Различия

Здесь показаны различия между двумя версиями данной страницы.

--- freebsd:mysql [2019/03/28 22:06]
alex
+++ freebsd:mysql [2020/02/01 17:46] (текущий)
alex
@@ Строка 8: / Строка 8: @@
 В конце установки получаю
-===> Creating groups.
+  ===> Creating groups.
-Creating group 'mysql' with gid '88'.
+  Creating group 'mysql' with gid '88'.
-===> Creating users
+  ===> Creating users
-Creating user 'mysql' with uid '88'.
+  Creating user 'mysql' with uid '88'.
-*****************************************************************************
+  Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
+  ie. when you want to use "mysql -u root -p" first you should see password
-WARNING: THIS IS STILL-IN-DEV PROJECT! USE WITH CAUTION ON PRODUCTION ENVS!
+  in /root/.mysql_secret
-*****************************************************************************
+  MySQL57 has a default %%ETCDIR%%/my.cnf,
-*****************************************************************************
+  remember to replace it wit your own
+  or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.
-Remember to run mysql_upgrade the first time you start the MySQL server
-after an upgrade from an earlier version.
+  ===> SECURITY REPORT:
+        This port has installed the following files which may act as network
-There is no initial password for first time use of MySQL.
+        servers and may therefore pose a remote security risk to the system.
-Keep in mind to reset it to a secure password.
+  /usr/local/lib/mysql/plugin/mysqlx.so
+  /usr/local/lib/mysql/plugin/group_replication.so
-MySQL80 has a default %%ETCDIR%%/my.cnf,
+  /usr/local/libexec/mysqld
-remember to replace it with your own
-or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.
+        This port has installed the following startup scripts which may cause
+        these network services to be started at boot time.
-*****************************************************************************
+  /usr/local/etc/rc.d/mysql-server
+        If there are vulnerabilities in these programs there may be a security
+        risk to the system. FreeBSD makes no guarantee about the security of
+        ports included in the Ports Collection. Please type 'make deinstall'
+        to deinstall the port if this is a concern.
+        For more information, and contact details about the security
+        status of this software, see the following webpage:
+  https://www.mysql.com/
-===> SECURITY REPORT:
+Запускаю mysql-server
-      This port has installed the following files which may act as network
+  service mysql-server onestart
-      servers and may therefore pose a remote security risk to the system.
-/usr/local/lib/mysql/plugin/group_replication.so
-/usr/local/libexec/mysqld
-      This port has installed the following startup scripts which may cause
-      these network services to be started at boot time.
-/usr/local/etc/rc.d/mysql-server
-      If there are vulnerabilities in these programs there may be a security
-      risk to the system. FreeBSD makes no guarantee about the security of
-      ports included in the Ports Collection. Please type 'make deinstall'
-      to deinstall the port if this is a concern.
-      For more information, and contact details about the security
-      status of this software, see the following webpage:
-  service mysql-server start
   Starting mysql.
-  service mysql-server status
+Проверяю статус mysql-server
+  service mysql-server onestatus
   mysql is running as pid 53015.
-root@jail_1:/usr/ports/databases# mysql_secure_installation
+Запускаю скрипт **mysql_secure_installation**
-mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'
-Securing the MySQL server deployment.
-Connecting to MySQL using a blank password.
-VALIDATE PASSWORD COMPONENT can be used to test passwords
-and improve security. It checks the strength of password
-and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD component?
-Press y|Y for Yes, any other key for No:
-Please set the password for root here.
-New password:
-Re-enter new password:
-By default, a MySQL installation has an anonymous user,
-allowing anyone to log into MySQL without having to have
-a user account created for them. This is intended only for
-testing, and to make the installation go a bit smoother.
-You should remove them before moving into a production
-environment.
-Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
-Success.
-Normally, root should only be allowed to connect from
-'localhost'. This ensures that someone cannot guess at
-the root password from the network.
-Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
-Success.
-By default, MySQL comes with a database named 'test' that
-anyone can access. This is also intended only for testing,
-and should be removed before moving into a production
-environment.
-Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- - Dropping test database...
-Success.
- - Removing privileges on test database...
-Success.
-Reloading the privilege tables will ensure that all changes
-made so far will take effect immediately.
-Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
-Success.
-All done!
-root@jail_1:/usr/ports/databases# mysql -u root -p
-Enter password:
-Welcome to the MySQL monitor.  Commands end with ; or \g.
