Mysql8.0修改数据存储位置 - SELinux is preventing /usr/sbin/mysqld from write access on the directory mysql.
MySQL 默認(rèn)安裝將 /var/lib/mysql 作為數(shù)據(jù)存儲(chǔ)目錄,可以通過(guò)登錄 mysql 查看 datadir 變量的值,或者查看 /etc/my.cnf 文件查看:
?? ?mysql> SHOW VARIABLES like 'datadir';
?? ?+---------------+--------------------+
?? ?| Variable_name | Value????????????? |
?? ?+---------------+--------------------+
?? ?| datadir?????? | /var/lib/mysql ?? ? |
?? ?+---------------+--------------------+
?? ?1 row in set (0.01 sec)
查看 /etc/my.cnf:
?? ?[devalone@online ~]$ cat /etc/my.cnf
?? ?# For advice on how to change settings please see
?? ?# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
?? ?[mysqld]
?? ?#
?? ?# Remove leading # and set to the amount of RAM for the most important data
?? ?# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
?? ?# innodb_buffer_pool_size = 128M
?? ?#
?? ?# Remove leading # to turn on a very important data integrity option: logging
?? ?# changes to the binary log between backups.
?? ?# log_bin
?? ?#
?? ?# Remove leading # to set options mainly useful for reporting servers.
?? ?# The server defaults are faster for transactions and fast SELECTs.
?? ?# Adjust sizes as needed, experiment to find the optimal values.
?? ?# join_buffer_size = 128M
?? ?# sort_buffer_size = 2M
?? ?# read_rnd_buffer_size = 2M
?? ?datadir=/var/lib/mysql
?? ?socket=/var/lib/mysql/mysql.sock
?? ?# Disabling symbolic-links is recommended to prevent assorted security risks
?? ?symbolic-links=0
?? ?log-error=/var/log/mysqld.log
?? ?pid-file=/var/run/mysqld/mysqld.pid
更改數(shù)據(jù)庫(kù)存儲(chǔ)位置之前先停止 mysqld 服務(wù):
?? ?[root@online devalone]# systemctl stop mysqld.service
1. 準(zhǔn)備新的數(shù)據(jù)存儲(chǔ)目錄
-------------------------------------------------------------------------------------------------------------------------
首先在想要存儲(chǔ)數(shù)據(jù)的位置創(chuàng)建新的數(shù)據(jù)庫(kù)目錄:
?? ?[root@online devalone]# mkdir /disk2T-2/mysqldb
?? ?[root@online devalone]# chown mysql:mysql /disk2T-2/mysqldb
?? ?
將原來(lái)的數(shù)據(jù)庫(kù)目錄內(nèi)容保留其原始屬性拷貝到目標(biāo)目錄:
?? ?[root@online devalone]# cp -R -p /var/lib/mysql/* /disk2T-2/mysqldb/
2. 修改配置文件 /etc/my.cnf 將 datadir 指向新的數(shù)據(jù)存儲(chǔ)目錄
-------------------------------------------------------------------------------------------------------------------------
配置文件中修改兩處內(nèi)容:
?? ?# datadir=/var/lib/mysql
?? ?datadir=/disk2T-2/mysqldb
?? ?# socket=/var/lib/mysql/mysql.sock
?? ?socket=/disk2T-2/mysqldb/mysql.sock
3. 啟動(dòng) mysqld 服務(wù)
-------------------------------------------------------------------------------------------------------------------------
[root@online devalone]# systemctl start mysqld.service
Job for mysqld.service failed because the control process exited with error code. See "systemctl status mysqld.service"
and "journalctl -xe" for details.
[root@online devalone]# systemctl status mysqld.service
● mysqld.service - MySQL Server
?? Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
?? Active: activating (start-pre) since 五 2018-08-24 09:39:55 CST; 3ms ago
???? Docs: man:mysqld(8)
?????????? http://dev.mysql.com/doc/refman/en/using-systemd.html
? Process: 13276 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=1/FAILURE)
?Main PID: 21547 (code=exited, status=0/SUCCESS);???????? : 13511 ((_systemd))
??? Tasks: 0
?? CGroup: /system.slice/mysqld.service
?????????? └─control
???????????? └─13511 (_systemd)
8月 24 09:39:55 online.sansovo.org systemd[1]: Starting MySQL Server...
?
?
