From owner-freebsd-questions@FreeBSD.ORG Fri Jan 30 17:12:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 806AA16A4CE for ; Fri, 30 Jan 2004 17:12:58 -0800 (PST) Received: from sarevok.webteckies.org (node123e0.a2000.nl [24.132.35.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FCEE43D31 for ; Fri, 30 Jan 2004 17:12:57 -0800 (PST) (envelope-from mdev@sarevok.webteckies.org) Received: by sarevok.webteckies.org (Postfix, from userid 100) id 6225EB82A; Sat, 31 Jan 2004 02:12:56 +0100 (CET) From: Melvyn Sopacua Organization: WebTeckies.org To: freebsd-questions@FreeBSD.org Date: Sat, 31 Jan 2004 02:12:56 +0100 User-Agent: KMail/1.5.94 References: <200401301020.55607.jorn@wcborstel.nl> In-Reply-To: <200401301020.55607.jorn@wcborstel.nl> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_YEwGAQPS578wmkA"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200401310212.56222.freebsd-questions@webteckies.org> Subject: Mysql socket security (Was: Re: i found something ugly about freeBSD) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 01:12:58 -0000 --Boundary-02=_YEwGAQPS578wmkA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 30 January 2004 10:20, Jorn Argelo wrote: > It's up to the administrator of the server to make sure that users > can't reach the /tmp partition then. Ehm, you really don't want to advise this. A proper solution: /etc/my.cnf: [mysqld] socket =3D /var/run/mysql/socket Then: mkdir /var/run/mysql chown mysql:staff /var/run/mysql chmod 750 /var/run/mysql This assumes users in group staff are allowed to access mysql. DO NOT use t= he=20 mysql group - that is best left with only the mysql user in it. =2D-=20 Melvyn =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =46reeBSD sarevok.webteckies.org 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Wed Ja= n 28=20 18:01:18 CET 2004 =20 root@sarevok.lan.webteckies.org:/usr/obj/usr/src/sys/SAREVOK_NOAPM_NODEBUG = =20 i386 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D --Boundary-02=_YEwGAQPS578wmkA Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAGwEYOv9JNmfFN5URAhpdAJsGnqiGJ17OmnbigUe9Y2rz06AvSgCfYpTU dzibXhoB725Vc+ICMwkOIpU= =hq6l -----END PGP SIGNATURE----- --Boundary-02=_YEwGAQPS578wmkA--