CentOS下安装MySQL5.6.10和安全配置教程详解
注:以下所有操作都在CentOS6.5x86_64位系统下完成。
#准备工作#
在安装MySQL之前,请确保已经使用yum安装了以下各类基础组件(如果系统已自带,还可以考虑yumupdate下基础组件):
gcc cmake openssl+openssl-devel pcre+pcre-devel bzip2+bzip2-devel libcurl+curl+curl-devel libjpeg+libjpeg-devel libpng+libpng-devel freetype+freetype-devel php-mcrypt+libmcrypt+libmcrypt-devel libxslt+libxslt-devel gmp+gmp-devel libxml2+libxml2-devel mhash ncurses+ncurses-devel xml2
然后创建mysql的用户组和用户,并且不允许登录权限:
#idmysql id:mysql:无此用户 #groupaddmysql #useradd-gmysql-s/sbin/nologinmysql #idmysql uid=500(mysql)gid=500(mysql)组=500(mysql)
#MySQL的安装#
给MySQL的安装准备目录:
#mkdir-p/data/mysql/data #chown-Rmysql:mysql/data/mysql
开始源码安装MySQL:
#cd/usr/local/src #wgethttp://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz #tarzxfmysql-5.6.10.tar.gz #cdmysql-5.6.10 #cmake-DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10-DSYSCONFDIR=/usr/local/mysql-5.6.10/etc-DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock-DMYSQL_TCP_PORT=3306-DMYSQL_USER=mysql-DMYSQL_DATADIR=/data/mysql/data-DDEFAULT_CHARSET=utf8-DDEFAULT_COLLATION=utf8_general_ci-DWITH_MYISAM_STORAGE_ENGINE=1-DWITH_INNOBASE_STORAGE_ENGINE=1-DWITH_ARCHIVE_STORAGE_ENGINE=1-DWITH_BLACKHOLE_STORAGE_ENGINE=1-DENABLED_LOCAL_INFILE=1 ... CMakeWarning: Manually-specifiedvariableswerenotusedbytheproject: MYSQL_USER --Buildfileshavebeenwrittento:/usr/local/src/mysql-5.6.10 #make&&makeinstall #mkdir-p/usr/local/mysql-5.6.10/etc #mkdir-p/usr/local/mysql-5.6.10/tmp #ln-s/usr/local/mysql-5.6.10//usr/local/mysql #chown-Rmysql:mysql/usr/local/mysql-5.6.10 #chown-Rmysql:mysql/usr/local/mysql
给当前环境添加MySQL的bin目录:
#vim/etc/profile exportMYSQL_HOME=/usr/local/mysql exportPATH=$PATH:$MYSQL_HOME/bin $source/etc/profile
执行初初始化配置脚本并创建系统自带的数据库和表:
#cd/usr/local/mysql #scripts/mysql_install_db--user=mysql--datadir=/data/mysql/data ... OK Tostartmysqldatboottimeyouhavetocopy support-files/mysql.servertotherightplaceforyoursystem PLEASEREMEMBERTOSETAPASSWORDFORTHEMySQLrootUSER! Todoso,starttheserver,thenissuethefollowingcommands: ./bin/mysqladmin-urootpassword'new-password' ./bin/mysqladmin-uroot-hiZ94mobdenkZpassword'new-password' Alternativelyyoucanrun: ./bin/mysql_secure_installation whichwillalsogiveyoutheoptionofremovingthetest databasesandanonymoususercreatedbydefault.Thisis stronglyrecommendedforproductionservers. Seethemanualformoreinstructions. YoucanstarttheMySQLdaemonwith: cd.;./bin/mysqld_safe& YoucantesttheMySQLdaemonwithmysql-test-run.pl cdmysql-test;perlmysql-test-run.pl Pleasereportanyproblemswiththe./bin/mysqlbugscript! ThelatestinformationaboutMySQLisavailableonthewebat http://www.mysql.com SupportMySQLbybuyingsupport/licensesathttp://shop.mysql.com WARNING:Foundexistingconfigfile./my.cnfonthesystem. Becausethisfilemightbeinuse,itwasnotreplaced, butwasusedinbootstrap(unlessyouused--defaults-file) andwhenyoulaterstarttheserver. Thenewdefaultconfigfilewascreatedas./my-new.cnf, pleasecompareitwithyourfileandtakethechangesyouneed. WARNING:Defaultconfigfile/etc/my.cnfexistsonthesystem ThisfilewillbereadbydefaultbytheMySQLserver Ifyoudonotwanttousethis,eitherremoveit,orusethe --defaults-fileargumenttomysqld_safewhenstartingtheserver
注:由于MySQL在启动的时候,会先去/etc/my.cnf找配置文件,如果没有找到则搜索$basedir/my.cnf,也即/usr/local/mysql-5.6.10/my.cnf,所以必须确保/etc/my.cnf没有存在,否则可能导致无法启动。
实际操作上发现系统上存在该文件,所以这里可能需要将该文件先备份改名,然后再根据上面的配置写配置文件:
#mv/etc/my.cnf/etc/my.cnf.bak #vim/usr/local/mysql-5.6.10/my.cnf [mysqld] basedir=/usr/local/mysql-5.6.10 datadir=/data/mysql/data socket=/usr/local/mysql-5.6.10/tmp/mysql.sock user=mysql sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
修改MySQL用户root的密码,这里使用mysqld_safe安全模式启动:
