LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-28-2009, 06:37 AM   #1
sycamorex
LQ Veteran
 
Registered: Nov 2005
Location: London
Distribution: Slackware64-current
Posts: 5,596
Blog Entries: 1

Rep: Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046
apache+php+mysql


I've got a general question about apache/mysql. I learn those things at home. Everything seems to work fine but it's a very basic setup. My question is related to users/permissions.
When dealing with mysql what is the best practice in terms of users and security. Shall I log in to it as mysql or my usual login? Same thing about apache (root? sycamorex? apache?) Who should be the owner of the files in htdocs?
thanks
 
Old 08-29-2009, 02:45 AM   #2
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
There is no mysql user in mysql (at least up to Slackware 12). The mysql user is a system user only (and does not have a shell so it can not be used to login). I use my normal system account to login to mysql.
Code:
wim@btd-techwb01:~$ mysql -u root -p
or
wim@btd-techwb01:~$ mysql -u wim -p
Leave the -p option out if the mysql user (root or wim) does not have a password.

The mysql root user creates the databases and grants the permissions to mysql users.
Code:
mysql> create database db1;
mysql> create database db2;
mysql> grant all privileges on db1.* to 'sycamorex'@'localhost' identified by 'my password';
mysql> grant all privileges on db2.* to 'sycamorex'@'localhost';
or
mysql> grant all privileges on *.* to 'sycamorex'@'localhost' identified by 'my password';
After this, the user sycamorex can maintain the (specified) databases.
Code:
sycamorex@yourpc:~$ mysql db1 -p
sycamorex@yourpc:~$ mysql db2 -p
The mysql client will pick up your username from your login and use that for the login to the mysql server; if that does not work as the mysqluser does not match the system user, you need to specify the username with the -u option (as shown earlier).

see http://www.linuxquestions.org/questi...gon-id-746757/ for cleaning up mysql after install

My apache configurations don't work on htdocs. I move the websites to the user's home directory. As long as apache can read there, it will be able to serve pages. The only issue with that is that apache can not write there (not every website requires this but mine do). See http://www.linuxquestions.org/questi...-group-730046/ how I solved that on a Slackware 12 server.

Below my virtual host configuration for apache
Code:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80

# catch-all
<VirtualHost *:80>
    ServerAdmin me@mydomain
    DocumentRoot /srv/httpd/htdocs
    ServerName btd-techweb02
</VirtualHost>

# site 1
<VirtualHost *:80>
    ServerAdmin me@mydomain
    DocumentRoot /home/wim/www/site1/web
    ServerName site1.btd-techweb02
    ErrorLog /var/log/httpd/error_log
    CustomLog /var/log/httpd/access_log common

#WimS
# this is required to prevent message 403 "Forbidden"
    <Directory "/home/wim/www/site1/web">
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

# site2
<VirtualHost *:80>
    ServerAdmin me@mydomain
    DocumentRoot /home/wim/www/site2/web
    ServerName site2.btd-techweb02
    ErrorLog /var/log/httpd/error_log
    CustomLog /var/log/httpd/access_log common

#WimS
# this is required to prevent message 403 "Forbidden"
    <Directory "/home/wim/www/site2/web">
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
The bold lines tell apache where to find the webpages.

One additional advice: for any php code that you want to keep secure, create a directory next to the web directory (I call them inc). You can store e.g. a php file that contains the credentials for the mysql databases; you can also store php files in that same directory that contain sql statements. A php page can include those files, apache can read them, but visitors can not access them as it's outside the documentroot.

Code:
/home
  +--- wim
        +--- www
              +--- site1
                    +--- web
                    +--- inc

Last edited by Wim Sturkenboom; 08-29-2009 at 02:57 AM.
 
Old 08-29-2009, 06:15 AM   #3
sycamorex
LQ Veteran
 
Registered: Nov 2005
Location: London
Distribution: Slackware64-current
Posts: 5,596
Blog Entries: 1

Original Poster
Rep: Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046
Thanks Wim.
It's clarified things for me. I'll keep reading.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
php/shell script to install mysql,apache and php automatically stranger_6_7 Linux - General 2 08-11-2009 03:07 AM
Apache, mySQL, php Kupo Linux - Software 11 08-11-2005 11:00 PM
Apache Mysql Php: mysql with php doesn't work breakerfall Linux - Networking 6 12-27-2003 09:59 PM
php-nuke with apache php mysql c0c0deuz Linux - Software 0 03-30-2003 07:23 AM
PHP, MySQL and Apache miker Linux - Newbie 1 03-27-2002 02:29 PM


All times are GMT -5. The time now is 08:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration