MariaDB ignores Linux ACL permissions

So I decided to initialize a new datadir on my MariaDB installation. I’m trying to make sure that I can both CRUD databases, and also read and write them in the File Manager.

I’ve managed to get mysql_install_db to work after some initial problems, leading me to discover ACL. I’ve tried to set it up so that I get an rwx mask, with full group permissions, as I have added my username to the mysql group.

So the datadir is /media/pi/Data/MariaDB. Data is the label of the partition on an external harddrive, and MariaDB is where I intend to store my databases.

So the problem is that no matter what I try, once the database has been initialized, I don’t have access to view the new folders in my file manager. This is due to the ACL mask for the new folders being set to -, even though the default is rwx.

So here’s what I’ve tried so far. I ran

sudo usermod -a -G mysql pi

to add my user to the mysql group.

I run the following command to set the ACL for the MariaDB folder, as well as defaults for any files and subdirectories inside.

sudo setfacl -R -m g:mysql:rwx,m:rwx,d:g:mysql:rwx,d:m:rwx /media/pi/Data/MariaDB

So the mysql group is supposed to get full permissions for the MariaDB folder, as well as any files and folders inside, and the same goes for the mask entry, so that I’m sure I actually get full permissions.

I also run chgrp on /media and all subfolders, as it turned out that the problem I was having with getting mysql_install_db to initialize the new datadir, was due to the mysql user not having proper permissions to the parent folders /media and /media/pi.

sudo chgrp -R mysql /media/

And finally I have even tried setting UMASK and UMASK_DIR to 770 (and even tried 007 as I read somewhere that MariaDB uses the opposite bits to what ACL does, i.e. 7 being rwx would need to be 0 in UMASK and UMASK_DIR). I did so by creating a new mariadb.sh file in /etc/profile.d/, and adding the following lines to it.

export UMASK=0770
export UMASK_DIR=0770

I even checked that the mysql user actually has both variables set, not just the pi user, and it does.

And of course I change the datadir line in /etc/mysql.d/50-server.cnf to this.

datadir		= /media/pi/Data/MariaDB

After having done all of the above, I run the following line to initialize the datadir.

sudo mysql_install_db --defaults-file=/etc/mysql/my.cnf --basedir=/usr --user=mysql

So now I run two getfacl commands and get the following results.

getfacl /media/pi/Data/MariaDB/

getfacl: Removing leading '/' from absolute path names
# file: media/pi/Data/MariaDB/
# owner: mysql
# group: mysql
# flags: -s-
user::rwx
group::r-x
group:mysql:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:mysql:rwx
default:mask::rwx
default:other::r-x
getfacl /media/pi/Data/MariaDB/mysql/

getfacl: Removing leading '/' from absolute path names
# file: media/pi/Data/MariaDB/mysql/
# owner: mysql
# group: mysql
# flags: -s-
user::rwx
group::r-x			#effective:---
group:mysql:rwx			#effective:---
mask::---
other::---
default:user::rwx
default:group::r-x
default:group:mysql:rwx
default:mask::rwx
default:other::r-x

As you can see, the MariaDB folder has the ACL permissions I would expect, and its default permissions are also as they should be. I can see that the mysql folder also inherits the default permissions, but for some reason the default mask isn’t used, instead being set to —, which of course means no effective permissions for the groups.

Furthermore, this problem means that when I reboot, the MariaDB server won’t start up, so when I run

systemctl -l status mariadb

one of the lines in the output reads

[Warning] Can't create test file /media/pi/Data/MySQL/raspberrypi.lower-test

However, oddly enough I can start the server just fine by running

sudo systemctl start mariadb

and then I can login to the server.

So the problem is two-fold. I need to be able to view all the schema folders and tables in my file manager, and I need the server to be able to start upon reboot. But for some reason I cannot begin to fathom, mysql_install_db ignores both UMASK/UMASK_DIR and the ACL permissions I’ve set. Can anyone help me achieve some enlightment here, help get these problems solved?