On Mon, 19 Jun 2006 13:12:20 +0300 (EEST) "Martynas Venckus" <[EMAIL PROTECTED]> wrote:
> Hello, > > I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot), > but web applications could access mysql server only by network, which is > not the most secure and fast way. Chrooting it to /var/www/mysql would not > be secure too. > > The problem could be solved creating pseudo device for /var/mysql/tmp -- > mysql socket would be there, and mount it two times (/var/mysql/tmp, > /var/www/somewhere). Is it possible? > > Also it could be done using mount --bind, but openbsd does not support it, > right? > > And also, i have seperate partitions to /var/www and /var/mysql, so i can > not hard link the socket cross over partition. > > Thanks. > I am not sure as I have not tried it, but I think mySQL creates its unix socket *before* it calls chroot() [or can be very easily fixed anyways]. In that case, you simply have to setup mySQL so that it creates the unix socket within httpd's chroot, it does not have to be within mySQL's. -- veins
