I'm hoping to get some help with this because even though the context is OS X specific I believe that the question is fairly OS agnostic.

I'm setting up a mysql test development environment on my OS X laptop. The data that I'm working with is sensitive including SS#s and such so I want to be sure it is protected. I am using Apple's Filevault system to encrypt my entire home directory and I set up mysql to store all of its data inside the encrypted volume. In order for this to work I have to set up mysqld to run as my local user account because the apple filevault system will not allow any other user to write into the volume.

I say all that to ask this... is this bad? Is there something I'm leaving myself open to by allowing mysql to run in this way?

Thanks in advance,

Bad? Well, uh, yeah, it isn't "good practice" to do so (daemons should be started by the system during boot and appropriate permissions granted to individual users, particularly data base users).

If you've followed MySQL "post installation" instructions; i.e., root password, no public access, explicit grant to user accounts, good passwords at all levels, you're already pretty safe. If you take a look at section 12.9 of the MySQL manual (encryption and compression functions), the AES encryption functions (with 128-bit keys, secure enough for most applications).

It really is better to lock down your system with good passwords and restricted access; e.g., no telnet, ever, then doing the same with your data base application than encrypting an entire drive or parts of one -- if your system is configured properly, it's going to be extremely difficult to break into in the first place, let alone walking off with critical content. You probably already know that there is no such thing as 100% unbreakable encryption -- give me enough time and horsepower and I can break anything -- but if you put enough "good practice" barriers in the way, you make it extremely difficult for all but the most dedicated (who would have to have unrestricted access to begin with) and the kid that steals your laptop probably ain't in that class.

Better you spend some time getting your system safe, then getting your data base safe. When you do it right the likelihood of getting compromised gets really low -- and you benefit by being able to port your built-safe application to a similarly configured production environment without required third-party software. Design with safety in mind... encrypt what needs to be encrypted and make it really, really hard to get at it.

Thanks for the reply. We are at the end of a productions cycle and cannot make major DB changes (like encrypting critical info) until next spring. I'm not especially worried about a remote attack on this machine, what really scares me is someone walking off with the laptop. In California the reporting laws for the loss of identifying information are very strict, and I have no desire to make national news.
As far as I understand the reason for having a unique user for each daemon is to limit compromise if that daemon is compromised. Since the system itself is locked down from remote attack and the DB is properly secured I don't think this is much of a risk. I need to protect against the much greater risk of someone physically stealing the machine.

You know, if I was that worried, I'd buy myself a real big memory stick, mount the thing to /var/lib/mysql and stick it a safe when I wasn't using it -- chances are you'd never make the front page of the LA Times...

What I ended up doing is creating a separate disk image and then writing a script that mounts the disk image and then starts mysql using that mount point as the data directory. Everything seems to work real well and it doesn't require me to mess around with the user or permissions on mysql.

I genuinely considered the memory stick idea, but I think I'm a lot more likely to lose that. The requirements in California are very unforgiving and require notification of all parties when there is even a chance that data has been compromised. Encryption, according to the law as I understand it, nullifies this. If encrypted data is lost then reporting is not mandated which keeps me out of the paper. My Mom will be disappointed, but I'm happy!

Thanks again for the input.