Install and initialize MariaDB on linux to support remote login
1. Environmental preparation
The environment of this article is the MariaDB that comes with Redhat7, which has been automatically installed when the redhat system is installed. If you need to install it yourself, you can go to the MariaDB official website to obtain the installation method.
MariaDB official website click here to enter
Click the Download button to enter the download page
Choose the installation method according to your own needs. Here we take Repo installation as an example. The general steps are to select the corresponding version, configure the mirror source, and finally use yum to install:
2. Start MariaDB
After the installation is complete, use the root account to start MariaDB
[root@192 ~]# systemctl start mariadb
Try to connect to the server to see if the startup is successful, then exit
[root@192 ~]# mysql
3. Initialize MariaDB
We can first look at the commands related to mysql, which are located in the /bin directory
[root@192 ~]# ll /bin/ | grep mysql
We use mysql_secure_installation to complete the initialization, and follow the interactive prompts step by step
At this point, switch back to a normal user, try to connect to the database, and you can see that it is already accessible.
[hubing@192 ~]$ mysql -hlocalhost -uroot -p -P3306
Fourth, configure remote access
Strictly speaking, for security reasons, the root account can only be used on the server, and remote login through the network is not allowed. So the content of this section is not necessary. Just to demonstrate, for other non-root users, remote access is allowed, so you can configure according to the gourd.
In the above initialization process, although we did not prohibit the remote use of MariaDB root account to access the database, in fact, our remote access is really inaccessible at this time.
Trying to remotely log in to the database server 192.168.233.129 using the database root account fails, prompting:
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.233.129:3306' (10060)
We can ping the database server, but we can't connect, indicating that some security policies prohibit our access.
We also switched to operate on the database server 192.168.233.129.
Log in to the database first:
[hubing@192 ~]$ mysql -hlocalhost -uroot -p -P3306
Then switch to mysql db
MariaDB [(none)]> use mysql;
Look up the table to get the current configuration information:
MariaDB [mysql]> select host, user from user;
You can see that remote connections are not allowed here, and you need to authorize all permissions of the root user and set up remote access.
Execute in sequence:
//任何远程主机都可以使用root账号访问数据库
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root密码';
//刷新以便立即生效
FLUSH PRIVILEGES;
If the firewall does not open port 3306, you need to configure port 3306 as a firewall exception through the root user.
[root@192 ~]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
[root@192 ~]# firewall-cmd --reload
[root@192 ~]# firewall-cmd --list-ports
At this time, try to log in to the database remotely again, and you can log in successfully.
5. Add some additional MySql user authorization statements
-- 说明
-- {user} 替换为实际的用户名
-- {passwd} 替换为实际的用户密码
-- {otherUser} 替换为其他用户的用户名
-- {otherPasswd} 替换为其他用户的密码
GRANT ALL ON {user}.* TO '{user}'@'%' IDENTIFIED BY '{passwd}';
GRANT ALL ON {user}.* TO '{user}'@'127.0.0.1' IDENTIFIED BY '{passwd}';
GRANT ALL ON {user}.* TO '{user}'@'localhost' IDENTIFIED BY '{passwd}';
GRANT SELECT ON mysql.* TO '{user}'@'%' IDENTIFIED BY '{passwd}';
GRANT PROCESS,FILE,SUPER,REPLICATION CLIENT,REPLICATION SLAVE ON *.* to '{user}'@'%' IDENTIFIED BY '{passwd}';
GRANT PROCESS,FILE,SUPER,REPLICATION CLIENT,REPLICATION SLAVE ON *.* to '{user}'@'127.0.0.1' IDENTIFIED BY '{passwd}';
GRANT PROCESS,FILE,SUPER,REPLICATION CLIENT,REPLICATION SLAVE ON *.* to '{user}'@'localhost' IDENTIFIED BY '{passwd}';
-- 将本库的部分权限赋予其他用户,复制以下语句,对其他用户进行赋权,包括各个分库和查询库
GRANT SELECT ON {user}.* to '{otherUser}'@'%' IDENTIFIED BY '{otherPasswd}';
GRANT SELECT ON {user}.* to '{otherUser}'@'127.0.0.1' IDENTIFIED BY '{otherPasswd}';
GRANT SELECT ON {user}.* to '{otherUser}'@'localhost' IDENTIFIED BY '{otherPasswd}';