At 22:39 -0400 4/16/04, Robert A. Rosenberg wrote:
I am talking a PHP+MySQL course at my local community college and
since this is the first time the course is being offered there are
some teething problems with the curriculum. I am posting this query
at the request of the instructor.
We are using a Linux Server and each Student has their own set of
directories on the Server. The MySQL Databases are created on local
PCs and then FTP'ed to the user's directory on the server. The files
get User=RW and Group/World=R permissions due to the FTP being used
having no way to set some other set of default Permissions and no
way to update them once uploaded. The Databases are made "known" to
MySQL by using a Softlink in the MySQL data folder that points to
the actual copy in the user's directory. We would like to avoid the
need to constantly go in and update/correct the permissions to
G/W=RW after each upload of new copies of the Database Folder or 3
Files that comprise a database.
Now that the background has been covered, here is my question.
Since to gain access to a Database from the PHP Code, a mysql login
request is required, it seems to me that this login can provide the
MySQL Server the information needed to switch to the respective
user's UID when accessing the database for update (as opposed to
just read) purposes (thus getting RW Permission to the files). Does
MySQL have the setuid authority so it can do so (and if so, does
there code exist there to do so)? If not, is there some other way to
allow Update Access to the respective databases based on the Login
UserID other than go Group/World Writable on the 3 files that
comprise the database?
Hmm...
This scenario is incorrect in at least two fundamental respects:
- Database directories and the files in them should be owned by the
account used to run the MySQL server. Having a set of directories,
each owned by a given student account, does not work.
- MySQL usernames have no relationship to login usernames. The only
change that the server might make to its uid is to give up privileges
during the startup process, not to gain those of another user.
One way you *might* be able to make this work is to retain the present
directory structure, symlinks and all, but:
- Make each database directory and its contents owned by and r/w to
the account used by the MySQL server.
- Set each directory and its contents so that the group access is r/w
to the group of the owning student. This would require that each student
be in a sepate unique group, to prevent other students from accessing
the files.
Not having tested this, however, I don't know if this would really work.
I would suggest rethinking the strategy. Unless you really have some reason
for each student to need to access database files directly, make them
owned by the server account and use GRANT statements to limit access
appropriately for each student.
--
Paul DuBois, MySQL Documentation Team
Madison, Wisconsin, USA
MySQL AB, www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
