[MariaDB/RHEL]: Removing world read access to all files/directories
Removing world read access from all the MariaDB related files.
==========================================
umasking to 027 will remove world read access ….
chmod 750 $(find /opt/rh/rh-mariadb101 -type d) &
chmod 750 $(find /var/run/rh-mariadb101-mariadb -type d) &
chmod 750 $(find /var/opt/rh/rh-mariadb101 -type d) &
chmod 750 $(find /var/lib/mysql -type d) &
chmod 750 $(find /etc/opt/rh/rh-mariadb101/ -type d) &
chmod 750 $(find /opt/rh/rh-mariadb101 -type f) &
chmod 750 $(find /var/run/rh-mariadb101-mariadb -type f) &
chmod 750 $(find /var/opt/rh/rh-mariadb101 -type f) &
chmod 750 $(find /var/lib/mysql -type f) &
chmod 750 $(find /etc/opt/rh/rh-mariadb101/ -type f) &
chown mysql:mysql /opt/rh/rh-mariadb101 -R &
chown mysql:mysql /var/run/rh-mariadb101-mariadb -R &
chown mysql:mysql /var/opt/rh/rh-mariadb101 -R &
chown mysql:mysql /var/lib/mysql -R &
chown mysql:mysql /etc/opt/rh/rh-mariadb101/ -R &
If we set ‘umask 027’ at /etc/profile file permanently, you won’t see this issue again even if you restart
[ root @ dbversity : ~ ] ll -lhtr /etc/profile
-rw-r–r– 1 root root 2.0K Jul 5 09:53 /etc/profile
[ root @ dbversity : ~ ]
[ root @ dbversity : ~ ] tail -1 /etc/profile
umask 027
[ root @ dbversity : ~ ]
[ root @ dbversity : ~ ]
[ root @ dbversity : ~ ] umask
0027
[ root @ dbversity : ~ ]
Command to check all the directories/files with world read permissions (i.e., others can read them )
var=(/opt/rh/rh-mariadb101/ /var/run/rh-mariadb101-mariadb/ /var/opt/rh/rh-mariadb101/ /var/lib/mysql/ /etc/opt/rh/rh-mariadb101/); for each in ${var[@]}; do find $each -perm /o+r -ls ; done
[ root @ dbversity : ~ ] var=(/opt/rh/rh-mariadb101/ /var/run/rh-mariadb101-mariadb/ /var/opt/rh/rh-mariadb101/ /var/lib/mysql/ /etc/opt/rh/rh-mariadb101/); for each in ${var[@]}; do find $each -perm /o+r -ls ; done
[ root @ dbversity : ~ ]