测试环境系统版本:
CentOS Linux release 7.3.1611 (Core)
1.安装mariadb软件包
这个软件包包含了mariadb-server和一些工具包[[email protected] conf.d]# yum groupinfo mariadb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Group: MariaDB Database Server
Group-Id: mariadb
Description: The MariaDB SQL database server, and associated packages.
Mandatory Packages:
=mariadb-server
Optional Packages:
mariadb-bench
mariadb-test
[[email protected] conf.d]#yum groupinstall mariadb
2.执行安全控制脚本mysql_secure_installation[[email protected] conf.d]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we‘ll need the current
password for the root user. If you‘ve just installed MariaDB, and
you haven‘t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y //是否设置root密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y //是否移除匿名用户
... Success!
Normally, root should only be allowed to connect from ‘localhost‘. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y //是否阻止root远程登录
... Success!
By default, MariaDB comes with a database named ‘test‘ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y //是否移除测试库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y //是否重新加载权限
... Success!
Cleaning up...
All done! If you‘ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl status mariadb.service
3.使用root登录mariadb,创建用户和数据库[[email protected] conf.d]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> show databases; //查看数据库列表
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> use mysql //切换到mysql库
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> select host,user,password from user; //查询用户列表
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
| 127.0.0.1 | root | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
| ::1 | root | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+------+-------------------------------------------+
3 rows in set (0.00 sec)
MariaDB [mysql]> help grant //查看用户创建及授权帮助信息
Name: ‘GRANT‘
Description:
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
GRANT PROXY ON user_specification
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]
object_type:
TABLE
| FUNCTION
| PROCEDURE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
user_specification:
user
[
IDENTIFIED BY [PASSWORD] ‘password‘
| IDENTIFIED WITH auth_plugin [AS ‘auth_string‘]
]
ssl_option:
SSL
| X509
| CIPHER ‘cipher‘
| ISSUER ‘issuer‘
| SUBJECT ‘subject‘
with_option:
GRANT OPTION
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
The GRANT statement grants privileges to MySQL user accounts. GRANT
also serves to specify other account characteristics such as use of
secure connections and limits on access to server resources. To use
GRANT, you must have the GRANT OPTION privilege, and you must have the
privileges that you are granting.
Normally, a database administrator first uses CREATE USER to create an
account, then GRANT to define its privileges and characteristics. For
example:
--下列4行为创建用户及赋权语句
CREATE USER [email protected] IDENTIFIED BY ‘mypass‘;
GRANT ALL ON db1.* TO [email protected];
GRANT SELECT ON db2.invoice TO [email protected];
GRANT USAGE ON *.* TO [email protected] WITH MAX_QUERIES_PER_HOUR 90;
However, if an account named in a GRANT statement does not already
exist, GRANT may create it under the conditions described later in the
discussion of the NO_AUTO_CREATE_USER SQL mode.
The REVOKE statement is related to GRANT and enables administrators to
remove account privileges. See [HELP REVOKE].
When successfully executed from the mysql program, GRANT responds with
Query OK, 0 rows affected. To determine what privileges result from the
operation, use SHOW GRANTS. See [HELP SHOW GRANTS].
URL: http://dev.mysql.com/doc/refman/5.5/en/grant.html
MariaDB [mysql]> CREATE USER [email protected]%‘ IDENTIFIED BY ‘mypass‘; //创建jeffrey用户,该用户可以从任何主机登录
Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> create database Contacts;
Query OK, 1 row affected (0.00 sec)
MariaDB [mysql]> GRANT SELECT ON Contacts.* TO [email protected]%‘; //赋予effrey用户Contacts数据库的查询权限
Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> exit
Bye
4.使用新建用户从其他主机登录[[email protected] ~]# mysql -h 10.20.2.237 -ujeffrey -pmypass
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Contacts |
+--------------------+
2 rows in set (0.00 sec)
mysql> drop database Contacts;
ERROR 1044 (42000): Access denied for user [email protected]%‘ to database ‘Contacts‘ //jeffrey为只读用户,当然没有权限
mysql>
原文:http://11538244.blog.51cto.com/11528244/1910848
