On Windows, you can run the server as a Windows service using a normal user account beginning with MySQL 4.0.17 and 4.1.2. (Older MySQL versions required you to have administrator rights. This was a bug introduced in MySQL 3.23.54.)
On Unix, the MySQL server mysqld can be started
and run by any user. However, you should avoid running the server
as the Unix root
user for security reasons. To
change mysqld to run as a normal unprivileged
Unix user user_name
, you must do the
following:
Stop the server if it is running (use mysqladmin shutdown).
Change the database directories and files so that
user_name
has privileges to read
and write files in them (you might need to do this as the Unix
root
user):
shell> chown -R user_name
/path/to/mysql/datadir
If you do not do this, the server will not be able to access
databases or tables when it runs as
user_name
.
If directories or files within the MySQL data directory are
symbolic links, chown -R
might not follow
symbolic links for you. If it does not, you will also need to
follow those links and change the directories and files they
point to.
Start the server as user user_name
.
Another alternative is to start mysqld as
the Unix root
user and use the
--user=
option. mysqld starts up, then switches to
run as the Unix user user_name
user_name
before accepting any connections.
To start the server as the given user automatically at system
startup time, specify the user name by adding a
user
option to the
[mysqld]
group of the
/etc/my.cnf
option file or the
my.cnf
option file in the server's data
directory. For example:
[mysqld]
user=user_name
If your Unix machine itself isn't secured, you should assign
passwords to the MySQL root
accounts in the
grant tables. Otherwise, any user with a login account on that
machine can run the mysql client with a
--user=root
option and perform any
operation. (It is a good idea to assign passwords to MySQL
accounts in any case, but especially so when other login accounts
exist on the server host.) See
Section 2.10, “Post-Installation Setup and Testing”.
User Comments
The issue of whether MySQL can be run as an unpriveleged user under Windows should be addressed in this section.
After searching the online documentation, I've found nothing on the subject. Thus far, I have been unable to get it to run as a service using anything other than the Local System Account or Administrator on Windows 2000.
If it won't run as an unpriveleged user on Windows, I'd be very curious to know why.
Gene
I had the same problem (with regards to running MySQL as a service using a normal user account). Thanks to Paul Southerington's comments, I was able to identify the code introduced in 3.23.54 that broke this. I've submitted a bug report (http://bugs.mysql.com/bug.php?id=1802) that includes a patch that you can apply to the 4.0.16 source code as well as a workaround in case you don't have the resources to compile MySQL for Windows.
Here's the workaround to get MySQL 4.0.16 to run as a normal user:
1. Go to http://www.losoft.de/lstools.html and download LS-Tools.
2. Assuming the account you want to run MySQL as is named "mysqluser", run the following command:
scacl.exe MySql /E /G mysqluser:F
(The scacl.exe program modifies service DACLs. DACLs are access control lists that control which account can do what with each service, such as start, stop, query status, delete, etc. The above command will grant the mysqluser full access to the MySql service.)
Add your own comment.