<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Feb 13, 2015 at 12:10 AM, Murray Eisenberg <span dir="ltr"><<a href="mailto:murrayeisenberg@gmail.com" target="_blank">murrayeisenberg@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":38q" class="a3s" style="overflow:hidden">Do I also need to give the group _mysql read permission to some or all of /Volumes, /Volumes/MacHD, /Volumes/MacHD/Users, /Volumes/MacHD/Users/thisuser, /Volumes/MacHD/Users/thisuser/mysql ?<br>
<br>
If so, might that be dangerous?</div></blockquote></div><br>While I'm at it: the above is really why most people put the database in some other path than their home directory and don't try to fight with ACLs.<br><br>As for why you need to grant search permission to reach the database files: you were expecting the system somehow "just knows" that _mysql is allowed to follow that path? That the files at the end of it are owned by someone else is not relevant; consider that you may make a symlink to someone else's file. Or a hard link if it's on the same partition/filesystem. On OS X you can even make a hard link to a directory, making it even more complicated.<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>brandon s allbery kf8nh sine nomine associates</div><div><a href="mailto:allbery.b@gmail.com" target="_blank">allbery.b@gmail.com</a> <a href="mailto:ballbery@sinenomine.net" target="_blank">ballbery@sinenomine.net</a></div><div>unix, openafs, kerberos, infrastructure, xmonad <a href="http://sinenomine.net" target="_blank">http://sinenomine.net</a></div></div></div>
</div></div>