From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LP03y-00071G-Sg for garchives@archives.gentoo.org; Mon, 19 Jan 2009 19:45:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A335DE04FE; Mon, 19 Jan 2009 19:45:33 +0000 (UTC) Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 02C21E04FE for ; Mon, 19 Jan 2009 19:45:32 +0000 (UTC) Received: by bwz14 with SMTP id 14so8975302bwz.10 for ; Mon, 19 Jan 2009 11:45:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=6uvx3buRDt71eroP3akUYpmr/x2CD+svLbA1iFE/81U=; b=hKF7clxPqh/13OahWBJY8qDIq3aXhj6G8kqkKpB8g2QFhwUE81TmojAWbXU+Q6xstC oZMODbgPsjfJeiMynSgKJ54Ud4t+q9tlFF2xuxq2iAWUwHkSy3Dm+RImUMCc4Wr2rNrb Sd4OwAUBAnrHSqiVH2Y8Tw3yDwTt9I1em8plY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=WCh/mczuSIOGbUP14ShKgLgZeFSNHoa89DHDk1hcSkp69gtcw/Wd9QDsazlz/9MSPc DKFNhANasuQYcU0/WmPKlIkrYdGGQ0NkI2KXz4Q3UX0/jLp0Y+5u5dWfjgsvj4nxYSOI u9l8EyOudpc3OEO9xOClYkqTsAJhGHNb+RTOU= Received: by 10.181.150.16 with SMTP id c16mr2179596bko.150.1232394332128; Mon, 19 Jan 2009 11:45:32 -0800 (PST) Received: by 10.180.208.18 with HTTP; Mon, 19 Jan 2009 11:45:32 -0800 (PST) Message-ID: <49bf44f10901191145r1803dd32p4674cbfb8f99de9d@mail.gmail.com> Date: Mon, 19 Jan 2009 11:45:32 -0800 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Reconciling users and services In-Reply-To: <4974C8CA.2040203@badapple.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200901180954.51906.alan.mckinnon@gmail.com> <49bf44f10901181012i766a1a3fmf0a18066c794bcae@mail.gmail.com> <200901182309.48081.alan.mckinnon@gmail.com> <49bf44f10901191033j5ff29d9dv207d76d3e40c3f65@mail.gmail.com> <4974C8CA.2040203@badapple.net> X-Archives-Salt: 0ffcff0d-c24c-4632-bac7-9fe42811152d X-Archives-Hash: 09774f46d4b167e3e353df6beb605d21 >>>> mysql only needs to connect to a daemon running on the same system, >>>> and I think it does so via a unix socket as opposed to tcp. I can see >>>> from netstat that /var/run/mysqld/mysqld.sock is connected, there is >>>> no mention of a tcp mysql connection, and nmap does not show a mysql >>>> port to be open. Is there anything else I should do as far as locking >>>> down mysql? I'm the only one with shell access to the system. >>> >>> mysql should be running as a non-root user (probably mysql) and for what >>> you >>> use, should be listening on localhost only. If you need to connect over >>> the >> >> How can I check to make sure mysql is only listening to localhost? It >> doesn't show up with nmap. >> >> - Grant > > sudo netstat -ptln > > It' also works without sudo, but then you don't see the process associated > with the open TCP port. > > kashani Thank you, the Local Address for mysqld is listed as 127.0.0.1 so I must be good to go. - Grant