/var/lib/mysql mounted in cagefs
I was quite surprised to see that by default, /var/lib/mysql and its database data is included in the CageFS skeleton. Per Mysql issues there appears to be a good reason for this (access to the MySQL socket required) but it still seems counter intuitive somehow, given the treatment of home, tmp, root and such.
I don't however know enough about the CageFS implementation details to know whether this matters enough that it's worth doing something about, so two questions:
1. Are the database files less protected being linked within the cage, even though the directory has permissions such that they cannot be read, than they would be if they were not included?
2. If the above = true, what would be the method to resolve the issue (move the socket) that would not break cPanel MySQL maintenance?
-
Ideally ony the mysql socket being available in the jail should be enough to access mysql. As you said not sure how CageFS sets this up ;so I cant comment on the requirement of the dir in the skeleton 0 -
. Are the database files less protected being linked within the cage, even though the directory has permissions such that they cannot be read, than they would be if they were not included?
Hello @ThinIce, You'll likely receive better feedback on this question directly from CloudLinux (@Bazinga). You can post directly to their forums at: CloudLinux Forums Thank you.0 -
Thanks Michael, that's true. Perhaps the item from the question germane directly to cPanel is whether the MySQL socket can be changed to a different location in my.cnf for the MySQL server without this causing a problem to cPanel or cPanel upgrades of MySQL. I guess the symlink in tmp would also need modifying off the top of my head... 0 -
Thanks Michael, that's true. Perhaps the item from the question germane directly to cPanel is whether the MySQL socket can be changed to a different location in my.cnf for the MySQL server without this causing a problem to cPanel or cPanel upgrades of MySQL. I guess the symlink in tmp would also need modifying off the top of my head...
Hello, You should be able to change the socket location per the instructions on MySQL's documentation: MySQL :: MySQL 5.7 Reference Manual :: B.5.3.6 How to Protect or Change the MySQL Unix Socket File Thank you.0
Please sign in to leave a comment.
Comments
4 comments