Day 17
Mysql glibc版本的安装与配置
# 清空/etc目录下的my.cnf
[root@mysql001 ~]# ls -l /etc/my.cnf
-rw-r--r--. 1 root root 570 6月 8 2017 /etc/my.cnf
[root@mysql001 ~]# rm -rf /etc/my.cnf
[root@mysql001 ~]# find / -name "*mysql*" -exec rm -rf {} \;
[root@mysql001 ~]# tar -xvf mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@mysql001 ~]# ls
anaconda-ks.cfg
mysql-8.0.33-linux-glibc2.12-x86_64.tar
mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
mysql-router-8.0.33-linux-glibc2.12-x86_64.tar.xz
mysql-test-8.0.33-linux-glibc2.12-x86_64.tar.xz
soft
[root@mysql001 ~]# tar -xf mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
[root@mysql001 ~]# ls
anaconda-ks.cfg
mysql-8.0.33-linux-glibc2.12-x86_64
mysql-8.0.33-linux-glibc2.12-x86_64.tar
mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
mysql-router-8.0.33-linux-glibc2.12-x86_64.tar.xz
mysql-test-8.0.33-linux-glibc2.12-x86_64.tar.xz
soft
[root@mysql01 ~]# cd mysql-8.0.33-linux-glibc2.12-x86_64/
[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64]# cat support-files/mysql.server
可以直接进入添加环境变量
[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64]# ls
bin include LICENSE README support-files
docs lib man share
# 将项目文件移动到/usr/local/mysql
[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64]# cd
[root@mysql001 ~]# mkdir -p /usr/local/mysql/
[root@mysql02 ~]# cp -r mysql-8.0.33-linux-glibc2.12-x86_64/ /usr/local/mysql
[root@mysql001 ~]# tree /usr/local/mysql/
└── support-files
├── mysqld_multi.server
├── mysql-log-rotate
└── mysql.server
[root@mysql001 ~]# yum list installed|grep libaio
Repository 'samba': Error parsing config: Error parsing "baseurl = '/root/soft'": URL must be http, ftp, file or https not ""
libaio.x86_64 0.3.109-13.el7 @anaconda
[root@mysql001 ~]# echo $? # 上一步命令执行成功
0
# 创建账户,在此之前查看是否有账户
[root@mysql001 ~]# id mysql
id: mysql: no such user
[root@mysql001 ~]# useradd -r -s /sbin/nolog mysql
[root@mysql001 ~]# id mysql
uid=997(mysql) gid=994(mysql) 组=994(mysql)
# 在/usr/local/mysql/目录下创建mysql-files 目录
[root@mysql001 ~]# mkdir /usr/local/mysql/mysql-files
# 修改mysql-files的权限为750,所属组和属主都是mysql
[root@mysql001 ~]# chown mysql:mysql /usr/local/mysql/mysql-files/
[root@mysql001 ~]# chmod 750 /usr/local/mysql/mysql-files/
[root@mysql001 ~]# ll /usr/local/mysql/
drwxr-x---. 2 mysql mysql 6 8月 5 09:55 mysql-files
[root@mysql001 ~]# cd /usr/local/mysql/bin/
[root@mysql001 bin]# ls
ibd2sdi mysqld_multi
innochecksum mysqld_safe
lz4_decompress mysqldump
myisamchk mysqldumpslow
myisam_ftdump mysqlimport
myisamlog mysql_migrate_keyring
myisampack mysqlpump
my_print_defaults mysql_secure_installation
mysql mysqlshow
mysqladmin mysqlslap
mysqlbinlog mysql_ssl_rsa_setup
mysqlcheck mysql_tzinfo_to_sql
mysql_config mysql_upgrade
mysql_config_editor perror
mysqld zlib_decompress
mysqld-debug
