做網(wǎng)站要求高嗎百度手機(jī)版
Ubuntu24.04安裝mysql-server小計(jì),解決mysql_secure_installation時(shí)不能重置密碼的問(wèn)題
為什么要寫(xiě)這往篇文章?
一般情況下,我安裝mysql都用源碼編譯,以此方便安裝更多自定義插件,但這次只需要安裝一臺(tái)開(kāi)發(fā)機(jī),無(wú)需太多要求。機(jī)器上安裝的是ubuntu24.04,本著省時(shí)省力的想法,用官方的apt安裝。結(jié)果,,,,很久沒(méi)有搞定重設(shè)密碼問(wèn)題。繞了一圈,終究搞定了,但花的時(shí)間也不少,因此,寫(xiě)個(gè)備忘錄,以便后需。
安裝
- apt倉(cāng)庫(kù)方式安裝
sudo apt update
sudo apt install mysql-server -y
sudo systemctl status mysql
sudo systemctl start mysql
2.設(shè)置賬號(hào)
sudo mysql_secure_installation
按照提示完成以下步驟:
- 設(shè)置root用戶密碼
- 移除匿名用戶
- 禁止root遠(yuǎn)程登錄
- 移除測(cè)試數(shù)據(jù)庫(kù)并重新加載權(quán)限表
執(zhí)行過(guò)程需要輸入 Y N Y Y,根據(jù)情況自行選擇
root@fred-4:/home/fred-4# sudo mysql_secure_installationSecuring the MySQL server deployment.Connecting to MySQL using a blank password.
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.0/en/alter-user.html#alter-user-password-management for more information.By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.Disallow root login remotely? (Press y|Y for Yes, any other key for No) : N... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y- Dropping test database...
Success.- Removing privileges on test database...
Success.Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.All done!
注意:Skipping password set for root as authentication with auth_socket is used by default. 密碼設(shè)置已被跳過(guò)。
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them.
設(shè)置了匿名用戶。。
那該怎么登錄呢?
就是不要輸?shù)卿浻脩糁苯舆M(jìn)入:
$ mysql
ERROR 1045 (28000): Access denied for user 'my-ubuntu-user'@'localhost' (using password: NO)
完?duì)僮?#xff0c;明明只輸入了mysql ,執(zhí)行的卻是mysql -u ‘my-ubuntu-user’@‘localhost’
咋辦?繼續(xù)看吧
匿名登錄方法
進(jìn)入超級(jí)用戶環(huán)境,再進(jìn)mysql
$ sudo su
$ mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.37-0ubuntu0.24.04.1 (Ubuntu)Copyright (c) 2000, 2024, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql>
OK,搞定
進(jìn)去了,接下來(lái)要改密碼
修改密碼
mysql> select user, plugin,host from mysql.user;
+------------------+-----------------------+-----------+
| user | plugin | host |
+------------------+-----------------------+-----------+
| root | auth_socket | localhost |
+------------------+-----------------------+-----------+
5 rows in set (0.00 sec)
plugin auth_socket 要換掉
換成下面的
mysql> select user, plugin,host from mysql.user;
+------------------+-----------------------+-----------+
| user | plugin | host |
+------------------+-----------------------+-----------+
| root | mysql_native_password | localhost |
+------------------+-----------------------+-----------+
5 rows in set (0.00 sec)
mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
服了吧,報(bào)錯(cuò)了,這是密碼強(qiáng)度不夠
SHOW VARIABLES LIKE 'validate_password%';
+-------------------------------------------------+--------+
| Variable_name | Value |
+-------------------------------------------------+--------+
| validate_password.changed_characters_percentage | 0 |
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+-------------------------------------------------+--------+
validate_password.policy由于是內(nèi)部測(cè)試機(jī),這項(xiàng)改低一點(diǎn),不然以前的項(xiàng)目都得改
mysql> set global validate_password.policy=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password.length=6;
Query OK, 0 rows affected (0.00 sec)
現(xiàn)在可以改簡(jiǎn)單密碼了
mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
Query OK, 0 rows affected (0.08 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.03 sec)
查看plugin
mysql> select user, plugin,host from mysql.user;
+------------------+-----------------------+-----------+
| user | plugin | host |
+------------------+-----------------------+-----------+
| root | mysql_native_password | localhost |
+------------------+-----------------------+-----------+
5 rows in set (0.00 sec)
搞定了
接下來(lái)可以exit退出超級(jí)用戶登錄了
mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.37-0ubuntu0.24.04.1 (Ubuntu)Copyright (c) 2000, 2024, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.03 sec)
其它配置
$ sudo nano /etc/mysql/my.cnf
如下配置安需修改
GNU nano 7.2 /etc/mysql/my.cnf
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
[mysqld]
bind-address = 0.0.0.0
mysqlx-bind-address = 0.0.0.0
port = 3307
mysqlx_port = 33070
default_authentication_plugin = mysql_native_password
重啟,自啟
sudo systemctl restart mysqlsudo systemctl enable mysql
修改root用戶,允許遠(yuǎn)程登錄
mysql> update mysql.user set host = '%' where user='root' and host='localhost';
mysql> FLUSH PRIVILEGES;
新建用戶
mysql> set global validate_password.policy=0;
mysql> set global validate_password.length=6;mysql> create user 'my'@'%' identified by '123456';
mysql> grant all privileges on *.* to 'my'@'%' with grant option;
回收權(quán)限
mysql> REVOKE privileges ON *.* FROM 'my'@'%';
1227 - Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation
root用戶沒(méi)有SYSTEM_USER權(quán)限。
mysql> grant SYSTEM_USER on *.* to 'root';
mysql> flush privileges;
刪除用戶
mysql> DROP USER 'my'@'%';