Comments on: Chrooting MySQL on Debian http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/ Juergen Kreileder's boring blog Sat, 13 Mar 2010 10:00:28 +0000 http://wordpress.org/?v=2.9.1-RC1-jk1 hourly 1 By: Juergen Kreileder http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-57234 Juergen Kreileder Fri, 25 Jan 2008 17:31:22 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-57234 Al, I don't get the context of your code excerpt. (And I always get a bad feeling when I see code like the first line of your check_login.php. Think SQL injection.) Al, I don’t get the context of your code excerpt.
(And I always get a bad feeling when I see code like the first line of your check_login.php. Think SQL injection.)

]]> By: Al http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-57233 Al Fri, 25 Jan 2008 07:17:52 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-57233 getMessage()); } $db_object->setFetchMode(DB_FETCHMODE_ASSOC); // we write this later on, ignore for now. include('check_login.php'); ?> ------------------------------------------------- '**********check_login.php********** query("SELECT password FROM users WHERE username = '".$_SESSION['username']."'"); if(DB::isError($pass) || $pass->numRows() != 1) { $logged_in = 0; unset($_SESSION['username']); unset($_SESSION['password']); // kill incorrect session variables. } $db_pass = $pass->fetchRow(); // now we have encrypted pass from DB in //$db_pass['password'], stripslashes() just incase: $db_pass['password'] = stripslashes($db_pass['password']); $_SESSION['password'] = stripslashes($_SESSION['password']); //compare: if($_SESSION['password'] == $db_pass['password']) { // valid password for username $logged_in = 1; // they have correct info // in session variables. } else { $logged_in = 0; unset($_SESSION['username']); unset($_SESSION['password']); // kill incorrect session variables. } } // clean up unset($db_pass['password']); $_SESSION['username'] = stripslashes($_SESSION['username']); ?> getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.

include(‘check_login.php’);

?>

————————————————-

‘**********check_login.php**********
query(“SELECT password FROM users WHERE username = ‘”.$_SESSION['username'].”‘”);

if(DB::isError($pass) || $pass->numRows() != 1) {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}

$db_pass = $pass->fetchRow();

// now we have encrypted pass from DB in
//$db_pass['password'], stripslashes() just incase:

$db_pass['password'] = stripslashes($db_pass['password']);
$_SESSION['password'] = stripslashes($_SESSION['password']);

//compare:

if($_SESSION['password'] == $db_pass['password']) {
// valid password for username
$logged_in = 1; // they have correct info
// in session variables.
} else {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}

// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);

?>

]]> By: Al http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-57232 Al Fri, 25 Jan 2008 07:13:05 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-57232 Try using another DB conection file that works - It worked for me Try using another DB conection file that works – It worked for me

]]> By: Juergen Kreileder http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-57207 Juergen Kreileder Wed, 09 Jan 2008 23:23:40 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-57207 Josh, which Debian or Ubuntu distribution do you have? Josh, which Debian or Ubuntu distribution do you have?

]]> By: Josh Wilkins http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-57205 Josh Wilkins Wed, 09 Jan 2008 19:55:43 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-57205 Juergen, I get the same error as viktor. I cannot figure out what it is I need to do. -Josh Juergen, I get the same error as viktor. I cannot figure out what it is I need to do.

-Josh

]]> By: Juergen Kreileder http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-54079 Juergen Kreileder Wed, 18 Apr 2007 20:30:35 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-54079 Viktor, <code>log_daemon_msg</code> is defined in <code>/lib/lsb/init-functions</code>. That file should get sourced early in <code>/etc/init.d/mysql</code>. Viktor, log_daemon_msg is defined in /lib/lsb/init-functions. That file should get sourced early in /etc/init.d/mysql.

]]> By: Viktor http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-54075 Viktor Wed, 18 Apr 2007 18:34:55 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-54075 Hi! I tried do as you had written above, but when I start the /etc/init.d/mysql start file, it writes: " line 108: log_daemon_msg: command not found". I can not see anything suspicious in syslog file. What can be the problem? Thx for your response! Viktor Hi!

I tried do as you had written above, but when I start the /etc/init.d/mysql start file, it writes: ” line 108: log_daemon_msg: command not found”.

I can not see anything suspicious in syslog file.

What can be the problem?

Thx for your response!

