CentOS下安裝MySQL5.6.10和安全配置教程詳解
注:以下所有操作都在CentOS 6.5 x86_64位系統(tǒng)下完成。
#準(zhǔn)備工作#
在安裝MySQL之前,請(qǐng)確保已經(jīng)使用yum安裝了以下各類(lèi)基礎(chǔ)組件(如果系統(tǒng)已自帶,還可以考慮yum update下基礎(chǔ)組件):
gcc cmake openssl+openssl-devel pcre+pcre-devel bzip2+bzip2-devel libcurl+curl+curl-devel libjpeg+libjpeg-devel libpng+libpng-devel freetype+freetype-devel php-mcrypt+libmcrypt+libmcrypt-devel libxslt+libxslt-devel gmp+gmp-devel libxml2+libxml2-devel mhash ncurses+ncurses-devel xml2
然后創(chuàng)建mysql的用戶(hù)組和用戶(hù),并且不允許登錄權(quán)限:
# id mysql id: mysql:無(wú)此用戶(hù) # groupadd mysql # useradd -g mysql -s /sbin/nologin mysql # id mysql uid=500(mysql) gid=500(mysql) 組=500(mysql)
#MySQL的安裝#
給MySQL的安裝準(zhǔn)備目錄:
# mkdir -p /data/mysql/data # chown -R mysql:mysql /data/mysql
開(kāi)始源碼安裝MySQL:
# cd /usr/local/src # wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz # tar zxf mysql-5.6.10.tar.gz # cd mysql-5.6.10 # cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1 ... CMake Warning: Manually-specified variables were not used by the project: MYSQL_USER -- Build files have been written to: /usr/local/src/mysql-5.6.10 # make && make install # mkdir -p /usr/local/mysql-5.6.10/etc # mkdir -p /usr/local/mysql-5.6.10/tmp # ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql # chown -R mysql:mysql /usr/local/mysql-5.6.10 # chown -R mysql:mysql /usr/local/mysql
給當(dāng)前環(huán)境添加MySQL的bin目錄:
# vim /etc/profile export MYSQL_HOME=/usr/local/mysql export PATH=$PATH:$MYSQL_HOME/bin $ source /etc/profile
執(zhí)行初初始化配置腳本并創(chuàng)建系統(tǒng)自帶的數(shù)據(jù)庫(kù)和表:
# cd /usr/local/mysql # scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data ... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: ./bin/mysqladmin -u root password 'new-password' ./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password' Alternatively you can run: ./bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd . ; ./bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please report any problems with the ./bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com WARNING: Found existing config file ./my.cnf on the system. Because this file might be in use, it was not replaced, but was used in bootstrap (unless you used --defaults-file) and when you later start the server. The new default config file was created as ./my-new.cnf, please compare it with your file and take the changes you need. WARNING: Default config file /etc/my.cnf exists on the system This file will be read by default by the MySQL server If you do not want to use this, either remove it, or use the --defaults-file argument to mysqld_safe when starting the server
注:由于MySQL在啟動(dòng)的時(shí)候,會(huì)先去/etc/my.cnf找配置文件,如果沒(méi)有找到則搜索$basedir/my.cnf,也即/usr/local/mysql-5.6.10/my.cnf,所以必須確保/etc/my.cnf沒(méi)有存在,否則可能導(dǎo)致無(wú)法啟動(dòng)。
實(shí)際操作上發(fā)現(xiàn)系統(tǒng)上存在該文件,所以這里可能需要將該文件先備份改名,然后再根據(jù)上面的配置寫(xiě)配置文件:
# mv /etc/my.cnf /etc/my.cnf.bak # vim /usr/local/mysql-5.6.10/my.cnf [mysqld] basedir=/usr/local/mysql-5.6.10 datadir=/data/mysql/data socket=/usr/local/mysql-5.6.10/tmp/mysql.sock user=mysql sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
修改MySQL用戶(hù)root的密碼,這里使用mysqld_safe安全模式啟動(dòng):
# mysqld_safe --user=mysql --skip-grant-tables --skip-networking & [1] 3970 [root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'. 141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data
這個(gè)時(shí)候已經(jīng)啟動(dòng)了mysqd_safe安全模式,另開(kāi)一個(gè)窗口作為客戶(hù)端連入MySQL服務(wù)器:
# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.6.10 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql; mysql> update user set password=password('yourpassword') where user='root'; mysql> flush privileges; mysql> exit;
修改完畢之后使用kill把mysqld_safe進(jìn)程殺死:
# ps aux | grep mysql root 3970 0.0 0.2 106308 1492 pts/1 S 19:02 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networking mysql 4143 0.1 18.0 558280 90316 pts/1 Sl 19:02 0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sock root 4313 0.0 0.1 103252 836 pts/0 S+ 19:05 0:00 grep mysql # kill -9 3970 # kill -9 4143
或者回到剛才啟動(dòng)mysqld_safe的窗口ctrl+c將進(jìn)程殺死也行。
復(fù)制服務(wù)啟動(dòng)腳本:
# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld # chmod +x /etc/init.d/mysqld
設(shè)置開(kāi)機(jī)啟動(dòng)MySQL服務(wù)并正常開(kāi)啟MySQL服務(wù)(非必要項(xiàng)):
# chkconfig mysqld on # service mysqld Usage: mysqld {start|stop|restart|reload|force-reload|status} [ MySQL server options ] # service mysqld start Starting MySQL.
