Hi guys, I have found the best way to make this work, is to bind the mysql chroot's on to 127.0.0.0/24 addresses, then set those up as local loopbacks.
Using 'localhost' is just TOO much hastle!! Cal Original Message: ----------------- From: Andrew [email protected] Date: Wed, 2 Sep 2009 23:28:06 +0100 To: [email protected] Subject: Re: [peruser] MySQL inside chroot Matthias, Thanks. I chose this list because I guess others here may have come across issues such as these with MySQL in a chrooted environment. I have experimented, as this is a multi-virtualhost environment the only way I can get this to work is to set the socket to /tmp/ mysql.socket then create a /tmp folder inside each chrooted virtualhost then hard link the mysql.sock. Andrew On 2 Sep 2009, at 22:56, Matthias Vill wrote: > Hey Andrew, > > you should definetly go to another mailinglist for this question. > I would guess that setting socket in the outside mysql.cnf to the > full-path to the inside socket should work. > As I > a) don't run a chrooted MySQL myself > b) don't know how sockets really work > c) think this is mailinglist is more about peruser than MySQL > I guess you won't get reliable information from here (and especially > me) on such details. > > Feel free to experiment with the settings and see whether it works > (I was told sockets are a bit faster) or stick to the > recommendations and use networking (which prooved to work well with > all chrooted servers) > > Sorry I can further help you > > Matthias > > Andrew schrieb: >> Matthias, >> >> Thank you for your detailed answer! >> >> 1) I read that MySQL can only cope with one socket file, therefore I >> see the only option here (if I want to use sockets) is some sort of >> symlink to the socket defined in the my.cnf from the chroot? I worry >> about doing such things and I assume if that was a wise thing to do >> it'd be getting recommended and really everyone is saying to use >> MySQL >> via TCP in a chroot. >> >> Any advice on that point? >> >> Thanks :) >> >> On 2 Sep 2009, at 17:51, Matthias Vill wrote: >> >> >> >>> Hi Andrew, >>> >>> this is a MySQL Feature you are having trouble with. >>> >>> 1) >>> >>> http://dev.mysql.com/doc/refman/5.1/en/connecting.html >>> says: >>> -- >>> On Unix, MySQL programs treat the host name localhost specially, >>> in a >>> way that is likely different from what you expect compared to other >>> network-based programs. For connections to localhost, MySQL programs >>> attempt to connect to the local server by using a Unix socket file. >>> This >>> occurs even if a --port or -P option is given to specify a port >>> number. >>> -- >>> The socket a client is trying to use is defined in the [client] >>> section >>> of your my.cnf while the socket provided by MySQL is defined inside >>> the >>> [server] section via the >>> socket = /var/run/mysqld/mysqld.sock >>> command. If you want to be able to connect to "localhost" this file >>> has >>> to be acessible from inside and outside the chroot. >>> Also remember, that clients outside the chroot will read >>> /etc/mysql/mysql.cnf outside the chroot. >>> >>> 2) Just omit bind_address or set it to 0.0.0.0 if you want MySQL to >>> listen on _all_ network interfaces. >>> Note however that this is discouraged, as you allow remote attackers >>> to >>> reach (and maybe break) your MySQL deamon; you should set up a >>> firewall >>> in this case. >>> >>> Regards >>> >>> Matthias >>> >>> Andrew schrieb: >>> >>> >>>> Hey all, >>>> >>>> I have MySQL running without issue inside a chroot by setting >>>> bind_address = 127.0.0.1 in the /etc/my.cnf and then setting the >>>> connection setting to 127.0.0.1 in my various scripts. I have two >>>> questions: >>>> >>>> 1) Is it possible in some way to get it so that when people specify >>>> "localhost" instead of 127.0.0.1 MySQL still works? I've got a / >>>> etc/ >>>> hosts file inside the chroot but it doesn't appear to work. Perhaps >>>> some sort of iptables forwarding? >>>> >>>> 2) It would seem to me that this setup would prevent remote MySQL >>>> access on port 3306? This is important still. Is it therefore >>>> possible >>>> to have a chroot environment and still have MySQL function via >>>> localhost *and* on port 3306 in some way? If so how? >>>> >>>> Thanks. >>>> _______________________________________________ >>>> Peruser mailing list >>>> >>>> [email protected] >>>> http://www.telana.com/mailman/listinfo/peruser >>>> >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> Peruser mailing list >>> >>> [email protected] >>> http://www.telana.com/mailman/listinfo/peruser >>> >>> >>> >> >> _______________________________________________ >> Peruser mailing list >> >> [email protected] >> http://www.telana.com/mailman/listinfo/peruser >> >> >> >> > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser -------------------------------------------------------------------- mail2web.com – Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