#mysqld_safe--user=mysql--skip-grant-tables--skip-networking& [1]3970 [root@iZ94mobdenkZ~]#14123019:02:31mysqld_safeLoggingto'/data/mysql/data/centos.err'. 14123019:02:32mysqld_safeStartingmysqlddaemonwithdatabasesfrom/data/mysql/data
这个时候已经启动了mysqd_safe安全模式,另开一个窗口作为客户端连入MySQL服务器:
#mysql WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis1 Serverversion:5.6.10Sourcedistribution Copyright(c)2000,2013,Oracleand/oritsaffiliates.Allrightsreserved. OracleisaregisteredtrademarkofOracleCorporationand/orits affiliates.Othernamesmaybetrademarksoftheirrespective owners. Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement. mysql>usemysql; mysql>updateusersetpassword=password('yourpassword')whereuser='root'; mysql>flushprivileges; mysql>exit;
修改完毕之后使用kill把mysqld_safe进程杀死:
#psaux|grepmysql root39700.00.21063081492pts/1S19:020:00/bin/sh/usr/local/mysql/bin/mysqld_safe--user=mysql--skip-grant-tables--skip-networking mysql41430.118.055828090316pts/1Sl19:020:00/usr/local/mysql-5.6.10/bin/mysqld--basedir=/usr/local/mysql-5.6.10--datadir=/data/mysql/data--plugin-dir=/usr/local/mysql-5.6.10/lib/plugin--user=mysql--skip-grant-tables--skip-networking--log-error=/data/mysql/data/centos.err--pid-file=/data/mysql/data/centos.pid--socket=/usr/local/mysql-5.6.10/tmp/mysql.sock root43130.00.1103252836pts/0S+19:050:00grepmysql #kill-93970 #kill-94143
或者回到刚才启动mysqld_safe的窗口ctrl+c将进程杀死也行。
复制服务启动脚本:
#cp/usr/local/mysql/support-files/mysql.server/etc/init.d/mysqld #chmod+x/etc/init.d/mysqld
设置开机启动MySQL服务并正常开启MySQL服务(非必要项):
#chkconfigmysqldon #servicemysqld Usage:mysqld{start|stop|restart|reload|force-reload|status}[MySQLserveroptions] #servicemysqldstart StartingMySQL.
以后就可以直接通过servicemysqld命令来开启/关闭MySQL数据库了。
最后,建议生产环境下运行安全设置脚本,禁止root用户远程连接,移除test数据库和匿名用户等:
#/usr/local/mysql-5.6.10/bin/mysql_secure_installation NOTE:RUNNINGALLPARTSOFTHISSCRIPTISRECOMMENDEDFORALLMySQL SERVERSINPRODUCTIONUSE!PLEASEREADEACHSTEPCAREFULLY! InordertologintoMySQLtosecureit,we'llneedthecurrent passwordfortherootuser.Ifyou'vejustinstalledMySQL,and youhaven'tsettherootpasswordyet,thepasswordwillbeblank, soyoushouldjustpressenterhere. Entercurrentpasswordforroot(enterfornone):
注:上面输入的root密码指的是前面设置的MySQL的root账户的密码。
至此,MySQL数据库已经安装完毕。
#MySQL的安全配置#
1、确保启动MySQL不能使用系统的root账号,必须是新建的mysql账号,比如:
#mysqld_safe--user=mysql
2、MySQL安装好运行初始化数据库后,默认的root账户密码为空,必须给其设置一个密码,同时保证该密码具有较高的安全性。比如:
mysql>usermysql; mysql>updateusersetpassword=password('yourpassword')whereuser='root'; mysql>flushprivileges;
3、删除默认数据库及用户:
mysql>showdatabases; +--------------------+ |Database| +--------------------+ |information_schema| |mysql| |performance_schema| |test| +--------------------+ mysql>dropdaabasetest; mysql>usemysql; mysql>selecthost,userfromuser; +--------------+------+ |host|user| +--------------+------+ |127.0.0.1|root| |::1|root| |centos|| |centos|root| |localhost|| |localhost|root| +--------------+------+ mysql>deletefromuserwherenot(host='localhost'anduser='root'); mysql>flushprivileges;
注:上面的user表中的数据可能会有所不同。
4、当开发网站连接数据库的时候,建议建立一个用户只针对某个库有update/select/delete/insert/droptable/createtable等权限,减小某个项目的数据库的用户名和密码被窃取后造成其他项目受影响,比如:
mysql>createdatabaseyourdbnamedefaultcharsetutf8collateutf8_general_ci; mysql>createuser'yourusername'@'localhost'identifiedby'yourpassword'; mysql>grantselect,insert,update,delete,create,dropprivilegesonyourdbname.*To'yourusername'@localhostidentifiedby'yourpassword';
5、数据库文件所在的目录不允许未经授权的用户访问,需要控制对该目录的访问,比如:
#chown-Rmysql:mysql/data/mysql/data #chmod-Rgo-rwx/data/mysql/data
以上所述是小编给大家介绍的CentOS下安装MySQL5.6.10和安全配置教程详解,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对毛票票网站的支持!