Skip navigation links
5.5 The MySQL Access Privilege System »
Section Navigation      [Toggle]

5.4.6. How to Run MySQL as a Normal User

On Windows, you can run the server as a Windows service using a normal user account beginning with MySQL 4.0.17 and 4.1.2. (Older MySQL versions required you to have administrator rights. This was a bug introduced in MySQL 3.23.54.)

On Unix, the MySQL server mysqld can be started and run by any user. However, you should avoid running the server as the Unix root user for security reasons. To change mysqld to run as a normal unprivileged Unix user user_name, you must do the following:

  1. Stop the server if it is running (use mysqladmin shutdown).

  2. Change the database directories and files so that user_name has privileges to read and write files in them (you might need to do this as the Unix root user): 

    shell> chown -R user_name /path/to/mysql/datadir

    If you do not do this, the server will not be able to access databases or tables when it runs as user_name.

    If directories or files within the MySQL data directory are symbolic links, chown -R might not follow symbolic links for you. If it does not, you will also need to follow those links and change the directories and files they point to.

  3. Start the server as user user_name. Another alternative is to start mysqld as the Unix root user and use the --user=user_name option. mysqld starts up, then switches to run as the Unix user user_name before accepting any connections.

  4. To start the server as the given user automatically at system startup time, specify the user name by adding a user option to the [mysqld] group of the /etc/my.cnf option file or the my.cnf option file in the server's data directory. For example: 

    [mysqld]
user=user_name

If your Unix machine itself isn't secured, you should assign passwords to the MySQL root accounts in the grant tables. Otherwise, any user with a login account on that machine can run the mysql client with a --user=root option and perform any operation. (It is a good idea to assign passwords to MySQL accounts in any case, but especially so when other login accounts exist on the server host.) See Section 2.10, “Post-Installation Setup and Testing”.


User Comments

Posted by [name withheld] on February 26 2003 2:37pm[Delete] [Edit]

The issue of whether MySQL can be run as an unpriveleged user under Windows should be addressed in this section.

After searching the online documentation, I've found nothing on the subject. Thus far, I have been unable to get it to run as a service using anything other than the Local System Account or Administrator on Windows 2000.

If it won't run as an unpriveleged user on Windows, I'd be very curious to know why.


Gene

Posted by Richard Hansen on November 11 2003 12:20am[Delete] [Edit]

I had the same problem (with regards to running MySQL as a service using a normal user account). Thanks to Paul Southerington's comments, I was able to identify the code introduced in 3.23.54 that broke this. I've submitted a bug report (http://bugs.mysql.com/bug.php?id=1802) that includes a patch that you can apply to the 4.0.16 source code as well as a workaround in case you don't have the resources to compile MySQL for Windows.

Here's the workaround to get MySQL 4.0.16 to run as a normal user:

1. Go to http://www.losoft.de/lstools.html and download LS-Tools.
2. Assuming the account you want to run MySQL as is named "mysqluser", run the following command:
scacl.exe MySql /E /G mysqluser:F

(The scacl.exe program modifies service DACLs. DACLs are access control lists that control which account can do what with each service, such as start, stop, query status, delete, etc. The above command will grant the mysqluser full access to the MySql service.)

Add your own comment.