Skip navigation links
5.3.1 General Security Guidelines »
Section Navigation      [Toggle]

5.3. General Security Issues

[+/-]

5.3.1. General Security Guidelines
5.3.2. Password Security in MySQL
5.3.3. Making MySQL Secure Against Attackers
5.3.4. Security-Related mysqld Options
5.3.5. Security Issues with LOAD DATA LOCAL
5.3.6. How to Run MySQL as a Normal User

This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Section 5.4, “The MySQL Access Privilege System”.

For answers to some questions that are often asked about MySQL Server security issues, see Section A.9, “MySQL 5.5 FAQ — Security”.


User Comments

Posted by [name withheld] on December 9 2003 9:37am[Delete] [Edit]

It really should be pointed out that running mysqld as nobody is almost
as bad as running it as root. Toss in e.g. apache run as nobody and
anyone who can execute CGI programs can do whatever he wants to
your database. Hooray.

Posted by Anders Björklund on January 29 2004 2:29am[Delete] [Edit]

Any service/daemon [such as MySQL] should run under its own separate user. Services that can access the filesystem should not own its own binaries since a change in them can be quite spectacular at reboot/restart :-)

Limit the service-user to read/write only the files neccessary for its proper operation.

[Off topic]
If you are running for example apache and allowing users to run their own cgi's, you should compile it/setup for using suEXEC to run as a particular user/site owner.

Add your own comment.