以后就可以直接通過(guò)service mysqld命令來(lái)開(kāi)啟/關(guān)閉MySQL數(shù)據(jù)庫(kù)了。
最后,建議生產(chǎn)環(huán)境下運(yùn)行安全設(shè)置腳本,禁止root用戶(hù)遠(yuǎn)程連接,移除test數(shù)據(jù)庫(kù)和匿名用戶(hù)等:
# /usr/local/mysql-5.6.10/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none):
注:上面輸入的root密碼指的是前面設(shè)置的MySQL的root賬戶(hù)的密碼。
至此,MySQL數(shù)據(jù)庫(kù)已經(jīng)安裝完畢。
#MySQL的安全配置#
1、確保啟動(dòng)MySQL不能使用系統(tǒng)的root賬號(hào),必須是新建的mysql賬號(hào),比如:
# mysqld_safe --user=mysql
2、MySQL安裝好運(yùn)行初始化數(shù)據(jù)庫(kù)后,默認(rèn)的root賬戶(hù)密碼為空,必須給其設(shè)置一個(gè)密碼,同時(shí)保證該密碼具有較高的安全性。比如:
mysql> user mysql; mysql> update user set password=password('yourpassword') where user='root'; mysql> flush privileges;
3、刪除默認(rèn)數(shù)據(jù)庫(kù)及用戶(hù):
mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | +--------------------+ mysql> drop daabase test; mysql> use mysql; mysql> select host,user from user; +--------------+------+ | host | user | +--------------+------+ | 127.0.0.1 | root | | ::1 | root | | centos | | | centos | root | | localhost | | | localhost | root | +--------------+------+ mysql> delete from user where not(host='localhost' and user='root'); mysql> flush privileges;
注:上面的user表中的數(shù)據(jù)可能會(huì)有所不同。
4、當(dāng)開(kāi)發(fā)網(wǎng)站連接數(shù)據(jù)庫(kù)的時(shí)候,建議建立一個(gè)用戶(hù)只針對(duì)某個(gè)庫(kù)有update/select/delete/insert/drop table/create table等權(quán)限,減小某個(gè)項(xiàng)目的數(shù)據(jù)庫(kù)的用戶(hù)名和密碼被竊取后造成其他項(xiàng)目受影響,比如:
mysql>create database yourdbname default charset utf8 collate utf8_general_ci; mysql>create user 'yourusername'@'localhost' identified by 'yourpassword'; mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';
5、數(shù)據(jù)庫(kù)文件所在的目錄不允許未經(jīng)授權(quán)的用戶(hù)訪問(wèn),需要控制對(duì)該目錄的訪問(wèn),比如:
# chown -R mysql:mysql /data/mysql/data # chmod -R go-rwx /data/mysql/data
以上所述是小編給大家介紹的CentOS下安裝MySQL5.6.10和安全配置教程詳解,希望對(duì)大家有所幫助,如果大家有任何疑問(wèn)請(qǐng)給我留言,小編會(huì)及時(shí)回復(fù)大家的。在此也非常感謝大家對(duì)腳本之家網(wǎng)站的支持!
相關(guān)文章
MySQL存儲(chǔ)引擎MyISAM與InnoDB區(qū)別總結(jié)整理
今天小編就為大家分享一篇關(guān)于MySQL存儲(chǔ)引擎MyISAM與InnoDB區(qū)別總結(jié)整理,小編覺(jué)得內(nèi)容挺不錯(cuò)的,現(xiàn)在分享給大家,具有很好的參考價(jià)值,需要的朋友一起跟隨小編來(lái)看看吧2019-03-03windows安裝MySQL到D盤(pán)的超詳細(xì)步驟
MySQL數(shù)據(jù)庫(kù)作為關(guān)系型數(shù)據(jù)庫(kù)中的佼佼者,因其體積小,速度快,成本低,不僅受到了市場(chǎng)的極大追捧,也受到了廣大程序員的青睞,下面這篇文章主要給大家介紹了關(guān)于windows安裝MySQL到D盤(pán)的超詳細(xì)步驟,需要的朋友可以參考下2023-03-03MySQL慢查詢(xún)相關(guān)參數(shù)原理解析
這篇文章主要介紹了MySQL慢查詢(xún)相關(guān)參數(shù)原理解析,文中通過(guò)示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友可以參考下2020-11-11MySQL實(shí)現(xiàn)差集(Minus)和交集(Intersect)測(cè)試報(bào)告
MySQL沒(méi)有實(shí)現(xiàn)Minus和Intersect功能,就像它也沒(méi)有實(shí)現(xiàn)cube的功能一樣。2014-06-06Mysql遷移到TiDB雙寫(xiě)數(shù)據(jù)庫(kù)兜底方案詳解
這篇文章主要為大家介紹了Mysql遷移到TiDB雙寫(xiě)數(shù)據(jù)庫(kù)兜底方案詳解,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進(jìn)步,早日升職加薪2023-01-01

淺談mysql中concat函數(shù),mysql在字段前/后增加字符串