[CentOS] Moving Mysql data directory denied by selinux?

Tue Oct 10 13:01:45 UTC 2006
Peter Kiem <zordah at zordah.net>

Hi Jim,

> > Now normally I just move /var/lib/mysql to /home/mysql and symlink
> > it.
>
>  Um... why? This seems like it would be more trouble than it's worth.
>  and with the symlink, I don't see the benefit.

The reason I move it is because I usually make my systems with a 'small' 
/ partition (say 10GB) and a large /home partition.

It is very easy to have large MySQL databases sitting in the default 
location then use up all space on the / partition which causes all sorts 
of havoc.

By moving it off to the /home partition it is moved to where the 
majority of the space is available and away from system data.  MySQL 
databases are user data and should be in the user area.

The symlink allows you then to just start MySQL without changing any of 
the config files and anything else that expects it to be in 
/var/lib/mysql can still find it.

>  This is really how you should move the data directory anyway. Faking
>  it as you were doing works, but it's not 'proper'.

Symlinks were created for this very reason.

> > WHY is mysqld trying to read / when I told it to use /home/mysql ?
>
>  Because you have to get to / before you can get to /home/ and
>  /home/mysql.. Directory traversal vulnerabilities are quite
>  commonplace, which is why you see all the
>  $DOCUMENT_ROOT/../../../etc/somedir/ type attempts in logs
>  occasionally for things like apache.

Well doesn't it have to traverse / to get to the default location of 
/var/lib/mysql anyway?

I can see where it may not have permission for /home but surely 
everything can start at / ?


-- 
Regards,
Peter Kiem

Zordah IT - IT Consultancy and Internet Services
Ph: (0414) 724-766   Fax: (07) 3344-5827
Web: www.zordah.net  Email: zordah at zordah.net