Mysql glibc版本的安装与配置、密码安全策略、角色 及权限

Day 17

Mysql glibc版本的安装与配置

# 清空/etc目录下的my.cnf

root@mysql001 \~\]# ls -l /etc/my.cnf -rw-r--r--. 1 root root 570 6月 8 2017 /etc/my.cnf \[root@mysql001 \~\]# rm -rf /etc/my.cnf \[root@mysql001 \~\]# find / -name "\*mysql\*" -exec rm -rf {} \\; \[root@mysql001 \~\]# tar ****-xvf**** mysql-8.0.33-linux-glibc2.12-x86_64.tar \[root@mysql001 \~\]# ls anaconda-ks.cfg mysql-8.0.33-linux-glibc2.12-x86_64.tar mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz mysql-router-8.0.33-linux-glibc2.12-x86_64.tar.xz mysql-test-8.0.33-linux-glibc2.12-x86_64.tar.xz soft \[root@mysql001 \~\]# tar ****-xf**** mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz \[root@mysql001 \~\]# ls anaconda-ks.cfg mysql-8.0.33-linux-glibc2.12-x86_64 mysql-8.0.33-linux-glibc2.12-x86_64.tar mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz mysql-router-8.0.33-linux-glibc2.12-x86_64.tar.xz mysql-test-8.0.33-linux-glibc2.12-x86_64.tar.xz soft \[root@mysql01 \~\]# cd mysql-8.0.33-linux-glibc2.12-x86_64/ \[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64\]# cat support-files/mysql.server # 可以直接进入添加环境变量 \[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64\]# ls bin include LICENSE README ****support-files**** docs lib man share ****# 将项目文件移动到/usr/local/mysql**** \[root@mysql001 mysql-8.0.33-linux-glibc2.12-x86_64\]# cd \[root@mysql001 \~\]# mkdir -p /usr/local/mysql/ \[root@mysql02 \~\]# cp -r mysql-8.0.33-linux-glibc2.12-x86_64/ /usr/local/mysql \[root@mysql001 \~\]# tree /usr/local/mysql/ └── support-files ├── mysqld_multi.server ├── mysql-log-rotate └─****─**** ****mysql.server**** \[root@mysql001 \~\]# yum list installed\|grep libaio Repository 'samba': Error parsing config: Error parsing "baseurl = '/root/soft'": URL must be http, ftp, file or https not "" libaio.x86_64 0.3.109-13.el7 @anaconda \[root@mysql001 \~\]# echo $? # 上一步命令执行成功 0 ****# 创建账户，在此之前查看是否有账户**** \[root@mysql001 \~\]# id mysql id: mysql: no such user \[root@mysql001 \~\]# useradd -r -s /sbin/nolog mysql \[root@mysql001 \~\]# id mysql uid=997(mysql) gid=994(mysql) 组=994(mysql) ****# 在/usr/local/mysql/目录下创建mysql-files**** ****目录**** \[root@mysql001 \~\]# mkdir /usr/local/mysql/mysql-files ****# 修改mysql-files的权限为750，所属组和属主都是mysql**** \[root@mysql001 \~\]# chown mysql:mysql /usr/local/mysql/mysql-files/ \[root@mysql001 \~\]# chmod 750 /usr/local/mysql/mysql-files/ \[root@mysql001 \~\]# ll /usr/local/mysql/ ****drwxr-x---.