当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 1 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : mysql 的写权限问题:error 13 step by step
帖子发表于 : 2010-03-24 20:54 

注册: 2009-05-16 14:22
帖子: 198
送出感谢: 0 次
接收感谢: 0 次
出现该问题的原因一般都是向没有权限的文件或是目录写东西,然后报错个人总结
解决方法如下 以select .... into file 为例
<1> select ..... into outfile '/tmp/target.txt'
<2>使用数据库目录
select ..... into outfile '/var/lib/mysql/target.txt'
root:@localhost[mytest]>select * from me into outfile '/var/lib/mysql/target.txt' ;
Query OK, 3 rows affected (0.00 sec)
<3> 使用默认目录
root:@localhost[mytest]>select * from me into outfile 'target.txt';
Query OK, 3 rows affected (0.00 sec)

<4> 我们给出我们的分析思路:
首先我们以用户ububu login :
目录的权限是:
ubutu@ubutu-desktop:~$ mkdir test
ubutu@ubutu-desktop:~$ ls -lai test
总计 8
16423 drwxr-xr-x 2 ubutu ubutu 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
login mysql (注意杂mysql中我们是以root用户登录的)
root:@localhost[mytest]>select * from me into outfile '/home/ubutu/test/a.txt';
ERROR 1 (HY000): Can't create/write to file '/home/ubutu/test/a.txt' (Errcode: 13)
报错:
我们修改目录的权限:
oot@ubutu-desktop:/home/ubutu# chown -R mysql:mysql test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
16423 drwxr-xr-x 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
在继续执行:错误依旧:
我们继续修改:
root@ubutu-desktop:/home/ubutu# chmod a+wx test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
16423 drwxrwxrwx 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
错误仍在继续:
接着我们尝试用操作系统帐户登录:
root@ubutu-desktop:~# mysql
root:@localhost[mytest]>select * from me into outfile '/home/ubutu/test/a.txt'
-> ;
ERROR 1 (HY000): Can't create/write to file '/home/ubutu/test/a.txt' (Errcode: 13)
仍是同样的错误,无语了。为了查找错误的原因,我们从上面成功的例子我们看看那文件的权限:
root@ubutu-desktop:/var/lib/mysql# ls -lai target.txt
2510 -rw-rw-rw- 1 root root 6 2010-03-24 20:07 target.txt(<1><2><3>使用操作系统的一般用户登录,但是mysql的root用户操作得到的结果)
我们看到文件的拳限是:root ,可是面我们使用chmod a+wx 仍然不行,问题处在那呢?难道是selinux ?
然后我们在/etc/apparmor 里面发现了这个:
capability setuid,

network tcp,

/etc/hosts.allow r,
/etc/hosts.deny r,

/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,

网上一搜,发现:
AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.
AppArmor has it's history connected to the Linux Security Modules and the SELinux project that was developed by the National Security Agency. Both SELinux and AppArmor use these modules developed with security in mind.
ubuntu :
Default enforcement

By default in a new installation of the following services is done with AppArmor profiles enforced:

* cups
* bind
* mysql
* slapd (Open LDAP)
修改后的:
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>

/usr/sbin/mysqld {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
#include <abstractions/winbind>

capability dac_override,
capability sys_resource,
capability setgid,
capability setuid,

network tcp,

/etc/hosts.allow r,
/etc/hosts.deny r,

/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/ r,
/var/** rwk,

/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
}
然后执行命令:
root:@localhost[mytest]>select * from me into outfile '/var/data/target.txt';
Query OK, 3 rows affected (0.00 sec)解决,该情况同样使用于你想将现在的数据目录执行更换,而出现的权限问题,即
自定义数据目录。
写的有点乱,边实验边总结哈! :em11


_________________
missing is i missing you...


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 1 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 2 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译