Table of Contents
Advertisement
2. Once a MySQL user is granted privileges on an
Cluster, that user can "see" any data in that table regardless of the SQL node from which the data
originated.
17.5.10.3. MySQL Cluster and MySQL Security Procedures
In this section, we discuss MySQL standard security procedures as they apply to running MySQL
Cluster.
In general, any standard procedure for running MySQL securely also applies to running a MySQL
Server as part of a MySQL Cluster. First and foremost, you should always run a MySQL Server as the
system user; this is no different from running MySQL in a standard (non-Cluster) environment.
mysql
The
system account should be uniquely and clearly defined. Fortunately, this is the default
mysql
behavior for a new MySQL installation. You can verify that the
system user
shell>
ps aux | grep mysql
root
10467
/bin/sh ./mysqld_safe --ndbcluster --ndb-connectstring=localhost:1186
mysql
10512
/usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/var --user=mysql --ndbcluster \
--ndb-connectstring=localhost:1186 --pid-file=/usr/local/mysql/var/mothra.pid \
--log-error=/usr/local/mysql/var/mothra.err
jon
10579
If the
mysqld
and restart it as the
should be created, and this user should be part of the
also make sure that the MySQL
SQL node's
the server with
since you might forget to use the command-line option and so have
unintentionally. The
As mentioned in the previous section (see
you should always set a root password for the MySQL Server as soon as you have it running. You
should also delete the anonymous user account that is installed by default. You can accomplish these
tasks using the following statements:
shell>
mysql -u root
mysql>
UPDATE mysql.user
->
SET Password=PASSWORD('secure_password')
->
WHERE User='root';
mysql>
DELETE FROM mysql.user
->
WHERE User='';
mysql>
FLUSH PRIVILEGES;
Be very careful when executing the
deleting all MySQL users. Be sure to run the
have modified the
PRIVILEGES, the changes do not take effect until the next time that the server is restarted.
MySQL Cluster Security Issues
by using the system command such as the one shown here:
mysql
0.0
0.1
3616
0.2
2.5
58528 26636 pts/3
0.0
0.0
2736
process is running as any other user than mysql, you should immediately shut it down
user. If this user does not exist on the system, the
mysql
DataDir
file includes
my.cnf
user=mysql
on the command line, but it is preferable to use the
--user=mysql
mysqld_safe
Important
Never run
mysqld
any file on the system can be read by MySQL, and thus—should MySQL be
compromised—by an attacker.
table, so that the changes take immediate effect. Without
mysql.user
table from one SQL node in a MySQL
NDB
1380 pts/3
S
11:53
Sl
11:53
688 pts/0
S+
11:54
mysql
on this system is owned by the
in the
[mysqld]
startup script forces MySQL to run as the
as the system root user. Doing so means that potentially
Section 17.5.10.2, "MySQL Cluster and MySQL
statement not to omit the
DELETE
FLUSH PRIVILEGES
1691
process is running as the
mysqld
0:00 \
0:00 \
0:00 grep mysql
mysql
user group; in this case, you should
user, and that the
mysql
section. Alternatively, you can start
my.cnf
running as another user
mysqld
mysql
clause, or you risk
WHERE
statement as soon as you
user account
option,
user.
Privileges"),
FLUSH
Advertisement
Chapters
Table of Contents
Troubleshooting
