Errcode 13 , SELECT INTO OUTFILE issue

Question

I'm trying to understand the reason why I keep experiencing problems while using INTO OUTFILE command.

I always get this erroro:

ERROR 1 (HY000): Can't create/write to file '/var/www/p1.txt' (Errcode: 13)


SELECT password FROM mysql.user WHERE user='root' INTO OUTFILE '/var/www/p1.txt';

Useful details:

• web application : DVWA (localhost) (for study purposes)

• Server: Apache/2.2.14 (Ubuntu) - PHP/5.3.2

• MySQL version 5.1.63

• Operating system Linux Backtrack 5r3.

I'm running the command as root. Also, I can freely create folders or files in /var/www/

Errcode 13 I know it means permission denied, but what should I do in order to fix the problem?

Any help will be highly appreciated.

Answer 1

Even if you're logged in as root into MySQL, the file write will be performed as the user running the actual MySQL daemon.

In other words, you should check which user runs mysqld, and give write permission to the directory for that user.

Answer 2

you must alter the permissions for user mysqld. start by running the following command sudo aa-status to check your user status and authorized directories. if you want to change permissions, edit /etc/apparmor.d/usr.sbin.mysqld and insert the directories you want.

you must then restart apparmor sudo /etc/init.d/apparmor restart

Answer 3

chown /var/www to the user trying to write the file, or chmod 777 /var/www

this is probably not a secure way of doing it, you might like to consider putting the file elsewhere

Answer 4

Although this post is quite old, in 2018 this problem is still there. I spent a couple of hours banging my head in this maze.

Server version: 5.7.24 MySQL Community Server (GPL) running on Ubuntu 14.04

1. To allow MySql to SELECT INTO OUTFILE requires to set MySQL's secure-file-priv option in your configuration. Append the following 2 lines to /etc/mysql/mysql.conf:

   [mysqld]
   # allow INTO OUTFILE file and LOAD DATA INFILE to this directory
   secure_file_priv=/usr/share/mysql-files                
   

2. /usr/share/mysql-files is the directory where my files will be stored. I created it doing:

   sudo su
   cd /usr/share
   mkdir mysql-files
   chown mysql:mysql mysql-files
   chmod a+rw mysql-files
   

Change /usr/share/mysql-files for whatever you prefer, but avoid to use the /tmp directory!

Why? Because, at next time you'll be rebooting, the /tmp directory is happily erased including your precious mysql-files sub-directory. The mysql service then chokes and it won't start, leading to wierd errors with cryptics messages.

3. restart mysql and check:

   sudo su
   service mysql restart
   mysql
   mysql> SHOW VARIABLES LIKE "%secure%";
   +--------------------------+-------------------------+
   | Variable_name            | Value                   |
   +--------------------------+-------------------------+
   | require_secure_transport | OFF                     |
   | secure_auth              | ON                      |
   | secure_file_priv         | /usr/share/mysql-files/ |
   +--------------------------+-------------------------+
   3 rows in set (0.07 sec)
   mysql> quit
   Bye
   

4. You are not done, yet!

There is a troll by the name of apparmor who will ruines your project. Edit the file /etc/apparmor/local/usr/sbin/mysqld and append the following 2 lines -- don't forget the ending commas:

    /usr/share/mysql-files rw,
    /usr/share/mysql-files/** rw,

save it, and reparse:

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld

That should make it.