Link to home
Create AccountLog in
Avatar of andieje
andieje

asked on

understanding what happens when i install software on linux

Hi

I am trying to install some software (mysql) on linux and it says I don't have permission to do so. I can run the installation command under sudo and install the software but I would like to understand what's going on.

question 1
=============
Why can't i install the software for use by *my* account only? Why do i need to be root. I assume i need to be root due to where the software install writes files to. Can i install mysql so that it is available only to me and that the executable files are in my directories. I ask this out of interest - not because i intend to do it

question 2
============
If i install it as root (as i have done in the past) then how do i know what permissions different users have with mysql. I have a basic knowledge that files have read/write/execute permissions for the owner/group/all users but i'm not sure how this applies to software? I am guessing that is the executable has permissions 777 then anyone can execute it but you can also set up the software so that only users that belong to the software group can execute it. Is this correct?

quesiton 3
===================
How do i know what groups my user account belongs to?

question 4
============
When mysql is installed i presume it creates a group called mysql. How do I know what users belong to that group

thanks
ASKER CERTIFIED SOLUTION
Avatar of farzanj
farzanj
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
To expand on the answers to question 2, versions of Linux that support selinux have additional finer-grained security features that provide much more control over what a user and application can/cannot do. In most cases, these features are already defined for you as part of an install using packaging tools like yum, apt, etc.. But if you chose to install manually, or to different locations, you may have to make changes in selinux rights as well.
Avatar of andieje
andieje

ASKER

if i use --prefix to install software in my home directory does that mean only i can run it? I don't intend to do this (there is only me on my system!) i am just trying to understand

@arnold you said 'The only users that belong to the mysql group is the mysql user.' you have user as both plural and singular there so I'm not sure what you mean. What is the mysql user?
Is there one user called mysql user?

this command didn't help me on my system:

==================================
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123
==================================
why are there no users in the group. SHouldn't i at least be in it?

===============================================
andrea_bio@Linux-VBox:~$ id andrea_bio
uid=1000(andrea_bio) gid=1000(andrea_bio) groups=1000(andrea_bio),4(adm),20(dialout),24(cdrom),46(plugdev),111(lpadmin),119(admin),122(sambashare)
=============================================

shouldn't i be in the mysql group?
Avatar of andieje

ASKER

looking on the mysql website it says

If your system does not already have a user and group for mysqld to run as, you may need to create one. The following commands add the mysql group and the mysql user.

this suggests that the mysqld command runs as a particular user. I'm not familiar with that concept. I thought a user could execute a command but i did not know that commands ran as particular users. Is this just the case for mysql or for all commands
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of andieje

ASKER

sorry, i think i have some prior misconceptions that are confusing me:

1) are you saying there is one user in the mysql group which i mysql user?

2) do all commands run as a particular user? i think i am getting confused by the difference between commands which i might issue at the command prompt and services which are already running and all users can access. But regardless of that distinction for now do all commands run with the privileges of a particular user.

I might i have one or two quick follow up questions when i am clear on those points

Avatar of andieje

ASKER

3) re this command
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123

if the output has this format, groupname:x:groupID:list of members , why isn;t the mysql user in the list?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of andieje

ASKER

ok, things make a bit more sense now.

so i presume then services, like you say, are started as root, but 'drop down' and run with the privileges of a group the service has been assigned to.

Perhaps its warrants a separate question to understand how services are assigned to a group ( I imagine that occurs in the service creation process) and how services started by root drop to run with lower privileges (i imagine this is a mechanism built into the OS)

If these questions make sense and my understanding is correct i will open another question. I don't want to take advantage of your help without awarding sufficient points for your time/effort
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of andieje

ASKER

brilliant - one more quick thing. How do i find out about the mysql client command as
grep mysql /etc/group
tells me about the daemon and not the client command
I do not understand what you are asking?
The client is merely a means by which you connect to the server.  Other than the options the mysql client has i.e.-u --user= for username -p --password= for password -h --host= to specify a host to which you want to connect with the database which you want at the end of the line.
The database is a requirement for a user who is only setup with access to a specific database
i.e.
database1 user1 with password1 is setup in the mysql.user,mysql.db  table.
user1 running mysql -u user1 -ppassword1 will be rejected because the database is missing. The login for this user requires that the username, password and database match or access will be denied by the server.
For user1, mysql -u user1 -ppassword1 database1 is the only way a connection will be established. and all the user can see are the tables and data within this database.
Avatar of andieje

ASKER

i have no idea what i was trying to say there and i wrote it. Wasn't concentrating and now i can't remember!
Avatar of andieje

ASKER

thanks - extremely helpful - much appreciated