ApsaraDB for MyBase grants operating system (OS)-level access to dedicated database hosts, so database administrators (DBAs) can log on, upload and install software directly on the host.
Prerequisites
Before you begin, ensure that you have:
A bastion host. See Create a bastion host.
Access to the database host through the bastion host. For Linux hosts, see Log on to a host by using a bastion host in Linux. For Windows hosts, see Access a Windows host from a bastion host.
Background
ApsaraDB for MyBase allows you to obtain more autonomous and controllable permissions by enabling operating system (OS) permissions. This helps database administrators (DBAs) to make full use of their skills, and also helps to solve database problems in a timely manner.
MyBase OS permissions are suited for the following scenarios:
Financial and insurance enterprises — Establish reliable audit mechanisms to meet strict security regulatory requirements.
Internet enterprises — Run efficient and stable audit systems as the number of employees and servers grows.
MySQL and PostgreSQL host permissions
Directory permissions
The following table lists the OS directory permissions available on MySQL and PostgreSQL hosts.
| Permission | Directory | Notes |
|---|---|---|
r-x | boot | |
r-x | dev | |
r-x | disk12930121 | |
r-x | disk12930121/mysql/12930121/data/mysql | Storage capacity of a database instance |
r-x | etc | |
r-- | grub_file | |
--- | home | |
r-x | host | |
r-x | media | |
r-x | mnt | |
r-x | opt | |
r-x | proc | |
--- | root | |
r-x | run | |
r-x | srv | |
r-x | sys | |
rwt | tmp | |
r-x | u01 | Service data directory |
r-x | u02 | Service log directory |
r-x | userdata | |
rwx | userdata/data1 | Directory where the user data disk is mounted |
r-x | usr | |
r-x | var |
Command permissions
The following tables list the commands and tools available on MySQL and PostgreSQL hosts, grouped by category.
To install software not listed below, use YUM as a non-root user.
Process and network inspection
| Command | Available |
|---|---|
ps | Yes |
ss | Yes |
netstat | Yes |
lsof | No |
iftop | No |
iotop | No |
nmap | No |
tcpdump | No |
File operations
| Command | Available |
|---|---|
vim | Yes |
wget | Yes |
curl | Yes |
rsync | Yes |
gzip | Yes |
telnet | Yes |
unzip | No |
lrzsz | No |
Build tools
| Command | Available |
|---|---|
yum | Yes |
make | Yes |
gcc | Yes |
Percona Toolkit | Yes |
cmake | No |
g++ | No |
Service and process management
| Command | Available |
|---|---|
kill | Yes |
pkill | Yes |
psmisc | Yes |
service | No |
systemctl | No |
iptables | No |
System utilities
| Command | Available |
|---|---|
sysstat | Yes |
bind-utils | Yes |
bc | Yes |
net-tools | Yes |
screen | No |
sendmail | No |
mysql-client | No |
tree | No |
traseroute | No |
SQL Server host permissions
SQL Server hosts run on Windows. Two account types are available.
| Account type | Description |
|---|---|
| Normal Account | Standard account with the permissions of the Remote Desktop Users group. |
| Administrator | Privileged account admin with local group administrator permissions in Windows. |