啟動(dòng)錯(cuò)誤。
這是 SELinux 保護(hù)造成的結(jié)果:
?
4. 設(shè)置 SELinux
-------------------------------------------------------------------------------------------------------------------------
查看 SELinux 狀態(tài):
?? ?[root@online ~]# sestatus
?? ?SELinux status:???????????????? enabled
?? ?SELinuxfs mount:??????????????? /sys/fs/selinux
?? ?SELinux root directory:???????? /etc/selinux
?? ?Loaded policy name:???????????? targeted
?? ?Current mode:?????????????????? enforcing
?? ?Mode from config file:????????? enforcing
?? ?Policy MLS status:????????????? enabled
?? ?Policy deny_unknown status:???? allowed
?? ?Max kernel policy version:????? 31
SELinux 處于啟動(dòng)狀態(tài)。
查看 /etc/selinux/config :
?? ?[root@online ~]# cat /etc/selinux/config
?? ?# This file controls the state of SELinux on the system.
?? ?# SELINUX= can take one of these three values:
?? ?#???? enforcing - SELinux security policy is enforced.
?? ?#???? permissive - SELinux prints warnings instead of enforcing.
?? ?#???? disabled - No SELinux policy is loaded.
?? ?SELINUX=enforcing
?? ?# SELINUXTYPE= can take one of three two values:
?? ?#???? targeted - Targeted processes are protected,
?? ?#???? minimum - Modification of targeted policy. Only selected processes are protected.
?? ?#???? mls - Multi Level Security protection.
?? ?SELINUXTYPE=targeted
?
SELINUX=enforcing,強(qiáng)制執(zhí)行 SELinux。
查看原始數(shù)據(jù)庫(kù)目錄的 SELinux 設(shè)置:
?? ?[root@online ~]# sudo ls -Zl /var/lib/mysql
?? ?總用量 110660
?? ?-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql?????? 56 8月? 16 15:37 auto.cnf
?? ?-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1679 8月? 16 15:37 ca-key.pem
?? ?-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1107 8月? 16 15:37 ca.pem
?? ?-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1107 8月? 16 15:37 client-cert.pem
?? ?-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1679 8月? 16 15:37 client-key.pem
?? ?-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql????? 915 8月? 24 09:43 ib_buffer_pool
?? ?-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 12582912 8月? 24 09:43 ibdata1
?? ?-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 50331648 8月? 24 09:43 ib_logfile0
?? ?-rw-r-----. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql 50331648 8月? 16 15:37 ib_logfile1
?? ?drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 4096 8月? 16 15:37 mysql
?? ?drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 8192 8月? 16 15:37 performance_schema
?? ?-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1679 8月? 16 15:37 private_key.pem
?? ?drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql?????? 60 8月? 20 16:31 proxy
?? ?-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql????? 451 8月? 16 15:37 public_key.pem
?? ?-rw-r--r--. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1107 8月? 16 15:37 server-cert.pem
?? ?-rw-------. 1 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 1679 8月? 16 15:37 server-key.pem
?? ?drwxr-x---. 2 system_u:object_r:mysqld_db_t:s0 mysql mysql???? 8192 8月? 16 15:37 sys
查看新的數(shù)據(jù)庫(kù)目錄的 SELinux 設(shè)置:
?? ?[root@online ~]# sudo ls -Zl /disk2T-2/mysqldb/
?? ?總用量 122952
?? ?-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql?????? 56 8月? 16 15:37 auto.cnf
?? ?-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1679 8月? 16 15:37 ca-key.pem
?? ?-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1107 8月? 16 15:37 ca.pem
?? ?-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1107 8月? 16 15:37 client-cert.pem
?? ?-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1679 8月? 16 15:37 client-key.pem
?? ?-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1346 8月? 24 09:29 ib_buffer_pool
?? ?-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 12582912 8月? 24 09:51 ibdata1
?? ?-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 50331648 8月? 24 09:51 ib_logfile0
?? ?-rw-r-----. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql 50331648 8月? 16 15:37 ib_logfile1
?? ?-rw-r-----. 1 system_u:object_r:default_t:s0?? mysql mysql 12582912 8月? 24 09:51 ibtmp1
