使用普通用戶替代root來管理IEE
阿新 • • 發佈:2017-09-22
ren rwx chown socket 查看 pts oca local 0.00
環境:RHEL 6.4 + IEE 4.0.6
需求:IEE數據庫之前是使用root用戶部署和管理的,現在安全加固,將數據庫交給普通用戶iee來管理。
一、當前環境
二、安全加固
- 1.創建iee用戶
- 2.關閉數據庫
- 3.修改權限
- 4.啟動數據庫
- 5.驗證數據
一、當前環境
IEE數據庫安裝向導:http://www.cnblogs.com/jyzhao/p/3963925.html
根據當前的IEE進程確定那些文件/文件夾權限需要修改:
[[email protected] ~]# ps -ef|grep mysql|grep -v grep root 4833 1 0 16:23 pts/0 00:00:00 /bin/sh /usr/local/infobright-4.0.6-x86_64/bin/mysqld_safe --defaults-file=/etc/my-ib.cnf --log-queries-not-using-indexes --user=root --pid-file=/oradata/app/iee/data/JingyuDB.pid root 4981 4833 0 16:23 pts/0 00:00:00 /usr/local/infobright-4.0.6-x86_64/bin/mysqld --defaults-file=/etc/my-ib.cnf --basedir=/usr/local/infobright-4.0.6-x86_64 --datadir=/oradata/app/iee/data --user=root --log-queries-not-using-indexes --log-error=/oradata/app/iee/data.err --pid-file=/oradata/app/iee/data/JingyuDB.pid --socket=/tmp/mysql-ib.sock --port=5029 [[email protected] ~]# ls -lh /etc/my-ib.cnf -rw-r--r--. 1 root root 2.2K Jan 27 16:08 /etc/my-ib.cnf [[email protected] ~]# ls -lh /etc/init.d/mysqld-ib -rwxr--r--. 1 root root 14K Sep 9 2013 /etc/init.d/mysqld-ib [[email protected] ~]# ls -lh /oradata/app|grep iee drwxr-xr-x. 4 root root 4.0K Jan 27 16:09 iee [[email protected] ~]# ls -lh /usr/local|grep infobright drwxr-xr-x. 11 root root 4.0K Jan 27 16:09 infobright-4.0.6-x86_64
上面用到的命令列表:
--查詢IEE進程,根據mysql關鍵字
ps -ef|grep mysql|grep -v grep
--根據進程可以看到相關的各個文件/文件夾
ls -lh /etc/my-ib.cnf
ls -lh /etc/init.d/mysqld-ib
ls -lh /oradata/app|grep iee
ls -lh /usr/local|grep infobright
二、root用戶改造成iee用戶
1.創建iee用戶
root用戶創建iee用戶並設定iee用戶密碼:
useradd iee
passwd iee
2.關閉數據庫
root用戶關閉數據庫:
/etc/init.d/mysqld-ib stop
3.修改權限
root用戶修改相關文件及文件夾的用戶及用戶組:
chown iee:iee /etc/my-ib.cnf
chown iee:iee /etc/init.d/mysqld-ib
chown -R iee:iee /usr/local/infobright-4.0.6-x86_64
chown -R iee:iee /oradata/app/iee
4.啟動數據庫
使用iee用戶登錄主機啟動數據庫:
/etc/init.d/mysql-ib start
此時再次查看IEE進程,確定進程已由普通用戶iee管理控制:
[[email protected] ~]$ ps -ef|grep mysql|grep -v grep iee 6769 1 0 16:39 pts/0 00:00:00 /bin/sh /usr/local/infobright-4.0.6-x86_64/bin/mysqld_safe --defaults-file=/etc/my-ib.cnf --log-queries-not-using-indexes --user=root --pid-file=/oradata/app/iee/data/JingyuDB.pid iee 6915 6769 0 16:39 pts/0 00:00:00 /usr/local/infobright-4.0.6-x86_64/bin/mysqld --defaults-file=/etc/my-ib.cnf --basedir=/usr/local/infobright-4.0.6-x86_64 --datadir=/oradata/app/iee/data --log-queries-not-using-indexes --log-error=/oradata/app/iee/data.err --pid-file=/oradata/app/iee/data/JingyuDB.pid --socket=/tmp/mysql-ib.sock --port=5029
5.驗證數據
mysql-ib登錄進IEE數據庫,驗證數據確定沒有問題:
[[email protected] ~]$ mysql-ib
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.1.40 build number (revision)=IB_4.0.6_r16086_16275(iee - commercial) (static)
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| BH_RSI_Repository |
| jingyu |
| mysql |
| sys_infobright |
| test |
+--------------------+
6 rows in set (0.01 sec)
mysql> use jingyu
Database changed
mysql> show tables;
+------------------+
| Tables_in_jingyu |
+------------------+
| T1 |
| t1 |
+------------------+
2 rows in set (0.00 sec)
mysql> select count(1) from T1;
+----------+
| count(1) |
+----------+
| 4 |
+----------+
1 row in set (0.00 sec)
mysql>
至此,完成IEE數據庫交付給普通用戶iee來管理維護。
使用普通用戶替代root來管理IEE