/var/lib/mysql mounted in cagefs

T

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
I was quite surprised to see that by default, /var/lib/mysql and its database data is included in the CageFS skeleton. Per Mysql issues there appears to be a good reason for this (access to the MySQL socket required) but it still seems counter intuitive somehow, given the treatment of home, tmp, root and such.

I don't however know enough about the CageFS implementation details to know whether this matters enough that it's worth doing something about, so two questions:

1. Are the database files less protected being linked within the cage, even though the directory has permissions such that they cannot be read, than they would be if they were not included?

2. If the above = true, what would be the method to resolve the issue (move the socket) that would not break cPanel MySQL maintenance?
 
Anoop P Alias

Anoop P Alias

Well-Known Member
Mar 31, 2015
103
16
18
Kochi,Kerala,India
cPanel Access Level
Root Administrator
Ideally ony the mysql socket being available in the jail should be enough to access mysql. As you said not sure how CageFS sets this up ;so I cant comment on the requirement of the dir in the skeleton
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
ThinIce said:
1. Are the database files less protected being linked within the cage, even though the directory has permissions such that they cannot be read, than they would be if they were not included?
Click to expand...
Hello @ThinIce,

You'll likely receive better feedback on this question directly from CloudLinux (@Bazinga). You can post directly to their forums at:

CloudLinux Forums

Thank you.
 
T

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
Thanks Michael, that's true. Perhaps the item from the question germane directly to cPanel is whether the MySQL socket can be changed to a different location in my.cnf for the MySQL server without this causing a problem to cPanel or cPanel upgrades of MySQL. I guess the symlink in tmp would also need modifying off the top of my head...
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
ThinIce said:
Thanks Michael, that's true. Perhaps the item from the question germane directly to cPanel is whether the MySQL socket can be changed to a different location in my.cnf for the MySQL server without this causing a problem to cPanel or cPanel upgrades of MySQL. I guess the symlink in tmp would also need modifying off the top of my head...
Click to expand...
Hello,

You should be able to change the socket location per the instructions on MySQL's documentation:

MySQL :: MySQL 5.7 Reference Manual :: B.5.3.6 How to Protect or Change the MySQL Unix Socket File

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Spirogg Error: Failed to detect code [LlsNLK7sLm2bxuWS4WvQHdFT3OqCk] in SYSLOG_LOG [/var/log/messages] Operating Systems 6
M Other usage (/var/lve/snapshots) Operating Systems 1
S var/tmp/systemd- session file removal Operating Systems 2
O Stale repeating log entries in /var/log/secure Operating Systems 4
GTMAN Apache Error on new install: File does not exist: /var/www/html/wp-cron.php Operating Systems 5
Similar threads
Error: Failed to detect code [LlsNLK7sLm2bxuWS4WvQHdFT3OqCk] in SYSLOG_LOG [/var/log/messages]
Other usage (/var/lve/snapshots)
var/tmp/systemd- session file removal
Stale repeating log entries in /var/log/secure
Apache Error on new install: File does not exist: /var/www/html/wp-cron.php
Top Bottom