PDF (A4) - 40.9Mb
Man Pages (TGZ) - 261.1Kb
Man Pages (Zip) - 368.3Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb
In this section, we discuss MySQL standard security procedures as they apply to running NDB Cluster.
In general, any standard procedure for running MySQL securely also applies to running a MySQL Server as part of an NDB Cluster. First and foremost, you should always run a MySQL Server as themysql operating system user; this is no different from running MySQL in a standard environment (that is, not usingNDB). Themysql system account should be uniquely and clearly defined. Fortunately, this is the default behavior for a new MySQL installation. You can verify that themysqld process is running as themysql operating system user by using the system command such as the one shown here:
$> ps aux | grep mysqlroot 10467 0.0 0.1 3616 1380 pts/3 S 11:53 0:00 \ /bin/sh ./mysqld_safe --ndbcluster --ndb-connectstring=localhost:1186mysql 10512 0.2 2.5 58528 26636 pts/3 Sl 11:53 0:00 \ /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql \ --datadir=/usr/local/mysql/var --user=mysql --ndbcluster \ --ndb-connectstring=localhost:1186 --pid-file=/usr/local/mysql/var/mothra.pid \ --log-error=/usr/local/mysql/var/mothra.errjon 10579 0.0 0.0 2736 688 pts/0 S+ 11:54 0:00 grep mysql If themysqld process is running as any other user thanmysql, you should immediately shut it down and restart it as themysql user. If this user does not exist on the system, themysql user account should be created, and this user should be part of themysql user group; in this case, you should also make sure that the MySQL data directory on this system (as set using the--datadir option formysqld) is owned by themysql user, and that the SQL node'smy.cnf file includesuser=mysql in the[mysqld] section. Alternatively, you can start the MySQL server process with--user=mysql on the command line, but it is preferable to use themy.cnf option, since you might forget to use the command-line option and so havemysqld running as another user unintentionally. Themysqld_safe startup script forces MySQL to run as themysql user.
Never runmysqld as the system root user. Doing so means that potentially any file on the system can be read by MySQL, and thus—should MySQL be compromised—by an attacker.
As mentioned in the previous section (seeSection 25.6.19.2, “NDB Cluster and MySQL Privileges”), you should always set a root password for the MySQL Server as soon as you have it running. You should also delete the anonymous user account that is installed by default. You can accomplish these tasks using the following statements:
$> mysql -u rootmysql> UPDATE mysql.user -> SET Password=PASSWORD('secure_password') -> WHERE User='root';mysql> DELETE FROM mysql.user -> WHERE User='';mysql> FLUSH PRIVILEGES; Be very careful when executing theDELETE statement not to omit theWHERE clause, or you risk deletingall MySQL users. Be sure to run theFLUSH PRIVILEGES statement as soon as you have modified themysql.user table, so that the changes take immediate effect. WithoutFLUSH PRIVILEGES, the changes do not take effect until the next time that the server is restarted.
Many of the NDB Cluster utilities such asndb_show_tables,ndb_desc, andndb_select_all also work without authentication and can reveal table names, schemas, and data. By default these are installed on Unix-style systems with the permissionswxr-xr-x (755), which means they can be executed by any user that can access themysql/bin directory.
SeeSection 25.5, “NDB Cluster Programs”, for more information about these utilities.
PDF (A4) - 40.9Mb
Man Pages (TGZ) - 261.1Kb
Man Pages (Zip) - 368.3Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb