The default location for the Unix socket file that the server
uses for communication with local clients is
/tmp/mysql.sock
. (For some distribution
formats, the directory might be different, such as
/var/lib/mysql
for RPMs.)
On some versions of Unix, anyone can delete files in the
/tmp
directory or other similar
directories used for temporary files. If the socket file is
located in such a directory on your system, this might cause
problems.
On most versions of Unix, you can protect your
/tmp
directory so that files can be
deleted only by their owners or the superuser
(root
). To do this, set the
sticky
bit on the /tmp
directory by logging in as root
and using
the following command:
shell> chmod +t /tmp
You can check whether the sticky
bit is set
by executing ls -ld /tmp
. If the last
permission character is t
, the bit is set.
Another approach is to change the place where the server creates the Unix socket file. If you do this, you should also let client programs know the new location of the file. You can specify the file location in several ways:
Specify the path in a global or local option file. For
example, put the following lines in
/etc/my.cnf
:
[mysqld] socket=/path/to/socket [client] socket=/path/to/socket
Specify a --socket
option
on the command line to mysqld_safe and
when you run client programs.
Set the MYSQL_UNIX_PORT
environment
variable to the path of the Unix socket file.
Recompile MySQL from source to use a different default
Unix socket file location. Define the path to the file
with the
--with-unix-socket-path
option when you run configure. See
Section 2.9.2, “Typical configure Options”.
You can test whether the new socket location works by attempting to connect to the server with this command:
shell> mysqladmin --socket=/path/to/socket version
User Comments
When using the DBI/DBD Perl interface routines along with mysql_multi(aka a socket file different from mysql.sock) you should set the perl env variable MYSQL_UNIX_PORT as referenced in your mysql.cnf file. Example:
$ENV{MYSQL_UNIX_PORT} = "/tmp/mysql.sock2";
It would be nice if the perldoc information(referenced in the PERL API page 21.4 MySQL Perl API) was updated to reflect this but its not a mysql problem; its PERL
Thanks Elliot! Here's a more detailed example:
#!/opt/bin/perl -w
use DBI;
$ENV{MYSQL_UNIX_PORT} = "/home/me/mysql/mysql.sock";
my $dbh = DBI->connect("DBI:mysql:database=mydb;host=localhost", "user", "passwd", {'RaiseError' => 1});
Do work here...
$dbh->disconnect();
Setting the sticky bit is sufficient in most cases, but a rogue process run in root's context (or the MySQL user context) can still remove the pipe file.
For additional security on BSD-based platforms (I tested with FreeBSD, I think OpenBSD also supports this), set the SAPPEND flag on the file:
chflags sappend /tmp/mysql.sock
This makes the file append-only (which is perfect for a pipe), and cannot be removed without first unsetting the flag.
My first inclination was to use the SCHG flag, but that means nothing can write to the pipe. :)
I don't think Linux has anything like BSD filesystem flags, so I don't think this works on Linux systems.
Add your own comment.