Move and secure the MySQL data directory
By default, the data directory of MySQL is /var/lib/mysql. This can be a security issue, especially on a laptop. If your home directory is encrypted, you can easily secure you MySQL data. Backup you data before using this information. Read the procedure until the end before doing anything.
First, follow these steps to move the data directory of MySQL.
- Stop MySQL.
- Copy the current database to its new location /home/yourhomedir/mysql.
- Create a link to prevent issues with innoDB tables
- Change the value of datadir in the file /etc/mysql/mysql.conf.d/mysqld.cnf for your new data directory location /home/yourhomedir/mysql
- Modify the two occurences of /var/lib/mysql with /home/yourhomedir/mysql in /etc/apparmor.d/usr.sbin.mysqld
- Reload apparmor
sudo service mysql stop
sudo mv /var/lib/mysql /home/yourhomedir/
ln -s /home/yourhomedir/mysql /var/lib/mysql
sudo service apparmor reload
If you moved the MySQL data directory to an encrypted home directory, you will need to perform these supplementary steps.
- Disable MySQL from starting at system boot.
- Add MySQL to the group related to the user that owns the encrypted home directory
- Change the permissions of the encrypted directory
sudo update-rc.d mysql remove
sudo usermod -a -G yourhomedir mysql
sudo chmod 750 /home/yourhomedir
In this scenario, you will need to start MySQL after you logged on and shut it down before loggoff which include shutting down the system. To start mysql, use the following command:
sudo service mysql start
To stop MySQL, use the following command:
sudo service mysql stop
If everything works fine, you can remove the original MySQL data directory using this command:
sudo rm -fr /var/lib/mysql