[CentOS] mysql replication - problems

Thu Mar 12 15:49:42 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

>
> No: /etc/pki/CA should NOT be group writeable. Ditto for
> /etc/pki/tls/cernts and private


Ok, yeah I can understand that. I'll correct it. Still need a way to get
SSL enabled however. Any suggestions there?

Thanks
Tim

On Thu, Mar 12, 2015 at 11:40 AM, <m.roth at 5-cent.us> wrote:

> Tim Dunphy wrote:
> >>
> >> The mysqld process runs as the mysql user.  It's parent which is the
> >> mysqld_safe runs as the root user.   That being said the mysql user
> >> needs to have at least read permission to the locations where the ssl
> files
> >> are located.   By default on Centos the /etc/pki/CA/private directory
> has
> >> its directory permissions to only allow the root user.  If the mysql
> user
> >> cannot read all ssl files SSL will not work.
> <snip>
> > Thanks for your reply! That answer actually makes complete sense. Ok, so
> > here is what I tried, so far without success. I gave the mysql group
> > ownership of all related directories. And changed group permissions so
> > that group can access them:
> >
> > [root at web2:/etc] #ls -ld /etc/pki/CA
> > drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
> > [root at web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
> > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
> > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
> >
> >  Restarted the mariadb service. And when I took another look at the SSL
> > variable, it's still showing that SSL is not enabled:
> <snip>
> Some of those will *not* work. For example, you will has ssh issues
> yourself is ~/.ssh is *anything* other than 700.
>
> No: /etc/pki/CA should NOT be group writeable. Ditto for
> /etc/pki/tls/cernts and private.
>
>        mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B