注:以下所有操作均在 6.5 x86_64 位系统下完成。
#准备工作#
在安装 MySQL 之前,请确保已经使用 yum 安装了各类基础组件,具体见下面的《CentOS 安装 LNMP 环境的基础组件》。
然后创建 mysql 的用户组和用户,并且不允许登录权限:
- #id mysql id: mysql:无此用户#groupadd mysql#useradd - g mysql - s / sbin / nologin mysql#id mysql uid = 500(mysql) gid = 500(mysql)组 = 500(mysql)
#MySQL 的安装#
给 MySQL 的安装准备目录:
- #mkdir - p / data / mysql / data#chown - R mysql: mysql / data / mysql
开始源码安装 MySQL:
- #cd / usr / local / src#wget http: //dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz
- #tar zxf mysql - 5.6.10.tar.gz#cd mysql - 5.6.10#cmake - DCMAKE_INSTALL_PREFIX = /usr/local / mysql - 5.6.10 - DSYSCONFDIR = /usr/local / mysql - 5.6.10 / etc - DMYSQL_UNIX_ADDR = /usr/local / mysql - 5.6.10 / tmp / mysql.sock - DMYSQL_TCP_PORT = 3306 - DMYSQL_USER = mysql - DMYSQL_DATADIR = /data/mysql / data - DDEFAULT_CHARSET = utf8 - DDEFAULT_COLLATION = utf8_general_ci - DWITH_MYISAM_STORAGE_ENGINE = 1 - DWITH_INNOBASE_STORAGE_ENGINE = 1 - DWITH_ARCHIVE_STORAGE_ENGINE = 1 - DWITH_BLACKHOLE_STORAGE_ENGINE = 1 - DENABLED_LOCAL_INFILE = 1...CMake Warning: Manually - specified variables were not used by the project: MYSQL_USER--Build files have been written to: /usr/local / src / mysql - 5.6.10#make && make install#mkdir - p / usr / local / mysql - 5.6.10 / etc#mkdir - p / usr / local / mysql - 5.6.10 / tmp#ln - s / usr / local / mysql - 5.6.10 / /usr/local / mysql#chown - R mysql: mysql / usr / local / mysql - 5.6.10#chown - R mysql: mysql / usr / local / mysql
给当前环境添加 MySQL 的 bin 目录:
- #vim / etc / profile export MYSQL_HOME = /usr/local / mysql export PATH = $PATH: $MYSQL_HOME / bin $ source / etc / profile
执行初初始化配置脚本并创建系统自带的数据库和表:
- #cd / usr / local / mysql#scripts / mysql_install_db--user = mysql--datadir = /data/mysql / data...OK To start mysqld at boot time you have to copy support - files / mysql.server to the right place
- for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so,
- start the server,
- then issue the following commands: . / bin / mysqladmin - u root password 'new-password'. / bin / mysqladmin - u root - h iZ94mobdenkZ password 'new-password'Alternatively you can run: . / bin / mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by
- default.This is strongly recommended
- for production servers.See the manual
- for more instructions.You can start the MySQL daemon with:
- cd.;. / bin / mysqld_safe & You can test the MySQL daemon with mysql - test - run.pl cd mysql - test;
- perl mysql - test - run.pl Please report any problems with the. / bin / mysqlbug script ! The latest information about MySQL is available on the web at http: //www.mysql.com
- Support MySQL by buying support / licenses at http: //shop.mysql.com
- WARNING: Found existing config file. / my.cnf on the system.Because this file might be in use,
- it was not replaced,
- but was used in bootstrap(unless you used--defaults - file) and when you later start the server.The new
- default config file was created as. / my - new.cnf,
- please compare it with your file and take the changes you need.WARNING: Default config file / etc / my.cnf exists on the system This file will be read by
- default by the MySQL server If you do not want to use this,
- either remove it,
- or use the--defaults - file argument to mysqld_safe when starting the server
实际操作上发现系统上存在该文件,所以这里可能需要将该文件先备份改名,然后再根据上面的配置写配置文件:
- #mv / etc / my.cnf / etc / my.cnf.bak#vim / usr / local / mysql - 5.6.10 / my.cnf[mysqld] basedir = /usr/local / mysql - 5.6.10 datadir = /data/mysql / data socket = /usr/local / mysql - 5.6.10 / tmp / mysql.sock user = mysql sql_mode = NO_ENGINE_SUBSTITUTION,
- STRICT_TRANS_TABLES
修改 MySQL 用户 root 的密码,这里使用 mysqld_safe 安全模式启动:
- #mysqld_safe--user = mysql--skip - grant - tables--skip - networking & [1] 3970[root@iZ94mobdenkZ~]#141230 19 : 02 : 31 mysqld_safe Logging to '/data/mysql/data/centos.err'.141230 19 : 02 : 32 mysqld_safe Starting mysqld daemon with databases from / data / mysql / data
