18.8 How to run MySQL as a normal user

The MySQL server mysqld can be started and run by any user. In order to change mysqld to run as Unix user user_name, you must do the following:

  1. Stop the server if it's running (use mysqladmin shutdown).
  2. Change the database directories and files so that user_name has privileges to read and write files in them (you may need to do this as the Unix root user):
    shell> chown -R user_name /path/to/mysql/datadir
    If directories or files within the MySQL data directory are symlinks, you'll also need to follow those links and change the directories and files they point to. chown -R may not follow symlinks for you.
  3. Start the server as user user_name, or, if you are using MySQL 3.22 or later, start mysqld as the Unix root user and use the --user=user_name option. mysqld will switch to run as Unix user user_name before accepting any connections.
  4. If you are using the mysql.server script to start mysqld when the system is rebooted, you should edit mysql.server to use su to run mysqld as user user_name, or to invoke mysqld with the --user option. (No changes to safe_mysqld are necessary.)

At this point, your mysqld process should be running fine and dandy as the Unix user user_name. One thing hasn't changed, though: the contents of the permissions tables. By default (right after running the permissions table install script mysql_install_db), the MySQL user root is the only user with permission to access the mysql database or to create or drop databases. Unless you have changed those permissions, they still hold. This shouldn't stop you from accessing MySQL as the MySQL root user when you're logged in as a Unix user other than root; just specify the -u root option to the client program.

Note that accessing MySQL as root, by supplying -u root on the command line, has nothing to do with MySQL running as the Unix root user, or, indeed, as other Unix user. The access permissions and user names of MySQL are completely separate from Unix user names. The only connection with Unix user names is that if you don't provide a -u option when you invoke a client program, the client will try to connect using your Unix login name as your MySQL user name.

If your Unix box itself isn't secured, you should probably at least put a password on the MySQL root users in the access tables. Otherwise, any user with an account on that machine can run mysql -u root db_name and do whatever he likes.