Unhappy mysql error ( Can't connect to local MySql server through socket (2)

[blackhowling]

Hii all , i am a newbie on linux, i have a problem now . when i use mysql command on chrooted bash, an error come up and it said "Can't connect to local MySql server through socket (2)" . Can anybody please help me...

 

[cmaxwell]

Hello,

Make a backup of your current MySQL configuration file:

cp /etc/my.cnf /etc/my.cnf.bak

Then edit it eg:

pico /etc/my.cnf

I use pico but you can use whatever text editor you prefer.

Look for the [client] section in this file, if it is not there then add this to the file:

[client]
socket=/var/lib/mysql/mysql.sock

If there is a [client] section then just add the second socket line above to the section.

Save the file and it should now work.

- Chris

 

[Dmitry Frantsev]

Originally posted by blackhowling
"Can't connect to local MySql server through socket (2)" . Can anybody please help me...

It seems that mysql service is not running on your server. Take a look at the examples below:

$mysql -uadmin -p`cat /etc/psa/.psa.shadow`
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

$/etc/init.d/mysqld start
Starting MySQL: [ ОК ]

$mysql -uadmin -p`cat /etc/psa/.psa.shadow`
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 3.23.58

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

When mysql service is not started there is no /var/lib/mysql/mysql.sock file created. Also, previous reply was also correct. So don't forget to check if following line persists in /etc/my.cnf file:

socket=/var/lib/mysql/mysql.sock

 

[blackhowling]

Thanx for all your answer . I already try it, but it still don't work . When i add

[client]
socket=/var/lib/mysql/mysql.sock

and i restart mysql, it said "mysql locked, bla... bla.. " .

I already check that mysql server is running . because when i login as root, i can connect to mysql server . but when i login as user i can't connect mysql server .

 

[cmaxwell]

What's the command you're using on the command line? This command should work:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

 

[blackhowling]

when i login as root use
"mysql -uadmin -p `cat /etc/psa/.psa_shadow` . but when i login as normail user which use chrooted as it shell, and i use "mysql" it already show error "Can't connect through socket bla.. bla.. (2)" .

 

[cmaxwell]

If the user is chrooted then it is not going to have access to the system files for MySQL.

The point of chrooting someone is to increase security on the system, and as a result they will not have access to stuff like the mysql.sock file which causes this error.

A standard system user which is not chrooted will be able to access MySQL.

 

[cmaxwell]

I also find it interesting that a chrooted user can successfully use the mysql command even if it doesn't connect.

The Plesk standard "bin" folder does not include the mysql binary. I would treat that as a security risk if you allow your users to use the mysql command line client - after all you don't really want them trying to access the psa database for instance do you? Just my thoughts...

In saying that, if you know your users intimately, eg you're all part of the same company, then it is less of a risk but in a web hosting environment i'd say it's a big no no.

 

[blackhowling]

actually, i just curious about this problem . At first, i want to give my client mysql command, but now i already told them that i can't allow them to connect mysql throught ssh . can't you please give a suggestion about this problem ?

 

[cmaxwell]

I understand. But as you have chrooted the users into their own home directories then they have no access to anything above their directory root.

As far as a chrooted user is concerned, /home/httpd/vhosts/<domain> is the root directory and they cannot go any higher.

To allow them to have access to files outside the chrooted environment you would need to change their shell so that it is not a chrooted shell, and I would highly recommend against that for security reasons unless you know and trust everyone on the server.

Hope this helps.

 

[servertune]

Originally posted by cmaxwell
I understand. But as you have chrooted the users into their own home directories then they have no access to anything above their directory root.

As far as a chrooted user is concerned, /home/httpd/vhosts/<domain> is the root directory and they cannot go any higher.

To take this even further, unless you really know your clients, I wouldn't give any client(s) access to shell, for security purposes. There are Linux savvy clients who can can get through chroot to the root level.

 

[cmaxwell]

Indeed. We wouldn't grant SSH access to users unless it was on a Virtuozzo-type VDS system, but hopefully blackhowling knows and trusts his users enough because it only takes one to try and break in and then you have a compromised system...

Still, it is useful on a corporate server, for example, when everyone is from the same organization and it is a bit more secure than giving everyone root access

 

[blackhowling]

hehehe, ok i understand now . Thank you very much for all your answer .