MySQL을 시스템의 root권한으로 실행시키게 되면 보안상 위험할 수 있습니다.
왜냐하면, MySQL의 root암호를 알려질 경우 시스템의 에 큰위험이 생길 수 있기 때문입니다.
따라서, 가능하면 root로 실행시키는 것 보다는 특정사용자로 실행시키는 것이 좋습니다.
특정사용자(여기서는 webadmin)로 MySQL을 실행시키려면 MySQL의 데이터가 저장된 디렉토리(/usr/local/mysql/data)의 모든 권한이 그 사용자로 되어 있어야합니다.
[root@kebia_1 mysql]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@kebia_1 mysql]# [root@kebia_1 mysql]# [root@kebia_1 mysql]# killall mysqld mysqld daemon ended [1]+ Done ./safe_mysqld (wd: /usr/local/mysql/bin) (wd now: /usr/local/mysql) [root@kebia_1 mysql]# [root@kebia_1 mysql]# [root@kebia_1 mysql]# chown -R webadmin data [root@kebia_1 mysql]# [root@kebia_1 mysql]# [root@kebia_1 mysql]# su - webadmin [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ id uid=521(webadmin) gid=521(webadmin) groups=521(webadmin) [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ cd /usr/local/mysql [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ ls -al total 44 drwxr-xr-x 11 root root 4096 Mar 13 12:01 ./ drwxr-xr-x 30 root root 4096 Mar 16 17:44 ../ drwxr-xr-x 2 root root 4096 Mar 15 20:15 bin/ drwx------ 8 webadmin root 4096 Mar 17 20:13 data/ drwxr-xr-x 3 root root 4096 Mar 13 12:00 include/ drwxr-xr-x 2 root root 4096 Mar 13 12:00 info/ drwxr-xr-x 2 root root 4096 Mar 13 12:00 libexec/ drwxr-xr-x 3 root root 4096 Mar 13 12:00 man/ drwxr-xr-x 3 root root 4096 Mar 13 12:00 share/ drwxr-xr-x 7 root root 4096 Mar 13 12:00 sql-bench/ [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ [webadmin@kebia_1 mysql]$ exit logout [root@kebia_1 mysql]#
[root@kebia_1 mysql]# [root@kebia_1 mysql]# [root@kebia_1 mysql]# cd /usr/local/mysql/bin [root@kebia_1 bin]# su - webadmin [webadmin@kebia_1 bin]$ id uid=521(webadmin) gid=521(webadmin) groups=521(webadmin) [webadmin@kebia_1 bin]$ [webadmin@kebia_1 bin]$ [webadmin@kebia_1 bin]$ pwd /usr/local/mysql/bin [webadmin@kebia_1 bin]$ [webadmin@kebia_1 bin]$ [webadmin@kebia_1 bin]$ [webadmin@kebia_1 bin]$ ./safe_mysqld& [1] 12447 [webadmin@kebia_1 bin]$ Starting mysqld daemon with databases from /usr/local/mysql/data [webadmin@kebia_1 bin]$ exit logout [root@kebia_1 bin]# [root@kebia_1 bin]# [root@kebia_1 bin]# ps -ef | grep mysqld webadmin 12447 1 0 00:58 pts/2 00:00:00 sh ./safe_mysqld webadmin 12453 12447 0 00:58 pts/2 00:00:00 /usr/local/mysql/libexec/mysqld webadmin 12455 12453 0 00:58 pts/2 00:00:00 /usr/local/mysql/libexec/mysqld webadmin 12456 12455 0 00:58 pts/2 00:00:00 /usr/local/mysql/libexec/mysqld [root@kebia_1 bin]# [root@kebia_1 bin]#
|