-Your MySQL connection id is 10
-Server version: 8.0.12 Source distribution
-Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
-Oracle is a registered trademark of Oracle Corporation and/or its
-affiliates. Other names may be trademarks of their respective
-owners.
-Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-root@localhost [(none)]> show databases;
-+--------------------+
-| Database           |
-+--------------------+
-| information_schema |
-| mysql              |
-| performance_schema |
-| sys                |
-+--------------------+
-rows in set (0.05 sec)
-root@localhost [(none)]> quit;
-Bye
 Скрипт предназначен для повышения безопасности MySQL сервера. С помощью этого скрипта возможно:
   * задалть пароль для супер пользователя root (с системным root он не имеет ничего общего, это абсолютно два разных пользователя)
@@ Строка 144: / Строка 53: @@
   * запретили пользователю root входить удаленно. Теперь он сможет заходить только с localhost;
   * удалили тестовую БД test и доступ к ней;
+  mysql_secure_installation
+  mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'
+  Securing the MySQL server deployment.
+  Connecting to MySQL server using password in '/root/.mysql_secret'
+  VALIDATE PASSWORD PLUGIN можно использовать для проверки паролей
+  и улучшить безопасность. Проверяет надежность пароля
+  и позволяет пользователям устанавливать только те пароли, которые
+  достаточно безопасно. Вы хотите установить плагин VALIDATE PASSWORD?
+  Press y|Y for Yes, any other key for No: n
+  Using existing password for root.
+  Estimated strength of the password: 50
+  Change the password for root ? ((Press y|Y for Yes, any other key for No) : y
+  New password:
+  Re-enter new password:
+  Estimated strength of the password: 100
+  Вы хотите продолжить с предоставленным паролем? (Нажмите y | Y для Да, любую другую клавишу для Нет): y
+  По умолчанию установка MySQL имеет анонимного пользователя,
+  позволяя кому-либо войти в MySQL без
+  учетной запись пользователя, созданной для них. Это предназначено только для
+  тестирование, и сделано для гладкой установки.
+  Вы должны удалить их, прежде чем начать использовать.
+  Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
+  Success.
+  Обычно пользователю root разрешено подключаться только с
+  «Локально». Это гарантирует, что кто-то не может подобрать
+  пароль root из сети.
+  Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
+  Success.
+  По умолчанию MySQL поставляется с базой данных «test», к которой
+  любой может получить доступ. Это также предназначено только для тестирования,
+  и должна быть удалена перед началом использования.
+  Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
+   - Dropping test database...
+  Success.
+   - Removing privileges on test database...
+  Success.
+  Перезагрузка таблиц привилегий гарантирует, что все изменения
+  сделанные до сих пор вступит в силу немедленно.
+  Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
+  Success.
+  All done!
+Проверяю подключение к MySQL
+  mysql -uroot -p
+  Enter password:
+  Welcome to the MySQL monitor.  Commands end with ; or \g.
+  Your MySQL connection id is 9
+  Server version: 5.7.27-log Source distribution
+  Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+  Oracle is a registered trademark of Oracle Corporation and/or its
+  affiliates. Other names may be trademarks of their respective
+  owners.
+  Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+  show databases;
+  ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
+Получаю ошибку. MySQL почему то думает, что у пользователя root нет пароля. Делаю
+  SET PASSWORD = PASSWORD('//мой пароль//');
+  show databases;
+  +--------------------+
+  | Database           |
+  +--------------------+
+  | information_schema |
+  | mysql              |
+  | performance_schema |
+  | sys                |
+  +--------------------+
+rows in set (0.00 sec)
+  quit
+  Bye
+Для запуска MySQL при старте в /etc/rc.conf добавляю строку
+  sysrc mysql_enable="YES"
 ===== Настройка UTF8 кодировки по-умолчанию =====
@@ Строка 150: / Строка 154: @@
   [mysqld]
-  character-set-server = utf8
+  #character-set-server = utf8 **УСТАРЕЛО**
-  collation-server = utf8_unicode_ci
+  #collation-server = utf8_unicode_ci **УСТАРЕЛО**
+  character-set-server            =utf8mb4
+  collation-server                =utf8mb4_unicode_ci
 Перезапускаю MySQL
   service mysql-server restart
+===== Разрешить доступ с любого хоста ко всем базам на сервере =====
+  GRANT ALL PRIVILEGES ON *.* TO пользователь@'%' IDENTIFIED BY 'пароль';
+  FLUSH PRIVILEGES;
@@ Строка 163: / Строка 176: @@
 http://sysadmins.ru/post13350150.html\\
 http://www.bsdportal.ru/kb.php?a=3\\
-http://blog.bsdmaster.com/2011/05/mysqlbackup-mysql.html
+http://blog.bsdmaster.com/2011/05/mysqlbackup-mysql.html\\
+https://sys-adm.in/os/nix/556-setup-remote-connection-to-mysql.html\\
+http://qaru.site/questions/36067/how-to-allow-remote-connection-to-mysql\\
+https://dba.stackexchange.com/questions/30768/access-denied-for-user-root\\
+https://artkiev.com/blog/mysql-full-list-commands.htm\\
+https://www.opennet.ru/docs/RUS/mysql_notes

klotik.ru

Инструменты пользователя

Инструменты сайта

Различия

Инструменты страницы