klotik.ru

Установка:

cd /usr/ports/databases/mysql57-server
make install clean
...
...

В конце установки получаю

===> Creating groups.
Creating group 'mysql' with gid '88'.
===> Creating users
Creating user 'mysql' with uid '88'.
Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/mysql/plugin/mysqlx.so
/usr/local/lib/mysql/plugin/group_replication.so
/usr/local/libexec/mysqld

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
https://www.mysql.com/

service mysql-server start
Starting mysql.
service mysql-server status
mysql is running as pid 53015.

root@jail_1:/usr/ports/databases# mysql_secure_installation mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Please set the password for root here.

New password:

Re-enter new password: By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success.

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success.

By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database… Success.

- Removing privileges on test database… Success.

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success.

All done! root@jail_1:/usr/ports/databases# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10 Server version: 8.0.12 Source distribution

Copyright © 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> show databases; +——————–+

+——————–+

+——————–+ 4 rows in set (0.05 sec)

root@localhost [(none)]> quit; Bye

Скрипт предназначен для повышения безопасности MySQL сервера. С помощью этого скрипта возможно:

• задалть пароль для супер пользователя root (с системным root он не имеет ничего общего, это абсолютно два разных пользователя)
• удалить анонимного пользователя, который создается только для тестовых целей;
• запретили пользователю root входить удаленно. Теперь он сможет заходить только с localhost;
• удалили тестовую БД test и доступ к ней;

В файле конфигурации /usr/local/etc/mysql/my.cnf дописываю следующие строки.

[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci

Перезапускаю MySQL

service mysql-server restart

GRANT ALL PRIVILEGES ON *.* TO пользователь@'%' IDENTIFIED BY 'пароль';
FLUSH PRIVILEGES;

Ссылки:
http://freebsd.xrain.ru/index.php/MySQL
http://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization-mysqld.html
http://dev.mysql.com/doc/refman/5.7/en/mysql-install-db.html
http://sysadmins.ru/post13350150.html
http://www.bsdportal.ru/kb.php?a=3
http://blog.bsdmaster.com/2011/05/mysqlbackup-mysql.html
https://sys-adm.in/os/nix/556-setup-remote-connection-to-mysql.html
http://qaru.site/questions/36067/how-to-allow-remote-connection-to-mysql
https://dba.stackexchange.com/questions/30768/access-denied-for-user-root
https://artkiev.com/blog/mysql-full-list-commands.htm
https://www.opennet.ru/docs/RUS/mysql_notes