**** 2 mysql mysql 6 8月 5 09:55 mysql-files \[root@mysql001 \~\]# cd /usr/local/mysql/bin/ \[root@mysql001 bin\]# ls ****ibd2sdi mysqld_multi**** ****innochecksum mysqld_safe**** ****lz4_decompress mysqldump**** ****myisamchk mysqldumpslow**** ****myisam_ftdump mysqlimport**** ****myisamlog mysql_migrate_keyring**** ****myisampack mysqlpump**** ****my_print_defaults mysql_secure_installation**** ****mysql mysqlshow**** ****mysqladmin mysqlslap**** ****mysqlbinlog mysql_ssl_rsa_setup**** ****mysqlcheck mysql_tzinfo_to_sql**** ****mysql_config mysql_upgrade**** ****mysql_config_editor perror**** ****mysqld zlib_decompress**** ****mysqld-debug**** ****# 初始化数据库，找到初始密码**** \[root@mysql01 bin\]# pwd /usr/local/mysql/bin \[root@mysql001 bin\]# ./mysqld --initialize --user=mysql --basedir=/usr/local/mysql/ A temporary ****password is generated**** for root@localhost: ****PvuZkro#p3\ mysql\> exit Bye ****# 常见问题！！！**** 1.为什么要删除/etc/my.cnf文件： 数据库初始化时候，会自动找my.cnf配置，但是原有的mariadb配置文件，会失败。 2. mysql-files文件夹： ⽬前没有⽤，必须创建，可能导致⽆法启动，数据的备份和还原，导⼊和到处所指定的默认⽬录。 3. 判断数据库初始化成功： 数据库的安装容易出错的地方是初始化，无法正常启动，确认方式安装⽬录下是否⽣成data⽬录。 4. 为什么要修改mysql.server放在/etc/init.d⽬录下： 不放也可以，但是就⽆法使⽤service mysql8 start启动只能使⽤bin/mysqld可执⾏⽂件启动 5. 为什么需要修改basedir和datadir glibc是二进制绿色版本，默认配置很多，需要修改 1. 开机启动 shell # 添加开机启动 \[root@mysql001 mysql8\]#chkconfig --add mysql8 #查看启动该列表 \[root@mysql001 mysql8\]# chkconfig --list 注：该输出结果只显示 SysV 服务，并不包含 原生systemd 服务。SysV 配置数据可能被原生systemd 配置覆盖； 要列出 systemd 服务，请执行 'systemctl listunit-files'； 查看在具体 target 启⽤的服务请执⾏ 'systemctl list-dependencies \[target\]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关 # 启动2345 \[root@mysql001 mysql8\]# chkconfig mysql8 on \[root@mysql001 mysql8\]# chkconfig --list 注：该输出结果只显示 SysV 服务，并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务，请执⾏ 'systemctl listunit-files'。 查看在具体 target 启⽤的服务请执⾏ 'systemctl list-dependencies \[target\]'。 mysql8 0:关 1:关 2:开 3:开 4:开 5:开 6:关 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关 # 3是字符界⾯，5是图形界⾯ 7.****修改密码1**** \[root@mysql001 mysql8\]#./bin/mysqladmin -uroot password '123' -p Enter password: # 输⼊123 8.****修改密码2**** mysql\> set password='456'; Query OK, 0 rows affected (0.02 sec) mysql\> flush privileges; Query OK, 0 rows affected (0.01 sec) \[root@mysql001 mysql8\]# ./bin/mysql -uroot -p456 mysql: \[Warning\] Using a password on the command line interface can be insecure. 9.将mysql的bin⽬录添加到环境变量中 \[root@mysql001 mysql8\]# sed -i '$aexport PATH=/mysql8/bin/:$PATH' /etc/profile \[root@mysql001 mysql8\]# sed -n '$p' /etc/profile export PATH=/mysql8/bin/:$PATH \[root@mysql001 mysql8\]# source /etc/profile \[root@mysql001 mysql8\]# which mysql /mysql8/bin/mysql \[root@mysql001mysql8\]# mysqld 2024-08-03T15:53:05.871244Z 0 \[System\] \[MY- 010116\] \[Server\] /mysql8/bin/mysqld (mysqld 8.0.33) starting as process 2861 2024-08-03T15:53:05.874283Z 0 \[ERROR\] \[MY- 010123\] \[Server\] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root! 2024-08-03T15:53:05.874333Z 0 \[ERROR\] \[MY- 010119\] \[Server\] Aborting 2024-08-03T15:53:05.874776Z 0 \[System\] \[MY- 010910\] \[Server\] /mysql8/bin/mysqld: Shutdown complete (mysqld 8.0.33) MySQL Community Server - GPL. 10.配置⽂件 \[root@mysql001 mysql8\]# fg vim ./my.cnf \[mysqld

