's not specified, but that's not security, only a convenience.
Claiming to be another MySQL user different from the UNIX user is
as easy as a command-line option or an argument to mysql_connect().

Another type of user you will often encounter is web page users.
This type is a creation of a web page that has its own login code.
The list of valid users may be kept in a MySQL database, but *not*
in the MySQL privilege tables.  These users are unrelated to MySQL
users and UNIX users.  A web page frequently has its own MySQL login
to access the database and validate the web page users.

                    Gordon L. Burditt

Site Timeline