Ubuntu上安装MySQL+问题处理+安全优化_MySQL
0.说明
当然,MySQL的安装方法多种多样,在Ubuntu上,你可以采用apt-get的方式安装,这样的好处是:快速方便。基本上,它会帮你解决所有的函数库依赖问题,正常情况下,只要apt-get执行完成,那么MySQL也就可以使用了。
但我更倾向于使用源码的方式来安装MySQL,原因也很简单:除了有详细的官方文档外,你还可以非常清楚地知道你自己在做什么,这点在以后MySQL运行出现问题时将会有很大的帮助!
但即便是按照官方文档来安装,你也会遇到各种各样的问题,这里,我将呈现一个完整的过程给大家,直到完成下面的4个任务:
下载MySQL 5.6
安装准备:安装MySQL依赖函数库
安装与运行MySQL
优化MySQL
(1)账户安全优化
(2)数据库安全优化
我是安装完Ubuntu 15.10后就进行MySQL 5.6的安装,因此非常有参考价值!
1.下载MySQL 5.6
下载地址:http://dev.mysql.com/downloads/mysql/5.6.html
进入该下载地址后,选择:
Linux - Generic (glibc 2.5) (x86, 64-bit), Compressed TAR Archive
或
Linux - Generic (glibc 2.5) (x86, 32-bit), Compressed TAR Archive
这取决于你用的是32位的还是64位的,这里,我下载的是64位的,下载完成后的包如下:
xpleaf@leaf:~$lsmysql* mysql-5.6.28-linux-glibc2.5-x86_64.tar.gz
2.安装准备:安装MySQL依赖函数库
MySQL依赖一个名为libaio的函数库,需要先安装它,否则后面安装MySQL会出现问题。
如下:
xpleaf@leaf:~$sudoapt-cachesearchlibaio#查找libaio的相关信息 xpleaf@leaf:~$sudoapt-getinstalllibaio1#安装libaio1
这样的话就可以很快安装完libaio函数库了。
3.安装与运行MySQL
(1)分别创建一个名为mysql的用户和用户组
如下:
xpleaf@leaf:~$sudogroupaddmysql xpleaf@leaf:~$sudouseradd-r-gmysql-s/bin/falsemysql
-r和-s参数的可以使得mysql这个用户没有登陆你系统的权限,这可以保证系统的安全性。
(2)解包与建立软链接
如下:
[root@leaf~]#cd/usr/local xpleaf@leaf:/usr/local$sudotarzxvf/home/xpleaf/mysql-5.6.28-linux-glibc2.5-x86_64.tar.gz xpleaf@leaf:/usr/local$sudoln-s/usr/local/mysql-5.6.28-linux-glibc2.5-x86_64/mysql
需要知道的是,正常情况下,我们习惯将编译安装的软件放在/usr/local目录下,当然你也可以自行选择,不过还是建议放在这里。
建立软链接的好处是,如果你需要使用mysql的安装目录,就不用去输入一长串的目录名称了,因为我们解压缩后的mysql包的目录,名字很长。
(3)初始化Data目录
解包完MySQL后,MySQL目录中会有一个data目录:
xpleaf@leaf:/usr/local$cdmysql xpleaf@leaf:/usr/local/mysql$ls-ddata/ data/
里面包含的是MySQL运行所必需的系统信息,因此我们需要将这些数据初始化,如下:
#修改mysql目录下的所有文件的属主为mysql xpleaf@leaf:/usr/local/mysql$sudochown-Rmysql. #修改mysql目录下的所有文件的属组为mysql xpleaf@leaf:/usr/local/mysql$sudochgrp-Rmysql. #以mysql用户的身份初始化数据 xpleaf@leaf:/usr/local/mysql$sudoscripts/mysql_install_db--user=mysql #修改mysql目录下的所有文件的属主为root xpleaf@leaf:/usr/local/mysql$sudochown-Rroot. #修改mysql目录下的data目录的属主为mysql xpleaf@leaf:/usr/local/mysql$sudochown-Rmysqldata
请务必按照上面的操作进行,至于详细的是什么意思,为什么要这样做,可以参考官方文档,有非常详细的解释:http://dev.mysql.com/doc/refman/5.6/en/data-directory-initialization.html
(4)启动MySQL
如下:
xpleaf@leaf:/usr/local/mysql$sudobin/mysqld_safe--user=mysql& [1]8365 xpleaf@leaf:/usr/local/mysql$16030814:13:26mysqld_safeLoggingto'/usr/local/mysql-5.6.28-linux-glibc2.5-x86_64/data/leaf.err'. 16030814:13:26mysqld_safeStartingmysqlddaemonwithdatabasesfrom/usr/local/mysql-5.6.28-linux-glibc2.5-x86_64/data
确认已经开启MySQL服务:
xpleaf@leaf:~$sudonetstat-antup|grepmysqld tcp600:::3306:::*LISTEN8455/mysqld
mysql服务确实已经成功启动了!
