这篇文章主要介绍了 CentOS 下安装 MySQL5.6.10 和安全配置教的相关资料, 非常不错,具有参考借鉴价值,需要的朋友可以参考下
MySQL 是一个开放源码的小型关联式数据库管理系统,开发者为瑞典 MySQL AB 公司。MySQL 被广泛地应用在 Internet 上的中小型网站中。由于其体积小、速度快、总体拥有成本低,尤其是开放源码这一特点,许多中小型网站为了降低网站总体拥有成本而选择了 MySQL 作为网站数据库。
注:以下所有操作都在 CentOS 6.5 x86_64 位系统下完成。
#准备工作#
在安装 MySQL 之前,请确保已经使用 yum 安装了以下各类基础组件(如果系统已自带,还可以考虑 yum update 下基础组件):
- gcc
- cmake
- openssl+openssl-devel
- pcre+pcre-devel
- bzip2+bzip2-devel
- libcurl+curl+curl-devel
- libjpeg+libjpeg-devel
- libpng+libpng-devel
- freetype+freetype-devel
- php-mcrypt+libmcrypt+libmcrypt-devel
- libxslt+libxslt-devel
- gmp+gmp-devel
- libxml2+libxml2-devel
- mhash
- ncurses+ncurses-devel
- xml2
然后创建 mysql 的用户组和用户,并且不允许登录权限:
- # id mysql
- id: mysql:无此用户
- # groupadd mysql
- # useradd -g mysql -s /sbin/nologin mysql
- # id mysql
- uid=500(mysql) gid=500(mysql) 组=500(mysql)
#MySQL 的安装#
给 MySQL 的安装准备目录:
- # mkdir -p /data/mysql/data
- # chown -R mysql:mysql /data/mysql
开始源码安装 MySQL:
- # cd /usr/local/src
- # wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz
- # tar zxf mysql-5.6.10.tar.gz
- # cd mysql-5.6.10
- # cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1
- ...
- CMake Warning:
- Manually-specified variables were not used by the project:
- MYSQL_USER
- -- Build files have been written to: /usr/local/src/mysql-5.6.10
- # make && make install
- # mkdir -p /usr/local/mysql-5.6.10/etc
- # mkdir -p /usr/local/mysql-5.6.10/tmp
- # ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql
- # chown -R mysql:mysql /usr/local/mysql-5.6.10
- # chown -R mysql:mysql /usr/local/mysql
给当前环境添加 MySQL 的 bin 目录:
- # vim /etc/profile
- export MYSQL_HOME=/usr/local/mysql
- export PATH=$PATH:$MYSQL_HOME/bin
- $ source /etc/profile
执行初初始化配置脚本并创建系统自带的数据库和表:
- # cd /usr/local/mysql
- # scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data
- ...
- OK
- To start mysqld at boot time you have to copy
- support-files/mysql.server to the right place for your system
- PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
- To do so, start the server, then issue the following commands:
- ./bin/mysqladmin -u root password 'new-password'
- ./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password'
- Alternatively you can run:
- ./bin/mysql_secure_installation
- which will also give you the option of removing the test
- databases and anonymous user created by default. This is
- strongly recommended for production servers.
- See the manual for more instructions.
- You can start the MySQL daemon with:
- cd . ; ./bin/mysqld_safe &
- You can test the MySQL daemon with mysql-test-run.pl
- cd mysql-test ; perl mysql-test-run.pl
- Please report any problems with the ./bin/mysqlbug script!
- The latest information about MySQL is available on the web at
- http://www.mysql.com
- Support MySQL by buying support/licenses at http://shop.mysql.com
- WARNING: Found existing config file ./my.cnf on the system.
- Because this file might be in use, it was not replaced,
- but was used in bootstrap (unless you used --defaults-file)
- and when you later start the server.
- The new default config file was created as ./my-new.cnf,
- please compare it with your file and take the changes you need.
- WARNING: Default config file /etc/my.cnf exists on the system
- This file will be read by default by the MySQL server
- If you do not want to use this, either remove it, or use the
- --defaults-file argument to mysqld_safe when starting the server
注:由于 MySQL 在启动的时候,会先去 / etc/my.cnf 找配置文件,如果没有找到则搜索 $basedir/my.cnf,也即 / usr/local/mysql-5.6.10/my.cnf,所以必须确保 / etc/my.cnf 没有存在,否则可能导致无法启动。
实际操作上发现系统上存在该文件,所以这里可能需要将该文件先备份改名,然后再根据上面的配置写配置文件:
- # mv /etc/my.cnf /etc/my.cnf.bak
- # vim /usr/local/mysql-5.6.10/my.cnf
- [mysqld]
- basedir=/usr/local/mysql-5.6.10
- datadir=/data/mysql/data
- socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
- user=mysql
- sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
修改 MySQL 用户 root 的密码,这里使用 mysqld_safe 安全模式启动:
- # mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
- [1] 3970
- [root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'.
