All Products
Search

This Product

    ApsaraDB for MyBase:Host permissions

    Document Center

    ApsaraDB for MyBase:Host permissions

    Last Updated:Jul 14, 2023

    You can log on to a database host to upload, download, and install software.

    Prerequisites

    Create a bastion host and use the bastion host to access the database host. For more information, see Create a bastion host, Log on to a host by using a bastion host in Linux, and Access a Windows host from a bastion host.

    Background information

    ApsaraDB for MyBase allows you to obtain more autonomous and controllable permissions by enabling operating system (OS) permissions. This helps database administrators (DBAs) to make full use of their skills, and also helps to solve database problems in a timely manner.

    Database hosts and bastion hosts are used together in the following typical application scenarios:

    • Financial and insurance enterprises must establish reliable audit mechanisms to meet the strict security regulatory requirements of the industry.

    • Internet enterprises require efficient and stable audit systems because the number of employees and servers in Internet enterprises is rapidly increasing.

    Host permissions of MySQL and PostgreSQL

    • Directory permissions:

      The following directory permissions for the OS are available: 

      r-x  boot
r-x  dev
r-x  disk12930121
r-x disk12930121/mysql/12930121/data/mysql #The read and execute permission for the storage capacity of a database instance
r-x etc
r-- grub_file
--- home
r-x  host
r-x  media
r-x  mnt
r-x  opt
r-x  proc
---  root
r-x  run
r-x srv
r-x  sys
rwt tmp
r-x u01 #The read and execute permission for the service data directory
r-x u02 #The read and execute permission for the service log directory
r-x  userdata
rwx  userdata/data1   #The read, write, and execute permission for the directory to which a user data disk is mounted
r-x  usr
r-x  var

    • Software package and system command permissions

      Command

      Supported

      ps

      Yes

      ss

      Yes

      lsof

      No

      iftop

      No

      iotop

      No

      yum

      Yes

      make

      Yes

      cmake

      No

      netstat

      Yes

      kill

      Yes

      pkill

      Yes

      iptables

      No

      service

      No

      systemctl

      No

      Percona Toolkit commands

      Yes

      mysql-client

      No

      vim

      Yes

      wget

      Yes

      unzip

      No

      curl

      Yes

      telnet

      Yes

      tree

      No

      gcc

      Yes

      g++

      No

      screen

      No

      sysstat

      Yes

      nmap

      No

      tcpdump

      No

      psmisc

      Yes

      sendmail

      No

      bind-utils

      Yes

      lrzsz

      No

      rsync

      Yes

      gzip

      Yes

      traseroute

      No

      bc

      Yes

      net-tools

      Yes

      Note

      Use YUM to install other software as a non-root user.

    SQL Server host permissions

    Account type

    Description

    Normal Account

    You can log on to a Windows host by using a standard account that has the permissions of the Remote Desktop Users group.

    Administrator

    The privileged account admin has the administrator permission of the local group in Windows.