shell bypass 403
UnknownSec Shell
:
/
proc
/
self
/
root
/
proc
/
self
/
root
/
proc
/
thread-self
/
root
/
usr
/
lib
/
systemd
/
system
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
mariadb@.service
# Multi instance version of MariaDB # # Use this if you run multiple instances of MariaDB on a single server. # # This systemd service is not suitable for Galera as specialised SST recovery # scripts are needed. # # # It's not recommended to modify this file in-place, because it will be # overwritten during package upgrades. If you want to customize, the # best way is to create a file "/etc/systemd/system/mariadb@.service", # containing # .include /usr/lib/systemd/system/mariadb@.service # ...make your changes here... # or create a file "/etc/systemd/system/mariadb@.service.d/foo.conf", # which doesn't need to include ".include" call and which will be parsed # after the file mariadb@.service itself is parsed. # # For more info about custom unit files, see systemd.unit(5) or # https://mariadb.com/kb/en/mariadb/systemd/ # # Copyright notice: # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # # MULTI INSTANCES # # When multiple instances of MariaDB are running on a server they need to # ensure that they don't conflict with each other. This includes elements # like network ports, sockets and data directories listed under CONFLICTING # VARIABLES below. The systemd environment variable MYSQLD_MULTI_INSTANCE # controls each instance to ensure it is run independently. It is passed to # mariadbd and mysql_install # # By default, a group suffix exists and within the default configuration # files, a group [mariadbd.{instancename}] is read for each service. Other # default groups, like [server.{instancename}] and [mariadb.{instancename}], # are also read. For each instance, one of the groups will need to contain # the conflicting variables listed below under CONFLICTING VARIABLES. # # The MYSQLD_MULTI_INSTANCE environment used is: # Environment='MYSQLD_MULTI_INSTANCE=--defaults-group-suffix=.%I --basedir=/usr' # # # APPLYING YOUR MULTI INSTANCE MECHANISM # # To apply one of the non-default multi-instance mechanisms, create a file # "/etc/systemd/system/mariadb@.service.d/multi.conf" containing: # # [Service] # Environment=MYSQLD_MULTI_INSTANCE="...." # # Include any other settings you which to override. Directives like Exec* are # lists and adding a directive will append to the list. You can clear the list # by starting with "Directive=" and no value. Follow this by the list that you # do want. See the systemd.unit(5) manual page for more information. # # Then run "systemctl daemon-reload". # # # EXAMPLE MYSQLD_MULTI_INSTANCE CONFIGURATIONS # # Configuration File Based Mechanism: # # This has a configuration file per instance. # # [Unit] # ConditionPathExists=/etc/my.%I.cnf # # [Service] # Environment=MYSQLD_MULTI_INSTANCE=--defaults-file=/etc/my.%I.cnf # # Here you need to create a configuration file /etc/my.%I.cnf for each # instance, each containing the conflicting variables to separate instances. # # # Multi User Based Mechanism: # # Here each user (the instance name) has their own mysql instance. # # Create instances in users home directory with abstract socket: # # [Service] # User=%I # ProtectHome=false # ExecStartPre= # ExecStartPre=/usr/bin/mysql_install_db $MYSQLD_MULTI_INSTANCE \ # --auth-root-authentication-method=socket --auth-root-socket-user=%I # Environment=MYSQLD_MULTI_INSTANCE="--defaults-file=/home/%I/my%I.cnf \ # --datadir=/home/%I/mysqldatadir --skip-networking --socket=@mysql-%I" # # # Command Line Mechanism: # # This is a good way run multiple instance where there is little difference # in configuration between instances. # # [Service] # Environment=MYSQLD_MULTI_INSTANCE="--socket=/run/mysqld/%I.sock \ # --datadir=/var/lib/mysqld-multi/%I \ # --skip-networking" # # # CONFLICTING VARIABLES # # A number of MariaDB system variables may conflict. The main ones that need to # be set because their default values will conflict are: # * socket # * port # * datadir # # # PRE-10.4 # # Before 10.4 MYSQLD_MULTI_INSTANCE was effectively --defaults-file=/etc/my.cnf.d/my%I.cnf # As /etc/my.cnf included these files it was a bad choice as an # existing single instance would include all these files. If you want to # continue a file based multi-instance mariadbd, recommend the Configuration File # Based Mechanism above and moving /etc/my.cnf.d/my%I.cnf files to /etc/my%I.cnf. # # # SELINUX # # As basic selinux rules are written around a single instance of MariaDB you may need # to define labels for the files and network ports of all instances. # # See: https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#selinux # # # STARTING # # Start the instance: systemctl start mariadb@{instancename}.service # # # DOCUMENTATION: # # Read https://mariadb.com/kb/en/mariadb/systemd/ regarding customisation. # # Also see systemd man pages: systemd.unit(5), systemd.exec(5) and # systemd.service(5) [Unit] Description=MariaDB 10.6.20 database server (multi-instance %I) Documentation=man:mariadbd(8) Documentation=https://mariadb.com/kb/en/library/systemd/ After=network.target # Negated condition here is because 10.3 and before had /etc/my.cnf.d/my%I.cnf # as the configuration difference for multiple instances. This condition here # to prevent an accidental change during an upgrade in the case the user # created these file(s). # ## See Environment=MYSQLD_MULTI_INSTANCE below for current recommended options. ConditionPathExists=!