> > No: /etc/pki/CA should NOT be group writeable. Ditto for > /etc/pki/tls/cernts and private Ok, yeah I can understand that. I'll correct it. Still need a way to get SSL enabled however. Any suggestions there? Thanks Tim On Thu, Mar 12, 2015 at 11:40 AM, <m.roth at 5-cent.us> wrote: > Tim Dunphy wrote: > >> > >> The mysqld process runs as the mysql user. It's parent which is the > >> mysqld_safe runs as the root user. That being said the mysql user > >> needs to have at least read permission to the locations where the ssl > files > >> are located. By default on Centos the /etc/pki/CA/private directory > has > >> its directory permissions to only allow the root user. If the mysql > user > >> cannot read all ssl files SSL will not work. > <snip> > > Thanks for your reply! That answer actually makes complete sense. Ok, so > > here is what I tried, so far without success. I gave the mysql group > > ownership of all related directories. And changed group permissions so > > that group can access them: > > > > [root at web2:/etc] #ls -ld /etc/pki/CA > > drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA > > [root at web2:/etc] #ls -ld /etc/pki/tls/{private,certs} > > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs > > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private > > > > Restarted the mariadb service. And when I took another look at the SSL > > variable, it's still showing that SSL is not enabled: > <snip> > Some of those will *not* work. For example, you will has ssh issues > yourself is ~/.ssh is *anything* other than 700. > > No: /etc/pki/CA should NOT be group writeable. Ditto for > /etc/pki/tls/cernts and private. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B