# 初始化数据库,找到初始密码
[root@mysql01 bin]# pwd
/usr/local/mysql/bin
[root@mysql001 bin]# ./mysqld --initialize --user=mysql --basedir=/usr/local/mysql/
A temporary password is generated for root@localhost: PvuZkro#p3<j
# 判断是否生成data目录
[root@mysql001 bin]# ls /usr/local/mysql/
bin docs lib man README support-files
data include LICENSE mysql-files share
[root@mysql001 bin]# ./mysql_ssl_rsa_setup --datadir=/usr/local/mysql/data
[root@mysql001 bin]# ls /usr/local/mysql/data/
auto.cnf mysql
ca-key.pem mysql.ibd
ca.pem performance_schema
client-cert.pem private_key.pem
client-key.pem public_key.pem
#ib_16384_0.dblwr server-cert.pem
#ib_16384_1.dblwr server-key.pem
ib_buffer_pool sys
ibdata1 undo_001
#innodb_redo undo_002
#innodb_temp
[root@mysql001 bin]# ls /usr/local/mysql/mysql-8.0.33-linux-glibc2.12-x86_64/support-files/
mysqld_multi.server mysql.server
mysql-log-rotate
# 把mysql.server文件放到/etc/init.d/目录下,方便使用service mysql start命令启动
[root@mysql001bin]#
cp /usr/local/mysql/mysql-8.0.33-linux-glibc2.12-x86_64/support-files/mysql.server/etc/init.d/mysql8
[root@mysql001 bin]# service mysql8 start
Starting MySQL.Logging to '/usr/local/mysql/data/mysql001.err'.
. SUCCESS!
注意:此时登录进入mysql可能显示未找到命令,需要设置环境变量
[root@mysql01 ~]#vim /etc/profile
export MYSQL_HOME=/usr/local/mysql
export PATH=PATH:MYSQL_HOME/bin
[root@mysql01 ~]# mysql -uroot -p
Enter password: PvuZkro#p3<j
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 8.0.33
mysql>
mysql> exit
Bye
# 常见问题!!!
1.为什么要删除/etc/my.cnf文件:
数据库初始化时候,会自动找my.cnf配置,但是原有的mariadb配置文件,会失败。
- mysql-files文件夹:
⽬前没有⽤,必须创建,可能导致⽆法启动,数据的备份和还原,导⼊和到处所指定的默认⽬录。
- 判断数据库初始化成功:
数据库的安装容易出错的地方是初始化,无法正常启动,确认方式安装⽬录下是否⽣成data⽬录。
- 为什么要修改mysql.server放在/etc/init.d⽬录下:
不放也可以,但是就⽆法使⽤service mysql8 start启动只能使⽤bin/mysqld可执⾏⽂件启动
- 为什么需要修改basedir和datadir
glibc是二进制绿色版本,默认配置很多,需要修改
- 开机启动
shell
添加开机启动
[root@mysql001 mysql8]#chkconfig --add mysql8
#查看启动该列表
[root@mysql001 mysql8]# chkconfig --list
注:该输出结果只显示 SysV 服务,并不包含
原生systemd 服务。SysV 配置数据可能被原生systemd 配置覆盖;
要列出 systemd 服务,请执行 'systemctl listunit-files';
查看在具体 target 启⽤的服务请执⾏ 'systemctl list-dependencies [target]'。
netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
启动2345
[root@mysql001 mysql8]# chkconfig mysql8 on
[root@mysql001 mysql8]# chkconfig --list
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执⾏ 'systemctl listunit-files'。
查看在具体 target 启⽤的服务请执⾏
'systemctl list-dependencies [target]'。
mysql8 0:关 1:关 2:开 3:开 4:开 5:开 6:关
netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
3是字符界⾯,5是图形界⾯
7.修改密码1
[root@mysql001 mysql8]#./bin/mysqladmin -uroot
password '123' -p
Enter password: # 输⼊123
8.修改密码2
mysql> set password='456';
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
[root@mysql001 mysql8]# ./bin/mysql -uroot -p456
mysql: [Warning] Using a password on the command line
interface can be insecure.
