MySQL Manual | A.3.2 How to Run MySQL As a Normal User

A Problems and Common Errors
- A.3 Installation Related Issues
  - A.3.1 Problems When Linking with the MySQL Client Library
  - A.3.2 How to Run MySQL As a Normal User
  - A.3.3 Problems with File Permissions

Previous / Next / Up / Table of Contents

A.3.2 How to Run MySQL As a Normal User

The MySQL server mysqld can be started and run by any user. In order to change mysqld to run as a Unix user user_name, you must do the following:

Stop the server if it's running (use mysqladmin shutdown).
Change the database directories and files so that user_name has privileges to read and write files in them (you may need to do this as the Unix root user):
```
shell> chown -R user_name /path/to/mysql/datadir
```
If directories or files within the MySQL data directory are symlinks, you'll also need to follow those links and change the directories and files they point to. chown -R may not follow symlinks for you.
Start the server as user user_name, or, if you are using MySQL Version 3.22 or later, start mysqld as the Unix root user and use the --user=user_name option. mysqld will switch to run as the Unix user user_name before accepting any connections.
To start the server as the given user name automatically at system startup time, add a user line that specifies the user name to the [mysqld] group of the `/etc/my.cnf' option file or the `my.cnf' option file in the server's data directory. For example:
```
[mysqld]
user=user_name
```

At this point, your mysqld process should be running fine and dandy as the Unix user user_name. One thing hasn't changed, though: the contents of the permissions tables. By default (right after running the permissions table install script mysql_install_db), the MySQL user root is the only user with permission to access the mysql database or to create or drop databases. Unless you have changed those permissions, they still hold. This shouldn't stop you from accessing MySQL as the MySQL root user when you're logged in as a Unix user other than root; just specify the -u root option to the client program.

Note that accessing MySQL as root, by supplying -u root on the command-line, has nothing to do with MySQL running as the Unix root user, or, indeed, as another Unix user. The access permissions and user names of MySQL are completely separate from Unix user names. The only connection with Unix user names is that if you don't provide a -u option when you invoke a client program, the client will try to connect using your Unix login name as your MySQL user name.

If your Unix box itself isn't secured, you should probably at least put a password on the MySQL root users in the access tables. Otherwise, any user with an account on that machine can run mysql -u root db_name and do whatever he likes.

User Comments

Posted by [name withheld] on Wednesday February 26 2003, @4:37pm

[Delete] [Edit]

The issue of whether MySQL can be run as an unpriveleged user under Windows should be addressed in this section.

After searching the online documentation, I've found nothing on the subject. Thus far, I have been unable to get it to run as a service using anything other than the Local System Account or Administrator on Windows 2000.

If it won't run as an unpriveleged user on Windows, I'd be very curious to know why.

Gene

Posted by ymercier on Wednesday April 9 2003, @7:41pm

[Delete] [Edit]

I am unable to run mysql service under Win2k server
using another user than the SYSTEM account or Administrator.

What priviledge does the mysql user account needs ?

Under unix it only needs permissions on filesystem where the database are.

Windows its different, I didnt find what it needs exactly, if someone knows, send me an email

Yan

Posted by Matt Rochlin on Sunday June 22 2003, @8:57am

[Delete] [Edit]

WINDOWS XP: Same issue. I created a normal user and gave it full control to data, program and .ini file with the same result. The service refused to start and there's no error log for it. HOWEVER: With Windows XP you can run mysqld (or msqld-max-nt.exe or whatever) as a regular user from the command prompt. e.g. create a regular user called mysql. Give the user permissions to the mysql files - data/program/.ini. Then at the command prompt:
runas /user:mysql mysqld-max-nt.exe
It works. Though it wouldn't shut down with
mysqladmin -u root shutdown (had to kill it with the taskmanager).

Posted by Paul Southerington on Wednesday August 6 2003, @8:32am

[Delete] [Edit]

I'm going by memory here, so bear with me if this isn't 100% correct. You used to be able to run mysql as a windows service without having Administrator/LocalSystem rights. It broke somewhere around version 3.23.53 or 3.23.54. I believe that some code was added at about that time to handle multiple instance of mysql with different service names - it might have been related to that change but not sure.

Add your own comment.

Top / Previous / Next / Up / Table of Contents