basedir=/mysql8

datadir=/mysql8/data

socket=/tmp/mysql.sock

#重启服务

root@mysql001 mysql8\]# service mysql8 restart Shutting down MySQL.. SUCCESS! Starting MySQL.. SUCCESS! # 查看套接字⽂件 \[root@localhost mysql8\]# ll /tmp/ 总⽤量 12 -rwx------. 1 root root 836 8⽉ 2 23:02 ksscript-64N_oN srwxrwxrwx. 1 mysql mysql 0 8⽉ 4 00:02 mysql.sock -rw-------. 1 mysql mysql 5 8⽉ 4 00:02 mysql.sock.lock srwxrwxrwx. 1 mysql mysql 0 8⽉ 4 00:02 mysqlx.sock -rw-------. 1 mysql mysql 5 8⽉ 4 00:02 mysqlx.sock.lock drwx------. 3 root root 17 8⽉ 3 20:49 systemd-private-23259a7f757e44ec9ab58b88e07ceefachronyd.service-poengE -rw-------. 1 root root 0 8⽉ 2 22:58 yum.log #有套接字⽂件，就可以链接mysql服务 10.安全配置，生产环境 \[root@localhost mysql8\]# mysql_secure_installation # ⼀路y下去 改密码，不允许远程等等 ****# 设置新的密码**** \[root@mysql01 bin\]# mysql -uroot -p Enter password: 旧密码 mysql\> set password='Juan@1888$'; Query OK, 0 rows affected (0.02 sec) mysql\> flush privileges; Query OK, 0 rows affected (0.01 sec) mysql\> exit; Bye \[root@mysql01 bin\]# pwd /usr/local/mysql/bin \[root@mysql01 bin\]# mysql -uroot -pJuan@1888$ ****# 远程连接****：mysql -h主机ip或者域名 -P端口号 -u账号 -p密码 \[root@mysql01 bin\]# mysql -h127.0.0.1 -P3306 -uroot -pJuan@1888$ mysql\> show databases; +--------------------+ \| Database \| +--------------------+ \| information_schema \| \| mysql \| \| performance_schema \| \| sys \| \| test \| +--------------------+ 5 rows in set (0.02 sec) mysql\> use test; Database changed ****# 创建表**** mysql\> create table user( -\> id int primary key, -\> username varchar(50) not null, -\> password varchar(50) not null -\> ); Query OK, 0 rows affected (0.02 sec) ****# 插入数据**** mysql\> insert into user values(1, "huajuan", "123"); Query OK, 1 row affected (0.06 sec) mysql\> insert into user values(2, "tangping", "456"); Query OK, 1 row affected (0.01 sec) mysql\> insert into user values(3, "keshui", "789"); Query OK, 1 row affected (0.01 sec) mysql\> insert into user values(4, "shangke", "aaa"); Query OK, 1 row affected (0.00 sec) ****# 查看表**** mysql\> select \* from test.user; +----+----------+----------+ \| id \| username \| password \| +----+----------+----------+ \| 1 \| huajuan \| 123 \| \| 2 \| tangping \| 456 \| \| 3 \| keshui \| 789 \| \| 4 \| shangke \| aaa \| +----+----------+----------+ 4 rows in set (0.00 sec) ****Mysql glibc版本安装的脚本实现**** #!/bin/bash cp $1 /usr/local/mysql/ mdkir /usr/local/mysql/mysql-files/ grep /mysql/ /etc/password if \[ $? ne 0 \];then useradd -r -s /sbin/nologin mysql fi chown mysql:msyql /usr/local/mysql/mysql-files chmod 750 /usr/local/msyql/msyql-files # init /usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/ # password # service cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8 # start server service mysql8 start ****安全用户组权限**** ⽬标包含mysql 可执⾏⽂件，那么就是由使⽤，在终端使⽤： ./bin/mysql -h192.168.2.42 -P3306 -uroot -proot 1.远程登录前提条件是mysql.user表中的host属性为%，如果是localhost就不允许远程登录，update mysql.user set host="%" where user="root",flush privileges; 2.远程管理，可以使⽤图形化⼯具，sqlyog，navicat，掌握命令工具，客户端工具 mysql 3.mysql -h192.168.2.42 -P3306 -uzhangmin -pCzj_123 -h 主机 ip或者是域名 如果是localshost或者是127.0.0.1可省略 -P 端⼝ 默认是3306，如果是默认的，可以省略 -u ⽤户名 -p 密码，可以不换⾏直接输⼊，也可以换⾏ 不回显输⼊密码 4.创建账户 mysql\>alter user 'lilaosi'@'%' identified by 'Lilaosi_123'; # 修改密码 mysql\> create user 'czj'@'%' identified by 'Czj_890'; Query OK, 0 rows affected (0.00 sec) mysql\> select host, user from mysql.user; +-----------+------------------+ \| host \| user \| +-----------+------------------+ \| % \| aaa \| \| % \| czj \| \| localhost \| mysql.infoschema \| \| localhost \| mysql.session \| \| localhost \| mysql.sys \| \| localhost \| root \| +-----------+------------------+ 6 rows in set (0.00 sec) 5.赋予权限 mysql\> grant all on \*.\* to 'czj' 6.创建库 create database if not exists test; 7.创建表 use test; create table user( id int primary key, username varchar(45) not null, password varchar(45) not null ); 8.添加数据 insert into test.user values(1,"zhangsan","123"); insert into test.user values(2,"lisi","456"); insert into test.user values(3,"wamngwi","789"); insert into test.user values(4,"zhaoliu","aaa"); # 如：添加lilaosi账号、修改密码；查看mysql.user中lilaosi的信息 mysql\>create user 'lilaosi'@'%' identified by 'Lilaosi_123'; mysql\> alter user 'lilaosi'@'%' identified by 'Lilaosi_123'; Query OK, 0 rows affected (0.01 sec) mysql\> select host,user from mysql.user; +-----------+------------------+ \| host \| user \| +-----------+------------------+ \| % \| lilaosi \| \| % \| root \| \| % \| czj \| \| localhost \| mysql.infoschema \| \| localhost \| mysql.session \| \| localhost \| mysql.sys \| +-----------+------------------+ 6 rows in set (0.00 sec) 9.使⽤root账号，为lilaosi账号添加test库存中所有的表的所有权限 mysql\>grant all on test.\* to 'lilaosi'; # lilaosi就获得了test库中所有的表的操作权限，但是，由于 root没有个lilaosimysql库的权限，所以lilaosi账号⽆法查看 mysql库 ****密码安全策略**** ****# 查看密码策略**** mysql\> show variables like 'validate%'; +--------------------------------------+--------+ \| Variable_name \| Value \| +--------------------------------------+--------+ \| validate_password.check_user_name \| ON \| \| validate_password.dictionary_file \| \| \| validate_password.length \| 8 \| \| validate_password.mixed_case_count \| 1 \| \| validate_password.number_count \| 1 \| \| validate_password.policy \| MEDIUM \| \| validate_password.special_char_count \| 1 \| +--------------------------------------+--------+ 7 rows in set (0.00 sec) ****#**** ****修改策略**** mysql\> set global validate_password.length=0; mysql\> set global validate_password.policy=LOW; mysql\> show variables like 'validate%'; +--------------------------------------+-------+ \| Variable_name \| Value \| +--------------------------------------+-------+ \| validate_password.check_user_name \| ON \| \| validate_password.dictionary_file \| \| \| validate_password.length \| 4 \| \| validate_password.mixed_case_count \| 0 \| \| validate_password.number_count \| 0 \| \| validate_password.policy \| LOW \| \| validate_password.special_char_count \| 0 \| +--------------------------------------+-------+ ****#**** ****创建⽤户**** 创建三个账号，abc\[abcd\],ccc\[a1b2c3\] ,ddd\[231343