这个时候已经启动了 mysqd_safe 安全模式,另开一个窗口作为客户端连入 MySQL 服务器:
- #mysql Welcome to the MySQL monitor.Commands end with;
- or\g.Your MySQL connection id is 1 Server version: 5.6.10 Source distribution Copyright(c) 2000,
- 2013,
- and / or its affiliates.All rights reserved.Oracle is a registered trademark of Oracle Corporation and / or its affiliates.Other names may be trademarks of their respective owners.Type 'help;'or '\h'
- for help.Type '\c'to clear the current input statement.mysql > use mysql;
- mysql > update user set password = password('yourpassword') where user = 'root';
- mysql > flush privileges;
- mysql > exit;
修改完毕之后使用 kill 把 mysqld_safe 进程杀死:
- #ps aux | grep mysql root 3970 0.0 0.2 106308 1492 pts / 1 S 19 : 02 0 : 00 / bin / sh / usr / local / mysql / bin / mysqld_safe--user = mysql--skip - grant - tables--skip - networking mysql 4143 0.1 18.0 558280 90316 pts / 1 Sl 19 : 02 0 : 00 / usr / local / mysql - 5.6.10 / bin / mysqld--basedir = /usr/local / mysql - 5.6.10--datadir = /data/mysql / data--plugin - dir = /usr/local / mysql - 5.6.10 / lib / plugin--user = mysql--skip - grant - tables--skip - networking--log - error = /data/mysql / data / centos.err--pid - file = /data/mysql / data / centos.pid--socket = /usr/local / mysql - 5.6.10 / tmp / mysql.sock root 4313 0.0 0.1 103252 836 pts / 0 S + 19 : 05 0 : 00 grep mysql#kill - 9 3970#kill - 9 4143
或者回到刚才启动 mysqld_safe 的窗口 ctrl+c 将进程杀死也行。
复制服务启动脚本:
- #cp / usr / local / mysql / support - files / mysql.server / etc / init.d / mysqld#chmod + x / etc / init.d / mysqld
设置开机启动 MySQL 服务并正常开启 MySQL 服务(非必要项):
- #chkconfig mysqld on#service mysqld Usage: mysqld {
- start | stop | restart | reload | force - reload | status
- } [MySQL server options]#service mysqld start Starting MySQL.
以后就可以直接通过 service mysqld 命令来开启 / 关闭 MySQL 数据库了。
最后,建议生产环境下运行安全设置脚本,禁止 root 用户远程连接,移除 test 数据库和匿名用户等:
- # / usr / local / mysql - 5.6.10 / bin / mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE ! PLEASE READ EACH STEP CAREFULLY ! In order to log into MySQL to secure it,
- we 'll need the current
- password for the root user. If you've just installed MySQL,
- and you haven 't set the root password yet, the password will be blank,
- so you should just press enter here.
- Enter current password for root (enter for none):'
至此,MySQL 数据库已经安装完毕。
#MySQL 的安全配置#
1、确保启动 MySQL 不能使用系统的 root 账号,必须是新建的 mysql 账号,比如:
- #mysqld_safe--user = mysql
2、MySQL 安装好运行初始化数据库后,默认的 root 账户密码为空,必须给其设置一个密码,同时保证该密码具有较高的安全性。比如:
- mysql > user mysql;
- mysql > update user set password = password('yourpassword') where user = 'root';
- mysql > flush privileges;
3、删除默认数据库及用户:
- mysql > show databases; + --------------------+|Database | +--------------------+|information_schema | |mysql | |performance_schema | |test | +--------------------+mysql > drop daabase test;
- mysql > use mysql;
- mysql > select host,
- user from user; + --------------+------+|host | user | +--------------+------+|127.0.0.1 | root | |::1 | root | |centos | ||centos | root | |localhost | ||localhost | root | +--------------+------+mysql > delete from user where not(host = 'localhost'and user = 'root');
- mysql > flush privileges;
4、当开发网站连接数据库的时候,建议建立一个用户只针对某个库有 update/select/delete/insert/drop table/create table 等权限,减小某个项目的数据库的用户名和密码被窃取后造成其他项目受影响,比如:
- mysql > create database yourdbname
- default charset utf8 collate utf8_general_ci;
- mysql > create user 'yourusername'@'localhost'identified by 'yourpassword';
- mysql > grant select,
- insert,
- update,
- delete,
- create,
- drop privileges on yourdbname. * To 'yourusername'@localhost identified by 'yourpassword';
5、数据库文件所在的目录不允许未经授权的用户访问,需要控制对该目录的访问,比如:
- #chown - R mysql: mysql / data / mysql / data#chmod - R go - rwx / data / mysql / data
在安装 LNMP 环境之前,请确保已经使用 yum 安装了以下各类基础组件(如果系统已自带,还可以考虑 yum update 下基础组件):
来源: http://www.linuxidc.com/Linux/2016-12/137981.htm