MySQL is an open source database management system that can be installed as part of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. It implements a relational model and uses Structured Query Language (SQL) to manage its data.
This tutorial will explain how to install MySQL version 8.0 on Ubuntu 22.04 server. By completing it, you will have a working relational database that you can use to build your next website or application.
InstallMySQL
On Ubuntu 22.04, you can install MySQL using the APT package repository. At the time of writing, the MySQL version available in the default Ubuntu repository is version 8.0.33.
sudo apt update
sudo apt install mysql-server
sudo systemctl start mysql.service
These commands will install and start MySQL but will not prompt you to set a password or make any other configuration changes.
ConfigureMySQL
For a fresh installation of MySQL, you need to run the security scripts included with the database management system. This script changes some less secure default options, such as not allowing remote root logins and removing the sample user.
Warning: As of July 2022, if you run the mysql_secure_installation script without further configuration, an error will occur. The reason is that this script will attempt to set a password for the root MySQL account of the installation, but by default on Ubuntu installations this account is not configured to connect with a password.
Prior to July 2022, this script would silently fail after trying to set the root account password and proceed with the remaining prompts. However, as of this writing, the script will return the following error after you enter and confirm your password:
Output
... Failed! Error: SET PASSWORD has no significance for user 'root'@'localhost' as the authentication method used doesn't store authentication data in the MySQL server. Please consider using ALTER USER instead if you want to change authentication parameters.
New password:
This will cause the script to enter a recursive loop that you can only exit by closing the terminal window.
Because the mysql_secure_installation script performs many other operations that are useful for securing your MySQL installation, it is still recommended that you run it before you start using MySQL to manage your data. However, to avoid entering this recursive loop, you need to first adjust the authentication method of the root MySQL user.
First enter the MySQL terminal
sudo mysql
Then run the following ALTER USER command to change the root user's authentication method to one that uses a password. The following example changes the authentication method to mysql_native_password:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Then exit MySQL
exit
Afterwards, you can run the mysql_secure_installation script without any problem.
Run mysql_secure_installation with sudo privileges
sudo mysql_secure_installation
This will lead you through a series of prompts where you can make some changes to the security options of your MySQL installation. The first prompt will ask you if you want to set up the Validate Password plugin, which can be used to test the password strength of new MySQL users before they are considered valid.
If you choose to set up the Validate Password plugin, any MySQL users you create that authenticate with passwords will need to have passwords that meet the policy you choose:
Output
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: Y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
2
Regardless of whether you choose to set up a password verification plugin, the next prompt will be to set a password for the MySQL root user. Enter and confirm a secure password of your choice:
Output
Please set the password for root here.
New password:
Re-enter new password:
Note that even though you have set a password for the root MySQL user, that user is not currently configured to use a password for authentication when connecting to the MySQL shell.
If you use the Verify Password plugin, you will receive feedback on the strength of your new password. The script will then ask you if you want to continue using the password you just entered, or if you want to enter a new password. Assuming you are satisfied with the strength of the password you just entered, enter Y to continue the script:
Output
Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y
From there, you can press Y and then ENTER to accept the defaults for all subsequent questions. This will remove some anonymous users and the test database, disable remote root login, and load these new rules so that MySQL immediately implements your changes.
Note: After the security script completes, you can reopen MySQL and change the root user's authentication method back to the default value of auth_socket. To authenticate as the root MySQL user using a password, run the following command:
mysql -u root -p
Then use this command to go back to using the default authentication method:
This means you can use the sudo mysql command to connect to MySQL again as root.
After the script completes, your MySQL installation will be protected. You can now proceed to create a dedicated database user using the MySQL client.
Create a dedicated MySQL user and grant permissions
After installation, MySQL creates a root user account that you can use to manage the database. This user has full permissions on the MySQL server, which means it has full control over every database, table, user, etc. Therefore, it is best to avoid using this account outside of administrative functions. This step outlines how to create a new user account using the root MySQL user and grant it permissions.
