ubuntu系统修改mysql数据目录启动报错The error means mysqld does not have the access rights to the directory
详细报错信息如下:
2024-08-23T10:15:55.374397Z 0 [Warning] [MY-010918] [Server] 'default_authentication_plugin' is deprecated and will be removed in a future release. Please use authentication_policy instead.
2024-08-23T10:15:55.374422Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.36) starting as process 178661
2024-08-23T10:15:55.380673Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2024-08-23T10:15:55.419508Z 1 [ERROR] [MY-012592] [InnoDB] Operating system error number 13 in a file operation.
2024-08-23T10:15:55.419564Z 1 [ERROR] [MY-012595] [InnoDB] The error means mysqld does not have the access rights to the directory.
2024-08-23T10:15:55.419589Z 1 [ERROR] [MY-013861] [InnoDB] Failed to list redo log files in the redo log directory ./
2024-08-23T10:15:55.419607Z 1 [ERROR] [MY-012930] [InnoDB] Plugin initialization aborted with error Generic error.
2024-08-23T10:15:55.917966Z 1 [ERROR] [MY-010334] [Server] Failed to initialize DD Storage Engine
2024-08-23T10:15:55.918338Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2024-08-23T10:15:55.918470Z 0 [ERROR] [MY-010119] [Server] Aborting
2024-08-23T10:15:55.919529Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.36) MySQL Community Server - GPL.
2024-08-23T10:18:28.996106Z 0 [Warning] [MY-010918] [Server] 'default_authentication_plugin' is deprecated and will be removed in a future release. Please use authentication_policy instead.
2024-08-23T10:18:28.996129Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.36) starting as process 181365
2024-08-23T10:18:29.003594Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2024-08-23T10:18:29.043429Z 1 [ERROR] [MY-012592] [InnoDB] Operating system error number 13 in a file operation.
2024-08-23T10:18:29.043483Z 1 [ERROR] [MY-012595] [InnoDB] The error means mysqld does not have the access rights to the directory.
2024-08-23T10:18:29.043505Z 1 [ERROR] [MY-013861] [InnoDB] Failed to list redo log files in the redo log directory ./
2024-08-23T10:18:29.043520Z 1 [ERROR] [MY-012930] [InnoDB] Plugin initialization aborted with error Generic error.
2024-08-23T10:18:29.541422Z 1 [ERROR] [MY-010334] [Server] Failed to initialize DD Storage Engine
2024-08-23T10:18:29.541976Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2024-08-23T10:18:29.542225Z 0 [ERROR] [MY-010119] [Server] Aborting
2024-08-23T10:18:29.543668Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.36) MySQL Community Server - GPL.
查了很多资料发现是debian系统的armor 做了限制。
什么是AppArmor?
AppArmor(Application Armor)是一种Linux内核安全模块(Linux Security Module,LSM),用于增强系统的安全性。它通过提供细粒度的访问控制来限制程序的能力,从而减少潜在的安全风险。以下是AppArmor的一些关键特性和功能:
- 强制访问控制(MAC): AppArmor 使用基于配置文件的机制来强制执行程序可以进行哪些操作。这种控制比传统的基于用户的访问控制(DAC)更为细致,可以防止已被攻破的程序执行未授权的操作。
- 配置文件: AppArmor的核心是配置文件(Profiles),这些配置文件定义了特定程序的权限和访问控制。配置文件可以指定程序可以访问哪些文件、网络端口、系统资源等。
- 易于使用: 与SELinux相比,AppArmor更易于配置和管理。AppArmor使用路径名来定义访问控制,因此不需要修改文件系统属性。
- 学习模式: AppArmor拥有一个学习模式,可以生成程序的配置文件。这种模式记录程序的行为,并自动生成相应的配置文件,管理员可以基于这些生成的配置文件进行调整和优化。
- 日志记录: AppArmor会记录超出配置文件权限的操作,这些日志信息对于发现和排除安全问题非常有用。
- 集成和支持: AppArmor 已集成到一些主流Linux发行版中,如Ubuntu和Debian。许多Linux发行版默认启用AppArmor来增强系统安全性。
通过限制程序的行为,AppArmor可以有效地减小攻击面,防止许多类型的攻击,例如文件系统破坏、信息泄露和权限提升等。尽管它并不能替代所有的安全措施,但作为多层防御策略的一部分,AppArmor是一个强有力的工具。
解决方案:
vim /etc/apparmor.d/usr.sbin.mysqld
# 添加
/data/mysql/ r,
/data/mysql/** rwk,重启mysql服务
systemctl restart mysqld
