{"id":7,"date":"2005-03-04T23:46:45","date_gmt":"2005-03-04T22:46:45","guid":{"rendered":"http:\/\/blog.blackdown.de\/2005\/03\/08\/chrooting-mysql-on-debian\/"},"modified":"2016-10-29T03:51:03","modified_gmt":"2016-10-29T01:51:03","slug":"chrooting-mysql-on-debian","status":"publish","type":"post","link":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/","title":{"rendered":"Chrooting MySQL on Debian"},"content":{"rendered":"<p>It&#8217;s quite easy to chroot <a href=\"http:\/\/www.isc.org\/sw\/bind\/\">bind9<\/a> and <a href=\"http:\/\/httpd.apache.org\/\">apache<\/a> on <a href=\"http:\/\/www.debian.org\/\">Debian<\/a>.  (See <a href=\"http:\/\/cryptio.net\/~ferlatte\/blog\/config\/bind9\/\">this page<\/a> for bind9 and <a href=\"http:\/\/packages.debian.org\/libapache2-mod-chroot\">libapache2-mod-chroot<\/a> or <a href=\"http:\/\/packages.debian.org\/libapache2-mod-security\">libapache2-mod-security<\/a> for apache.)<\/p>\n<p>But I&#8217;ve found no guide for chrooting <a href=\"http:\/\/dev.mysql.com\/\">MySQL<\/a>, so here&#8217;s my short recipe:<\/p>\n<ul>\n<li>Prepare the chroot directory. It&#8217;s recommended to use an extra partition\/filesystem for it. I will use <code>\/srv\/mysql<\/code> (which is an <a href =\"http:\/\/sourceware.org\/lvm2\/\">LVM2<\/a> partition with an ext3 filesystem on my system) for the rest of the text.<\/li>\n<li>Stop MySQL:\n<pre>\/etc\/init.d\/mysql stop<\/pre>\n<\/li>\n<li>Copy the databases to new location:\n<pre>mkdir -p \/srv\/mysql\/var\/lib\r\ncp -a \/var\/lib\/mysql \/srv\/mysql\/var\/lib<\/pre>\n<\/li>\n<li>Copy <a href=\"\/static\/mysql-chroot\">this script<\/a> to <code>\/etc\/default\/mysql-chroot<\/code><\/li>\n<li>Edit <code>\/etc\/init.d\/mysql<\/code>:\n<ul>\n<li>Source the <code><a href=\"\/static\/mysql-chroot\">mysql-chroot<\/a><\/code> script somewhere at the top:\n<pre>&hellip;\r\ntest -x \/usr\/sbin\/mysqld || exit 0\r\n\r\n<strong>. \/etc\/default\/mysql-chroot<\/strong>\r\n\r\nSELF=$(cd $(dirname $0); pwd -P)\/$(basename $0)\r\n&hellip;<\/pre>\n<\/li>\n<li>Run <code>setup_chroot<\/code> right in the start section:\n<pre>&hellip;\r\nif mysqld_status check_alive nowarn; then\r\n  echo &quot;...already running.&quot;\r\nelse\r\n<strong>  setup_chroot<\/strong>\r\n  \/usr\/bin\/mysqld_safe &gt; \/dev\/null 2&gt;&amp;1 &amp;\r\n&hellip;<\/pre>\n<\/li>\n<li>Somehow <code>\/var\/run\/mysqld\/mysqld.pid<\/code> disappears after each start.  We have to create it each time, otherwise the <code>stop<\/code> command won&#8217;t work properly:\n<pre>&hellip;\r\nif mysqld_status check_alive warn; then\r\n  echo &quot;.&quot;\r\n<strong>  ln -sf $CHROOT_DIR\/var\/run\/mysqld\/mysqld.pid \\\r\n                 \/var\/run\/mysqld<\/strong>\r\n  # Now start mysqlcheck or whatever the admin wants.\r\n  \/etc\/mysql\/debian-start\r\n&hellip;<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>In <code>\/etc\/mysql\/debian.cnf<\/code>, change the <code>socket<\/code> line to:\n<pre>socket = \/srv\/mysql\/var\/run\/mysqld\/mysqld.sock<\/pre>\n<\/li>\n<li>In <code>\/etc\/mysql\/my.cnf<\/code>:\n<ul>\n<li>Change the <code>socket<\/code> line in the <code>[client]<\/code> section to:\n<pre>socket = \/srv\/mysql\/var\/run\/mysqld\/mysqld.sock<\/pre>\n<p>Don&#8217;t change the <code>socket<\/code> lines in the other sections!<\/p>\n<\/li>\n<li>Add\n<pre>chroot = \/srv\/mysql<\/pre>\n<p> to the <code>[mysqld]<\/code> section.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>Prepend <code>\/srv\/mysql<\/code> to the log files listed in <code>\/etc\/logrotate.d\/mysql-server<\/code><\/li>\n<li>Start MySQL:\n<pre>\/etc\/init.d\/mysql start<\/pre>\n<\/li>\n<li>Check <code>\/var\/log\/syslog<\/code> for errors ;-)<\/li>\n<\/ul>\n<p><em><strong>March 13th, 2005:<\/strong> I&#8217;ve updated the script for newer Debian packages, see <a href=\"\/2005\/03\/13\/updated-mysql-chroot-script\/\">Updated MySQL Chroot Script<\/a> for more information.<\/em><\/p>\n<p><em><strong>July 30th, 2006:<\/strong> These modifications still work fine on the current stable Debian release (3.1, &#8220;sarge&#8221;).  The mysql packages in the testing (&#8220;etch&#8221;) and unstable (&#8220;sid&#8221;) distributions of Debian need a few additional changes, I&#8217;ll post an updated guide in a few days.<\/em><\/p>\n<p><em><strong>December 30th, 2006:<\/strong> I&#8217;ve made an <a href=\"\/2006\/12\/30\/chrooting-recent-mysql-versions-on-debian-and-ubuntu\/\">updated guide<\/a> on how to chroot more recent MySQL packages on Debian and Ubuntu<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I&#8217;ve found no guide for chrooting MySQL, so here&#8217;s my short recipe: Prepare the chroot directory. It&#8217;s recommended to use an extra partition\/filesystem for it. I will use \/srv\/mysql (which is an LVM2<br \/>[&rarr; <a href=\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/\" class=\"more-link\">Read the rest of this entry<\/a>]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[6,3,8],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"It&#039;s quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I&#039;ve\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chrooting MySQL on Debian \u2014 J\u00fcrgen Kreileder\" \/>\n<meta property=\"og:description\" content=\"It&#039;s quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I&#039;ve\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/\" \/>\n<meta property=\"og:site_name\" content=\"J\u00fcrgen Kreileder\" \/>\n<meta property=\"article:published_time\" content=\"2005-03-04T22:46:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-29T01:51:03+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"J\u00fcrgen Kreileder\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blackdown.de\/#website\",\"url\":\"https:\/\/blackdown.de\/\",\"name\":\"J\u00fcrgen Kreileder\",\"description\":\"Software Engineer and Consultant\",\"publisher\":{\"@id\":\"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blackdown.de\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage\",\"url\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/\",\"name\":\"Chrooting MySQL on Debian \u2014 J\u00fcrgen Kreileder\",\"isPartOf\":{\"@id\":\"https:\/\/blackdown.de\/#website\"},\"datePublished\":\"2005-03-04T22:46:45+00:00\",\"dateModified\":\"2016-10-29T01:51:03+00:00\",\"description\":\"It's quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I've\",\"breadcrumb\":{\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Chrooting MySQL on Debian\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage\"},\"author\":{\"@id\":\"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0\"},\"headline\":\"Chrooting MySQL on Debian\",\"datePublished\":\"2005-03-04T22:46:45+00:00\",\"dateModified\":\"2016-10-29T01:51:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage\"},\"wordCount\":235,\"publisher\":{\"@id\":\"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0\"},\"articleSection\":[\"Config\",\"Debian\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0\",\"name\":\"J\u00fcrgen Kreileder\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/blackdown.de\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ceaab9fc1ba3f50f30f855e2b924aca5?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ceaab9fc1ba3f50f30f855e2b924aca5?s=96&d=identicon&r=g\",\"caption\":\"J\u00fcrgen Kreileder\"},\"logo\":{\"@id\":\"https:\/\/blackdown.de\/#personlogo\"},\"sameAs\":[\"https:\/\/blackdown.de\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"It's quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I've","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/","og_locale":"en_US","og_type":"article","og_title":"Chrooting MySQL on Debian \u2014 J\u00fcrgen Kreileder","og_description":"It's quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I've","og_url":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/","og_site_name":"J\u00fcrgen Kreileder","article_published_time":"2005-03-04T22:46:45+00:00","article_modified_time":"2016-10-29T01:51:03+00:00","twitter_misc":{"Written by":"J\u00fcrgen Kreileder","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/blackdown.de\/#website","url":"https:\/\/blackdown.de\/","name":"J\u00fcrgen Kreileder","description":"Software Engineer and Consultant","publisher":{"@id":"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blackdown.de\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage","url":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/","name":"Chrooting MySQL on Debian \u2014 J\u00fcrgen Kreileder","isPartOf":{"@id":"https:\/\/blackdown.de\/#website"},"datePublished":"2005-03-04T22:46:45+00:00","dateModified":"2016-10-29T01:51:03+00:00","description":"It's quite easy to chroot bind9 and apache on Debian. (See this page for bind9 and libapache2-mod-chroot or libapache2-mod-security for apache.) But I've","breadcrumb":{"@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Chrooting MySQL on Debian"}]},{"@type":"Article","@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#article","isPartOf":{"@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage"},"author":{"@id":"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0"},"headline":"Chrooting MySQL on Debian","datePublished":"2005-03-04T22:46:45+00:00","dateModified":"2016-10-29T01:51:03+00:00","mainEntityOfPage":{"@id":"https:\/\/blackdown.de\/articles\/chrooting-mysql-on-debian\/#webpage"},"wordCount":235,"publisher":{"@id":"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0"},"articleSection":["Config","Debian","Security"],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/blackdown.de\/#\/schema\/person\/d169d9b7b1b84446d5bea93795076ec0","name":"J\u00fcrgen Kreileder","image":{"@type":"ImageObject","@id":"https:\/\/blackdown.de\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/ceaab9fc1ba3f50f30f855e2b924aca5?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ceaab9fc1ba3f50f30f855e2b924aca5?s=96&d=identicon&r=g","caption":"J\u00fcrgen Kreileder"},"logo":{"@id":"https:\/\/blackdown.de\/#personlogo"},"sameAs":["https:\/\/blackdown.de\/"]}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_shortlink":"https:\/\/wp.me\/pmfBQ-7","_links":{"self":[{"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/posts\/7"}],"collection":[{"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":1,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":791,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/posts\/7\/revisions\/791"}],"wp:attachment":[{"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackdown.de\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}