Once you have access to the MySQL terminal, you can create a new user using the CREATE USER statement. These follow the following general syntax:
CREATE USER 'username'@'host' IDENTIFIED WITH authentication_plugin BY 'password';
After CREATE USER, you specify a username. This is followed by an @ symbol and then the host name from which the user will connect. If you only plan to access this user locally from your Ubuntu server, you can specify localhost. It's not always necessary to enclose the username and host in single quotes, but doing so can help prevent errors.
CREATE USER 'sammy'@'localhost' IDENTIFIED BY 'password';
There is a known issue with certain versions of PHP that causes problems with caching_sha2_password. If you plan to use this database with a PHP application (such as phpMyAdmin), you may want to create a user that will authenticate using the older but still secure mysql_native_password plugin:
CREATE USER 'sammy'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
If you're not sure, you can always create a user that authenticates using caching_sha2_plugin and then change it later with this command:
ALTER USER 'sammy'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
After creating new users, you can grant them the appropriate permissions. The general syntax for granting user permissions is as follows (PRIVILEGE needs to be replaced with CREATE, etc.):
GRANT PRIVILEGE ON database.table TO 'username'@'host' WITH GRANT OPTION;
The PRIVILEGE values in this example syntax define the operations a user is allowed to perform on the specified database and table. You can grant multiple permissions to the same user in a single command by separating each permission with a comma. You can also grant user permissions globally by entering an asterisk (*) in place of the database and table names. In SQL, the asterisk is a special character used to represent "all" databases or tables.
To illustrate this point, the following command grants the user global permissions to create, alter, and delete databases, tables, and users, as well as the power to insert, update, and delete data from any table on the server. It also grants users the ability to query data using SELECT, create foreign keys using the REFERENCES keyword, and perform FLUSH operations using RELOAD permissions. However, you should only grant users the permissions they need, so feel free to adjust your own users' permissions as needed.
Run this GRANT statement, replacing sammy with your own MySQL username, to grant these permissions to your user:
GRANT CREATE, ALTER, DROP, INSERT, UPDATE, INDEX, DELETE, SELECT, REFERENCES, RELOAD on *.* TO 'sammy'@'localhost' WITH GRANT OPTION;
Note that this statement also includes WITH GRANT OPTION. This will allow your MySQL user to grant any permissions it has to other users on the system.
WARNING: Some users may want to grant their MySQL user ALL PRIVILEGES permissions, which will give them broad superuser permissions similar to root user permissions, as follows:
GRANT ALL PRIVILEGES ON *.* TO 'sammy'@'localhost' WITH GRANT OPTION;
Such broad permissions should not be granted lightly, as anyone with access to this MySQL user will have full control of every database on the server.
After this, it's a good idea to run the FLUSH PRIVILEGES command. This will free all memory cached by the server due to previous CREATE USER and GRANT statements:
FLUSH PRIVILEGES;
Then you can launch the mysql terminal
exit
In the future, to log in as a new MySQL user, you would use a command like this:
mysql -u sammy -p
The -p flag will cause the MySQL client to prompt you for the MySQL user's password for authentication.
Finally, let's test the MySQL installation.
TestMySQL
No matter how you installed it, MySQL should start running automatically. To test this, check its status.
systemctl status mysql.service
The output content is as follows:
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-06-13 15:43:21 CST; 35min ago
Process: 248356 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 248364 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 18804)
Memory: 371.1M
CPU: 10.291s
CGroup: /system.slice/mysql.service
└─248364 /usr/sbin/mysqld
If MySQL is not running, you can start it using sudo systemctl start mysql.
For an additional check, you can try connecting to the database using the mysqladmin tool, which is a client that allows you to run administrative commands. For example, this command means to connect as the MySQL user named sammy (-u sammy), prompt for a password (-p), and return the version. Be sure to change sammy to the name of your dedicated MySQL user and enter that user's password when prompted:
sudo mysqladmin -p -u sammy version
Here is a sample output:
mysqladmin Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Server version 8.0.33-0ubuntu0.22.04.2
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 37 min 20 sec
Threads: 2 Questions: 41 Slow queries: 0 Opens: 199 Flush tables: 3 Open tables: 118 Queries per second avg: 0.018
This means MySQL is up and running.
in conclusion
At this point, you now have a basic MySQL setup installed on your server.