以非 mysql 用户身份访问套接字时出现“/var/lib/mysql/mysql.sock”(13“权限被拒绝”)

tag-icon tag-icon linux mysql permissions socket user-permissions
以非 mysql 用户身份访问套接字时出现“/var/lib/mysql/mysql.sock”(13“权限被拒绝”)

我正在尝试连接到用于开发的本地 mysql 服务器

服务器启动正常,但我无法以非 root 用户身份连接到它。

[root@somepc ]# mysql -u [someuser] -p[somepass]
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied")

作为 root,这可以按预期工作。因此该用户确实有权访问 mysql。

mysql -u [user] -p[password]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

当我检查作为我的用户的权限时

stat /var/lib/mysql/mysql.sock
stat: cannot stat '/var/lib/mysql/mysql.sock': Permission denied

对于非 root 用户来说这些权限应该是什么?

答案1

该问题与套接字文件权限错误有关

namei -l /var/lib/mysql/mysql.sock                                                                                                                                               Wed 07 Feb 2018 12:53:54 SAST
f: /var/lib/mysql/mysql.sock
drwxr-xr-x root  root  /
drwxr-xr-x root  root  var
drwxr-xr-x root  root  lib
drwx------ mysql mysql mysql
                       mysql.sock - No such file or directory

作为 root,我可以看到套接字文件的权限是

 ll /var/lib/mysql/mysql.sock
 srwxrwxrwx 1 mysql mysql 0 07.02.2018 12:42 /var/lib/mysql/mysql.sock=

因此问题出在 mysql 的目录上,如上所示。

drwx------ mysql mysql mysql

我通过授予每个人访问权限解决了这个问题。因为这是我用于开发的本地机器。

sudo chmod go+rx /var/lib/mysql/

在生产机器上,我会考虑将正确的用户归入 mysql 组。

sudo chmod g+rx /var/lib/mysql/

grep mysql /etc/group
mysql:x:89:[someusers]

请运用常识,将[]上述内容替换为您需要的内容

现在按预期工作

mysql -u [user] -p[password]
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

答案2

解决此问题的另一个方法是连接时不使用套接字。

mysql -u [aaron] -p[aarw] -h 127.0.0.1
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

您的用户需要获得正确的授权才能连接到服务器。这两种方式都可以。

-- Grants for '[username]'@'localhost'
GRANT ALL PRIVILEGES ON *.* TO '[username]'@'localhost' IDENTIFIED BY PASSWORD '*somehash' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON `%`.* TO '[username]'@'localhost' WITH GRANT OPTION;

在运行它之前,您需要了解其安全隐患。允许所有主机连接,包括互联网上的任何地方。

-- Grants for '[username]'@'%'
GRANT ALL PRIVILEGES ON *.* TO '[username]'@'%' IDENTIFIED BY PASSWORD '*somehash' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON `%`.* TO '[username]'@'%' WITH GRANT OPTION;

相关内容