Commit 7d0eb52d authored by unknown's avatar unknown

manual.texi 1) earlier change to @xref{} used 2-arg form; change

manual.texi	to 3-arg form so last arg shows up in printed output.
manual.texi	2) mysql.server no longer needs to use su or store the
manual.texi	root password.
manual.texi	3) other misc small changes.


Docs/manual.texi:
  earlier change to @xref{} used 2-arg form; change
  to 3-arg form so last arg shows up in printed output.
  mysql.server no longer needs to use su or store the
  root password.
  other misc small changes
parent 6c0cc201
......@@ -5247,7 +5247,7 @@ clients can connect to both @strong{MySQL} versions.
The extended @strong{MySQL} binary distribution is marked with the
@code{-max} suffix and is configured with the same options as
@code{mysqld-max}. @xref{mysqld-max, @code{mysqld-max}}.
@code{mysqld-max}. @xref{mysqld-max, , @code{mysqld-max}}.
If you want to use the @code{MySQL-Max} RPM, you must first
install the standard @code{MySQL} RPM.
......@@ -5588,7 +5588,7 @@ indicates the type of operating system for which the distribution is intended
@item
If you see a binary distribution marked with the @code{-max} prefix, this
means that the binary has support for transaction-safe tables and other
features. @xref{mysqld-max, @code{mysqld-max}}. Note that all binaries
features. @xref{mysqld-max, , @code{mysqld-max}}. Note that all binaries
are built from the same @strong{MySQL} source distribution.
@item
......@@ -5712,7 +5712,7 @@ You can start the @strong{MySQL} server with the following command:
shell> bin/safe_mysqld --user=mysql &
@end example
@xref{safe_mysqld, @code{safe_mysqld}}.
@xref{safe_mysqld, , @code{safe_mysqld}}.
@xref{Post-installation}.
......@@ -5784,7 +5784,7 @@ installation, you may want to make a copy of your previously installed
@strong{MySQL} startup file if you made any changes to it, so you don't lose
your changes.)
After installing the RPM file(s), the @file{mysqld} daemon should be running
After installing the RPM file(s), the @code{mysqld} daemon should be running
and you should now be able to start using @strong{MySQL}.
@xref{Post-installation}.
......@@ -5820,7 +5820,7 @@ files.
The following sections indicate some of the issues that have been observed
on particular systems when installing @strong{MySQL} from a binary
distribution.
distribution or from RPM files.
@cindex binary distributions, on Linux
@cindex Linux, binary distribution
......@@ -7671,13 +7671,13 @@ To get a core dump on Linux if @code{mysqld} dies with a SIGSEGV
signal, you can start @code{mysqld} with the @code{--core-file} option. Note
that you also probably need to raise the @code{core file size} by adding
@code{ulimit -c 1000000} to @code{safe_mysqld} or starting @code{safe_mysqld}
with @code{--core-file-sizes=1000000}. @xref{safe_mysqld, @code{safe_mysqld}}.
with @code{--core-file-sizes=1000000}. @xref{safe_mysqld, , @code{safe_mysqld}}.
To get a core dump on Linux if @code{mysqld} dies with a SIGSEGV signal, you can
start @code{mysqld} with the @code{--core-file} option. Note that you also probably
need to raise the @code{core file size} by adding @code{ulimit -c 1000000} to
@code{safe_mysqld} or starting @code{safe_mysqld} with
@code{--core-file-sizes=1000000}. @xref{safe_mysqld, @code{safe_mysqld}}.
@code{--core-file-sizes=1000000}. @xref{safe_mysqld, , @code{safe_mysqld}}.
If you are linking your own @strong{MySQL} client and get the error:
......@@ -8005,7 +8005,7 @@ shell> nohup mysqld [options] &
@code{nohup} causes the command following it to ignore any @code{SIGHUP}
signal sent from the terminal. Alternatively, start the server by running
@code{safe_mysqld}, which invokes @code{mysqld} using @code{nohup} for you.
@xref{safe_mysqld, @code{safe_mysqld}}.
@xref{safe_mysqld, , @code{safe_mysqld}}.
If you get a problem when compiling mysys/get_opt.c, just remove the
line #define _NO_PROTO from the start of that file!
......@@ -8262,7 +8262,7 @@ FreeBSD is also known to have a very low default file handle limit.
safe_mysqld or raise the limits for the @code{mysqld} user in /etc/login.conf
(and rebuild it with cap_mkdb /etc/login.conf). Also be sure you set the
appropriate class for this user in the password file if you are not
using the default (use: chpass mysqld-user-name). @xref{safe_mysqld,
using the default (use: chpass mysqld-user-name). @xref{safe_mysqld, ,
@code{safe_mysqld}}.
