BREAKING: config-files should be owned by mysql-user

[rndmh3ro]

According to CIS-recommendations, mysql logfiles and the datadir belong to the user mysql.
We do this exactly like this, however the config-files under /etc/mysql/* are checked that they belong to user root.

I know that having least privileges is a good idea and I'm in favor of this.
However I propose to let the config-files belong to user mysql, too, because:

• It's easier to reason about if all mysql-files belong to the same user. The permissions should stay restrictive (640), so only the user that runs mysql has access to these files.
• In operating systems that do not use systemd, mysql is initially started as root but then forks to user mysql. There it makes sense that root is the owner of the config. However in operating systems with systemd, the process is directly started as user mysql. This means that the process cannot read its config-files if they belong to root. (see: https://mariadb.com/kb/en/systemd/)

The mysql-docs state to this topic (https://dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-post-install.html#secure-deployment-startup-options):

shell> cd /etc
shell> touch my.cnf
shell> chown root:root my.cnf  
shell> chmod 644 my.cnf

While the config-file belongs to root here, it is readable by everyone.

Signed-off-by: Sebastian Gumprich [email protected]

[micheelengronne]

You had me at least privileges 👍

[schurzi]

I like the ability for mysql server to read the config file as user mysql, so no root privilege is needed to start the server. But I have some problems with changing the user of the file/folder to mysql, since this would enable the running mysql process to potentially overwrite it's own configuration file

So I think the best option would be to set owner to root and group to mysql for all files and directories, that contain configuration.

[rndmh3ro]

Good idea @schurzi. This way its more secure and still works for systems with systemd.

[micheelengronne]

That seems good to me.