TL;DR

I don't understand how mysql running as root@localhost would not be allowed to write to /usr/lib/? Writing a file there is a common step in going from SQL injection to root shell. Details below.

On this challenge I'm doing, I've managed to gain admin access to a wordpress panel. From there I can edit php files, allowing me to run queries on the database at my leisure.

My first step was to check which user was running the mysql server:

$results = $wpdb->get_results( 'select system_user() ', OBJECT );
var_dump($results);

This showed that mysql is running as root@localhost. In my mind root should have all rights on the system. I confirmed that it had FILE permissions:

...  "'root'@'localhost'" ["privilege_type"]=> string(4) "FILE" ["is_grantable"]=> string(3) "YES" }

Just to be sure I tried to write a file to /tmp/:

select "hello world" into outfile "/tmp/test"

It worked. I now need a root shell on the system so I proceeded to follow this methodology here which involves writing a file to /usr/lib/:

select "hello world" into dumpfile "/usr/lib/test"

But I'm getting a permission-related error:

[Can't create/write to file '/usr/lib/raptor_udf2.so' (Errcode: 13)]

Using a web shell running as a low privilege user I checked the rights on /usr/lib/:

drwxr-xr-x 173 root root 53248 Sep 29  2011 lib

Nothing funky here, root should be able to write.