mysql> create user 'abc'@'%' identified by 'abcd';

mysql> create user 'ccc'@'%' identified by 'a1b2c3';

mysql> create user 'ddd'@'%' identified by '231343';

mysql> select host,user from mysql.user;

+-----------+------------------+

| host | user |

+-----------+------------------+

| % | abc |

| % | ccc |

| % | ddd |

| localhost | mysql.infoschema |

| localhost | mysql.session |

| localhost | mysql.sys |

| localhost | test1 |

+-----------+------------------+

# 删除 ⽤户

mysql> drop user 'ccc';

Query OK, 0 rows affected (0.02 sec)

mysql> select user from mysql.user;

+------------------+

| user |

+------------------+

| abc |

| ddd |

| mysql.infoschema |

| mysql.session |

| mysql.sys |

| test1 |

+------------------+

6 rows in set (0.00 sec)

# 修改 ⽤户

mysql> alter user 'abc' identified by'abc123';

Query OK, 0 rows affected (0.01 sec)

角色

# 创建 角色

mysql> create role 'a';

Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'a';

+-------------------------------+

| Grants for a@% |

+-------------------------------+

| GRANT USAGE ON *.* TO `a`@`%` |

+-------------------------------+

1 row in set (0.00 sec)

# 练习1

1.添加jingli角色

create role 'jingli';

2.添加yuangong角色

craete role 'yaungong';

3.为jingli添加select insert delete update权限

grant select ,insert,delete,update on test.user to

'jingli';

4.为yuangong添加select，insert权限

grant select,insert on test.user to 'yuangong';

5.查看角色保存的表格

selet host,user from mysql.user;

6.查看角色的权限

show grants for 'jingli';

show grants for 'yaungogng';

新增bbb和ccc两个⽤户bbb是经理需要增删改查权限，ccc是员⼯是

只需要新增和查看的权限

grant jingli to 'bbb'；

grant yuangong to 'ccc';

权限

# 刷新权限

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

# 为root账号添加权限

mysql> grant system_user on *.* to "root";

mysql> show grants for 'root';

# 删除权限

mysql> revoke all on *.* from "efgh";

Query OK, 0 rows affected (0.00 sec)

mysql> show grants for "efgh";

+----------------------------------+

| Grants for efgh@% |

+----------------------------------+

| GRANT USAGE ON *.* TO `efgh`@`%` |

+----------------------------------+

1 row in set (0.00 sec)

# 练习2

1.添加aaa账户，设置密码aaaa

mysql> drop user aaa;

mysql> create user 'aaa'@'%' identified by 'aaaa';

2.使用aaa账户访问mysql服务

root@mysql01 \~\]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa 1. 查看test数据库发现么有权限 mysql\> show databases; +--------------------+ \| Database \| +--------------------+ \| information_schema \| \| performance_schema \| +--------------------+ 2 rows in set (0.02 sec) 4.退出并使用root账户登录 mysql\> quit\|exit \[root@mysql01 \~\]# mysql -h127.0.0.1 -P3306 -uroot -proot密码 5.为aaa账户添加查看test.user表的权限 mysql\>grant select on test.user to 'aaa'; 6.退出root，使用aaa账户登录 mysql\>quit\|exit \[root@mysql01 \~\]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa 7.查看数据库、查看表、查看表内容 能够正常查看 mysql\> show databases; +--------------------+ \| Database \| +--------------------+ \| information_schema \| \| performance_schema \| \| test \| +--------------------+ 3 rows in set (0.00 sec) mysql\> use test; mysql\> show tables; +----------------+ \| Tables_in_test \| +----------------+ \| user \| +----------------+ 1 row in set (0.01 sec) mysql\> select \* from user; +----+----------+----------+ \| id \| username \| password \| +----+----------+----------+ \| 1 \| huajuan \| 123 \| \| 2 \| tangping \| 456 \| \| 3 \| keshui \| 789 \| \| 4 \| shangke \| aaa \| +----+----------+----------+ 4 rows in set (0.00 sec) 8.输入数据，没有权限 mysql\>insert into user values(5,"ermazi","ermazi"); ****ERROR**** 1142 (42000): INSERT command denied to user 'aaa'@'localhost' for table 'user' 9.退出aaa使用root登录 mysql\> quit\|exit \[root@mysql01 \~\]# mysql -h127.0.0.1 -P3306 -uroot -proot密码 10.为aaa添加insert权限 mysql\>grant insert on test.user to 'aaa'; Query OK, 0 rows affected (0.00 sec) 11.退出root使用aaa登录 mysql\>exit\|quit \[root@mysql01 \~\]#mysql -h127.0.0.1 -P3306 -uaaa -paaaa 12.向user表添加一行新的数据 mysql\>insert into test.user values(6,"zhangsanfeng","zhangsanfen"); 13.修改user中一行的数据的password（密码）为111，没有update权限 mysql\> insert into test.user values(6, "haofan", "ennn"); Query OK, 1 row affected (0.00 sec) mysql\> update test.user set password='kx' where username="bf"; ERROR 1142 (42000): UPDATE****command denied**** to user 'aaa'@'localhost' for table 'user'