Ubuntu Server 16.04服务器版配置图解教程06 - 安装MySql
1、更新源
sudo apt update
2、安装MySql
sudo apt-get -y install mysql-server mysql-client
你会被要求提供MySQL的root用户密码 :
New password for the MySQL “root” user: <– yourrootsqlpassword
Repeat password for the MySQL “root” user: <– yourrootsqlpassword
3、为了确保数据库服务器,并删除匿名用户和测试数据库,运行mysql_secure_installation命令。
运行mysql_secure_installation会执行几个设置:
a)为root用户设置密码
b)删除匿名账号
c)取消root用户远程登录
d)删除test库和对test库的访问权限
e)刷新授权表使修改生效
通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:
[root@server1 ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none):<–初次运行直接回车 OK, successfully used password, moving on… Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车或直接回车 New password: <– 设置root用户的密码 Re-enter new password: <– 再输入一次你设置的密码 Password updated successfully! Reloading privilege tables.. … Success! By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] <– 是否删除匿名用户,生产环境建议删除,所以直接回车 … Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] <–是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止 … Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车 - Dropping test database… … Success! - Removing privileges on test database… … Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] <– 是否重新加载权限表,直接回车 … Success! Cleaning up… All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! [root@server1 ~]#
4、进入MySql
mysql -uroot -p
5、创建用户
①grant all privileges on *.* to test@localhost identified by '1234';
②CREATE USER 'test@localhost' IDENTIFIED BY "1234";
③insert into user (host,user,authentication_string) values ('%','test',password('1234'));
传统的是使用password字段,但5.7没有这个字段,用authentication_string 替换了password。
创建用户时,密码不符合规定,这个其实与validate_password_policy的值有关。
validate_password_policy有以下取值:
默认是1,即MEDIUM,所以刚开始设置的密码必须符合长度,且必须含有数字,小写或大写字母,特殊字符。
有时候,只是为了自己测试,不想密码设置得那么复杂,
必须修改两个全局参数:
首先,修改validate_password_policy参数的值
mysql> set global validate_password_policy=0; Query OK, 0 rows affected (0.00 sec)
这样,判断密码的标准就基于密码的长度了。这个由validate_password_length参数来决定。
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 8 | +----------------------------+ row in set (0.00 sec)
validate_password_length参数默认为8,它有最小值的限制,最小值为:
validate_password_number_count + validate_password_special_char_count + (2 * validate_password_mixed_case_count)
其中,validate_password_number_count指定了密码中数据的长度,
validate_password_special_char_count指定了密码中特殊字符的长度,
validate_password_mixed_case_count指定了密码中大小字母的长度。
这些参数,默认值均为1,所以validate_password_length最小值为4,如果你显性指定validate_password_length的值小于4,尽管不会报错,但validate_password_length的值将设为4。如下所示:
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 8 | +----------------------------+ row in set (0.00 sec) mysql> set global validate_password_length=1; Query OK, 0 rows affected (0.00 sec) mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 4 | +----------------------------+ row in set (0.00 sec)
如果修改了validate_password_number_count,validate_password_special_char_count,validate_password_mixed_case_count中任何一个值,则validate_password_length将进行动态修改。
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 4 | +----------------------------+ row in set (0.00 sec) mysql> select @@validate_password_mixed_case_count; +--------------------------------------+ | @@validate_password_mixed_case_count | +--------------------------------------+ | 1 | +--------------------------------------+ row in set (0.00 sec) mysql> set global validate_password_mixed_case_count=2; Query OK, 0 rows affected (0.00 sec) mysql> select @@validate_password_mixed_case_count; +--------------------------------------+ | @@validate_password_mixed_case_count | +--------------------------------------+ | 2 | +--------------------------------------+ row in set (0.00 sec) mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 6 | +----------------------------+ row in set (0.00 sec)
当然,前提是validate_password插件必须已经安装,MySQL5.7是默认安装的。
那么如何验证validate_password插件是否安装呢?可通过查看以下参数,如果没有安装,则输出将为空。
mysql> SHOW VARIABLES LIKE 'validate_password%'; +--------------------------------------+-------+ | Variable_name | Value | +--------------------------------------+-------+ | validate_password_dictionary_file | | | validate_password_length | 6 | | validate_password_mixed_case_count | 2 | | validate_password_number_count | 1 | | validate_password_policy | LOW | | validate_password_special_char_count | 1 | +--------------------------------------+-------+ rows in set (0.00 sec)
再次创建用户就可以了。
这样就创建了一个名为:test 密码为:1234 的用户。
注意:此处的"localhost",是指该用户只能在本地登录,不能在另外一台机器上远程登录。如果想远程登录的话,将"localhost"改为"%",表示在任何一台电脑上都可以登录。也可以指定某台机器可以远程登录。
查看权限:
撤销权限:
revoke all on *.* from dba@localhost;
完成用户的创建后,请记得刷新系统权限表;
mysql>flush privileges;
6、设置test用户远程连接
本机用test用户远程连接虚拟机数据库时失败。
查看mysql3306端口远程是否开启。
打开mysql配置文件
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
将bind-address = 127.0.0.1注销
重新启动系统(ubuntu)
再次查看端口是否打开 netstat -an|grep 3306
此时端口3306已经打开。
再次在本机连接虚拟机数据库:
连接成功。
