Проблемы Mysql
Форум
  1. Forums
  2. General
  3. General Discussion
  1. ravens
  2. Wednesday, 25 March 2015
  3.  Subscribe via email
mysql on ssd and cagefs issues
Rate this post:
  1. 25.03.2015 11:03:57
  2. # 1
ravens Accepted Answer
Posts: 3
Joined: 24.03.2015
0
Votes
Undo
Hello there!
Since one year working with CL I have some unawered questions with security and second - perfomance.


1) Security.
Bein logged in cagefs with SSH users have acces to var/lib/mysql and they can see ALL of the bases on the server.
And, yes - they can read it, download it. 
My cagefs.mp is standart - it contains /var/lib/mysql to be included in cagefs as well.
I have tried to move mysql out of cagefs but it's breaks database connections.
How to hide /var/lib/mysql from users inside cagefs?

2) Perfomance.
The mysql. Again. 
For mysql I have ssd, all other files are stored on traditional HDD. This was made to reduce I\O which mysql can make and slow HDD perfomance.
I have noticed that all mysql bases which are used are stored in the /usr/share/cagefs-skeleton and HDD load is high all of the time.
I tried to move cagefs and cagefs-skeleton to SSD, but I can't see a big winning from it.
So, is there a point to move skeleton to ssd or it contains only hard\symlinks and don't make additional i\o?
  1. 25.03.2015 12:03:00
  2. # 2
Mike Tindor Accepted Answer
Posts: 35
Joined: 08.11.2013
0
Votes
Undo
FYI -- On all my CL / CageFS servers [with users jailed of course], I cannot access /var/lib/mysql or any files within it:  permission denied.    It's the same regardless of whether i use a "normal" or a "jailed" shell for the user.

So the fact that you can see all the MySQL tables suggests to me that at some point along the line you broke something / disabled something.

M
  1. 25.03.2015 13:03:15
  2. # 3
ravens Accepted Answer
Posts: 3
Joined: 24.03.2015
0
Votes
Undo
HelloMike Tindor.
Whast is your pemisson on  /var/lib/mysql ? An is it possible to get list of directory y user from SSH (jailed or not - it's doesn't matter on CL, isn't?).
  1. 25.03.2015 17:03:13
  2. # 4
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
Hello,

1. Indeed, /var/lib/mysql/ is added as whole directory to CageFS by default, but simply due to one thing - customers need to have access to /var/lib/mysql/mysql.sock . You may want to change socket location in /etc/my.cnf , in php.ini files and mount only directory with that socket, it should works. However default permissiont to /var/lib/mysql are:
drwxr-x--x 23 mysql mysql 4096 Mar 25 21:30 /var/lib/mysql/

So users could not list it\'s content.

2. MySQL is mounted to cagefs-skeleton with so called \'bind\' mount, same as hardlink and actually is working from SSD. To prove this you may take inode number from ibdata file, they should be same. Like this way:
[email protected] [~]# ls -li /var/lib/mysql/ibdata1
270347 -rw-rw---- 1 mysql mysql 18874368 Feb 17 14:47 /var/lib/mysql/ibdata1
[email protected] [~]#
[email protected] [~]#
[email protected] [~]# ls -li /usr/share/cagefs-skeleton/var/lib/mysql/ibdata1
270347 -rw-rw---- 1 mysql mysql 18874368 Feb 17 14:47 /usr/share/cagefs-skeleton/var/lib/mysql/ibdata1
  1. 26.03.2015 04:03:40
  2. # 5
ravens Accepted Answer
Posts: 3
Joined: 24.03.2015
0
Votes
Undo
Hello, Bogdan.
Thank you for your answers.
You should add this usefull information to CL Documentation - I spend a lot time reading it and didn\'t found answers for my questions.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
гость
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.
By submitting the response, you agree with Cloudlinux Privacy Policy