?? ?drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 4096 8月? 16 15:37 mysql
?? ?srwxrwxrwx. 1 system_u:object_r:default_t:s0?? mysql mysql??????? 0 8月? 24 09:51 mysql.sock
?? ?-rw-------. 1 system_u:object_r:default_t:s0?? mysql mysql??????? 5 8月? 24 09:51 mysql.sock.lock
?? ?drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 8192 8月? 16 15:37 performance_schema
?? ?-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1679 8月? 16 15:37 private_key.pem
?? ?drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql?????? 60 8月? 20 16:31 proxy
?? ?-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql????? 451 8月? 16 15:37 public_key.pem
?? ?-rw-r--r--. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1107 8月? 16 15:37 server-cert.pem
?? ?-rw-------. 1 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 1679 8月? 16 15:37 server-key.pem
?? ?drwxr-x---. 2 unconfined_u:object_r:unlabeled_t:s0 mysql mysql???? 8192 8月? 16 15:37 sys
差別很大。
有人認(rèn)為直接將 SELINUX 設(shè)為 disabled 來(lái)啟動(dòng) mysqld 服務(wù)。
這的確可以成功啟動(dòng) mysqld.service,但本人不建議這樣做,原因不言自明。
可以使用簡(jiǎn)單的方法將新的數(shù)據(jù)庫(kù)目錄設(shè)置為與默認(rèn)目錄完全一樣的 SELinux 設(shè)置:
?? ?[root@online ~]# chcon -R --reference=/var/lib/mysql /disk2T-2/mysqldb
再次查看新的數(shù)據(jù)庫(kù)目錄的 SELinux 設(shè)置:
?? ?[root@online ~]# ll -Z /disk2T-2/mysqldb
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 auto.cnf
?? ?-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 ca-key.pem
?? ?-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 ca.pem
?? ?-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 client-cert.pem
?? ?-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 client-key.pem
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_buffer_pool
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ibdata1
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_logfile0
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ib_logfile1
?? ?-rw-r-----. mysql mysql system_u:object_r:mysqld_db_t:s0 ibtmp1
?? ?drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql
?? ?srwxrwxrwx. mysql mysql system_u:object_r:mysqld_var_run_t:s0 mysql.sock
?? ?-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.sock.lock
?? ?drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 performance_schema
?? ?-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 private_key.pem
?? ?drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 proxy
?? ?-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 public_key.pem
?? ?-rw-r--r--. mysql mysql system_u:object_r:mysqld_db_t:s0 server-cert.pem
?? ?-rw-------. mysql mysql system_u:object_r:mysqld_db_t:s0 server-key.pem
?? ?drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 sys
再次啟動(dòng) mysqld 服務(wù):
?? ?[root@online ~]# systemctl start mysqld.service
?? ?[root@online ~]# systemctl status mysqld.service
?? ?● mysqld.service - MySQL Server
?? ??? Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
?? ??? Active: active (running) since 五 2018-08-24 10:50:03 CST; 1min 5s ago
?? ??? ? Docs: man:mysqld(8)
?? ??? ??? ??? http://dev.mysql.com/doc/refman/en/using-systemd.html
?? ?? Process: 6827 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
?? ?? Process: 6491 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
?? ? Main PID: 6831 (mysqld)
?? ??? ?Tasks: 27
?? ??? CGroup: /system.slice/mysqld.service
?? ??? ??? ??? └─6831 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
?? ?8月 24 10:50:01 online.sansovo.org systemd[1]: Starting MySQL Server...
?? ?8月 24 10:50:03 online.sansovo.org systemd[1]: Started MySQL Server.
OK. 成功啟動(dòng)
另一種方法是單獨(dú)設(shè)置新目錄內(nèi)每一個(gè)文件的 SELinux 設(shè)置,例如:
?? ?[root@online ~]# chcon -R -t mysqld_db_t -u system_u -r object_r /disk2T-2/mysqldb
?? ?...
?? ?
這種方法也可以完成新目錄的設(shè)置,但太繁瑣,每一個(gè)文件都需要對(duì)照原始目錄內(nèi)的設(shè)置,中間也可能出現(xiàn)錯(cuò)誤,因此不建議使用。
總結(jié)
以上是生活随笔為你收集整理的Mysql8.0修改数据存储位置 - SELinux is preventing /usr/sbin/mysqld from write access on the directory mysql.的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 公益中国系列活动进社区之 “健康进社区
- 下一篇: MAC 开启root权限