- 141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data
这个时候已经启动了 mysqd_safe 安全模式,另开一个窗口作为客户端连入 MySQL 服务器:
- # mysql
- Welcome to the MySQL monitor. Commands end with ; or \g.
- Your MySQL connection id is 1
- Server version: 5.6.10 Source distribution
- Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- Oracle is a registered trademark of Oracle Corporation and/or its
- affiliates. Other names may be trademarks of their respective
- owners.
- Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
- mysql> use mysql;
- mysql> update user set password=password('yourpassword') where user='root';
- mysql> flush privileges;
- mysql> exit;
修改完毕之后使用 kill 把 mysqld_safe 进程杀死:
- # ps aux | grep mysql
- root 3970 0.0 0.2 106308 1492 pts/1 S 19:02 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networking
- mysql 4143 0.1 18.0 558280 90316 pts/1 Sl 19:02 0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
- root 4313 0.0 0.1 103252 836 pts/0 S+ 19:05 0:00 grep mysql
- # kill -9 3970
- # kill -9 4143
或者回到刚才启动 mysqld_safe 的窗口 ctrl+c 将进程杀死也行。
复制服务启动脚本:
- # cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
- # chmod +x /etc/init.d/mysqld
设置开机启动 MySQL 服务并正常开启 MySQL 服务(非必要项):
- # chkconfig mysqld on
- # service mysqld
- Usage: mysqld {start|stop|restart|reload|force-reload|status} [ MySQL server options ]
- # service mysqld start
- Starting MySQL.
以后就可以直接通过 service mysqld 命令来开启 / 关闭 MySQL 数据库了。
最后,建议生产环境下运行安全设置脚本,禁止 root 用户远程连接,移除 test 数据库和匿名用户等:
- # /usr/local/mysql-5.6.10/bin/mysql_secure_installation
- NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
- SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
- In order to log into MySQL to secure it, we'll need the current
- password for the root user. If you've just installed MySQL, and
- you haven't set the root password yet, the password will be blank,
- so you should just press enter here.
- Enter current password for root (enter for none):
注:上面输入的 root 密码指的是前面设置的 MySQL 的 root 账户的密码。
至此,MySQL 数据库已经安装完毕。
#MySQL 的安全配置#
1、确保启动 MySQL 不能使用系统的 root 账号,必须是新建的 mysql 账号,比如:
- # mysqld_safe --user=mysql
2、MySQL 安装好运行初始化数据库后,默认的 root 账户密码为空,必须给其设置一个密码,同时保证该密码具有较高的安全性。比如:
- mysql> user mysql;
- mysql> update user set password=password('yourpassword') where user='root';
- mysql> flush privileges;
3、删除默认数据库及用户:
- mysql> show databases;
- +--------------------+
- | Database |
- +--------------------+
- | information_schema |
- | mysql |
- | performance_schema |
- | test |
- +--------------------+
- mysql> drop daabase test;
- mysql> use mysql;
- mysql> select host,user from user;
- +--------------+------+
- | host | user |
- +--------------+------+
- | 127.0.0.1 | root |
- | ::1 | root |
- | centos | |
- | centos | root |
- | localhost | |
- | localhost | root |
- +--------------+------+
- mysql> delete from user where not(host='localhost' and user='root');
- mysql> flush privileges;
注:上面的 user 表中的数据可能会有所不同。
4、当开发网站连接数据库的时候,建议建立一个用户只针对某个库有 update/select/delete/insert/drop table/create table 等权限,减小某个项目的数据库的用户名和密码被窃取后造成其他项目受影响,比如:
- mysql > create database yourdbname
- default charset utf8 collate utf8_general_ci;
- mysql > create user 'yourusername'@'localhost'identified by 'yourpassword';
- mysql > grant select,
- insert,
- update,
- delete,
- create,
- drop privileges on yourdbname. * To 'yourusername'@localhost identified by 'yourpassword';
5、数据库文件所在的目录不允许未经授权的用户访问,需要控制对该目录的访问,比如:
- # chown -R mysql:mysql /data/mysql/data
- # chmod -R go-rwx /data/mysql/data
以上所述是小编给大家介绍的 CentOS 下安装 MySQL5.6.10 和安全配置教程详解,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 PHPERZ 网站的支持!
来源: