In this section, we discuss MySQL standard security procedures as they apply to running MySQL Cluster.
In general, any standard procedure for running MySQL securely
also applies to running a MySQL Server as part of a MySQL
Cluster. First and foremost, you should always run a MySQL
Server as the mysql
system user; this is no
different from running MySQL in a standard (non-Cluster)
environment. The mysql
system account should
be uniquely and clearly defined. Fortunately, this is the
default behavior for a new MySQL installation. You can verify
that the mysqld process is running as the
system user mysql
by using the system command
such as the one shown here:
shell> ps aux | grep mysql
root 10467 0.0 0.1 3616 1380 pts/3 S 11:53 0:00 \
/bin/sh ./mysqld_safe --ndbcluster --ndb-connectstring=localhost:1186
mysql 10512 0.2 2.5 58528 26636 pts/3 Sl 11:53 0:00 \
/usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/var --user=mysql --ndbcluster \
--ndb-connectstring=localhost:1186 --pid-file=/usr/local/mysql/var/mothra.pid \
--log-error=/usr/local/mysql/var/mothra.err
jon 10579 0.0 0.0 2736 688 pts/0 S+ 11:54 0:00 grep mysql
If the mysqld process is running as any other
user than mysql
, you should immediately shut
it down and restart it as the mysql
user. If
this user does not exist on the system, the
mysql
user account should be created, and
this user should be part of the mysql
user
group; in this case, you should also make sure that the MySQL
DataDir
on this system is owned by the
mysql
user, and that the SQL node's
my.cnf
file includes
user=mysql
in the [mysqld]
section. Alternatively, you can start the server with
--user=mysql
on the command line, but it is
preferable to use the my.cnf
option, since
you might forget to use the command-line option and so have
mysqld running as another user
unintentionally. The mysqld_safe startup
script forces MySQL to run as the mysql
user.
Never run mysqld as the system root user. Doing so means that potentially any file on the system can be read by MySQL, and thus — should MySQL be compromised — by an attacker.
As mentioned in the previous section (see Section 17.5.8.2, “MySQL Cluster and MySQL Privileges”), you should always set a root password for the MySQL Server as soon as you have it running. You should also delete the anonymous user account that is installed by default. You can accomplish these tasks via the following statements:
shell>mysql -u root
mysql>UPDATE mysql.user
->SET Password=PASSWORD('
->secure_password
')WHERE User='root';
mysql>DELETE FROM mysql.user
->WHERE User='';
mysql>FLUSH PRIVILEGES;
Be very careful when executing the
DELETE
statement not to omit the
WHERE
clause, or you risk deleting
all MySQL users. Be sure to run the
FLUSH
PRIVILEGES
statement as soon as you have modified the
mysql.user
table, so that the changes take
immediate effect. Without
FLUSH
PRIVILEGES
, the changes do not take effect until the
next time that the server is restarted.
Many of the MySQL Cluster utilities such as
ndb_show_tables,
ndb_desc, and
ndb_select_all also work without
authentication and can reveal table names, schemas, and data.
By default these are installed on Unix-style systems with the
permissions wxr-xr-x
(755), which means
they can be executed by any user that can access the
mysql/bin
directory.
See Section 17.4, “MySQL Cluster Programs”, for more information about these utilities.
User Comments
Add your own comment.