MySQL SystemD Logfile Permission Denied
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:
chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql
but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.
I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.
Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.
centos permissions systemd mysql
asked Apr 18 at 16:23
Copernicus
243
add a comment |Â
up vote
1
down vote
favorite
I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:
chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql
but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.
I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.
Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.
centos permissions systemd mysql
asked Apr 18 at 16:23
Copernicus
243
1
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file/var/log/audit/audit.logfor denied entries as well as checking what givessemanage fcontext --list |grep mysqlwould give some informations about this
– A.B
Apr 18 at 16:50
And a complimentary chcon (before correction) or restorecon (once fixed) could help.chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
– A.B
Apr 18 at 16:59
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:
chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql
but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.
I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.
Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.
centos permissions systemd mysql
asked Apr 18 at 16:23
Copernicus
243
I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:
chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql
but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.
I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.
Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.
centos permissions systemd mysql
asked Apr 18 at 16:23
Copernicus
243
asked Apr 18 at 16:23
Copernicus
243
asked Apr 18 at 16:23
Copernicus
243
asked Apr 18 at 16:23
Copernicus
243
243
1
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file/var/log/audit/audit.logfor denied entries as well as checking what givessemanage fcontext --list |grep mysqlwould give some informations about this
– A.B
Apr 18 at 16:50
And a complimentary chcon (before correction) or restorecon (once fixed) could help.chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
– A.B
Apr 18 at 16:59
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25
add a comment |Â
1
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file/var/log/audit/audit.logfor denied entries as well as checking what givessemanage fcontext --list |grep mysqlwould give some informations about this
– A.B
Apr 18 at 16:50
And a complimentary chcon (before correction) or restorecon (once fixed) could help.chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
– A.B
Apr 18 at 16:59
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25
1
1
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file
/var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this– A.B
Apr 18 at 16:50
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file
/var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this– A.B
Apr 18 at 16:50
And a complimentary chcon (before correction) or restorecon (once fixed) could help.
chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err– A.B
Apr 18 at 16:59
And a complimentary chcon (before correction) or restorecon (once fixed) could help.
chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err– A.B
Apr 18 at 16:59
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:
chcon -t mysqld_log_t /var/log/mysqld.err
answered Apr 18 at 17:24
Copernicus
243
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:
chcon -t mysqld_log_t /var/log/mysqld.err
answered Apr 18 at 17:24
Copernicus
243
add a comment |Â
up vote
1
down vote
A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:
chcon -t mysqld_log_t /var/log/mysqld.err
answered Apr 18 at 17:24
Copernicus
243
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:
chcon -t mysqld_log_t /var/log/mysqld.err
answered Apr 18 at 17:24
Copernicus
243
A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:
chcon -t mysqld_log_t /var/log/mysqld.err
answered Apr 18 at 17:24
Copernicus
243
answered Apr 18 at 17:24
Copernicus
243
answered Apr 18 at 17:24
Copernicus
243
answered Apr 18 at 17:24
Copernicus
243
243
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438552%2fmysql-systemd-logfile-permission-denied%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file
/var/log/audit/audit.logfor denied entries as well as checking what givessemanage fcontext --list |grep mysqlwould give some informations about this– A.B
Apr 18 at 16:50
And a complimentary chcon (before correction) or restorecon (once fixed) could help.
chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err– A.B
Apr 18 at 16:59
@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25