(5)测试mysql服务
为了使mysql可以更好地在你的系统上运行,建议进行一定的mysql服务测试,如下:
xpleaf@leaf:/usr/local/mysql$sudobin/mysqladminversion bin/mysqladminVer8.42Distrib5.6.28,forlinux-glibc2.5onx86_64 Copyright(c)2000,2015,Oracleand/oritsaffiliates.Allrightsreserved. OracleisaregisteredtrademarkofOracleCorporationand/orits affiliates.Othernamesmaybetrademarksoftheirrespective owners. Serverversion5.6.28 Protocolversion10 ConnectionLocalhostviaUNIXsocket UNIXsocket/tmp/mysql.sock Uptime:8min36sec Threads:1Questions:2Slowqueries:0Opens:67Flushtables:1Opentables:60Queriespersecondavg:0.003
成功了!然后我们再进行下面的操作热热身吧:
#通过mysqladmin关闭mysql服务 xpleaf@leaf:/usr/local/mysql$sudobin/mysqladmin-urootshutdown #启动mysql服务 xpleaf@leaf:/usr/local/mysql$sudobin/mysqld_safe--user=mysql& #查看mysql数据库中默认存在的数据库 xpleaf@leaf:/usr/local/mysql$sudobin/mysqlshow +--------------------+ |Databases| +--------------------+ |information_schema| |mysql| |performance_schema| |test| +--------------------+ #查看mysql数据库(注意此mysql数据库是一个实体,与上面的统称不同)中的数据表 xpleaf@leaf:/usr/local/mysql$sudobin/mysqlshowmysql Database:mysql +---------------------------+ |Tables| +---------------------------+ |columns_priv| |db| |event| |func| |general_log| |help_category| |help_keyword| |help_relation| |help_topic| |innodb_index_stats| |innodb_table_stats| |ndb_binlog_index| |plugin| |proc| |procs_priv| |proxies_priv| |servers| |slave_master_info| |slave_relay_log_info| |slave_worker_info| |slow_log| |tables_priv| |time_zone| |time_zone_leap_second| |time_zone_name| |time_zone_transition| |time_zone_transition_type| |user| +---------------------------+ #查看mysql数据库中的所有user表 xpleaf@leaf:/usr/local/mysql$sudobin/mysql-e"SELECTUser,Host,pluginFROMmysql.user"mysql +------+-----------+-----------------------+ |User|Host|plugin| +------+-----------+-----------------------+ |root|localhost|mysql_native_password| |root|leaf|mysql_native_password| |root|127.0.0.1|mysql_native_password| |root|::1|mysql_native_password| ||localhost|mysql_native_password| ||leaf|mysql_native_password| +------+-----------+-----------------------+
