确认MariaDB数据库软件程序安装完毕并启动成功后请不要立即使用,为了确保数据库的安全性和正常运转,咱们需要先进行对数据库程序初始化操作。
这个过程需要经历五个步骤,首先需要让用户来设置root用户在数据库中的密码值,但需要注意该密码并非root管理员用户在系统中的密码,因此默认密码值应该为空,直接回车即可。然后设置root用户在数据库中的专有密码,然后是一次删除匿名帐户以及进行root管理员帐户从远程登陆数据库,这样做能够很有效的保证数据库上运行业务的安全性,然后是删除默认的测试数据库,并取消对其测试数据库的一系列访问权限,最后是刷新授权表,让初始化的设定立即生效。
代码语言:javascript复制[root@feiyu ~]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): 当前数据库密码为空,直接敲击回车。
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: 输入要为root用户设置的数据库密码。
Re-enter new password: 重复再输入一次密码。
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y(删除匿名帐号)
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y(禁止root用户从远程登录)
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y(删除test数据库并取消对其的访问权限)
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y(刷新授权表,让初始化后的设定立即生效)
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
很多生产环境中需要使用站库分离的技术,因此如果需要让root管理员帐户能够用远程访问数据库时,可在刚刚初始化过程中设置允许root管理员帐户从远程访问的策略,然后再设置防火墙允许对本机mysql服务程序的访问请求即可:
代码语言:javascript复制[root@feiyu ~]# firewall-cmd --permanent --add-service=mysqlsuccess[root@feiyu ~]# firewall-cmd --reloadsuccess
一切就绪!~快来尝试初次登陆到您的MariaDB数据库中吧,分别用-u参数来指定用超级管理员root用户来登陆,而-p参数作用是验证该用户的密码值:
代码语言:javascript复制[root@feiyu ~]# mysql -u root -p
Enter password: 此处输入root用户在数据库中的密码
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 5
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]>
最不习惯的地方一定是每次执行数据库命令后都要用;(分号)结尾,这应该也是与Linux命令最显著的区别的,每条数据库命令后面都要加上结束符,一定要记住并且慢慢习惯这种设定哦~例如可以尝试查看下当前数据库管理系统都有那些数据库:
代码语言:javascript复制MariaDB [(none)]> show databases;
--------------------
| Database |
--------------------
| information_schema |
| mysql |
| performance_schema |
--------------------
3 rows in set (0.01 sec)
设置远程访问权限
root账户中的host项是localhost表示该账号只能进行本地登录,我们需要修改权限,输入命令:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
修改权限。%表示针对所有IP,password表示将用这个密码登录root用户,如果想只让某个IP段的主机连接,可以修改为
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.0.%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;
最后别忘了
FLUSH PRIVILEGES;