| 152 | | * After installing and running the server, |
| 153 | | grant permissions for the 'db_user' account (usually boincadm). |
| 154 | | The 'db_name' is usually the short name of the project. |
| 155 | | The credentials (db_user, db_name, db_passwd) are stored in the project's [ProjectOptions#db config.xml]. |
| 156 | | All MySQL accounts should be password protected, especially `root`. |
| 157 | | {{{ |
| 158 | | mysql -u root |
| 159 | | CREATE USER 'db_user'@'localhost' IDENTIFIED BY 'db_passwd'; |
| 160 | | GRANT CREATE,DROP ON *.* TO 'db_user'@'localhost' |
| 161 | | GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,REFERENCES,INDEX,ALTER,CREATE TEMPORARY TABLES, LOCK TABLES ON `db_name`.* TO 'db_user'@'localhost'; |
| 162 | | }}} |
| 163 | | Existing projects should change the permissions accordingly by first revoking |
| 164 | | all rights and grant with the above example. The user 'nobody' means the |
| 165 | | account under which Apache runs (may be different on your machine) which does |
| 166 | | not need access anymore. |
| 167 | | {{{ |
| 168 | | mysql -u root |
| 169 | | REVOKE ALL PRIVILEGES ON *.* FROM 'db_user'@'localhost'; |
| 170 | | REVOKE ALL PRIVILEGES ON *.* FROM 'db_user'; |
| 171 | | REVOKE ALL PRIVILEGES ON *.* FROM 'nobody'@'localhost'; |
| 172 | | REVOKE ALL PRIVILEGES ON *.* FROM 'nobody'; |
| 173 | | }}} |
| 174 | | After creating a project you should also revoke the global DROP and CREATE |
| 175 | | permission for your 'db_user' like this: |
| 176 | | {{{ |
| 177 | | REVOKE ALL PRIVILEGES ON *.* FROM 'db_user'@'localhost'; |
| 178 | | REVOKE GRANT OPTION ON * . * FROM 'db_user'@'localhost'; |
| 179 | | GRANT USAGE ON *.* TO 'db_user'@'localhost'; |
| 180 | | }}} |
| 181 | | * Set your `PATH` environment variable to include MySQL programs |
| 182 | | (typically `/usr/local/mysql` and `/usr/local/mysql/bin`). |
| 183 | | * You'll need to back up your database. |
| 184 | | Generally this requires stopping the project, |
| 185 | | making a copy or snapshot, and restarting. |
| 186 | | An example is [//mysql_backup.txt here]. |
| | 152 | Instructions for setting up MySQL are here: |
| | 153 | https://dev.mysql.com/doc/refman/5.6/en/linux-installation-yum-repo.html |
| | 154 | |
| | 155 | After setting up MySQL, |
| | 156 | create a MySQL account for the project owner. |
| | 157 | We'll use the name '''boincadm''', same as the Unix account. |
| | 158 | All MySQL accounts should be password protected; |
| | 159 | we'll use "foobar" (use something different). |
| | 160 | {{{ |
| | 161 | mysql -u root -p |
| | 162 | CREATE USER 'boincadm'@'localhost' IDENTIFIED BY 'foobar'; |
| | 163 | GRANT ALL ON *.* TO 'boincadm'@'localhost'; |
| | 164 | }}} |
| | 165 | This gives boincadm access to all MySQL databases on the host; |
| | 166 | if you use MySQL for other purposes on the host, |
| | 167 | set permissions more restrictively. |
| | 168 | |
| | 169 | Other notes: |
| | 170 | * Set boincadm's `PATH` environment variable to include MySQL programs |
| | 171 | (typically `/usr/local/mysql` and `/usr/local/mysql/bin`). |
| | 172 | * You'll want to back up your database periodically. |
| | 173 | Generally this requires stopping the project, |
| | 174 | making a copy or snapshot, and restarting. |
| | 175 | An example is [//mysql_backup.txt here]. |
| 399 | | The best way to create the boinc user is during installation when you are asked for name and password of the main user. Enter 'boincadm', or a name of your choice, as login name. In this cookbook I will refer to this useraccount as 'boincadm'. |
| 400 | | |
| 401 | | When installation is finished please login as the user created during installation. If you have installed a graphical desktop manager please open a text console (Konsole or xterm). |
| | 388 | The best way to create the boinc user is during installation |
| | 389 | when you are asked for name and password of the main user. |
| | 390 | Enter 'boincadm', or a name of your choice, as login name. |
| | 391 | In this cookbook I will refer to this useraccount as 'boincadm'. |
| | 392 | |
| | 393 | When installation is finished please login as the user created during installation. |
| | 394 | If you have installed a graphical desktop manager please open a text console (Konsole or xterm). |