需要注意的是,上面的这些测试必须要在你已经启动了mysql服务的情况下才去进行操作。同时,如果想知道每一步的详细解释,可以参考官方文档:http://dev.mysql.com/doc/refman/5.6/en/testing-server.html
准确来讲,MySQL是已经成功安装完成了!下面我们再做一些基础的优化,主要是从安全的角度去考虑。
4.优化MySQL
(1)MySQL数据库用户账户安全优化
--默认情况下用户账户很不安全
前面我们在对data目录进行初始化的过程中,其实MySQL就为我们创建了一些mysql账户,这些账户以及它们的权限就在mysql.user这张表中(下面会有操作查看),这里我们要对这些初始化的账户进行说明和必要的管理。
首先,我们以命令行方式进行mysql数据库中,不过在在这步之前,需要知道的是,Ubuntu默认并没有安装mysql的客户端,因此我们需要通过下面的命令来安装:
xpleaf@leaf:~$sudoapt-getinstallmysql-client-core-5.6
然后再登陆:
xpleaf@leaf:~$mysql ERROR2002(HY000):Can'tconnecttolocalMySQLserverthroughsocket'/var/run/mysqld/mysqld.sock'(13)
问题:如果你在进行该操作的时候也出现了上面的错误,那么请按照下面的方法来解决:
xpleaf@leaf:~$sudomkdir/var/run/mysqld xpleaf@leaf:~$cd/var/run/mysqld/ xpleaf@leaf:/var/run/mysqld$sudotouchmysqld.sock xpleaf@leaf:/var/run/mysqld$sudochown-Rmysql:mysql/var/run/mysqld/ xpleaf@leaf:/var/run/mysqld$cd xpleaf@leaf:~$sudobash root@leaf:~#cd/usr/local/mysql root@leaf:/usr/local/mysql#exit xpleaf@leaf:~$sudobash root@leaf:~#cd/usr/local/mysql root@leaf:/usr/local/mysql#echosocket=/var/run/msqld/mysqld.sock>>my.cnf root@leaf:/usr/local/mysql#exit xpleaf@leaf:~$sudoln-s/var/lib/mysql/mysql.sock/tmp/mysql.sock
启动MySQL:
xpleaf@leaf:~$cd/usr/local/mysql xpleaf@leaf:/usr/local/mysql$sudobin/mysqld_safe--user=mysql&
然后再重新登陆:
xpleaf@leaf:/usr/local/mysql$mysql-uroot WelcometotheMySQLmonitor.Commandsendwith;or\g. …… mysql>
终于可以了!
如果在这一步上遇到跟我上面不一样的情况的,可以给我留言。登陆成功后继续进行下面的操作:
查看默认的用户名:
mysql>selectUser,Host,Passwordfrommysql.user; +------+-----------+----------+ |User|Host|Password| +------+-----------+----------+ |root|localhost|| |root|leaf|| |root|127.0.0.1|| |root|::1|| ||localhost|| ||leaf|| +------+-----------+----------+ 6rowsinset(0.00sec)
从这张表中,我们可以看到有两种用户:
a.root用户:拥有最高权限
b.匿名用户:拥有有限的权限
而至于Host参数,则是说明通过该用户,能够以哪种方式进入mysql数据库中,比如对于root用户,现在的方法都是可以进入mysql数据库中的:
mysql -u root -h localhost mysql -u root -h leaf mysql -u root -h 127.0.0.1 mysql -u root -h ::1
匿名用户也是如此,但不管哪一种,其实都是指从本地登陆的意思。
但我们会发现一个问题,就是两种用户中Password一栏都为空,这也就是为什么刚刚我们直接输入一个mysql就可以进入的原因了,默认情况下,root用户和匿名用户都没有密码!
这也就是我们为什么要做基本优化的原因了,因为你不对这些用户做管理,那么谁都可以进行你的数据库,数据库完全将无从谈起!
