MySQL SystemD Logfile Permission Denied

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:



chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql


but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.



I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.



Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.







share|improve this question















  • 1




    Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
    – A.B
    Apr 18 at 16:50











  • And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
    – A.B
    Apr 18 at 16:59











  • @A.B You were right about the SELinux permissions. Thanks for the help.
    – Copernicus
    Apr 18 at 17:25














up vote
1
down vote

favorite












I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:



chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql


but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.



I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.



Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.







share|improve this question















  • 1




    Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
    – A.B
    Apr 18 at 16:50











  • And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
    – A.B
    Apr 18 at 16:59











  • @A.B You were right about the SELinux permissions. Thanks for the help.
    – Copernicus
    Apr 18 at 17:25












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:



chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql


but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.



I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.



Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.







share|improve this question











I've installed MySQL 5.6 on a CentOS 7 server and I'm trying to change the error log location from the default /var/log/mysql.log to /var/log/mysqld.err. MySQL is running properly when I use the default file location, but the systemd service fails with err 13 - Permission Denied when I try to change the logfile location. I made sure to set the file access permissions and owner/group and restart the service with the following:



chown mysql:mysql /var/log/mysqld.err
chmod 640 /var/log/mysqld.err
systemctl daemon-reload
systemctl restart mysql


but the mysqld service still fails with the Permission Denied error when it tries to log output into /var/log/mysqld.err.



I've even tried setting the file access permissions on /var/log/mysqld.err to 777. In this case, the mysqld_safe script was able to write to the logfile successfully when I ran it manually, but the systemd service still fails even though I allowed any user to edit the file.



Are there settings other than file access rights and owner/group settings that limit what files a systemd service can access? As a side note, I have made no modifications to the service script that is installed from the MySQL repo, nor have I added any overwrite files for the service.









share|improve this question










share|improve this question




share|improve this question









asked Apr 18 at 16:23









Copernicus

243




243







  • 1




    Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
    – A.B
    Apr 18 at 16:50











  • And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
    – A.B
    Apr 18 at 16:59











  • @A.B You were right about the SELinux permissions. Thanks for the help.
    – Copernicus
    Apr 18 at 17:25












  • 1




    Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
    – A.B
    Apr 18 at 16:50











  • And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
    – A.B
    Apr 18 at 16:59











  • @A.B You were right about the SELinux permissions. Thanks for the help.
    – Copernicus
    Apr 18 at 17:25







1




1




Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
– A.B
Apr 18 at 16:50





Did you check SELinux permissions? If its log is hardcoded in an SELinux rule, you'd have to add an other for your new file. looking at the file /var/log/audit/audit.log for denied entries as well as checking what gives semanage fcontext --list |grep mysql would give some informations about this
– A.B
Apr 18 at 16:50













And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
– A.B
Apr 18 at 16:59





And a complimentary chcon (before correction) or restorecon (once fixed) could help. chcon -v --reference=/var/log/mysql.log /var/log/mysqld.err
– A.B
Apr 18 at 16:59













@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25




@A.B You were right about the SELinux permissions. Thanks for the help.
– Copernicus
Apr 18 at 17:25










1 Answer
1






active

oldest

votes

















up vote
1
down vote













A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:



chcon -t mysqld_log_t /var/log/mysqld.err






share|improve this answer





















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438552%2fmysql-systemd-logfile-permission-denied%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:



    chcon -t mysqld_log_t /var/log/mysqld.err






    share|improve this answer

























      up vote
      1
      down vote













      A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:



      chcon -t mysqld_log_t /var/log/mysqld.err






      share|improve this answer























        up vote
        1
        down vote










        up vote
        1
        down vote









        A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:



        chcon -t mysqld_log_t /var/log/mysqld.err






        share|improve this answer













        A.B was correct about the problem being with the SELinux permissions. The new file needed a mysqld_log_t type. I fixed the issue by changing the type:



        chcon -t mysqld_log_t /var/log/mysqld.err







        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Apr 18 at 17:24









        Copernicus

        243




        243






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438552%2fmysql-systemd-logfile-permission-denied%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?