[client]
-port = 3306
-socket = /run/mysqld/sock/mysql
+local-infile = 0
+port = 3306
+socket = /run/mysqld/sock/mysql
[mysqld_safe]
-nice = 0
-socket = /run/mysqld/sock/mysql
+nice = 0
+socket = /run/mysqld/sock/mysql
[mysqld]
# chroot = /var/lib/mysql/
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
-basedir = /usr
-bind-address = 127.0.0.1
-#binlog_do_db = include_database_name
-#binlog_ignore_db = include_database_name
-datadir = /home/mysql
-expire_logs_days = 10
-#general_log = 1
-#general_log_file = /var/log/mysql/mysql.log
-key_buffer = 16M
-lc-messages-dir = /usr/share/mysql
-#log-queries-not-using-indexes
-#log_bin = /var/log/mysql/mysql-bin.log
-#log_slow_queries = /var/log/mysql/mysql-slow.log
-#long_query_time = 2
-max_allowed_packet = 16M
-max_binlog_size = 100M
-#max_connections = 100
-myisam-recover = BACKUP
-#pid-file = /run/mysqld/pid/mysql
-port = 3306
-query_cache_limit = 1M
-query_cache_size = 16M
-#server-id = 1
+basedir = /usr
+bind-address = 127.0.0.1
+# binlog_do_db = include_database_name
+# binlog_ignore_db = include_database_name
+datadir = /home/mysql
+expire_logs_days = 10
+# general_log = 1
+# general_log_file = /var/log/mysql/mysql.log
+key_buffer = 16M
+lc-messages-dir = /usr/share/mysql
+local-infile = 0
+ # NOTE: disable the use of the "LOAD DATA LOCAL INFILE" command,
+ # which will help to prevent unauthorized reading from local files.
+ # This is especially important when new SQL injection vulnerabilities
+ # in PHP applications are found.
+# log-queries-not-using-indexes
+# log_bin = /var/log/mysql/mysql-bin.log
+# log_slow_queries = /var/log/mysql/mysql-slow.log
+# long_query_time = 2
+max_allowed_packet = 16M
+max_binlog_size = 100M
+# max_connections = 100
+myisam-recover = BACKUP
+# pid-file = /run/mysqld.pid
+plugin-load = auth_socket=auth_socket.so
+port = 3306
+query_cache_limit = 1M
+query_cache_size = 16M
+# server-id = 1
skip-external-locking
-#socket = /run/mysqld/sock/mysql
-#table_cache = 64
-thread_cache_size = 8
-#thread_concurrency = 10
-thread_stack = 192K
-tmpdir = /tmp
-user = mysql
+skip-networking
+skip-show-database
+# socket = /run/mysqld/sock/mysql
+# table_cache = 64
+thread_cache_size = 8
+# thread_concurrency = 10
+thread_stack = 192K
+tmpdir = /tmp
+user = mysql
[mysqldump]
-max_allowed_packet = 16M
+max_allowed_packet = 16M
quick
quote-names
[mysql]
-#no-auto-rehash # faster start of mysql but no tab completition
+# no-auto-rehash # NOTE: faster start of mysql but no tab completition
[isamchk]
-key_buffer = 16M
+key_buffer = 16M
!includedir /etc/mysql/conf.d/
+
+# vim: ft=conf
--disabled-password \
--group \
--home /home/mysql/data \
+ --no-create-home \
--shell /bin/false \
--system
sudo usermod --home /home/mysql mysql
sudo adduser mysql mysql-data
- sudo install -m 640 -o mysql -g mysql \
+ sudo install -m 644 -o mysql -g mysql \
"$tool"/etc/mysql/my.cnf \
/etc/mysql/my.cnf
sudo install -d -m 751 -o mysql -g mysql \
/home/mysql
- sudo install -d -m 750 -o mysql-data -g mysql-data \
- /home/mysql/data
- if test ! -d /home/mysql/data
+ if sudo test ! -d /home/mysql/data
then
+ sudo install -d -m 750 -o mysql -g mysql-data \
+ /home/mysql/data
sudo -u mysql mysql_install_db \
--no-defaults \
--datadir=/home/mysql/data
fi
sudo service tmpfs restart
case $(sudo sv status mysql || true) in
- (run:*) sudo sv restart mysql
+ (''|run:*|*"s, normally up;"*)
+ sudo sv restart mysql
+ case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
+ ("/run/mysqld/sock/ CREATE mysql")
+ # NOTE:
+ # - ajoute l'accès par socket Unix à root
+ # - supprime l'accès par mot-de-passe à root
+ # - supprime les bases de données de l'utilisateurice anonyme
+ # - supprime l'utilisateurice anonyme
+ # NOTE: mémo :
+ # GRANT USAGE ON *.* TO 'root'@'*' IDENTIFIED WITH auth_socket;
+ # CREATE USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
+ # UPDATE mysql.user SET Password='' WHERE user='root';
+ # DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost', '127.0.0.1', '::1');
+ sudo mysql -u root --batch --verbose <<-EOF
+ DELETE FROM mysql.user WHERE user = 'root' and plugin = '';
+ GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH auth_socket;
+ UPDATE mysql.user SET grant_priv='Y',super_priv='Y' WHERE user='root';
+ DELETE FROM mysql.db WHERE user = '';
+ DELETE FROM mysql.user WHERE user = '';
+ FLUSH PRIVILEGES;
+ EOF
+ ;;
+ esac
esac
}
+rule_mysql_db_add () { # SYNTAX: $user $db
+ sudo mysql --batch -u root <<-EOF
+ DROP DATABASE IF EXISTS $db;
+ CREATE DATABASE $db CHARACTER SET utf8 COLLATE utf8_general_ci;
+ GRANT ALL PRIVILEGES ON $base.* TO '$user'@'localhost' IDENTIFIED WITH auth_socket;
+ FLUSH PRIVILEGES;
+ EOF
+ }
+rule_mysql_user_add () { # SYNTAX: $user
+ sudo mysql --batch -u root <<-EOF
+ DROP USER '$user'@'localhost';
+ CREATE USER '$user'@'localhost' IDENTIFIED WITH auth_socket;
+ EOF
+ }
rule_network_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF
$vm
"$tool"/etc/skel/etc/mail/delivery.procmailrc \
/etc/skel/etc/mail/delivery.procmailrc
}
-rule_runit_configure () {
+rule_runit_configure () { # SYNTAX: $service
rule apt_get_install runit
local -; set +f
for sv in ${1-/etc/service/*}
dépôts / lhc / ateliers.git / commitdiff