--账户安全优化
1:为root用户创建密码
接下来我们要做的是:
为每一个root用户创建密码
有三种方式可以进行这些操作:
使用set password语句
使用update语句
使用mysqladmin命令
方式1:使用set password语句
xpleaf@leaf:~$mysql-uroot-p
Enterpassword:
mysql>setpasswordfor'root'@'localhost'=password('123456');
mysql>setpasswordfor'root'@'127.0.0.1'=password('123456');
mysql>setpasswordfor'root'@'::1'=password('123456');
mysql>setpasswordfor'root'@'leaf'=password('123456');
mysql>flushprivileges;
方式2:使用update语句
xpleaf@leaf:~$mysql-uroot-p
Enterpassword:
mysql>updatemysql.usersetpassword=password('123456')
->whereUser='root';
mysql>flushprivileges;
当然,上面两种方式选一种就可以了。这样的话,我们就为root用户创建了密码,以后在使用root用户登陆到数据库时都需要输入密码,如下:
xpleaf@leaf:~$mysql-uroot ERROR1045(28000):Accessdeniedforuser'root'@'localhost'(usingpassword:NO) xpleaf@leaf:/usr/local/mysql$mysql-uroot-p Enterpassword:
这时再重新看一下mysql.user表:
mysql>selectUser,Host,Passwordfrommysql.user;+------+-----------+-------------------------------------------+ |User|Host|Password| +------+-----------+-------------------------------------------+ |root|localhost|*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9| |root|leaf|*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9| |root|127.0.0.1|*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9| |root|::1|*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9| ||localhost|| ||leaf|| +------+-----------+-------------------------------------------+ 6rowsinset(0.00sec)
可以看到已经为root用户创建为密码,只是这里显示的是密码被哈希加密后的值。
--账户安全优化2:为匿名用户创建密码或删除匿名用户
接下来我们要做的是:
为匿名用户创建密码或删除匿名用户
a.为匿名用户创建密码
与上面的方法相同:
xpleaf@leaf:~$mysql-uroot-p
Enterpassword:
mysql>updatemysql.usersetpassword=password('123456')whereUser='';
mysql>flushprivileges;
这里我们使用update语句的方法。
另外注意这里的`flush privileges`语句,这个语句的作用是使我们刚刚修改密码的操作马上生效,而无需重启mysql服务,如果没有使用该语句,同时也没有重启mysql服务,使用新密码重新登陆mysql时会一直提示ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)错误。
b.删除匿名用户
如果你觉得匿名用户留着实在没有什么必要的话,也可以直接将其删除:
shell>mysql-uroot-p Enterpassword:(enterrootpasswordhere) mysql>DROPUSER''@'localhost'; mysql>DROPUSER''@'host_name'; mysql>flushprivileges;
(2)MySQL测试数据库安全优化
--默认情况下的数据库本身存在安全隐患
官方文档的说明:
themysql.dbtable contains rows that permit all accounts to access thetestdatabase and other databases with names that start withtest_
也就是说mysql.db表中有些行允许所有的用户访问test数据库或以名字test_开头的数据库,虽然这对于测试数据库很方便,但其还是带来了一定的安全隐患,所以我们也要对其进行优化。
--数据库安全优化:删除test数据库或名字以test开头的数据库
如下:
xpleaf@leaf:~$mysql-uroot-p mysql>deletefrommysql.dbwheredblike'test%'; mysql>dropdatabasetest; mysql>flushprivileges;
关于基本的安全优化,可以参考官方文档:http://dev.mysql.com/doc/refman/5.6/en/default-privileges.html
到这里的话本文就结束了,如果你是在Ubuntu上初次编译安装MySQL,只要你按照上面的方法去做,正常情况下是不会出现什么问题的,博主已进行多次测试。
当然,当你已经完全熟悉这样的一个过程之后,以后编译安装时就不需要再一步步这样去做了,只需要写个一键安装部署的脚本就可以了。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What should I do if the Ubuntu terminal cannot be opened? How to fix the problem that Ubuntu cannot open the terminal
Feb 29, 2024 pm 05:30 PM
It is a very common problem these days that Ubuntu does not allow its users to open the terminal. If you receive a similar issue and don’t know what to do next, learn about five fixes on how to resolve this “Ubuntu cannot open terminal” issue on your Linux device. Without further ado, let’s dive into what causes it and the solutions available to it. Why can't Ubuntu open the terminal on it? This mainly happens when you install some defective software or modify the terminal configuration. In addition to this, new applications or games that interact with locales and corrupt them can cause similar problems. Some users reported a fix for this issue when searching for Terminal in Ubuntu's activity menu. This shows that
How to cancel the lock icon in the lower right corner of the Ubuntu 18.04 folder?
