[+/-]
This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Section 5.4, “The MySQL Access Privilege System”.
For answers to some questions that are often asked about MySQL Server security issues, see Section A.9, “MySQL 5.4 FAQ — Security”.
User Comments
It really should be pointed out that running mysqld as nobody is almost
as bad as running it as root. Toss in e.g. apache run as nobody and
anyone who can execute CGI programs can do whatever he wants to
your database. Hooray.
Any service/daemon [such as MySQL] should run under its own separate user. Services that can access the filesystem should not own its own binaries since a change in them can be quite spectacular at reboot/restart :-)
Limit the service-user to read/write only the files neccessary for its proper operation.
[Off topic]
If you are running for example apache and allowing users to run their own cgi's, you should compile it/setup for using suEXEC to run as a particular user/site owner.
Add your own comment.