Ubuntu, user can't write to a directory and I don't see why not

2

I've got a directory, /var/www/someProject/backup/mysql, and I want the user mysql to write to it. Each time I try to write to it with the mysql user, I get a "can't read/write" error. Yet the directory is 777 as you can see here:

drwxrwxrwx 2 aUser users 4096 2010-03-17 17:14 mysql

I also tried to chown the directory to mysql:mysql, just like the home dir of the mysql user, but no luck, that changed nothing.

What am I doing wrong here? Or is the mysql user limited to his home dir in some other way in Ubuntu? Been bugging me for days now, this problem so any help greatly appreciated.

Peter

Posted 2010-03-19T11:12:27.797

Reputation: 247

777 permissions are wrong in most cases. – geek – 2010-03-19T12:43:35.407

I know, and so is changing the owner as I don't want mysql to become the owner, just trying out stuff to get this to work. Any idea what I might be doing wrong here? I'm pretty noob towards linux. – Peter – 2010-03-19T12:58:11.927

Could you add the exact error message you are seeing ? Is there some additional information in the mysql log file ? – Dominik – 2010-03-19T14:54:32.160

The full error message is: Message: Mysqli statement execute error : Can't create/write to file '/var/www/someProject/backup/mysql/1269005862_tableName.sql' (Errcode: 13) Cheers for trying to help me out Dominik – Peter – 2010-03-19T15:31:56.017

Just double checked my mysql logs and they are empty – Peter – 2010-03-19T15:35:44.540

I just checked my syslog, and there I found this: Mar 19 16:51:49 serverName kernel: [13584.420001] type=1503 audit(1269013909.540:24): operation="inode_create" requested_ mask="a::" denied_mask="a::" fsuid=112 name="/var/www/someProject/backup/mysql/1269013909_tableName.sql" pid=8554 prof ile="/usr/sbin/mysqld" – Peter – 2010-03-19T15:53:50.200

Answers

2

With the help off Dominik above, I discovered that Ubuntu is running apparmor. I quote from wikipedia:

AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program

Sure enough, among those programs was mysqld. So not the user was the problem, but the restrictions imposed on the process by apparmor. I then found the solution here

sudo touch /etc/apparmod.d/disable/usr.sbin.mysqld
sudo /etc/init.d/apparmor reload

This makes mysqld a free process which for me, on that server, is no problem. So, after days of searching, problem fixed!

Peter

Posted 2010-03-19T11:12:27.797

Reputation: 247

2

You need to make sure that the mysql user is able to actually get to the /var/www/someProject/backup/mysql directory, i.e. he must have at least the 'x' right on all parent directories.

Also make sure that the error isn't caused by your SELinux setup (if you are using SELinux).

Dominik

Posted 2010-03-19T11:12:27.797

Reputation: 767

Hi Dominik, I just traced every directory from var to mysql and they all have the x right for others, as mysql isn't the owner nor belongs to the group of any of them. For example: drwxr-xr-x 16 root root 4096 2009-09-15 09:56 var – Peter – 2010-03-19T12:53:54.813

+1 For SELinux. The default configuration of SELinux is extremely protective of mysql. – Satanicpuppy – 2010-03-19T15:23:52.943

That particular server is running on Ubuntu, and I don't think selinux comes with the standard install of ubuntu. – Peter – 2010-03-19T15:30:58.513

@Dominik, this was really helpful. I'm not there yet, but I discovered that although my Ubuntu doesn't run selinux, it does apparmor and:

3 processes are in enforce mode : /usr/sbin/mysqld (8486)... – Peter – 2010-03-19T16:12:52.493

Asked: 2010-03-19T11:12:27.797

Viewed: 2 526 times

Active: 2010-03-19T16:25:33.057