9.将mysql的bin⽬录添加到环境变量中
[root@mysql001 mysql8]# sed -i '$aexport
PATH=/mysql8/bin/:$PATH' /etc/profile
[root@mysql001 mysql8]# sed -n '$p'
/etc/profile
export PATH=/mysql8/bin/:$PATH
[root@mysql001 mysql8]# source /etc/profile
[root@mysql001 mysql8]# which mysql
/mysql8/bin/mysql
[root@mysql001mysql8]# mysqld
2024-08-03T15:53:05.871244Z 0 [System] [MY-
010116] [Server] /mysql8/bin/mysqld (mysqld 8.0.33)
starting as process 2861
2024-08-03T15:53:05.874283Z 0 [ERROR] [MY-
010123] [Server] Fatal error: Please read
"Security" section of the manual to find out how to
run mysqld as root!
2024-08-03T15:53:05.874333Z 0 [ERROR] [MY-
010119] [Server] Aborting
2024-08-03T15:53:05.874776Z 0 [System] [MY-
010910] [Server] /mysql8/bin/mysqld: Shutdown
complete (mysqld 8.0.33) MySQL Community Server -
GPL.
10.配置⽂件
[root@mysql001 mysql8]# fg
vim ./my.cnf
[mysqld]
basedir=/mysql8
datadir=/mysql8/data
socket=/tmp/mysql.sock
#重启服务
[root@mysql001 mysql8]# service mysql8 restart
Shutting down MySQL.. SUCCESS!
Starting MySQL.. SUCCESS!
查看套接字⽂件
[root@localhost mysql8]# ll /tmp/
总⽤量 12
-rwx------. 1 root root 836 8⽉ 2 23:02 ksscript-64N_oN
srwxrwxrwx. 1 mysql mysql 0 8⽉ 4 00:02
mysql.sock
-rw-------. 1 mysql mysql 5 8⽉ 4 00:02
mysql.sock.lock
srwxrwxrwx. 1 mysql mysql 0 8⽉ 4 00:02
mysqlx.sock
-rw-------. 1 mysql mysql 5 8⽉ 4 00:02
mysqlx.sock.lock
drwx------. 3 root root 17 8⽉ 3 20:49
systemd-private-23259a7f757e44ec9ab58b88e07ceefachronyd.service-poengE
-rw-------. 1 root root 0 8⽉ 2 22:58
yum.log
#有套接字⽂件,就可以链接mysql服务
10.安全配置,生产环境
[root@localhost mysql8]# mysql_secure_installation
⼀路y下去 改密码,不允许远程等等
# 设置新的密码
[root@mysql01 bin]# mysql -uroot -p
Enter password: 旧密码
mysql> set password='Juan@1888$';
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
Bye
[root@mysql01 bin]# pwd
/usr/local/mysql/bin
[root@mysql01 bin]# mysql -uroot -pJuan@1888$
# 远程连接:mysql -h主机ip或者域名 -P端口号 -u账号 -p密码
[root@mysql01 bin]# mysql -h127.0.0.1 -P3306 -uroot -pJuan@1888$
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| test |
+--------------------+
5 rows in set (0.02 sec)
mysql> use test;
Database changed
# 创建表
mysql> create table user(
-> id int primary key,
-> username varchar(50) not null,
-> password varchar(50) not null
-> );
Query OK, 0 rows affected (0.02 sec)
# 插入数据
mysql> insert into user values(1, "huajuan", "123");
Query OK, 1 row affected (0.06 sec)
mysql> insert into user values(2, "tangping", "456");
Query OK, 1 row affected (0.01 sec)
mysql> insert into user values(3, "keshui", "789");
Query OK, 1 row affected (0.01 sec)
mysql> insert into user values(4, "shangke", "aaa");
Query OK, 1 row affected (0.00 sec)
# 查看表
mysql> select * from test.user;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 1 | huajuan | 123 |
| 2 | tangping | 456 |
| 3 | keshui | 789 |
| 4 | shangke | aaa |
+----+----------+----------+
4 rows in set (0.00 sec)
Mysql glibc版本安装的脚本实现
#!/bin/bash
cp $1 /usr/local/mysql/
mdkir /usr/local/mysql/mysql-files/
grep /mysql/ /etc/password
if [ $? ne 0 ];then
useradd -r -s /sbin/nologin mysql
fi
chown mysql:msyql /usr/local/mysql/mysql-files
chmod 750 /usr/local/msyql/msyql-files
