Bug #15105 | mysqld ignores umask when creating its unix socket | ||
---|---|---|---|
Submitted: | 21 Nov 2005 18:09 | Modified: | 25 Nov 2005 17:20 |
Reporter: | [ name withheld ] | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: General | Severity: | S4 (Feature request) |
Version: | 5.0.17-BK, 4.0.24 | OS: | Linux (Linux, sun-solaris2.10 on sparc) |
Assigned to: | CPU Architecture: | Any |
[21 Nov 2005 18:09]
[ name withheld ]
[21 Nov 2005 18:28]
Valeriy Kravchuk
Thank you for a problem report. I'll try to check on Linux first. Even if it is true that umask is ignored, you may just put your socket into the directory not readable and not executable by nobody else but you.
[25 Nov 2005 15:06]
Valeriy Kravchuk
Thank you for a problem report. Yes, umask values are ignored when creating sockets. Moreover, the access rights are reset upon each startup: Verified on 5.0.17-BK () on Linux: [openxs@Fedora 5.0]$ ls -l ~/*.sock srwxrwxrwx 1 openxs openxs 0 Sep 1 18:26 /home/openxs/mysql5.sock [openxs@Fedora 5.0]$ umask 077 [openxs@Fedora 5.0]$ umask 0077 [openxs@Fedora 5.0]$ bin/mysqld_safe --socket=/home/openxs/mynew.sock & [1] 7705 [openxs@Fedora 5.0]$ Starting mysqld daemon with databases from /home/openxs/dbs/5.0/var [openxs@Fedora 5.0]$ ls -l ~/*.sock srwxrwxrwx 1 openxs openxs 0 Sep 1 18:26 /home/openxs/mysql5.sock [openxs@Fedora 5.0]$ chmod 700 ~/mynew.sock [openxs@Fedora 5.0]$ ls -l ~/*.sock srwx------ 1 openxs openxs 0 Nov 25 17:49 /home/openxs/mynew.sock [openxs@Fedora 5.0]$ bin/mysqladmin -uroot --socket=/home/openxs/mynew.sock shutdown; STOPPING server from pid file /home/openxs/dbs/5.0/var/Fedora.pid 051125 17:56:08 mysqld ended [1]+ Done bin/mysqld_safe --socket=/home/openxs/mynew.sock [openxs@Fedora 5.0]$ bin/mysqld_safe --socket=/home/openxs/mynew.sock & [1] 7856 [openxs@Fedora 5.0]$ Starting mysqld daemon with databases from /home/openxs/dbs/5.0/var [openxs@Fedora 5.0]$ ls -l ~/*.sock srwxrwxrwx 1 openxs openxs 0 Nov 25 17:56 /home/openxs/mynew.sock I am not sure that socket permissions is a problem (anybody can send packet to port 3306, so what?), but let the developers check is it really the intended behaviour.
[25 Nov 2005 15:14]
[ name withheld ]
About your comment "anybody can send packet to port 3306, so what?": In my configuration, I had explicitly used as the goal was to have a private database server not accessible to anybody else. So there was nobody listening on port 3306. /Niels
[25 Nov 2005 17:20]
[ name withheld ]
Sorry, the word "skip-networking" was lost in my previous comment. I had explicitly used the option --skip-networking to disable listening on port 3306. /Niels