Tim Dunphy wrote:
>>
>> The mysqld process runs as the mysql user. It's parent which is the
>> mysqld_safe runs as the root user. That being said the mysql user
>> needs to have at least read permission to the locations where the ssl
files
>> are located. By default on Centos the /etc/pki/CA/private directory has
>> its directory permissions to only allow the root user. If the mysql user
>> cannot read all ssl files SSL will not work.
<snip>
> Thanks for your reply! That answer actually makes complete sense. Ok, so
> here is what I tried, so far without success. I gave the mysql group
> ownership of all related directories. And changed group permissions so
> that group can access them:
>
> [root@web2:/etc] #ls -ld /etc/pki/CA
> drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
> [root@web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
> drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
> drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
>
> Restarted the mariadb service. And when I took another look at the SSL
> variable, it's still showing that SSL is not enabled:
<snip>
Some of those will *not* work. For example, you will has ssh issues
yourself is ~/.ssh is *anything* other than 700.
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
