https://bugzilla.redhat.com/show_bug.cgi?id=1457929 Augusto Caringi <acaringi@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(acaringi@redhat.c | |om) | --- Comment #5 from Augusto Caringi <acaringi@xxxxxxxxxx> --- (In reply to Honza Horak from comment #4) > I'm still thinking about whether running ProxySQL as `mysql` user has even > some security issues (where a hacked proxysql daemon might potentially be > able to read the MySQL database data on the same machine). I think this > won't happen much in practice anyway, since proxysql won't probably run on > the same machine as MySQL/MariaDB server, but still, the more I think about > it, the more I like 1.3 as the solution.. My personal preference is 1.3 as well. > On the other hand I'm also thinking whether there is some use case for > having the same user for ProxySQL, as for mysql/mariadb server -- I think > this is another thing that might be consulted with the upstream author. If > there is no reason for that, we might be fine with creating proxysql user > and even dynamic UID. That would probably make better sense given the > ProxySQL uses a directory /var/lib/proxysql, which might be the home for the > proxysql user as well. I've already asked the upstream author about this question and he told me that there is no specific reason to run ProxySQL as mysql user... Any user will work: "There is no specific reason to run ProxySQL as mysql user. Any user can work, as long as it is privileges to access full access /var/lib/proxysql . Nonetheless, you do not need MySQL server installed: a simple useradd will work." https://github.com/sysown/proxysql/commit/6b3291b53e237460eef62a6ee6033d2e8a4dea46 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
