securing mysql server on Fedora/CentOS

Ed Landaveri landaveri at inbox.com
Wed Nov 25 02:48:29 UTC 2009 

Sam,
I know yum does everything for me but I want to secure the mysql server following the guidelines given by mysql cert guide. Running the server as root, which is the way yum defines it is not recommended. Instead they recommend running the server as the mysql user.group. This can be done by modifying the /etc/my.cnf file. But they also recommend to secure the file system permissions of the where mysql was installed or from where it runs. The example given is the one when you install from a tar archive thus they focus on /usr/local/mysql.

My question is not how but if the /var/lib/mysql directory is the mysqld installation directory? Are there any other mysql directories I would need to secure? That's why I was looking if somebody have done this before so she/he could advise me what are the directories to secure. Thank you very much.

+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
|E|d|u|a|r|d|o| |L|a|n|d|a|v|e|r|i|
+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+
|G|N|U|-|L|i|n|u|x| |U|s|e|r| |4|3|3|5|1|2|
+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+


> -----Original Message-----
> From: mrsam at courier-mta.com
> Sent: Mon, 23 Nov 2009 20:50:49 -0500
> To: fedora-list at redhat.com
> Subject: Re: securing mysql server on Fedora/CentOS
> 
> Ed Landaveri writes:
> 
>> Ladies, gentleman,
>> 
>> I'm trying to secure a mysql server and according to the MySQL
>> certification guide the file system mysql install directories should be
>> owned by the user/group mysql.mysql. Also the server should be started
>> using NOT the root account but the mysql account which easily can be
>> done
>> by modifying /etc/my.cnf file.
>> Assuming that /usr/local is the installation if you did install from a
>> tar ball to this directory this must be done:
>> 
>> chown -R mysql.mysql /usr/local
>> chmod u =rwx,go=rx /usr/local
> 
> Any particular reason you want to brew something yourself, instead of a
> simple "yum install mysql-server", which sets all of this up, for you?

____________________________________________________________
GET FREE 5GB EMAIL - Check out spam free email with many cool features!
Visit http://www.inbox.com/email to find out more!

More information about the fedora-list mailing list