Viktor

]]> By: a_l_a_n http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-10229 a_l_a_n Sun, 30 Jul 2006 16:54:20 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-10229 Cool. Just wanted to make sure I wasnt negating the whole process or something stupid. Thanks for the guide. Cool. Just wanted to make sure I wasnt negating the whole process or something stupid.

Thanks for the guide.

]]> By: Juergen Kreileder http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-10225 Juergen Kreileder Sun, 30 Jul 2006 15:01:00 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-10225 The command for the pid file is correct: It creates a link to <code>$CHROOT_DIR/var/run/mysqld/mysqld.pid</code> in the <strong>directory</strong> <code>/var/run/mysqld</code>. That means the resulting link name is <code>/var/run/mysqld/mysqld.pid</code>. Creating a link for the socket is definitely an option if an application uses hard-coded paths and you can't or don't want to use networking (host: 127.1, port: 3306). The command for the pid file is correct: It creates a link to $CHROOT_DIR/var/run/mysqld/mysqld.pid in the directory /var/run/mysqld. That means the resulting link name is /var/run/mysqld/mysqld.pid.

Creating a link for the socket is definitely an option if an application uses hard-coded paths and you can’t or don’t want to use networking (host: 127.1, port: 3306).

]]> By: a_l_a_n http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-10224 a_l_a_n Sun, 30 Jul 2006 13:38:20 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-10224 I dont know if this was appropriate or not, but I had to add ln -sf $CHROOT_DIR/var/run/mysqld/mysqld.sock /var/run/mysqld.sock to /etc/init.d/mysql also, as amaroK was trying to use this missing socket file to connect to MySQL. Also, I assume it was a typo, I had to change the line in the howto to: ln -sf $CHROOT_DIR/var/run/mysqld/mysqld.pid /var/run/mysqld.pid (Note the .pid on the end of the new symlink) I dont know if this was appropriate or not, but I had to add

ln -sf $CHROOT_DIR/var/run/mysqld/mysqld.sock /var/run/mysqld.sock

to /etc/init.d/mysql also, as amaroK was trying to use this missing socket file to connect to MySQL.

Also, I assume it was a typo, I had to change the line in the howto to:

ln -sf $CHROOT_DIR/var/run/mysqld/mysqld.pid /var/run/mysqld.pid

(Note the .pid on the end of the new symlink)

]]> By: Juergen Kreileder http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-2506 Juergen Kreileder Sat, 06 May 2006 23:02:37 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-2506 swiergot, did you change "/etc/init.d/mysql" like described above? swiergot, did you change “/etc/init.d/mysql” like described above?

]]> By: swiergot http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-2360 swiergot Fri, 05 May 2006 16:10:27 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-2360 Hi. I have a problem with shutting down mysqld. Soon after mysqladmin does its work, mysqld_safe resumes mysqld process. Do you know how to fix it? Hi. I have a problem with shutting down mysqld. Soon after mysqladmin does its work, mysqld_safe resumes mysqld process. Do you know how to fix it?

]]> By: WebhostingTech http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-13 WebhostingTech Tue, 03 May 2005 10:35:19 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-13 <strong>Chrooting Apache, MySQL und Bind unter Debian</strong> Ein sehr schönes Tutorial stellt uns Juergen Kreileder zur Verfügung. Das Tutorial erklärt dem Nutzer, wie er unter Debian die Datenbankanwendung MySQL aus einer chroot-Umgebung starten kann. Außerdem finden sich dort zwei Links um den Apache Webse... Chrooting Apache, MySQL und Bind unter Debian

Ein sehr schönes Tutorial stellt uns Juergen Kreileder zur Verfügung. Das Tutorial erklärt dem Nutzer, wie er unter Debian die Datenbankanwendung MySQL aus einer chroot-Umgebung starten kann. Außerdem finden sich dort zwei Links um den Apache Webse…

]]> By: slink http://blog.blackdown.de/2005/03/04/chrooting-mysql-on-debian/comment-page-1/#comment-1 slink Fri, 25 Mar 2005 17:51:55 +0000 http://blog.blackdown.de/2005/03/08/chrooting-mysql-on-debian/#comment-1 Hi. It's a great tutorial. If someone would like to reach MySQL in PHP, modify php.ini too. Hi. It’s a great tutorial. If someone would like to reach MySQL in PHP, modify php.ini too.

]]>