Security

When you run a MySQL installation, it's important to make sure that the information your users entrust to their databases is kept secure. The MySQL administrator is responsible for controlling access to the data directory and the server and should understand the following issues:

  • File system security. A UNIX machine may host several user accounts that have no MySQL-related administrative duties. It's important to ensure that these accounts have no access to the data directory. This prevents them from compromising data on a file system level by copying database tables or removing them, or by being able to read log files that may contain sensitive information. You should know how to set up a UNIX user account to be used for running the MySQL server, how to set up the data directory so that it is owned by that user, and how to start up the server to run with that user's privileges.

  • Server security. You must understand how the MySQL security system works so that when you set up user accounts, you grant the proper privileges. Users connecting to the server over the network should have permission to do only what they are supposed to be able to do. You don't want to inadvertently grant superuser access to anonymous users due to faulty understanding of the security system!