init
/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/
password
service
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8
start server
service mysql8 start
安全用户组权限
⽬标包含mysql 可执⾏⽂件,那么就是由使⽤,在终端使⽤:
./bin/mysql -h192.168.2.42 -P3306 -uroot -proot
1.远程登录前提条件是mysql.user表中的host属性为%,如果是localhost就不允许远程登录,update mysql.user set host="%"
where user="root",flush privileges;
2.远程管理,可以使⽤图形化⼯具,sqlyog,navicat,掌握命令工具,客户端工具 mysql
3.mysql -h192.168.2.42 -P3306 -uzhangmin -pCzj_123
-h 主机 ip或者是域名 如果是localshost或者是127.0.0.1可省略
-P 端⼝ 默认是3306,如果是默认的,可以省略
-u ⽤户名
-p 密码,可以不换⾏直接输⼊,也可以换⾏ 不回显输⼊密码
4.创建账户
mysql>alter user 'lilaosi'@'%' identified by 'Lilaosi_123'; # 修改密码
mysql> create user 'czj'@'%' identified by 'Czj_890';
Query OK, 0 rows affected (0.00 sec)
mysql> select host, user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | aaa |
| % | czj |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+------------------+
6 rows in set (0.00 sec)
5.赋予权限
mysql> grant all on *.* to 'czj'
6.创建库
create database if not exists test;
7.创建表
use test;
create table user(
id int primary key,
username varchar(45) not null,
password varchar(45) not null
);
8.添加数据
insert into test.user values(1,"zhangsan","123");
insert into test.user values(2,"lisi","456");
insert into test.user values(3,"wamngwi","789");
insert into test.user values(4,"zhaoliu","aaa");
如:添加lilaosi账号、修改密码;查看mysql.user中lilaosi的信息
mysql>create user 'lilaosi'@'%' identified by 'Lilaosi_123';
mysql> alter user 'lilaosi'@'%' identified by
'Lilaosi_123';
Query OK, 0 rows affected (0.01 sec)
mysql> select host,user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | lilaosi |
| % | root |
| % | czj |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
+-----------+------------------+
6 rows in set (0.00 sec)
9.使⽤root账号,为lilaosi账号添加test库存中所有的表的所有权限
mysql>grant all on test.* to 'lilaosi';
lilaosi就获得了test库中所有的表的操作权限,但是,由于
root没有个lilaosimysql库的权限,所以lilaosi账号⽆法查看
mysql库
密码安全策略
# 查看密码策略
mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
# 修改策略
mysql> set global validate_password.length=0;
mysql> set global validate_password.policy=LOW;
mysql> show variables like 'validate%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 4 |
| validate_password.mixed_case_count | 0 |
| validate_password.number_count | 0 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 0 |
+--------------------------------------+-------+
# 创建⽤户
创建三个账号,abc[abcd],ccc[a1b2c3] ,ddd[231343]
mysql> create user 'abc'@'%' identified by 'abcd';
mysql> create user 'ccc'@'%' identified by 'a1b2c3';
mysql> create user 'ddd'@'%' identified by '231343';
mysql> select host,user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | abc |
| % | ccc |
| % | ddd |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | test1 |
+-----------+------------------+
# 删除 ⽤户
mysql> drop user 'ccc';
Query OK, 0 rows affected (0.02 sec)
mysql> select user from mysql.user;
+------------------+
| user |
+------------------+
| abc |
| ddd |
| mysql.infoschema |
| mysql.session |
| mysql.sys |
| test1 |
+------------------+
6 rows in set (0.00 sec)
# 修改 ⽤户
mysql> alter user 'abc' identified by'abc123';