If you get problems with the current date in @strong{MySQL}, setting the
......@@ -9679,7 +9679,7 @@ mysqld: Can't find file: 'host.frm'
The above may also happen with a binary @strong{MySQL} distribution if you
don't start @strong{MySQL} by executing exactly @code{./bin/safe_mysqld}!
@xref{safe_mysqld, @code{safe_mysqld}}.
@xref{safe_mysqld, , @code{safe_mysqld}}.
You might need to run @code{mysql_install_db} as @code{root}. However,
if you prefer, you can run the @strong{MySQL} server as an unprivileged
......@@ -9980,7 +9980,7 @@ system startup and shutdown, and is described more fully in
@item
By invoking @code{safe_mysqld}, which tries to determine the proper options
for @code{mysqld} and then runs it with those options. @xref{safe_mysqld,
for @code{mysqld} and then runs it with those options. @xref{safe_mysqld, ,
@code{safe_mysqld}}.
@item
......@@ -10230,7 +10230,7 @@ though.
@item --core-file
Write a core file if @code{mysqld} dies. For some systems you must also
specify @code{--core-file-size} to @code{safe_mysqld}. @xref{safe_mysqld,
specify @code{--core-file-size} to @code{safe_mysqld}. @xref{safe_mysqld, ,
@code{safe_mysqld}}.
@item -h, --datadir=path
......@@ -11953,9 +11953,10 @@ When running @strong{MySQL}, follow these guidelines whenever possible:
@itemize @bullet
@item
DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE
mysql.user TABLE! The encrypted password is the real password in
@strong{MySQL}. If you know this for one user, you can easily log in as
him if you have access to his 'host'.
@code{user} TABLE IN THE @code{mysql} DATABASE! The encrypted password
is the real password in @strong{MySQL}. If you know the password listed in
the @code{user} table for a given user, you can easily log in as that
user if you have access to the host listed for that account.
@item
Learn the @strong{MySQL} access privilege system. The @code{GRANT} and
......@@ -11984,15 +11985,15 @@ computer becomes compromised, the intruder can take the full list of
passwords and use them. Instead use @code{MD5()} or another one-way
hashing function.
@item
Do not use passwords from dictionaries. There are special programs to
Do not choose passwords from dictionaries. There are special programs to
break them. Even passwords like ``xfish98'' are very bad. Much better is
``duag98'' which contains the same word ``fish'' but typed one key to the
left on a standard QWERTY keyboard. Another method is to use ``Mhall'' which
is taken from the first characters of each word in the sentence ``Mary had
a little lamb.'' This is easy to remember and type, but hard to guess for
someone who does not know it.
a little lamb.'' This is easy to remember and type, but difficult to guess
for someone who does not know it.
@item
Invest in a firewall. This protects from at least 50% of all types of
Invest in a firewall. This protects you from at least 50% of all types of
exploits in any software. Put @strong{MySQL} behind the firewall or in
a demilitarized zone (DMZ).
......@@ -12001,11 +12002,16 @@ Checklist:
@item
Try to scan your ports from the Internet using a tool such as
@code{nmap}. @strong{MySQL} uses port 3306 by default. This port should
be inaccessible from untrusted hosts. Another simple way to check whether or
not your @strong{MySQL} port is open is to type @code{telnet
server_host 3306} from some remote machine, where
@code{server_host} is the hostname of your @strong{MySQL}
server. If you get a connection and some garbage characters, the port is
be inaccessible from untrusted hosts. Another simple way to check whether
or not your @strong{MySQL} port is open is to try the following command
from some remote machine, where @code{server_host} is the hostname of
your @strong{MySQL} server:
@example
shell> telnet server_host 3306
@end example
If you get a connection and some garbage characters, the port is
open, and should be closed on your firewall or router, unless you really
have a good reason to keep it open. If @code{telnet} just hangs or the
connection is refused, everything is OK; the port is blocked.
......@@ -12112,15 +12118,15 @@ connection, however the encryption algorithm is not very strong, and
with some effort a clever attacker can crack the password if he is able
to sniff the traffic between the client and the server. If the
connection between the client and the server goes through an untrusted
network, you should use an @strong{SSH} tunnel to encrypt the
network, you should use an SSH tunnel to encrypt the
communication.
