chrooted daemons and MariaDB socket
===================================
For external program running under a chroot(8) to be able to
access the
MariaDB server without using a network connection, the socket must be
placed inside the chroot.
e.g. httpd(8) or nginx(8): connecting to MariaDB from PHP
---------------------------------------------------------
Create a directory for the MariaDB socket:
# install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql
Adjust /etc/my.cnf to use the socket in the chroot - this
applies to both client and server processes:
[client-server]
socket = /var/www/var/run/mysql/mysql.sock
You have three progressively less restrictive ways of providing access
to your database server:
* A Unix socket:
If all the database consumers will be running locally, you can use a
socket. If any of the consumers will be running chrooted to /var/www,
then you'll need to put the socket in the chroot, as described on the
pkg-readme (and remember not to use the full path when configuring the
chrooted clients).
* TCP, listening on 127.0.0.1:
If all consumers will be running on the same host, and if you don't
want
the hassle of setting up the socket -- the tradeoff being having the
socket available for every process that can use inet -- then you can
just configure mariadb to listen on the loopback interface. If you
have
"set skip on lo0" on pf.conf (it's there by default), then you won't
need to add anything else to that file.
* TCP, listening on other interfaces:
You'll need this if the database is to be accessible to other hosts.
Using this option might require adjusting your filtering rules on
pf.conf.
You can use any combination of the above methods (socket only,
loopback
only, socket+loopback, socket+other interfaces, etc). See the
"port",
"socket", "skip-networking" and "bind-address" options on the [mysqld]
section of /etc/my.cnf, and remember to setup the [client] section
accordingly (i.e., if you skip-networking, don't configure the
client to
use TCP/IP, and if you don't setup a server socket, don't configure
the
client to use it).
I have several concerns with /etc/my.cnf
The instructions I found here are somewhat generic
https://mariadb.com/kb/en/configuring-mariadb-with-option-files/
Am I understanding them, correctly, please?
1. I need to uncomment both the socket and port lines?
#socket=/var/run/mysql/mysql.sock
#port=3306
2. I need to provide a password for MariaDB (or, does it want the user
password)?
#password=my_password
3. Is this address the same as for the machine?
e.g. "bind-address=192.168.50.xxx"?
4. I do want to uncomment all of the following?
#data=/var/mysql
#log-basename=mysqld
#general-log
#slow_query_log
Thanks!
-------------------------------------------------------------------------
[client-server]
#socket=/var/run/mysql/mysql.sock
#port=3306
# This will be passed to all MariaDB clients
[client]
#password=my_password
# The MariaDB server
[mysqld]
# To listen to all network addresses, use "bind-address = *"
bind-address=localhost
# Directory where you want to put your data
#data=/var/mysql
# This is the prefix name to be used for all log, error and replication
files
#log-basename=mysqld
# Logging
#general-log
#slow_query_log
