Move and secure the MySQL data directory

By ctherouxNo Comments

By default, the data directory of MySQL is /var/lib/mysql. This can be a security issue, especially on a laptop. If your home directory is encrypted, you can easily secure you MySQL data. Backup you data before using this information. Read the procedure until the end before doing anything.

First, follow these steps to move the data directory of MySQL.

  1. Stop MySQL.
  2. sudo service mysql stop
  3. Copy the current database to its new location /home/yourhomedir/mysql.
  4. sudo mv /var/lib/mysql /home/yourhomedir/
  5. Create a link to prevent issues with innoDB tables
  6. ln -s /home/yourhomedir/mysql /var/lib/mysql
  7. Change the value of datadir in the file /etc/mysql/mysql.conf.d/mysqld.cnf for your new data directory location /home/yourhomedir/mysql
  8. Modify the two occurences of /var/lib/mysql with /home/yourhomedir/mysql in /etc/apparmor.d/usr.sbin.mysqld
  9. Reload apparmor
  10. sudo service apparmor reload

If you moved the MySQL data directory to an encrypted home directory, you will need to perform these supplementary steps.

  1. Disable MySQL from starting at system boot.
  2. sudo update-rc.d mysql remove
  3. Add MySQL to the group related to the user that owns the encrypted home directory
  4. sudo usermod -a -G yourhomedir mysql
  5. Change the permissions of the encrypted directory
  6. sudo chmod 750 /home/yourhomedir

In this scenario, you will need to start MySQL after you logged on and shut it down before loggoff which include shutting down the system. To start mysql, use the following command:

sudo service mysql start

To stop MySQL, use the following command:

sudo service mysql stop

If everything works fine, you can remove the original MySQL data directory using this command:

sudo rm -fr /var/lib/mysql
Linux, MySQL, Ubuntu

Leave your Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Blue Taste Theme created by Jabox