I fixed this for myself and posted this report long ago but it kind of bugs me that this is still in the wild so I want to bring this to the attention of the mailing list readers. http://bugs.archlinux.org/task/10058 The mysqld startup script touches the default mysqld.log location but doesn't do anything to secure it from reading by non privileged users. Databases can have sensitive information so should not be globally readable. mysqld_safe seems to take care of log creation and security itself when a log file is specified in my.cnf and it has write permission to the directory containing the logs. (personally I just create /var/log/mysql/ and gave it user:group of mysql:mysql) Furthermore the startup script assumes too much (location of log file), which may be incorrect depending on my.cnf Let the admin take care of things him/herself. Patch attached. It would be handy though for a novice user to be able to enable secure logging (with logrotate) by just uncommenting a config option in my.cnf Get rid of /var/log/mysqld.log creation diff --git a/rc.d/mysqld b/rc.d/mysqld index 0fcecf7..843397e 100755 --- a/rc.d/mysqld +++ b/rc.d/mysqld @@ -27,11 +27,6 @@ if [ ! -d $MYSQLD_ROOT ]; then chown -R mysql.mysql $MYSQLD_ROOT fi -if [ ! -e /var/log/mysqld.log ]; then - touch /var/log/mysqld.log - chown mysql /var/log/mysqld.log -fi - case "$1" in start) stat_busy "Starting MySQL"
