[BlueOnyx:00212] Re: Third party software

[Stephanie Sullivan]

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
> bounces at blueonyx.it] On Behalf Of Michael Stauber
> Sent: Wednesday, January 14, 2009 3:41 PM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:00206] Re: Third party software
> 
> Hi Ken,
> 
> > >>change the group on a site's database files
> >
> > How would this affect security? It seems more secure to have it be
> its own
> > group and not the site's.
> 
> Yeah, this is something that has to be considered. We certainly
> wouldn't want
> a siteAdmin be able to delete his MySQL database files, as MySQL
> certainly
> won't like that. :p
> 
> --
> With best regards
> 
> Michael Stauber
> 

But the answer is soooo simple! Change the protection on the directory holding the mySQL files within the site root to be 700 with the group s bit still set. With the ownership as mysql.sitexxx the site admin will not be able to change the contents of the directory, the files created will count toward the site quota, and with the group 's' bit set the group ownership of files created within the directory will be sitexxx as well. Most important the owner (mysql) will have full access to the files. Good point about the security aspects when the files are within the site root. 

Does it matter that the files are within the site root if CMU export knows how to do a mysqldump? Options for mysqldump can eliminate the drop database/tables from the backup. Using the gui based functions to create the databases on import, then executing the output from the mysqldump, the database should be back and setup as one might expect with a CMU import. Does this sound reasonable, logically separating the database creation from the data/table restore?

Hope this is helpful!

	Thanks,
		-Stephanie