一、Glibc安装
安装步骤
1.安装依赖库
[root@localhost ~]# yum list installed |grep libaio
libaio.x86_64 0.3.109-
13.el7 @anaconda
[root@localhost ~]#
2.解压查看
[root@localhost ~]# ls
mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@localhost ~]# tar -xvf mysql-8.0.33-linuxglibc2.12-x86_64.tar
mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
mysql-router-8.0.33-linux-glibc2.12-x86_64.tar.xz
[root@localhost ~]# tar -xvf mysql-8.0.33-linuxglibc2.12-x86_64.tar.xz
mysql-8.0.33-linux-glibc2.12-x86_64
[root@localhost ~]# ls mysql-8.0.33-linuxglibc2.12-x86_64/
bin docs include lib LICENSE man README
share support-files
3.创建⽤户
[root@localhost ~]# useradd -r -s /sbin/nologin
mysql
[root@localhost ~]# id mysql
uid=27(mysql) gid=27(mysql) 组=27(mysql)
4.清空其他环境 mariadb
[root@localhost ~]# rm -rf /etc/my.cnf
5.将解压⽂件放置在根⽬录下
[root@localhost ~]# mv mysql-8.0.33-linuxglibc2.12-x86_64/ /mysql8
[root@localhost ~]# ls /mysql8/
bin docs include lib LICENSE man README
share support-files
6.切换mysql8⽬录,创建⼀个mysq files
cd /mysql8/
mkdir mysql-files
7.修改mysql-files⽂件权限750和所属 mysql
[root@localhost mysql8]# chown mysql:mysql mysqlfiles/
[root@localhost mysql8]# chmod 750 mysql-files/
[root@localhost mysql8]# ls -l
总⽤量 296
drwxr-xr-x. 2 7161 31415 4096 3⽉ 17 2023 bin
drwxr-xr-x. 2 7161 31415 38 3⽉ 17 2023 docs
drwxr-xr-x. 3 7161 31415 4096 3⽉ 17 2023
include
drwxr-xr-x. 6 7161 31415 201 3⽉ 17 2023 lib
-rw-r--r--. 1 7161 31415 284945 3⽉ 17 2023
LICENSE
drwxr-xr-x. 4 7161 31415 30 3⽉ 17 2023 man
drwxr-x---. 2 mysql mysql 6 8⽉ 3 22:30
mysql-files
-rw-r--r--. 1 7161 31415 666 3⽉ 17 2023
README
drwxr-xr-x. 28 7161 31415 4096 3⽉ 17 2023
share
drwxr-xr-x. 2 7161 31415 77 3⽉ 17 2023
support-files
8.初始化数据库,找到初始密码
[root@localhost mysql8]# ./bin/mysqld --initialize
--user=mysql --basedir=/mysql8
2024-08-03T14:34:53.993391Z 0 [System] [MY-013169]
[Server] /mysql8/bin/mysqld (mysqld 8.0.33)
initializing of server in progress as process 2236
2024-08-03T14:34:54.003043Z 1 [System] [MY-013576]
[InnoDB] InnoDB initialization has started.
2024-08-03T14:34:55.674077Z 1 [System] [MY-013577]
[InnoDB] InnoDB initialization has ended.
2024-08-03T14:34:58.133984Z 6 [Note] [MY-010454]
[Server] A temporary password is generated for
root@localhost: .I//GqI,Z2-k
9.查看是否初始化成功过,可以看⽂件夹中是否有data⽂件夹
[root@localhost mysql8]# ls
bin docs lib man README
support-files
data include LICENSE mysql-files share
10.设置ssl安全加密连接 敏感数据
[root@localhost mysql8]# ls ./bin/*ssl*
./bin/mysql_ssl_rsa_setup
[root@localhost mysql8]# ./bin/mysql_ssl_rsa_setup
--datadir=/mysql8/data
[root@localhost mysql8]# ls ./data/
auto.cnf #ib_16384_1.dblwr mysql.ibd
sys
ca-key.pem ib_buffer_pool
performance_schema undo_001
ca.pem ibdata1
private_key.pem undo_002
client-cert.pem #innodb_redo
public_key.pem
client-key.pem #innodb_temp servercert.pem
#ib_16384_0.dblwr mysql serverkey.pem
11.其他配置
[root@localhost mysql8]# cp supportfiles/mysql.server /etc/init.d/mysql8
[root@localhost mysql8]# ls /etc/init.d/mysql8
/etc/init.d/mysql8
[root@localhost mysql8]# ls /etc/init.d/
functions mysql8 mysql8ls netconsole network
README
[root@localhost mysql8]#
# 默认情况下,启动⽂件认识安装⽬录在/usr/local/⽬录下
[root@localhost mysql8]# sed -n '/^basedir=/p'
/etc/init.d/mysql8
basedir=
[root@localhost mysql8]# sed -i
'/^basedir=/cbasedir=/mysql8' /etc/init.d/mysql8
[root@localhost mysql8]# sed -n '/^basedir=/p'
/etc/init.d/mysql8
basedir=/mysql8
[root@localhost mysql8]# sed -n '/^datadir=/p'
/etc/init.d/mysql8
datadir=
[root@localhost mysql8]# sed -i
'/^datadir=/cdatadir=/mysql8/data'
/etc/init.d/mysql8
12.启动服务 不能使⽤systemctl
ot@localhost mysql8]# service mysql8 start
Starting MySQL.Logging to
'/mysql8/data/localhost.localdomain.err'.
.. SUCCESS!
[root@localhost mysql8]# ls /mysql8/data/*.err
/mysql8/data/localhost.localdomain.err
# 启动成功后会⽣成err⽇志⽂件,多看看,了解启动的详细原因
二、安全用户角色权限
1.密码安全策略
查看密码策略
mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
修改策略
mysql> set global validate_password.length=0;
mysql> set global validate_password.policy=LOW;
mysql> show variables like 'validate%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 4 |
| validate_password.mixed_case_count | 0 |
| validate_password.number_count | 0 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 0 |
+--------------------------------------+-------+
2.⽤户
创建⽤户
ysql> create user 'efg'@'%' identified by 'efg';
ERROR 1819 (HY000): Your password does not satisfy
the current policy requirements
mysql> create user 'efgh'@'%' identified by 'efgh';
Query OK, 0 rows affected (0.01 sec)
mysql> select host,user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | efgh |
| % | root |
| % | zhangmin |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | test1 |
+-----------+------------------+
删除⽤户
mysql> drop user 'zhangmin';
Query OK, 0 rows affected (0.02 sec)
mysql> select user from mysql.user;
+------------------+
| user |
+------------------+
| efgh |
| root |
| mysql.infoschema |
| mysql.session |
| mysql.sys |
| test1 |
+------------------+
6 rows in set (0.00 sec)
修改⽤户
mysql> alter user 'zhangmin' identified by
'abc123';
Query OK, 0 rows affected (0.01 sec)
3.⻆⾊
创建⻆⾊
mysql> create role 'a';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'a';
+-------------------------------+
| Grants for a@% |
+-------------------------------+
| GRANT USAGE ON *.* TO `a`@`%` |
+-------------------------------+
1 row in set (0.00 sec)
4.权限
刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
为root账号添加权限
mysql> grant system_user on *.* to "root";
mysql> show grants for 'root';