All other information is transferred as text that can be read by anyone
who is able to watch the connection. If you are concerned about this,
you can use the compressed protocol (in @strong{MySQL} Version 3.22 and above)
to make things much harder. To make things even more secure you should use
@code{ssh}. You can find an open source ssh client at
@uref{http://www.openssh.org}, and a commercial ssh client at
@code{ssh}. You can find an open source @code{ssh} client at
@uref{http://www.openssh.org}, and a commercial @code{ssh} client at
@uref{http://www.ssh.com}. With this, you can get an encrypted TCP/IP
connection between a @strong{MySQL} server and a @strong{MySQL} client.
......@@ -12145,21 +12151,31 @@ mysql> FLUSH PRIVILEGES;
@end example
@item
Don't run the @strong{MySQL} daemon as the Unix @code{root} user.
It is very dangerous as any user with @code{FILE} privileges will be able to
create files
as @code{root} (for example, @code{~root/.bashrc}). To prevent this
@code{mysqld} will refuse to run as @code{root} unless it is specified
directly via @code{--user=root} option.
Don't run the @strong{MySQL} daemon as the Unix @code{root} user. This is
very dangerous, because any user with @code{FILE} privileges will be able
to create files as @code{root} (for example, @code{~root/.bashrc}). To
prevent this, @code{mysqld} will refuse to run as @code{root} unless it
is specified directly using a @code{--user=root} option.
@code{mysqld} can be run as an ordinary unprivileged user instead.
You can also create a new Unix user @code{mysql} to make everything
even more secure. If you run @code{mysqld} as another Unix user,
you don't need to change the @code{root} user name in the @code{user}
table, because @strong{MySQL} user names have nothing to do with Unix
user names. To start @code{mysqld} as another Unix user, add a @code{user}
line that specifies the user name to the @code{[mysqld]} group of the
@file{/etc/my.cnf} option file or the @file{my.cnf} option file in the
server's data directory. For example:
@example
[mysqld]
user=mysql
@end example
@code{mysqld} can be run as any user instead. You can also create a new
Unix user @code{mysql} to make everything even more secure. If you run
@code{mysqld} as another Unix user, you don't need to change the
@code{root} user name in the @code{user} table, because @strong{MySQL}
user names have nothing to do with Unix user names. You can edit the
@code{mysql.server} script to start @code{mysqld} as another Unix user.
Normally this is done with the @code{su} command. For more details, see
@ref{Changing MySQL user, , Changing @strong{MySQL} user}.
This will cause the server to start as the designated user whether you
start it manually or by using @code{safe_mysqld} or @code{mysql.server}.
For more details, see @ref{Changing MySQL user, , Changing @strong{MySQL}
user}.
@item
Don't support symlinks to tables (This can be disabled with the
......@@ -12168,18 +12184,10 @@ Don't support symlinks to tables (This can be disabled with the
directories could then delete any file in the system!
@xref{Symbolic links to tables}.
@item
If you put a password for the Unix @code{root} user in the @code{mysql.server}
script, make sure this script is readable only by @code{root}.
@item
Check that the Unix user that @code{mysqld} runs as is the only user with
read/write privileges in the database directories.
@item
On Unix platforms, do not run @code{mysqld} as root unless you really
need to. Consider creating a user named @code{mysql} for that purpose.
@item
Don't give the @strong{process} privilege to all users. The output of
@code{mysqladmin processlist} shows the text of the currently executing
......@@ -24351,7 +24359,7 @@ this. @xref{Table handler support}.
If you have downloaded a binary version of @strong{MySQL} that includes
support for BerkeleyDB, simply follow the instructions for installing a
binary version of @strong{MySQL}.
@xref{Installing binary}. @xref{mysqld-max, @code{mysqld-max}}.
@xref{Installing binary}. @xref{mysqld-max, , @code{mysqld-max}}.
To compile @strong{MySQL} with Berkeley DB support, download @strong{MySQL}
Version 3.23.34 or newer and configure @code{MySQL} with the
......@@ -25463,7 +25471,7 @@ binary.
If you have downloaded a binary version of @strong{MySQL} that includes
support for InnoDB (mysqld-max), simply follow the instructions for
installing a binary version of @strong{MySQL}. @xref{Installing binary}.
@xref{mysqld-max, @code{mysqld-max}}.
@xref{mysqld-max, , @code{mysqld-max}}.
To compile @strong{MySQL} with InnoDB support, download MySQL-3.23.37 or newer
and configure @code{MySQL} with the @code{--with-innodb} option.
......@@ -33110,7 +33118,7 @@ with the @code{-max} prefix. This makes it very easy to test out a
another @code{mysqld} binary in an existing installation. Just
run @code{configure} with the options you want and then install the
new @code{mysqld} binary as @code{mysqld-max} in the same directory
where your old @code{mysqld} binary is. @xref{safe_mysqld, @code{safe_mysqld}}.
where your old @code{mysqld} binary is. @xref{safe_mysqld, , @code{safe_mysqld}}.