/etc/my.cnf.d/my%I.cnf [Install] WantedBy=multi-user.target [Service] ############################################################################## ## Core requirements ## Type=notify # Setting this to true can break replication and the Type=notify settings # See also bind-address mariadbd option. PrivateNetwork=false ############################################################################## ## Package maintainers ## # CAP_IPC_LOCK To allow memlock to be used as non-root user # CAP_DAC_OVERRIDE To allow auth_pam_tool (which is SUID root) to read /etc/shadow when it's chmod 0 # does nothing for non-root, not needed if /etc/shadow is u+r # CAP_AUDIT_WRITE auth_pam_tool needs it on Debian for whatever reason AmbientCapabilities=CAP_IPC_LOCK CAP_DAC_OVERRIDE CAP_AUDIT_WRITE # PrivateDevices=true implies NoNewPrivileges=true and # SUID auth_pam_tool suddenly doesn't do setuid anymore PrivateDevices=false # Prevent writes to /usr, /boot, and /etc ProtectSystem=full # Requires kernel 4.14 or later and SELinux transition rule for mysqld_t # (https://github.com/systemd/systemd/issues/3845) # NoNewPrivileges=true # Prevent accessing /home, /root and /run/user ProtectHome=true # Needed to create system tables etc. ExecStartPre=/usr/bin/mysql_install_db $MYSQLD_MULTI_INSTANCE # Start main service # A few variables are here: # * MYSQLD_MULTI_INSTANCE - control how multiple instances are distinguisable # * MYSQLD_OPTS - user definable extras - not a replacement for my.cnf # # Note 1: Place $MYSQLD_OPTS at the very end for its options to take precedence. ExecStart=/usr/sbin/mariadbd $MYSQLD_MULTI_INSTANCE $MYSQLD_OPTS KillSignal=SIGTERM # Don't want to see an automated SIGKILL ever SendSIGKILL=no # Restart crashed server only, on-failure would also restart, for example, when # my.cnf contains unknown option Restart=on-abort RestartSec=5s UMask=007 ############################################################################## ## USERs can override ## ## ## by creating a file in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf ## and adding/setting the following below [Service] will override this file's ## settings. # Useful options not previously available in [mysqld_safe] # Kernels like killing mariadbd when out of memory because its big. # Lets temper that preference a little. # OOMScoreAdjust=-600 # Explicitly start with high IO priority # BlockIOWeight=1000 # If you don't use the /tmp directory for SELECT ... OUTFILE and # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. PrivateTmp=false # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) # this is the same value as used in SysV init scripts in the past # if you need a longer timeout, check the KB: # https://mariadb.com/kb/en/library/systemd/#configuring-the-systemd-service-timeout TimeoutStartSec=900 TimeoutStopSec=900 # Set the maximium number of tasks (threads) to 99% of what the system can # handle as set by the kernel, reserve the 1% for a remote ssh connection, # some monitoring, or that backup cron job. Without the directive this would # be 15% (see DefaultTasksMax in systemd man pages). TasksMax=99% # Controlling how multiple instances are separated. See top of this file. # Note: This service isn't User=mysql by default so we need to be explicit. # It is as an option here as a user may want to use the MYSQLD_MULTI_INSTANCE # to run multiple versions. Environment='MYSQLD_MULTI_INSTANCE=--defaults-group-suffix=.%I' # While you can override these, you shouldn't leave them empty as that # will default to root. User=mysql Group=mysql ## ## Options previously available to be set via [mysqld_safe] ## that now needs to be set by systemd config files as mysqld_safe ## isn't executed. ## # Number of files limit. previously [mysqld_safe] open-files-limit LimitNOFILE=32768 # Maximium core size. previously [mysqld_safe] core-file-size # LimitCore= # Nice priority. previously [mysqld_safe] nice # Nice=-5 # Timezone. previously [mysqld_safe] timezone # Environment="TZ=UTC" # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= # Flush caches. previously [mysqld_safe] flush-caches=1 # ExecStartPre=sync # ExecStartPre=sysctl -q -w vm.drop_caches=3 # numa-interleave=1 equalivant # Change ExecStart=numactl --interleave=all /usr/sbin/mariadbd...... # crash-script equalivent # FailureAction=
© 2024 UnknownSec