RE: Directions to chroot MySQL ?

[Joel Carnat <joel%carnat.net@localhost>]

Thanks for those directions Steven.
Mixing those and a previous "chroot openldap" test I did, I ended up with:

#######################
Create the chroot environment where MySQL will be installed:

# set -o braceexpand
# mkdir -p /home/sql/{etc,tmp}
# chown mysql:mysql /home/sql/tmp
# for LINK in home sql var; do ln -s . /home/sql/$LINK; done

Enable UID and GID identification:

# grep mysql /etc/master.passwd > /home/sql/etc/master.passwd
# pwd_mkdb -d /home/sql /home/sql/etc/master.passwd
# grep mysql /etc/group > /home/sql/etc/group

Copy extra required files:

# tar cpf – /usr/pkg/share/mysql | tar xpf – -C /home/sql

Edit the rc.conf and rc.local files to enable daemon autostart:

# vi /etc/rc.conf
mysqld=YES
mysqld_datadir="/home/sql/data"
mysqld_flags="--chroot=/home/sql"
# vi /etc/rc.local
[ -x /usr/pkg/share/examples/rc.d/mysqld ] &&
        /usr/pkg/share/examples/rc.d/mysqld start

Final steps:

# /usr/pkg/share/examples/rc.d/mysqld start
# ln -s /home/sql/tmp/mysql.sock /tmp/mysql.sock
# /usr/pkg/bin/mysql_secure_installation
#######################

I've created a new database, modified privileges and run mysqlcheck.
So far, everything seems to work.

Best regards,
  Jo

-----Message initial-----
À:      Joel Carnat <joel%carnat.net@localhost>; 
Cc:     pkgsrc-users%netbsd.org@localhost; 
De:     Steven Drake <sbd%NetBSD.org@localhost>
Envoyé: jeu. 09-12-2010 08:14
Sujet:  Re: Directions to chroot MySQL ?
> On Tue, 7 Dec 2010, Joel Carnat wrote:
> 
> > I've installed mysql-server 5.1 from pkgsrc binaries (on netbsd-5/i386)
> > and wanted to chroot it.
> > I've added 'mysqld_flags="--chroot=/home/sql"' to /etc/rc.conf, added
> > various files (errmsg.sys, master.passwd...) and issued various command
> > lines. But I still get loads of errors from MySQL (about write
> > permissions, missing plugins...).
> > 
> > I already have quite a few chrooted daemons (pound, named, slapd...)
> > that were far easier to deal with :)
> > 
> > While continuing digging to solve the errors one by one, I wanted to
> > know if there were "easy" directions to chroot mysql on netbsd ?
> 
> This seams to work!
> 
> 1) Create the chroot and needed subdirectorys.
> # for i in etc tmp `dirname ${mysqld_datadir}` usr/pkg/share/mysql ;do \
>       mkdir -p ${mysqld_chroot}/${i} ; done
> 
> 2) Create a passwd file with the mysql user.
> # grep mysql /etc/passwd >${mysqld_chroot}/etc/passwd
> 
> 3) Make the tmp accessable by the mysql user.
> # chown mysql:mysql {mysqld_chroot}/tmp
> 
> 4) Copy the charsets and error messages into the chroot.
> # cp -a /usr/pkg/share/mysql/charsets ${mysqld_chroot}/usr/pkg/share/mysql
> # cp -a /usr/pkg/share/mysql/english ${mysqld_chroot}/usr/pkg/share/mysql
> 
> 5) Move the ${mysqld_datadir} into the chroot.
> # ( cd `dirname ${mysqld_datadir}` ; tar cf - `basename ${mysqld_datadir}` )|\
>   ( cd ${mysqld_chroot}/`dirname ${mysqld_datadir}`; tar xf - )
> 
> 6) Delete the old ${mysqld_datadir} and make it symlink to the new location[1]
> # rm -rf ${mysqld_datadir}
> # ln -s ${mysqld_chroot}${mysqld_datadir} ${mysqld_datadir}
> 
> 7) If this is a linux system copy file libnss_file library into the chroot.
> # mkdir ${mysqld_chroot}/lib
> # cp /lib/libnss_files.so.2 ${mysqld_chroot}/lib
> 
> 8) Put the mysqld_flags="--chroot=......" into /etc/rc.conf
> # vi /etc/rc.conf
> 
> 9) Start mysqld.
> # /etc/rc.d/mysqld start
> 
> 10) Create a symlink to the mysqld socket[2].
> # ln -s ${mysqld_chroot}/tmp/mysql.sock /tmp/mysql.sock
> 
> 11) Enjoy :)
> 
> Note 1: kills two birds with one symlink.
>  ""  2: ditto.
> 
> -- 
> Steven
>