eval "home=~$sv"
-"$tool"/local/adduser mysql \
+"$tool"/local/adduser "$sv" \
--disabled-login \
--disabled-password \
--group \
--home "$home" \
--shell /bin/false \
--system
-"$tool"/local/adduser mysql-data \
+"$tool"/local/adduser "$sv"-data \
--disabled-login \
--disabled-password \
--group \
--no-create-home \
--shell /bin/false \
--system
-sudo usermod --home "$home" mysql
-sudo adduser mysql mysql-data
-sudo install -d -m 755 -o mysql -g mysql \
- "$home" \
- "$home"/bin
+sudo usermod --home "$home" "$sv"
+sudo adduser "$sv" "$sv"-data
+sudo install -d -m 755 -o "$sv" -g "$sv" \
+ "$home"
sudo rm -rf /etc/mysql
-sudo install -d -m 750 -o mysql -g mysql-data \
+sudo install -d -m 750 -o "$sv" -g "$sv"-data \
/etc/mysql \
/etc/mysql/conf.d \
"$home"/etc
sudo ln -fns \
- /etc/mysql \
+ /etc/mysql \
"$home"/etc/mysql
-sudo install -m 644 -o mysql -g mysql \
+sudo install -m 644 -o "$sv" -g "$sv" \
"$tool"/etc/mysql/my.cnf \
/etc/mysql/my.cnf
if sudo test ! -d "$home"/data
then
- sudo install -d -m 750 -o mysql -g mysql-data \
+ sudo install -d -m 750 -o "$sv" -g "$sv"-data \
"$home"/data
- sudo -u mysql mysql_install_db \
+ sudo -u "$sv" mysql_install_db \
--datadir="$home"/data \
--no-defaults
fi
-sudo find "$tool"/etc/mysql/bin/ -type f -perm /+x -exec \
- install -m 755 -o root -g root \
- -t /home/mysql/bin/ {} +
-
sudo ln -fns \
../sv/"$sv" \
/etc/service/"$sv"
"$tool"/local/runit-sv-start "$sv"
-while ! sudo -u mysql mysql -u mysql </dev/null
+while ! sudo mysql -u root </dev/null
do sleep 1; done
-# NOTE:
-# - ajoute l'accès par socket Unix à mysql
-# - ajoute les droits de super-utilisateur à mysql
-# - supprime l'accès par mot-de-passe à root
-# - supprime les bases de données de l'utilisateurice anonyme
-# - supprime l'utilisateurice anonyme
-# NOTE: mémo :
-# GRANT USAGE ON *.* TO 'root'@'*' IDENTIFIED WITH auth_socket;
-# CREATE USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
-# UPDATE mysql.user SET Password='' WHERE user='root';
-# DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost', '127.0.0.1', '::1');
sudo mysql -u root --batch --verbose <<-EOF
- DELETE FROM mysql.user WHERE user = 'root' and plugin = '';
+ -- NOTE: supprime le login anonyme
+ DELETE FROM mysql.db WHERE User = '';
+ DELETE FROM mysql.user WHERE User = '';
- DROP PROCEDURE IF EXISTS mysql.create_user_mysql;
- DELIMITER //
- CREATE PROCEDURE mysql.create_user_mysql ()
- BEGIN
- IF NOT (EXISTS (SELECT User
- FROM mysql.user
- WHERE User='mysql'
- AND Host='localhost'
- LIMIT 1))
- THEN GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' IDENTIFIED WITH auth_socket;
- END IF;
- END;
- //
- CALL mysql.create_user_mysql();
- DROP PROCEDURE mysql.create_user_mysql;
- UPDATE mysql.user SET grant_priv='Y',super_priv='Y' WHERE user='mysql';
- DELETE FROM mysql.db WHERE user = '';
- DELETE FROM mysql.user WHERE user = '';
-
- DROP PROCEDURE IF EXISTS mysql.create_user;
- CREATE PROCEDURE mysql.create_user (username VARCHAR(16), hostname VARCHAR(60))
- BEGIN
- IF NOT (EXISTS (SELECT User
- FROM mysql.user
- WHERE User = username
- AND Host = hostname
- LIMIT 1))
- THEN
- SET @QUERY = CONCAT("CREATE USER ", username, "@", hostname, " IDENTIFIED WITH auth_socket");
- PREPARE stmt FROM @QUERY;
- EXECUTE stmt;
- END IF;
- END;
- //
+ -- NOTE: supprime l'accès par mot-de-passe à root
+ DELETE FROM mysql.user WHERE User = 'root' and Plugin = '';
- DROP PROCEDURE IF EXISTS mysql.create_database;
- CREATE PROCEDURE mysql.create_database (dbname VARCHAR(16), username VARCHAR(16), hostname VARCHAR(60))
- BEGIN
- IF NOT (EXISTS (SELECT SCHEMA_NAME
- FROM INFORMATION_SCHEMA.SCHEMATA
- WHERE SCHEMA_NAME = dbname
- LIMIT 1))
- THEN
- SET @QUERY = CONCAT("CREATE DATABASE ", dbname, " CHARACTER SET utf8 COLLATE utf8_general_ci");
- PREPARE stmt FROM @QUERY;
- EXECUTE stmt;
- END IF;
- SET @QUERY = CONCAT("GRANT ALL PRIVILEGES ON ", dbname, ".* TO ", username, "@", hostname);
+ DROP PROCEDURE IF EXISTS mysql.create_super_user;
+ DELIMITER //
+ CREATE PROCEDURE mysql.create_super_user (username VARCHAR(16), hostname VARCHAR(60))
+ BEGIN
+ IF NOT (EXISTS (SELECT User
+ FROM mysql.user
+ WHERE User = username
+ AND Host = hostname
+ LIMIT 1))
+ THEN
+ SET @QUERY = CONCAT("CREATE USER ", username, "@", hostname, " IDENTIFIED WITH auth_socket");
PREPARE stmt FROM @QUERY;
EXECUTE stmt;
- END;
+ END IF;
+ END;
//
+ CALL mysql.create_super_user('mysql', 'localhost');
+ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost';
+ UPDATE mysql.user SET Grant_priv='Y',Super_priv='Y' WHERE User='mysql';
+
+ CALL mysql.create_super_user('backup', 'localhost');
+ GRANT EVENT,LOCK TABLES,RELOAD,SELECT,SHOW VIEW ON *.* TO 'backup'@'localhost';
+
FLUSH PRIVILEGES;
EOF
+sudo adduser backup "$sv"-data
+sudo adduser backup "$sv"
+
+sudo find "$tool"/local/backup \
+ -mindepth 1 -maxdepth 1 -type f -perm /+x \
+ -name 'mysql-*' \
+ -exec install -m 750 -o backup -g backup \
+ -t ~backup/bin {} +
+sudo install -m 640 -o root -g root \
+ "$tool"/etc/cron.d/mysql-backup \
+ /etc/cron.d/mysql-backup
+sudo install -m 640 -o root -g root \
+ "$tool"/etc/sudoers.d/mysql-backup \
+ /etc/sudoers.d/mysql-backup