不知道你们使用mariadb的时候有没有发现,不需要指定user和password,可以直接登录,这对于我们数据库来说是非常不安全的,这意味着谁都可以轻易地登录到你的数据库里面,那么应该如何解决这个问题呢?
经过网上查阅资料后我发现,mariadb可以直接登录跟其数据库中的一个plugin插件有关,这个插件默认的参数是unix_socket,这就意味着可以绕过密码验证,谁登陆它都默认是root用户登录,所以就不需要输入用户名和密码。
MariaDB [(none)]> select user, plugin from mysql.user;
4 +------+-------------+
5 | user | plugin |
6 +------+-------------+
7 | root | unix_socket |
8 +------+-------------+
9 1 row in set (0.00 sec)
unix_socket:默认情况下,会使用unix_socket插件去进行身份验证,绕过了密码验证
所以解决思路就是将unix_socket改成mysql_native_password
# 暂停数据库服务
[root@localhost etc]# systemctl stop mariadb
# 开启跳过验证的方式
[root@localhost etc]# mysqld_safe --skip-grant-tables
220922 10:49:32 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
220922 10:49:32 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
已杀死
[root@localhost etc]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#修改plugin的参数,改为mysql_native_password,那样就可以要密码验证了
MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('123456'), plugin = 'mysql_native_password' WHERE User = 'root';
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4 Changed: 4 Warnings: 0
#刷新数据
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user, plugin from mysql.user;
+--------+-----------------------+
| user | plugin |
+--------+-----------------------+
| root | mysql_native_password |
| root | mysql_native_password |
| root | mysql_native_password |
| root | mysql_native_password |
| | |
| | |
| zabbix | |
+--------+-----------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
验证修改是否成功
[root@localhost etc]# ps aux|grep mysql
root 47230 0.0 0.1 113412 1628 pts/0 S+ 10:49 0:00 /bin/sh /usr/bin/mysqld_safe --skip-grant-tables
mysql 47379 0.9 11.1 1171812 111488 pts/0 Sl+ 10:49 0:01 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --skip-grant-tables --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
root 47465 0.0 0.0 112824 988 pts/1 R+ 10:51 0:00 grep --color=auto mysql
[root@localhost etc]# kill -9 47230
[root@localhost etc]# kill -9 47379
[root@localhost etc]# systemctl restart mariadb
[root@localhost etc]# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@localhost etc]# mysql -uroot
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)