Bug #86742 refman-5.7-en.pdf instructs to $chown -R mysql . #from /usr directory
Submitted: 19 Jun 2017 5:08 Modified: 26 Oct 2017 16:08
Reporter: Brian Wells Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S2 (Serious)
Version:5.7.18 OS:Ubuntu (16.04 LTS)
Assigned to: CPU Architecture:Any
Tags: basedir, chown

[19 Jun 2017 5:08] Brian Wells 
Description:
Documentation instructs to change location to BASEDIR and enter [$chown -R mysql .].  The default BASEDIR = /usr causing a large section of the file system to change owner to mysql, which cannot be undone, requiring a full system reinstall.
The documentation suggests that BASEDIR should be /usr/local/mysql or /usr/local but install defaults BASEDIR to /usr as shown by mysqld --verbose --help.

How to repeat:
fresh install of Unbuntu 16.04 LTS
fresh install of mysql 5.7.18 referencing refman-5.7-en.pdf
installed using mysql-apt-config_0.8.6-1_all.deb
Continue Post-installation Setup see: refman-5.7-en.pdf 2.10.1 Initializing the Data Directory 
1. instructs to change location to BASEDIR #BASEDIR=/usr
3. instructs to root@localhost:/usr# chown -R mysql .
Since BASEDIR = /usr major section of file system changes owner to mysql

Suggested fix:
1.  change default BASEDIR = /usr/local/mysql in install package
This would provide a siblingless parent dir for bin/mysql and sbin/mysqld which currently reside in /usr with 10 other multi level dirs.

2. change documentation to 
shell> chown -R mysql mysql-files 
shell> chgrp -R mysql mysql-files

The current use of . along with not specifying the cd results in an unrecoverable OS
[19 Jun 2017 13:14] Terje Røsten 
Hi!

Thanks for your report.

Doing chown/chgrp mysql -R . for any install layout/format is wrong.

Binaries and other artifacts should owned be root and have read only access for OS user (mysql) running MySQL server.

Only mysql-files/, datadir/, log file and pid file should be writable by OS user mysql.
[19 Jun 2017 15:58] Brian Wells 
In section 2.10.1 Initializing the Data Directory Section 6
Documentation instructs
shell> chown -R root .
It is not clear which dir this is run in, and execution in the wrong dir by a novice user results owner change for large section of file system. 

Suggest documentation change replacing . with explicit dir.

Additionally the last paragraph in section 6 should be in section 7. Section 7 mentions security concern related to plugin dir but no actionable instructions.  Edit section 7 to provide actionable instructions to resolve security concern. 
Example:
gedit /etc/mysql/my.cnf
Add  secure_file_priv='/usr/mysql-files'
#please check syntax, I'm just learning mysql and sys admin of linux
[26 Oct 2017 16:08] Daniel So 
Posted by developer:
 
Updated the MySQL 5.7 manual: removed the problematic steps, and made other changes to clarify on the steps.

The changes will be visible in the next build of the manual.