Created attachment 467453 [details] Patch to use user and group configured in mysqld section of my.cnf file in init script Description of problem: Whenever I upgrade mysql it stops working because I cannot use the default username of "mysql" as this is already used in NIS (I know bad network admin, but nothing I can do about it). I have therefore defined a local user of "lmysql" and set the configuration in /etc/my.cnf to use this other user, however the init script /etc/init.d/mysqld is hardcoded to use "mysql" instead of the configured user value from /etc/my.cnf. Version-Release number of selected component (if applicable): mysql-5.1.52-1 How reproducible: Always Steps to Reproduce: 1. Remove local mysql user. 2. Create new user for mysql under a different name e.g. localmysql. 3. Change user in /etc/my.cnf to match new user name. 4. "service mysqld start". Actual results: Permissions errors as the "mysql" user is not available and the correctly configured user in /etc/my.cnf isn't being used. Expected results: The user name as defined in /etc/my.cnf should be used. Additional info: Patch for mysql.init file in the source package is attached. This patch will use configured user and group in the mysqld section of my.cnf. Defaults of "mysql" are used for user and group names to maintain current behaviour.
Since such an option would in fact break things in the normal configuration (because the RPM package carefully sets up the user/group ownership of /var/lib/mysql), this doesn't seem like a terribly good thing to apply. In particular, the option will not work reliably unless I make the chown at line 96 into chown -R, which would be undoing a previous user complaint (see bug #221085). I haven't got a lot of confidence that it'd interact nicely with SELinux, either.
It doesn't break anything on the system I've been running it on, and I've been using these changes for a couple of years now. Mysql happily runs as a user other than "mysql" with the various chown's in the init script changed to use the configured user value. What is the point in having a user= configuration option in the my.cnf file if you're just going to override it in the init script? This option is useful, if like me for some reason you cannot use "mysql" as the username or you want to use a different username for some other reason (security issue?). Hardcoding a username value of "mysql" in the init script is not very useful, especially when there's supposed to be a configuration option for the username (not to mention that hardcoding any constant value several times is bad programming style in any piece of code). Does SElinux really insist that mysqld is run as the user "mysql"? I wouldn't have thought so.
Hi, I've done some tests focused on changing mysql user and it seems like SELinux has no problem with running mysqld under another user than "mysql" (selinux-policy seems to not care about the user at all). So if the context of datadir is fine and ownership of all necessary files/dirs is properly updated, mysqld should work smoothly with e.g. "lmysql" user. Now let's see how we can deal with your issue with systemd. Starting with Fedora 16 mysqld service is shipped with native systemd unit file, so there is no SysV init file any more. mysqld is run under a user, that is set explicitly in the unit file (/lib/systemd/system/mysqld.service): > [Service] > Type=forking > User=mysql > Group=mysql What is important, systemd doesn't allow to set this property according to a variable or any configuration mechanism. Fortunately, there is a simple way to override default unit files located in /lib/systemd/system. We just drop an adjusted unit file into /etc/systemd/system, the original file would be then ignored. What's more, we don't need to drop the whole file into /etc/systemd/system, but we can import the original file and to override only some values instead. Note, that the new file in /etc/systemd/system won't be ever changed during update, so the adjusted settings won't be overridden any more. On the other hand, /lib/systemd/system/mysqld.service can be changed during update, so all important changes besides overridden values will take effect. To sum it up, everything what you'd need to do is dropping a piece of unit file into /etc/systemd/system/mysqld.service with the following content: > .include /lib/systemd/system/mysqld.service > > [Service] > User=lmysql Don't forget to run "systemctl daemon-reload" then. This should solve your issue in the most correct way, at least from the systemd point of view. David, will this solution be sufficient for you?
That solution would work well enough :) I'd also suggest putting a comment in the distributed /etc/my.cnf file to say that user settings there are ignored and that a /etc/systemd/system/mysqld.service should be created and settings placed there. That way people will be directed to the place for those settings that works.
There is a simple manual how to use .include directive on systemd "how to" page: http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F And there can probably be something like the following in my.cfg: # Settings user and group are ignored when systemd is used. # If you need to run mysqld under different user or group, # customize your systemd unit file for mysqld according # instructions in http://fedoraproject.org/wiki/Systemd
(In reply to comment #5) > And there can probably be something like the following in my.cfg: > # Settings user and group are ignored when systemd is used. > # If you need to run mysqld under different user or group, > # customize your systemd unit file for mysqld according > # instructions in http://fedoraproject.org/wiki/Systemd Agreed. Let's also remove the "user=mysql" line in my.cnf, since it doesn't do anything anymore.
Honza has committed the above documentation patch, so that's as far as we're going with this issue.