解决方法如下 以select .... into file 为例
<1> select ..... into outfile '/tmp/target.txt'
<2>使用数据库目录
select ..... into outfile '/var/lib/mysql/target.txt'
root:@localhost[mytest]>select * from me into outfile '/var/lib/mysql/target.txt' ;
Query OK, 3 rows affected (0.00 sec)
<3> 使用默认目录
root:@localhost[mytest]>select * from me into outfile 'target.txt';
Query OK, 3 rows affected (0.00 sec)
<4> 我们给出我们的分析思路:
首先我们以用户ububu login :
目录的权限是:
ubutu@ubutu-desktop:~$ mkdir test
ubutu@ubutu-desktop:~$ ls -lai test
总计 8
16423 drwxr-xr-x 2 ubutu ubutu 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
login mysql (注意杂mysql中我们是以root用户登录的)
root:@localhost[mytest]>select * from me into outfile '/home/ubutu/test/a.txt';
ERROR 1 (HY000): Can't create/write to file '/home/ubutu/test/a.txt' (Errcode: 13)
报错:
我们修改目录的权限:
oot@ubutu-desktop:/home/ubutu# chown -R mysql:mysql test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
16423 drwxr-xr-x 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
在继续执行:错误依旧:
我们继续修改:
root@ubutu-desktop:/home/ubutu# chmod a+wx test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
16423 drwxrwxrwx 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096 2010-03-24 19:59 ..
错误仍在继续:
接着我们尝试用操作系统帐户登录:
root@ubutu-desktop:~# mysql
root:@localhost[mytest]>select * from me into outfile '/home/ubutu/test/a.txt'
-> ;
ERROR 1 (HY000): Can't create/write to file '/home/ubutu/test/a.txt' (Errcode: 13)
仍是同样的错误,无语了。为了查找错误的原因,我们从上面成功的例子我们看看那文件的权限:
root@ubutu-desktop:/var/lib/mysql# ls -lai target.txt
2510 -rw-rw-rw- 1 root root 6 2010-03-24 20:07 target.txt(<1><2><3>使用操作系统的一般用户登录,但是mysql的root用户操作得到的结果)
我们看到文件的拳限是:root ,可是面我们使用chmod a+wx 仍然不行,问题处在那呢?难道是selinux ?
然后我们在/etc/apparmor 里面发现了这个:
capability setuid,
network tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
}
网上一搜,发现:
AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.
AppArmor has it's history connected to the Linux Security Modules and the SELinux project that was developed by the National Security Agency. Both SELinux and AppArmor use these modules developed with security in mind.
ubuntu :
Default enforcement
By default in a new installation of the following services is done with AppArmor profiles enforced:
* cups
* bind
* mysql
* slapd (Open LDAP)
修改后的:
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
#include <abstractions/winbind>
capability dac_override,
capability sys_resource,
capability setgid,
capability setuid,
network tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/ r,
/var/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
}
然后执行命令:
root:@localhost[mytest]>select * from me into outfile '/var/data/target.txt';
Query OK, 3 rows affected (0.00 sec)解决,该情况同样使用于你想将现在的数据目录执行更换,而出现的权限问题,即
自定义数据目录。
写的有点乱,边实验边总结哈!