Jan 12, 2024 pm 11:18 PM
In the Ubuntu system, we often encounter folders with a lock shape on the top. This file often cannot be edited or moved. This is because there is no permission to edit the file, so we need to modify its permissions. How to remove the lock in the lower right corner? Let’s take a look at the detailed tutorial below. 1. Right-click on the locked folder--Properties. 2. Select the permissions option in the window. 3. Select everything inside to create and delete files. 4. Then select Change the permissions of the included files at the bottom, which are also set to create and delete files. Finally, remember to click Change in the upper right corner. 5. If the above lock is still not removed, or the options are grayed out and cannot be operated, you can right-click inside - open the terminal. 6. make
Log in to Ubuntu as superuser
Mar 20, 2024 am 10:55 AM
In Ubuntu systems, the root user is usually disabled. To activate the root user, you can use the passwd command to set a password and then use the su- command to log in as root. The root user is a user with unrestricted system administrative rights. He has permissions to access and modify files, user management, software installation and removal, and system configuration changes. There are obvious differences between the root user and ordinary users. The root user has the highest authority and broader control rights in the system. The root user can execute important system commands and edit system files, which ordinary users cannot do. In this guide, I'll explore the Ubuntu root user, how to log in as root, and how it differs from a normal user. Notice
A sneak peek of the seven highlights of Ubuntu 24.04 LTS
Feb 27, 2024 am 11:22 AM
Ubuntu24.04LTS, codenamed "NobleNumbat" will be released soon! If you are using a non-LTS version such as Ubuntu 23.10, sooner or later you will need to consider upgrading. For those using Ubuntu20.04LTS or Ubuntu22.04LTS, it is worth thinking about whether to upgrade. Canonical has announced that Ubuntu 24.04LTS will provide update support for up to 12 years, broken down as follows: As an LTS version, it will have 5 years of regular maintenance and security updates. If you subscribe to Ubuntu Pro, you can enjoy an additional 5 years of support. Currently, this additional support period has been extended to 7 years, which means you will get up to 12
How to remove icons in Ubuntu start menu?
Jan 13, 2024 am 10:45 AM
There are many software icons listed in the Ubuntu system start menu. There are many uncommon icons. If you want to delete them, how should you delete them? Let’s take a look at the detailed tutorial below. 1. First enter the ubuntu desktop and click on the start menu under the left panel. 2. You can find a text editor icon inside, we need to delete it. 3. Now we return to the desktop and right-click the mouse to open the terminal. 4. Use the command to open the application list directory. sudonautilus/usr/share/applicationssudonautilus~/.local/share/applications5. Find the corresponding text editor icon inside. 6. Then go straight
Ubuntu 20.04 screen recording software OBS installation and uninstallation graphic tutorial
Feb 29, 2024 pm 04:01 PM
OBS is open source software developed by volunteer contributors around the world in their free time. A video live recording software, mainly used for video recording and live streaming. Please note that when installing Ubuntu/Mint, OBSStudio cannot fully work on ChromeOS, and functions such as screen and window capture cannot be used. It is recommended to use xserver-xorg1.18.4 or newer version to avoid potential performance issues with certain features in OBS, such as full-screen projectors. FFmpeg is required. If you don't have FFmpeg installed (if you're not sure, you probably don't), you can get it with: sudoaptinstallffmpeg I already have it installed here
Ubuntu finally supports disabling automatic updates of snap packages
Jan 13, 2024 am 10:09 AM
snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and systemdinit system. These packages, known as snaps, and the tool that uses them, snapd, are available across a range of Linux distributions and allow upstream software developers to publish their applications directly to users. With snap, users can easily install Linux applications. By default, snapd will check for updates four times a day and automatically update snap applications to the latest version. While there are many ways to control when and how often updates are installed, users cannot completely turn off automatic updates for security reasons. Although the original intention of snap is good, many people use it to
How to install Angular on Ubuntu 24.04
Mar 23, 2024 pm 12:20 PM
Angular.js is a freely accessible JavaScript platform for creating dynamic applications. It allows you to express various aspects of your application quickly and clearly by extending the syntax of HTML as a template language. Angular.js provides a range of tools to help you write, update and test your code. Additionally, it provides many features such as routing and form management. This guide will discuss how to install Angular on Ubuntu24. First, you need to install Node.js. Node.js is a JavaScript running environment based on the ChromeV8 engine that allows you to run JavaScript code on the server side. To be in Ub
