3.1 Ensure 'datadir' Has Appropriate Permissions

Information

The data directory is the location of the MySQL databases.

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL database. If someone other than the MySQL user is allowed to read files from the data directory, it may be possible to read data from the mysql.user table which contains passwords. Additionally, the ability to create files can lead to denial of service, or might otherwise allow someone to gain access to specific data by manually creating a file with a view definition.

Solution

Execute the following commands at a terminal prompt:

chmod 750 <datadir>
chown mysql:mysql <datadir>

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 0e6e6a4d8070781ef4f87285d9717169fa2b06205b6cf5a46af33d2ebbfa9bf3