andieje
asked on
understanding what happens when i install software on linux
Hi
I am trying to install some software (mysql) on linux and it says I don't have permission to do so. I can run the installation command under sudo and install the software but I would like to understand what's going on.
question 1
=============
Why can't i install the software for use by *my* account only? Why do i need to be root. I assume i need to be root due to where the software install writes files to. Can i install mysql so that it is available only to me and that the executable files are in my directories. I ask this out of interest - not because i intend to do it
question 2
============
If i install it as root (as i have done in the past) then how do i know what permissions different users have with mysql. I have a basic knowledge that files have read/write/execute permissions for the owner/group/all users but i'm not sure how this applies to software? I am guessing that is the executable has permissions 777 then anyone can execute it but you can also set up the software so that only users that belong to the software group can execute it. Is this correct?
quesiton 3
===================
How do i know what groups my user account belongs to?
question 4
============
When mysql is installed i presume it creates a group called mysql. How do I know what users belong to that group
thanks
I am trying to install some software (mysql) on linux and it says I don't have permission to do so. I can run the installation command under sudo and install the software but I would like to understand what's going on.
question 1
=============
Why can't i install the software for use by *my* account only? Why do i need to be root. I assume i need to be root due to where the software install writes files to. Can i install mysql so that it is available only to me and that the executable files are in my directories. I ask this out of interest - not because i intend to do it
question 2
============
If i install it as root (as i have done in the past) then how do i know what permissions different users have with mysql. I have a basic knowledge that files have read/write/execute permissions for the owner/group/all users but i'm not sure how this applies to software? I am guessing that is the executable has permissions 777 then anyone can execute it but you can also set up the software so that only users that belong to the software group can execute it. Is this correct?
quesiton 3
===================
How do i know what groups my user account belongs to?
question 4
============
When mysql is installed i presume it creates a group called mysql. How do I know what users belong to that group
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hugh Fraser
To expand on the answers to question 2, versions of Linux that support selinux have additional finer-grained security features that provide much more control over what a user and application can/cannot do. In most cases, these features are already defined for you as part of an install using packaging tools like yum, apt, etc.. But if you chose to install manually, or to different locations, you may have to make changes in selinux rights as well.
ASKER
if i use --prefix to install software in my home directory does that mean only i can run it? I don't intend to do this (there is only me on my system!) i am just trying to understand
@arnold you said 'The only users that belong to the mysql group is the mysql user.' you have user as both plural and singular there so I'm not sure what you mean. What is the mysql user?
Is there one user called mysql user?
this command didn't help me on my system:
==========================
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123
==========================
why are there no users in the group. SHouldn't i at least be in it?
==========================
andrea_bio@Linux-VBox:~$ id andrea_bio
uid=1000(andrea_bio) gid=1000(andrea_bio) groups=1000(andrea_bio),4(
==========================
shouldn't i be in the mysql group?
@arnold you said 'The only users that belong to the mysql group is the mysql user.' you have user as both plural and singular there so I'm not sure what you mean. What is the mysql user?
Is there one user called mysql user?
this command didn't help me on my system:
==========================
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123
==========================
why are there no users in the group. SHouldn't i at least be in it?
==========================
andrea_bio@Linux-VBox:~$ id andrea_bio
uid=1000(andrea_bio) gid=1000(andrea_bio) groups=1000(andrea_bio),4(
==========================
shouldn't i be in the mysql group?
ASKER
looking on the mysql website it says
If your system does not already have a user and group for mysqld to run as, you may need to create one. The following commands add the mysql group and the mysql user.
this suggests that the mysqld command runs as a particular user. I'm not familiar with that concept. I thought a user could execute a command but i did not know that commands ran as particular users. Is this just the case for mysql or for all commands
If your system does not already have a user and group for mysqld to run as, you may need to create one. The following commands add the mysql group and the mysql user.
this suggests that the mysqld command runs as a particular user. I'm not familiar with that concept. I thought a user could execute a command but i did not know that commands ran as particular users. Is this just the case for mysql or for all commands
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorry, i think i have some prior misconceptions that are confusing me:
1) are you saying there is one user in the mysql group which i mysql user?
2) do all commands run as a particular user? i think i am getting confused by the difference between commands which i might issue at the command prompt and services which are already running and all users can access. But regardless of that distinction for now do all commands run with the privileges of a particular user.
I might i have one or two quick follow up questions when i am clear on those points
1) are you saying there is one user in the mysql group which i mysql user?
2) do all commands run as a particular user? i think i am getting confused by the difference between commands which i might issue at the command prompt and services which are already running and all users can access. But regardless of that distinction for now do all commands run with the privileges of a particular user.
I might i have one or two quick follow up questions when i am clear on those points
ASKER
3) re this command
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123
if the output has this format, groupname:x:groupID:list of members , why isn;t the mysql user in the list?
_bio@Linux-VBox:~$ grep mysql /etc/group
mysql:x:123
if the output has this format, groupname:x:groupID:list of members , why isn;t the mysql user in the list?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, things make a bit more sense now.
so i presume then services, like you say, are started as root, but 'drop down' and run with the privileges of a group the service has been assigned to.
Perhaps its warrants a separate question to understand how services are assigned to a group ( I imagine that occurs in the service creation process) and how services started by root drop to run with lower privileges (i imagine this is a mechanism built into the OS)
If these questions make sense and my understanding is correct i will open another question. I don't want to take advantage of your help without awarding sufficient points for your time/effort
so i presume then services, like you say, are started as root, but 'drop down' and run with the privileges of a group the service has been assigned to.
Perhaps its warrants a separate question to understand how services are assigned to a group ( I imagine that occurs in the service creation process) and how services started by root drop to run with lower privileges (i imagine this is a mechanism built into the OS)
If these questions make sense and my understanding is correct i will open another question. I don't want to take advantage of your help without awarding sufficient points for your time/effort
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
brilliant - one more quick thing. How do i find out about the mysql client command as
grep mysql /etc/group
tells me about the daemon and not the client command
grep mysql /etc/group
tells me about the daemon and not the client command
I do not understand what you are asking?
The client is merely a means by which you connect to the server. Other than the options the mysql client has i.e.-u --user= for username -p --password= for password -h --host= to specify a host to which you want to connect with the database which you want at the end of the line.
The database is a requirement for a user who is only setup with access to a specific database
i.e.
database1 user1 with password1 is setup in the mysql.user,mysql.db table.
user1 running mysql -u user1 -ppassword1 will be rejected because the database is missing. The login for this user requires that the username, password and database match or access will be denied by the server.
For user1, mysql -u user1 -ppassword1 database1 is the only way a connection will be established. and all the user can see are the tables and data within this database.
The client is merely a means by which you connect to the server. Other than the options the mysql client has i.e.-u --user= for username -p --password= for password -h --host= to specify a host to which you want to connect with the database which you want at the end of the line.
The database is a requirement for a user who is only setup with access to a specific database
i.e.
database1 user1 with password1 is setup in the mysql.user,mysql.db table.
user1 running mysql -u user1 -ppassword1 will be rejected because the database is missing. The login for this user requires that the username, password and database match or access will be denied by the server.
For user1, mysql -u user1 -ppassword1 database1 is the only way a connection will be established. and all the user can see are the tables and data within this database.
ASKER
i have no idea what i was trying to say there and i wrote it. Wasn't concentrating and now i can't remember!
ASKER
thanks - extremely helpful - much appreciated