The @code{mysqld-max} RPM uses the above mentioned @code{safe_mysqld}
feature. It just installs the @code{mysqld-max} executable and
......@@ -33358,7 +33366,7 @@ MY_PWD=`pwd` Check if we are starting this relative (for the binary
release) if test -d /data/mysql -a -f ./share/mysql/english/errmsg.sys
-a -x ./bin/mysqld
--------------------------------------------------------------------------
@xref{safe_mysqld, @code{safe_mysqld}}.
@xref{safe_mysqld, , @code{safe_mysqld}}.
@end example
The above test should be successful, or you may encounter problems.
@item
......@@ -33886,7 +33894,7 @@ server). The dump will contain SQL statements to create the table
and/or populate the table.
If you are doing a backup on the server, you should consider using
the @code{mysqlhotcopy} instead. @xref{mysqlhotcopy, @code{mysqlhotcopy}}.
the @code{mysqlhotcopy} instead. @xref{mysqlhotcopy, , @code{mysqlhotcopy}}.
@example
shell> mysqldump [OPTIONS] database [tables]
......@@ -38439,11 +38447,15 @@ user and use the @code{--user=user_name} option. @code{mysqld} will switch
to run as the Unix user @code{user_name} before accepting any connections.
@item
If you are using the @code{mysql.server} script to start @code{mysqld} when
the system is rebooted, you should edit @code{mysql.server} to use @code{su}
to run @code{mysqld} as user @code{user_name}, or to invoke @code{mysqld}
with the @code{--user} option. (No changes to @code{safe_mysqld} are
necessary.)
To start the server as the given user name automatically at system
startup time, add a @code{user} line that specifies the user name to
the @code{[mysqld]} group of the @file{/etc/my.cnf} option file or the
@file{my.cnf} option file in the server's data directory. For example:
@example
[mysqld]
user=user_name
@end example
@end enumerate
At this point, your @code{mysqld} process should be running fine and dandy as
......@@ -39091,8 +39103,8 @@ If you want to make a SQL level backup of a table, you can use
TABLE}. @xref{SELECT}. @xref{BACKUP TABLE}.
Another way to back up a database is to use the @code{mysqldump} program or
the @code{mysqlhotcopy script}. @xref{mysqldump, @code{mysqldump}}.
@xref{mysqlhotcopy, @code{mysqlhotcopy}}.
the @code{mysqlhotcopy script}. @xref{mysqldump, , @code{mysqldump}}.
@xref{mysqlhotcopy, , @code{mysqlhotcopy}}.
@enumerate
@item
......@@ -39184,7 +39196,8 @@ be an Internet service provider that wants to provide independent
If you want to run multiple servers, the easiest way is to compile the servers
with different TCP/IP ports and socket files so they are not
both listening to the same TCP/IP port or socket file. @xref{mysqld_multi}.
both listening to the same TCP/IP port or socket file. @xref{mysqld_multi, ,
@code{mysqld_multi}}.
Assume an existing server is configured for the default port number and
socket file. Then configure the new server with a @code{configure} command
......@@ -41554,7 +41567,7 @@ query string.)
If you want to know if the query should return a result set or not, you can
use @code{mysql_field_count()} to check for this.
@xref{mysql_field_count, @code{mysql_field_count}}.
@xref{mysql_field_count, , @code{mysql_field_count}}.
@subsubheading Return Values
......@@ -46342,7 +46355,7 @@ slave server restart.
@item
@code{SHOW KEYS} now shows whether or not key is @code{FULLTEXT}.
@item
New script @file{mysqld_multi}. @xref{mysqld_multi}.
New script @file{mysqld_multi}. @xref{mysqld_multi, , @code{mysqld_multi}}.
@item
Added new script, @file{mysql-multi.server.sh}. Thanks to
Tim Bunce @email{Tim.Bunce@@ig.co.uk} for modifying @file{mysql.server} to
......@@ -46395,7 +46408,7 @@ read by @code{mysql_options()}.
Added new options @code{--pager[=...]}, @code{--no-pager},
@code{--tee=...} and @code{--no-tee} to the @code{mysql} client. The
new corresponding interactive commands are @code{pager}, @code{nopager},
@code{tee} and @code{notee}. @xref{mysql, @code{mysql}}, @code{mysql --help}
@code{tee} and @code{notee}. @xref{mysql, , @code{mysql}}, @code{mysql --help}
and the interactive help for more information.
@item
Fixed crash when automatic repair of @code{MyISAM} table failed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment