[CentOS] Moving Mysql data directory denied by selinux?
John Allen
john.allen at dublinux.net
Tue Oct 10 14:40:50 UTC 2006
Peter Kiem wrote:
> Hi Jim,
>
>> > Now normally I just move /var/lib/mysql to /home/mysql and symlink
>> > it.
>>
>> Um... why? This seems like it would be more trouble than it's worth.
>> and with the symlink, I don't see the benefit.
>
> The reason I move it is because I usually make my systems with a
> 'small' / partition (say 10GB) and a large /home partition.
>
Thats the reason for a /var partition. I always have a huge var (400+G),
and a small home (40G)
All my samba shares (usually just /var/ftp/pub) go in /var
> It is very easy to have large MySQL databases sitting in the default
> location then use up all space on the / partition which causes all
> sorts of havoc.
>
> By moving it off to the /home partition it is moved to where the
> majority of the space is available and away from system data. MySQL
> databases are user data and should be in the user area.
>
> The symlink allows you then to just start MySQL without changing any
> of the config files and anything else that expects it to be in
> /var/lib/mysql can still find it.
>
>> This is really how you should move the data directory anyway. Faking
>> it as you were doing works, but it's not 'proper'.
>
> Symlinks were created for this very reason.
>
>> > WHY is mysqld trying to read / when I told it to use /home/mysql ?
>>
>> Because you have to get to / before you can get to /home/ and
>> /home/mysql.. Directory traversal vulnerabilities are quite
>> commonplace, which is why you see all the
>> $DOCUMENT_ROOT/../../../etc/somedir/ type attempts in logs
>> occasionally for things like apache.
>
> Well doesn't it have to traverse / to get to the default location of
> /var/lib/mysql anyway?
>
> I can see where it may not have permission for /home but surely
> everything can start at / ?
>
>
More information about the CentOS
mailing list