Permission issue in CentOS 7

Support for security such as Firewalls and securing linux
Post Reply
airtonjal
Posts: 1
Joined: 2016/03/10 14:52:45

Permission issue in CentOS 7

Post by airtonjal » 2016/03/10 14:54:56

Hi all,

I need to change the MariaDB datadir in Centos 7. The default execution works fine, but when I set the datadir property inside /etc/my.cnf I cannot start the process:

Code: Select all

[mariadb@localhost ~]$ sudo systemctl start mariadb
Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details.
[mariadb@localhost ~]$ sudo journalctl -xe
Mar 10 10:35:55 localhost.localdomain mysqld[41857]: 2016-03-10 10:35:55 [ERROR] mysqld: Can't create/write to file '/home/mariadb/tmp/ibpGvyL9' (Errcode: 13 "Permission denied")
which seems very weird since permissions seems ok:

Code: Select all

[mariadb@localhost ~]$ ls -lsa
0 drwx------  4 mariadb mariadb 148 Mar 10 10:27 .
0 drwxr-xr-x. 5 root    root     60 Mar 10 10:11 ..
0 drwxr-xr-x  2 mysql   mysql    10 Mar 10 10:23 data
0 drwxr-xr-x  2 mysql   mysql    10 Mar 10 10:27 tmp
Also, selinux is disabled:

Code: Select all

[mariadb@localhost ~]$ getenforce
Disabled
[mariadb@localhost ~]$ sestatus
SELinux status:                 disabled
Here's an output for the disk space used:

Code: Select all

[mariadb@localhost ~]$ df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   50G  1.9G   49G   4% /
devtmpfs                  65G     0   65G   0% /dev
tmpfs                     65G     0   65G   0% /dev/shm
tmpfs                     65G  8.9M   65G   1% /run
tmpfs                     65G     0   65G   0% /sys/fs/cgroup
/dev/sda2                497M  170M  327M  35% /boot
/dev/mapper/centos-home  9.1T  6.4G  9.1T   1% /home
tmpfs                     13G     0   13G   0% /run/user/0
Any ideas what might be causing the permission issue??

Thanks in advance

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Permission issue in CentOS 7

Post by TrevorH » 2016/03/10 18:51:54

Yes, you need to clone the selinux rules for the existing directories and change them to your new one. Using the -e switch to semanage fcontext is the best way to do this but first you need to identify all the existing semanage fcontext rules that are used. Reading the audit log for avcs recording the denial will help - especially if you first put selinux into permissive mode using setenforce 0 and then you will get a complete log of everything required. Trying to do this without going permissive means you will fix one thing then hit the next but doing it in permissive mode will a) work and confirm that it is selinux and b) give you a list of all the things that would be denied in one go.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

aks
Posts: 2891
Joined: 2014/09/20 11:22:14

Re: Permission issue in CentOS 7

Post by aks » 2016/03/10 19:49:11

I thought SELinux was disabled? Oh well.....

Anyway, not enough information has been posted to be able to tell - how about the output of journalctl?

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Permission issue in CentOS 7

Post by TrevorH » 2016/03/10 19:55:14

I missed that.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

aks
Posts: 2891
Joined: 2014/09/20 11:22:14

Re: Permission issue in CentOS 7

Post by aks » 2016/03/10 20:01:59

No worries, I often miss things (like my mind :lol: )

Durandaiul
Posts: 1
Joined: 2016/03/13 18:01:28

Re: Permission issue in CentOS 7

Post by Durandaiul » 2016/03/13 18:12:50

Code: Select all

[mariadb@localhost ~]$ ls -lsa
0 drwx------  4 mariadb mariadb 148 Mar 10 10:27 .
0 drwxr-xr-x. 5 root    root     60 Mar 10 10:11 ..
0 drwxr-xr-x  2 mysql   mysql    10 Mar 10 10:23 data
0 drwxr-xr-x  2 mysql   mysql    10 Mar 10 10:27 tmp
So full disclosure: I don't know mariadb/mysql setup so I'm basing this off of the error response and the directory you're showing since I can't see the full path. Assuming that we are in the path that the error is specifying ( which it seems like we are!) neither the group nor the user permissions are write which means that whether or not your mariadb user is a part of the group mysql they will be unable to write files to the temp directory.

Example:

Code: Select all

myHost:_bash myUser$ ls -ld Example
dr-xr-xr-x  2 myUser  staff  68 Mar 13 11:09 Example
myHost:_bash myUser$ touch Example/Hello
touch: Example/Hello: Permission denied

User avatar
dmunk
Posts: 37
Joined: 2016/03/16 03:33:49

Re: Permission issue in CentOS 7

Post by dmunk » 2016/03/20 16:10:56

You could just use the below since you are not using selinux:

Code: Select all


chown --reference=/var/lib/mysql /your/new/data_dir && chmod --reference=/var/lib/mysql /your/new/data_dir

Keep in mind that the above is not recursive; so, if you already created a database that has old perms you may have to take change the actual db perms as well.

Post Reply

Return to “CentOS 7 - Security Support”