Query OK, 0 rows affected (0.01 sec)
角色
# 创建 角色
mysql> create role 'a';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'a';
+-------------------------------+
| Grants for a@% |
+-------------------------------+
| GRANT USAGE ON *.* TO `a`@`%` |
+-------------------------------+
1 row in set (0.00 sec)
# 练习1
1.添加jingli角色
create role 'jingli';
2.添加yuangong角色
craete role 'yaungong';
3.为jingli添加select insert delete update权限
grant select ,insert,delete,update on test.user to
'jingli';
4.为yuangong添加select,insert权限
grant select,insert on test.user to 'yuangong';
5.查看角色保存的表格
selet host,user from mysql.user;
6.查看角色的权限
show grants for 'jingli';
show grants for 'yaungogng';
新增bbb和ccc两个⽤户bbb是经理需要增删改查权限,ccc是员⼯是
只需要新增和查看的权限
grant jingli to 'bbb';
grant yuangong to 'ccc';
权限
# 刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
# 为root账号添加权限
mysql> grant system_user on *.* to "root";
mysql> show grants for 'root';
# 删除权限
mysql> revoke all on *.* from "efgh";
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for "efgh";
+----------------------------------+
| Grants for efgh@% |
+----------------------------------+
| GRANT USAGE ON *.* TO `efgh`@`%` |
+----------------------------------+
1 row in set (0.00 sec)
# 练习2
1.添加aaa账户,设置密码aaaa
mysql> drop user aaa;
mysql> create user 'aaa'@'%' identified by 'aaaa';
2.使用aaa账户访问mysql服务
[root@mysql01 ~]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa
- 查看test数据库发现么有权限
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
+--------------------+
2 rows in set (0.02 sec)
4.退出并使用root账户登录
mysql> quit|exit
[root@mysql01 ~]# mysql -h127.0.0.1 -P3306 -uroot -proot密码
5.为aaa账户添加查看test.user表的权限
mysql>grant select on test.user to 'aaa';
6.退出root,使用aaa账户登录
mysql>quit|exit
[root@mysql01 ~]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa
7.查看数据库、查看表、查看表内容 能够正常查看
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
| test |
+--------------------+
3 rows in set (0.00 sec)
mysql> use test;
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| user |
+----------------+
1 row in set (0.01 sec)
mysql> select * from user;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 1 | huajuan | 123 |
| 2 | tangping | 456 |
| 3 | keshui | 789 |
| 4 | shangke | aaa |
+----+----------+----------+
4 rows in set (0.00 sec)
8.输入数据,没有权限
mysql>insert into user values(5,"ermazi","ermazi");
ERROR 1142 (42000): INSERT command denied to user 'aaa'@'localhost' for table 'user'
9.退出aaa使用root登录
mysql> quit|exit
[root@mysql01 ~]# mysql -h127.0.0.1 -P3306 -uroot -proot密码
10.为aaa添加insert权限
mysql>grant insert on test.user to 'aaa';
Query OK, 0 rows affected (0.00 sec)
11.退出root使用aaa登录
mysql>exit|quit
[root@mysql01 ~]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa
12.向user表添加一行新的数据
mysql>insert into test.user values(6,"zhangsanfeng","zhangsanfen");
13.修改user中一行的数据的password(密码)为111,没有update权限
mysql> insert into test.user values(6, "haofan", "ennn");
Query OK, 1 row affected (0.00 sec)
mysql> update test.user set password='kx' where username="bf";
ERROR 1142 (42000): UPDATEcommand denied to user 'aaa'@'localhost' for table 'user'