在 Debian 10 中,官方源默认带的是 MariaDB ,一个 MySQL 社区开发的 MySQL 分支,本文默认使用 root 权限

添加MySQL软件库

apt update
apt install gnupg lsb-release
cd /tmp
# https://dev.mysql.com/downloads/repo/apt/ 找到最新的版本
wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
# 查看文件
ls
dpkg -i mysql-apt-config*
apt update

安装 MySQL

apt install mysql-server
#查看状态
systemctl status mysql

MySQL 安全配置

mysql_secure_installation

This will ask you for the MySQL root password that you set during installation. Type it in and press ENTER. Now we’ll answer a series of yes or no prompts. Let’s go through them:

First, we are asked about the validate password plugin, a plugin that can automatically enforce certain password strength rules for your MySQL users. Enabling this is a decision you’ll need to make based on your individual security needs. Type y and ENTER to enable it, or just hit ENTER to skip it. If enabled, you will also be prompted to choose a level from 0–2 for how strict the password validation will be. Choose a number and hit ENTER to continue.

Next you’ll be asked if you want to change the root password. Since we just created the password when we installed MySQL, we can safely skip this. Hit ENTER to continue without updating the password.

The rest of the prompts can be answered yes. You will be asked about removing the anonymous MySQL user, disallowing remote root login, removing the test database, and reloading privilege tables to ensure the previous changes take effect properly. These are all a good idea. Type y and hit ENTER for each.

The script will exit after all the prompts are answered. Now our MySQL installation is reasonably secured. Let’s test it again by running a client that connects to the server and returns some information.

完成后 MySQL 会禁止 root 远程登录
mysql -h 127.0.0.1 -u root -p -P 3306
会提示
ERROR :'Access denied for user 'root'@'localhost'
解决方法:
创建一个专属用户
先使用 root 用户登录
mysql -u root -p [password]
然后执行
CREATE USER 'sammy'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'sammy'@'localhost';
其中ALL表示赋予所有权限,也可以在只给予查询、插入、更新和删除数据库的权限GRANT SELECT, INSERT, UPDATE, DELETE ON ...
*.*代表所有数据库,格式为数据库.数据表,一般情况下应当赋予新建用户最小权限,比如sammy用户只能操作shop数据库,那么应该改为shop.*localhost代表仅限本地登录,%表示任意地点登录,当需要从别的地方登录数据库时修改设置。

查看用户权限

SHOW GRANTS FOR sammy@localhost;

收回用户已有权限

REVOKE ALL PRIVILEGES ON architecture_examination.* FROM 'sammy'@'localhost';

删除用户

DROP USER 'sammy'@'localhost'

刷新

FLUSH PRIVILEGES;

MySQL 8 新加密插件

因为 mysql 8.0 默认是使用caching_sha2_password 加密插件的, PHP 有的版本是不兼容这个加密插件的,比如安装Typecho时总是提示无法连接数据库。
这里我选择降级加密插件

  • 如果新增用户则执行
    CREATE USER 'username'@'localhost' identified with mysql_native_password by 'password'
  • 改变已有用户则执行
    ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

SpringBoot 2.7.x 默认支持 MySQL 8 新加密插件。

MySQL 更改 Root 密码

首先使用 root 用户登录:

mysql -uroot -p

更改密码

ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyN3wP4ssw0rd';
flush privileges;
exit;

参考资料:
How To Install the Latest MySQL on Debian 10
Typecho 部署踩坑
Configuring a default root password for MySQL/MariaDB

标签: IT

评论已关闭