By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,559 Members | 2,992 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,559 IT Pros & Developers. It's quick & easy.

problem understanding user priv system

P: n/a
On my FreeBSD system, apache would run under user: www
Apache would run php script which would accesses mysql as user: xyz,
passwd: pqr
Mysql server would itself run with --user=mysql command line variable..

So, what user would need to be setup in the privilege table ? xyz or
mysql ?

Or is mysql user removable in my case ? (it was defaultly installed)

I'm new to unix. Can someone please clarify whats going on here... what
user mysql can do and what xyz can do..

Mike

Jul 23 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
siliconmike wrote:
On my FreeBSD system, apache would run under user: www
Apache would run php script which would accesses mysql as user: xyz,
passwd: pqr
Mysql server would itself run with --user=mysql command line variable..

So, what user would need to be setup in the privilege table ? xyz or
mysql ?

Or is mysql user removable in my case ? (it was defaultly installed)

I'm new to unix. Can someone please clarify whats going on here... what
user mysql can do and what xyz can do..

Mike


Mike,

I suspect what is confusing you is that Unix and MySQL have
independent users and permissions. I can be user abc as far as
Unix is concerned and have multiple MySQL logins -- none of
which are abc. In fact another user, let's say Unix user id efg
could have the MySQL user id of abc. There is no conflict
because the two login/password schemes are independent of each
other.

HTH

Jerry
Jul 23 '05 #2

P: n/a
Oh I get it now.. The mysql daemon runs as a "mysql" system user.. The
logins are independent.

Then the data directories should have r and w privileges for the unix
user "mysql", right ?

Mike

Jul 23 '05 #3

P: n/a
>On my FreeBSD system, apache would run under user: www
Apache would run php script which would accesses mysql as user: xyz,
passwd: pqr
Mysql server would itself run with --user=mysql command line variable..

So, what user would need to be setup in the privilege table ? xyz or
mysql ?
Any one you want, including 'boastmaster'.
Or is mysql user removable in my case ? (it was defaultly installed)
The UNIX user 'mysql' is for the MySQL daemon to run as, and as an
owner of the database files. I suggest you keep it around unless
you've got a good reason to change it. DON'T run mysqld as root.
The MySQL daemon needs read/write privileges on its databases.
Anyone else (UNIX user) able to write the databases can bypass MySQL
privilege rules by adding entries to the privilege tables manually,
so this list should be short.

I'm new to unix. Can someone please clarify whats going on here... what
user mysql can do and what xyz can do..


MySQL users and UNIX users have no necessary relationship to each
other. The MySQL daemon cannot determine what UNIX user a client
is running as, and it doesn't care. That means that if you have
the MySQL user 'root' left with no password, *ANY* UNIX user on the
local machine can claim to be 'root' and use it. Fortunately the
default setup doesn't allow access over the network.

The client library defaults the MySQL user to be the UNIX user if
it's not specified, but that's not security, only a convenience.
Claiming to be another MySQL user different from the UNIX user is
as easy as a command-line option or an argument to mysql_connect().

Another type of user you will often encounter is web page users.
This type is a creation of a web page that has its own login code.
The list of valid users may be kept in a MySQL database, but *not*
in the MySQL privilege tables. These users are unrelated to MySQL
users and UNIX users. A web page frequently has its own MySQL login
to access the database and validate the web page users.

Gordon L. Burditt
Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.