September 2014
« Aug   Oct »

InnoDB: The error means mysqld does not have the access rights to

I’m migrating my CentOS 6.4 Desktop to Ubuntu 14.04 LTS on this week as I found that CentOS 7 was not much Great that I expected. It does not support aged hardwares.

While I’m changing MySQL data directory to a different location and initializing the server. I got a strange error like this “InnoDB: The error means mysqld does not have the access rights to”. I tried all my ways to fix such kinds of permission errors assuming that it can be fixed it easily. But gradually I did recognize that it is something NOT with Permission issue with MySQL even though I have granted full permission to MySQL user to new data directory.

See the error I got.

140905 17:54:19 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Table 'mysql.plugin' doesn't exist
140905 17:54:19 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140905 17:54:19 InnoDB: The InnoDB memory heap is disabled
140905 17:54:19 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140905 17:54:19 InnoDB: Compressed tables use zlib 1.2.8
140905 17:54:19 InnoDB: Using Linux native AIO
140905 17:54:19 InnoDB: Initializing buffer pool, size = 100.0M
140905 17:54:19 InnoDB: Completed initialization of buffer pool
140905 17:54:19  InnoDB: Operating system error number 13 in a file operation.
InnoDB: The error means mysqld does not have the access rights to
InnoDB: the directory.
InnoDB: File name ./ibdata1
InnoDB: File operation call: 'create'.
InnoDB: Cannot continue operation.

After googling, I found that there are many people having the same issue which is due to “apparmor” MySQL profile security issue. That forum gives me new information about Ubuntu system security like SE-Linux does.

Following are the information Which I got,

There is now an apparmor profile enabled by default for mysql that will prevent mysql to access non standard area of the file system. Putting the mysql profile in complain mode using “sudo aa-complain” as described in the server guide should show you this in the logs. To fix this, you will need to add /mnt/fastdata/var/lib/mysql (or whatever non standard path you are using) to the list of authorized paths in the apparmor mysql profile you will find in /etc/apparmor.d/.

in this scenario I uses “/home/mysqldata” location as MySQL data directory.


You may need add the following lines in /etc/apparmor.d/usr.sbin.mysqld inside the curly brace declared for apparmor syntax and then restart the apparmor daemon to take effect.

/home/mysqldata/ r,
/home/mysqldata/** rwk,
/home/mysqldata/mysql/plugin r,
/home/mysqldata/mysql/plugin/*.so* mr

root@-desktop:~# cat /etc/apparmor.d/usr.sbin.mysqld | grep "mysqldata"
 /home/mysqldata/ r,
 /home/mysqldata/** rwk,
 /home/mysqldata/mysql/plugin r,
 /home/mysqldata/mysql/plugin/*.so* mr

Then restart the apparmor service.

root@-desktop:~# /etc/init.d/apparmor restart
 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd  [ OK ]

After that I can initiate new mysql repository by executing the command “mysql_install_db”

root@-desktop:~# mysql_install_db
Installing MySQL system tables... OK
Filling help tables... OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

Then start the MySQL service

root@-desktop:~# service mysql start
mysql start/running, process 4493

Pretty easy and simple !! 🙂

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>