发布网友 发布时间:2024-10-24 02:49
共2个回答
热心网友 时间:2024-11-01 11:04
出现该问题的原因一般都是向没有权限的文件或是目录写东西,然后报错个人总结
解决方法如下 以select .... into file
为例
<1> select ..... into outfile '/tmp/target.txt'
<2>使用数据库目录
select ..... into outfile
'/var/lib/mysql/target.txt'
root:@localhost[mytest]>select * from me into
outfile '/var/lib/mysql/target.txt' ;
Query OK, 3 rows affected (0.00
sec)
<3> 使用默认目录
root:@localhost[mytest]>select * from me into
outfile 'target.txt';
Query OK, 3 rows affected (0.00 sec)
<4>
我们给出我们的分析思路:
首先我们以用户ububu login :
目录的权限是:
ubutu@ubutu-desktop:~$ mkdir
test
ubutu@ubutu-desktop:~$ ls -lai test
总计 8
123 drwxr-xr-x 2
ubutu ubutu 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu ubutu 4096
2010-03-24 19:59 ..
login mysql
(注意杂mysql中我们是以root用户登录的)
root:@localhost[mytest]>select * from me into
outfile '/home/ubutu/test/a.txt';
ERROR 1 (HY000): Can't create/write to file
'/home/ubutu/test/a.txt' (Errcode:
13)
报错:
我们修改目录的权限:
oot@ubutu-desktop:/home/ubutu# chown -R mysql:mysql
test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
123
drwxr-xr-x 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu
ubutu 4096 2010-03-24 19:59
..
在继续执行:错误依旧:
我们继续修改:
root@ubutu-desktop:/home/ubutu# chmod a+wx
test/
root@ubutu-desktop:/home/ubutu# ls -lai test
总计 8
123
drwxrwxrwx 2 mysql mysql 4096 2010-03-24 19:59 .
8177 drwxr-xr-x 77 ubutu
ubutu 4096 2010-03-24 19:59
..
错误仍在继续:
接着我们尝试用操作系统帐户登录:
root@ubutu-desktop:~# mysql
root:@localhost[mytest]>select * from me into outfile
'/home/ubutu/test/a.txt'
-> ;
ERROR 1 (HY000): Can't create/write to
file '/home/ubutu/test/a.txt' (Errcode:
13)
仍是同样的错误,无语了。为了查找错误的原因,我们从上面成功的例子我们看看那文件的权限:
root@ubutu-desktop:/var/lib/mysql#
ls -lai target.txt
2510 -rw-rw-rw- 1 root root 6 2010-03-24 20:07
target.txt(<1><2><3>使用操作系统的一般用户登录,但是mysql的root用户操作得到的结果)
我们看到文件的拳限是:root
,可是面我们使用chmod a+wx 仍然不行,问题处在那呢?难道是selinux ?
然后我们在/etc/apparmor
里面发现了这个:
capability setuid,
network tcp,
/etc/hosts.allow
r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/conf.d/
r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld
mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err
rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/
r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid
w,
/var/run/mysqld/mysqld.sock w,
}
网上一搜,发现:
AppArmor attempts to
protect processes on the server or desktop from security threats. AppArmor
enforces limits on what processes can access on the system. It attempts to
restrict processes to those resources that the process requires to function
only. AppArmor will not only define the system resources a program can access ,
it will also determine the privileges with which it can access those resources.
To protect applications you will need to set up a security profile for each
application that you want to protect.
AppArmor has it's history connected to
the Linux Security Modules and the SELinux project that was developed by the
National Security Agency. Both SELinux and AppArmor use these modules developed
with security in mind.
ubuntu :
Default enforcement
By default in a
new installation of the following services is done with AppArmor profiles
enforced:
* cups
* bind
* mysql
* slapd (Open
LDAP)
修改后的:
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30
2007
#include <tunables/global>
/usr/sbin/mysqld {
#include
<abstractions/base>
#include
<abstractions/nameservice>
#include
<abstractions/user-tmp>
#include <abstractions/mysql>
#include
<abstractions/winbind>
capability dac_override,
capability
sys_resource,
capability setgid,
capability setuid,
network
tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem
r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf
r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log
rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/**
rwk,
/var/ r,
/var/**
rwk,
/var/log/mysql/ r,
/var/log/mysql/*
rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock
w,
}
然后执行命令:
root:@localhost[mytest]>select * from me into outfile
'/var/data/target.txt';
Query OK, 3 rows affected (0.00
sec)解决,该情况同样使用于你想将现在的数据目录执行更换,而出现的权限问题,即
自定义数据目录。
写的有点乱,边实验边总结哈
热心网友 时间:2024-11-01 11:05
文件没有权限?