Security in MySQL  /  General Security Issues  /  How to Run MySQL as a Normal User

2.5 How to Run MySQL as a Normal User

On Windows, you can run the server as a Windows service using a normal user account.

On Linux, for installations performed using a MySQL repository, RPM packages, or Debian packages, the MySQL server mysqld should be started by the local mysql operating system user. Starting by another operating system user is not supported by the init scripts that are included as part of the installation.

On Unix (or Linux for installations performed using tar or tar.gz packages) , the MySQL server mysqld can be started and run by any user. However, you should avoid running the server as the Unix root user for security reasons. To change mysqld to run as a normal unprivileged Unix user user_name, you must do the following:

  1. Stop the server if it is running (use mysqladmin shutdown).

  2. Change the database directories and files so that user_name has privileges to read and write files in them (you might need to do this as the Unix root user):

    shell> chown -R user_name /path/to/mysql/datadir

    If you do not do this, the server will not be able to access databases or tables when it runs as user_name.

    If directories or files within the MySQL data directory are symbolic links, chown -R might not follow symbolic links for you. If it does not, you will also need to follow those links and change the directories and files they point to.

  3. Start the server as user user_name. Another alternative is to start mysqld as the Unix root user and use the --user=user_name option. mysqld starts up, then switches to run as the Unix user user_name before accepting any connections.

  4. To start the server as the given user automatically at system startup time, specify the user name by adding a user option to the [mysqld] group of the /etc/my.cnf option file or the my.cnf option file in the server's data directory. For example:


If your Unix machine itself is not secured, you should assign passwords to the MySQL root account in the grant tables. Otherwise, any user with a login account on that machine can run the mysql client with a --user=root option and perform any operation. (It is a good idea to assign passwords to MySQL accounts in any case, but especially so when other login accounts exist on the server host.) See Section 3.4, “Securing the Initial MySQL Account”.

User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
  Posted by asdf asdf on May 16, 2015
The point "2." in the manual – changing an owner.
You better know that chown has an option "L" that will make it recursively change owner of symbolically linked directories and of all their subnodes and symlinks destinations. So, if there are symbolic links in Your directory and You want to change owner for all of their contents, use this:
chown -RL user_name /path/to/mysql/datadir

  Posted by vimal raj on October 10, 2017
This may not work on Centos7 and above. Need few more additional settings.

You need to edit the file /etc/systemd/system/ (update the username and group if other than MySQL) and chage the "ExecStart" with the new PID

Eg:- ExecStart=/usr/sbin/mysqld --pid-file=/mydata/mysql/run/ $MYSQLD_OPTS $MYSQLD_RECOVER_START
Sign Up Login You must be logged in to post a comment.