WL#8129: Packaging side changes related to WL#5608

Affects: Server-Prototype Only   —   Status: Complete

This worklog describes various changes required in packaging scripts in order to
assert that all distributed files follow the principle of most restrictive
permission possible.
User/Group Permission

F1 : "mysql" group : Group of DBAs.
* Shall have READ/WRITE access to anything in data directory.
* Shall have EXECUTE access to any binary we package.

F2 : "mysql" user : User whose privileges are used to run mysqld process
* Shall have READ/WRITE access to anything in data directory.
* Shall not have ability to login.

Files/Binaries/Libraries Permission

Assumption : Permission are with respect to root/root unless otherwise specified.

F3 : Binaries shall have -rwxr-xr-x permission

F4 : MAN files should have -rw-r--r-- permission

F5 : CHARSET files should have -rw-r--r-- permission

F6 : Header files should have -rw-r--r-- permission

F7 : Test/Result files should have -rw-r--r-- permission

F8 : Library files (.so) : Consistent with other .so files

F9 : Documentation should be updated to reflect that "mysql" user should be
created with --shell=/bin/false
Docs link : http://dev.mysql.com/doc/refman/5.7/en/binary-installation.html
I1 : Change packaging scripts to create "mysql" user with shell set to /bin/false.

I2 : Change packaging scripts to restrict permission on MAN files

I3 : Change packaging scripts to restrict permission on CHARSET and Header files.

I4 : Change packaging scripts to restrict permission on .test and .result files.