Permission denied writing to mysql log
It seems to me that most people create a directory named mysql
inside of /var/log
, change the owner of this folder to the mysql user.
sudo mkdir /var/log/mysql
sudo chown mysql:mysql /var/log/mysql
That should do it. Be sure to update the server's logging location and restart it. After you've tested re-enable mysql's apparmor profile.
Related videos on Youtube
Ian
By Day, I work for a company involving technologies like Programming, Linux, Perl, Sysadmin stuff, javascript. By Night I program for fun, often including things like SVG, Snap.svg, Javascript, Linux. When not doing tech stuff I enjoy dancing.
Updated on September 18, 2022Comments
-
Ian over 1 year
I am just testing out a new Ubuntu (Vivid 15.04) install on Vagrant, and getting problems with mysql and logging to a custom location.
In
/var/log/syslog
I get/usr/bin/mysqld_safe: cannot create /var/log/mysqld.log: Permission denied
If I
ls -l /var
I getdrwxrwxr-x 10 root syslog 4096 Jun 8 19:52 log
If I look in /var/log the file doesn't exist
I thought I had temporarily disabled apparmor just to isolate if it was that or something else causing the problem, but not sure if its still creating an issue (edit: think it may still be enabled, so not sure if this is an issue or simple permissions).
If I try manually creating the file as mysql I get denied as well (I temp allowed it bash access to test, I will remove after).
touch /var/log/mysql.log touch: cannot touch ‘/var/log/mysql.log’: Permission denied
If I look at another running server (centos) it has permissions as above (and writes as mysql user), so I'm wondering how does mysql normally get permissions to access the /var/log directory, and how can I get it to access that folder via normal running ?
Here is my apparmor profile for mysql
/usr/sbin/mysqld { #include #include #include #include #include capability dac_override, capability sys_resource, capability setgid, capability setuid, network tcp, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mysql/** r, /usr/lib/mysql/plugin/ r, /usr/lib/mysql/plugin/*.so* mr, /usr/sbin/mysqld mr, /usr/share/mysql/** r, /var/log/mysqld.log rw, /var/log/mysqld.err rw, /var/lib/mysql/ r, /var/lib/mysql/** rwk, /var/log/mysql/ r, /var/log/mysql/* rw, /var/run/mysqld/mysqld.pid rw, /var/run/mysqld/mysqld.sock w, /run/mysqld/mysqld.pid rw, /run/mysqld/mysqld.sock w, /sys/devices/system/cpu/ r, /var/log/mysqld.log rw, # Site-specific additions and overrides. See local/README for details. #include }
I also added the above file to the apparmor.d/disable directoru
Note: I added this line
/var/log/mysqld.log rw
, it wasn't originally there, and has same issue (after doing an apparmor reload).apparmor module is loaded. 5 profiles are loaded. 5 profiles are in enforce mode. /sbin/dhclient /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/sbin/tcpdump 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /sbin/dhclient (565) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
Jun 8 20:33:33 vagrant-ubuntu-vivid-64 systemd[1]: Starting MySQL Community Server... Jun 8 20:33:33 vagrant-ubuntu-vivid-64 mysqld_safe[11231]: 150608 20:33:33 mysqld_safe Logging to '/var/log/mysqld.log'. Jun 8 20:33:33 vagrant-ubuntu-vivid-64 mysqld_safe[11231]: touch: cannot touch ‘/var/log/mysqld.log’: Permission denied Jun 8 20:33:33 vagrant-ubuntu-vivid-64 mysqld_safe[11231]: chmod: cannot access ‘/var/log/mysqld.log’: No such file or directory Jun 8 20:33:33 vagrant-ubuntu-vivid-64 mysqld_safe[11231]: 150608 20:33:33 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql Jun 8 20:33:33 vagrant-ubuntu-vivid-64 mysqld_safe[11231]: /usr/bin/mysqld_safe: 126: /usr/bin/mysqld_safe: cannot create /var/log/mysqld.log: Permission denied
-
greendino almost 3 yearsi've been doing this for 10 times already. and still producing the same error output @Seth