mariadb requires mysql:root to start instead of mysql:mysql for user:group - RHEL 8.9 mariadb 10.5.23

Question

After patching and reboot for mariadb to start we require to do the following cmd to launch mariadb

chown -R mysql:root /var/lib/mysql

otherwise we get the following error

May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [Note] InnoDB: 10.5.23 started; log sequence number 114858617868828; transaction id 6884951201
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [Note] InnoDB: Loading buffer pool(s) from /data/mysql/ib_buffer_pool
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [Note] Plugin 'FEEDBACK' is disabled.
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [Note] Server socket created on IP: '0.0.0.0'.
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [ERROR] Can't start server : Bind on unix socket: Permission denied
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [ERROR] Do you already have another mysqld server running on socket: /var/lib/mysql/mysql.sock ?
May 21 00:43:07 sprcellapp mariadbd[104253]: 2024-05-21  0:43:07 0 [ERROR] Aborting
May 21 00:43:08 sprcellapp systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
May 21 00:43:08 sprcellapp systemd[1]: mariadb.service: Failed with result 'exit-code'.
May 21 00:43:08 sprcellapp systemd[1]: Failed to start MariaDB 10.5.23 database server.

SELinux is in permissive mode and we saw no avc:denied in syslog messages

finally /var/lib/mysql had the ownership and permissions:

"drwxr-xr-x. 5 mysql mysql 231 May 21 00:51 /var/lib/mysql/"

and after change for mariadb to launch would be need to be this.

drwxr-xr-x.  5 mysql root        231 May 21 00:51 .
drwxr-xr-x. 64 root  root       4096 Feb  3 16:51 ..
-rw-rw----.  1 mysql root      24576 Feb  4 11:17 aria_log.00000001
-rw-rw----.  1 mysql root         52 Feb  4 11:17 aria_log_control
-rw-rw----.  1 mysql root        976 Feb  4 11:17 ib_buffer_pool
-rw-rw----.  1 mysql root   12582912 Feb  4 11:17 ibdata1
-rw-rw----.  1 mysql root  100663296 Feb  4 11:17 ib_logfile0
-rw-rw----.  1 mysql root          0 Jan 31 14:51 multi-master.info
drwx------.  2 mysql root       4096 Jan 31 14:25 mysql
srwxrwxrwx.  1 mysql mysql         0 May 21 00:51 mysql.sock
-rw-r--r--.  1 mysql root         15 Jan 31 14:25 mysql_upgrade_info
drwx------.  2 mysql root         20 Jan 31 14:25 performance_schema
drwx------.  2 mysql root         20 Jan 31 14:25 test

Note the mysql.sock file created as mysql:mysql after mariadb launches. Why is the directory group owner required to be root?

Answer 1

So we found the issue. The problem was that the mysql user (from LDAP) was already defined and had a UID of 260, however when the mysql was installed on this new machine it generated a new UID and GID which did not match the /etc/passwd and etc/group of 269 and 979 respectively. This is why changing the permissions to mysql:root of /var/lib/mysql solved the problem but you had to do that on every reboot since /var/lib/mysql would revert back to mysql:mysql. So to fix this we simply changed the UID and GID to 260/260 which matched the ldap user. Now after reboot nothing needs to be changed.

process was

2. shut MariaDB off

sudo systemctl stop mariadb

3. check if any process is running for 260 which is mysql ps -ef | grep mysql ps -ef | grep 260

if none OK if not stop

4. backup the /etc files sudo cp -p /etc/passwd /etc/passwd.bkp sudo cp -p /etc/group /etc/group.bkp

5. verify the id first id mysql

6. change groupid first

sudo groupmod -g 260 mysql

7. change the userid

sudo usermod -u 260 -g 260 mysql

note if returns nothing to update then edit the /etc/passwd file manually since it could be using the LDAP and still set to 269 in our example, so update to 260

8. verify changes id mysql

optional

8a. sudo chown -R mysql:mysql /var/lib/mysql 8b. sudo systemctl start mariadb this will test to make sure after reboot the maraidb boots.

==

9. reboot the server

now after reboot /var/lib/mysql is mysql:mysql and the socket files is able to be placed in this DIR

check /var/log/messages for errors