Don't run the MySQL server as the Unix root user. This is very dangerous, because any user
with the FILE privilege is able to create files as root (for example, ~root/.bashrc). To
prevent this, mysqld refuses to run as root unless that is specified explicitly using a -
-user=root option.
mysqld can be run as an ordinary unprivileged user instead. You can also create a separate Unix
account named mysql to make everything even more secure. Use the account only for adminis-
tering MySQL. To start mysqld as another Unix user, add a user option that specifies the user-
name to the [mysqld] group of the /etc/my.cnf option file or the my.cnf option file in
the server's data directory. For example:
[mysqld]
user=mysql
This causes the server to start as the designated user whether you start it manually or by using
mysqld_safe or mysql.server. For more details, see Section A.3.2, “How to Run MySQL as a
Normal User”.
Running mysqld as a Unix user other than root does not mean that you need to change the
root username in the user table. Usernames for MySQL accounts have nothing to do with
usernames for Unix accounts.
• Don't allow the use of symlinks to tables. (This can be disabled with the -
-skip-symbolic-links option.) This is especially important if you run mysqld as root,
because anyone that has write access to the server's data directory then could delete any file in
the system! See Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
• Make sure that the only Unix user with read or write privileges in the database directories is the
user that mysqld runs as.