I confirm that the permissions keys are created are root only:
# ll /var/lib/mysql/server-key.pem
-rw------- 1 root root 1675 May 10 07:29 /var/lib/mysql/server-key.pem
Actually that is just the default of the tool as it comes from upstream
And it has parameters for all you need:
Adding --uid mysql would make it do what you want.
If the defaults of the upstream tool should be changed that would IMHO be an upstream bug.
Unfortunately the user set up to use is not part of the ./configure call so I'm not sure how it would know.
wishlist from Ubuntu perspective, if you happen to file an upstream bug to change the default pelse mention it here so it can be tracked.
Config is in mysql.conf. d/mysqld. cnf
/etc/mysql/
default disabled: mysql.conf. d/mysqld. cnf:103: # ssl-ca= /etc/mysql/ cacert. pem mysql.conf. d/mysqld. cnf:104: # ssl-cert= /etc/mysql/ server- cert.pem mysql.conf. d/mysqld. cnf:105: # ssl-key= /etc/mysql/ server- key.pem
/etc/mysql/
/etc/mysql/
/etc/mysql/
I confirm that the permissions keys are created are root only: mysql/server- key.pem mysql/server- key.pem
# ll /var/lib/
-rw------- 1 root root 1675 May 10 07:29 /var/lib/
Actually that is just the default of the tool as it comes from upstream
And it has parameters for all you need:
Adding --uid mysql would make it do what you want.
If the defaults of the upstream tool should be changed that would IMHO be an upstream bug.
Unfortunately the user set up to use is not part of the ./configure call so I'm not sure how it would know.
wishlist from Ubuntu perspective, if you happen to file an upstream bug to change the default pelse mention it here so it can be tracked.