klotik.ru

Установка:

cd /usr/ports/databases/mysql57-server
make install clean
...
...

В конце установки получаю

===> Creating groups.
Creating group 'mysql' with gid '88'.
===> Creating users
Creating user 'mysql' with uid '88'.
Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/mysql/plugin/mysqlx.so
/usr/local/lib/mysql/plugin/group_replication.so
/usr/local/libexec/mysqld

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
https://www.mysql.com/

service mysql-server onestart
Starting mysql.
service mysql-server onestatus
mysql is running as pid 53015.

Запускаю скрипт mysql_secure_installation Скрипт предназначен для повышения безопасности MySQL сервера. С помощью этого скрипта возможно:

• задалть пароль для супер пользователя root (с системным root он не имеет ничего общего, это абсолютно два разных пользователя)
• удалить анонимного пользователя, который создается только для тестовых целей;
• запретили пользователю root входить удаленно. Теперь он сможет заходить только с localhost;
• удалили тестовую БД test и доступ к ней;

mysql_secure_installation
mysql_secure_installation: [ERROR] unknown variable 'prompt=\u@\h [\d]>\_'

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/root/.mysql_secret'

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

VALIDATE PASSWORD PLUGIN можно использовать для проверки паролей
и улучшить безопасность. Проверяет надежность пароля
и позволяет пользователям устанавливать только те пароли, которые
достаточно безопасно. Вы хотите установить плагин VALIDATE PASSWORD?
Press y|Y for Yes, any other key for No: n
Using existing password for root.

Estimated strength of the password: 50
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Проверяю подключение у MySQL

mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.7.27-log Source distribution

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

root@localhost [(none)]> quit
Bye

Для запуска MySQL при старте в /etc/rc.conf добавляю строку

mysql_enable="YES

В файле конфигурации /usr/local/etc/mysql/my.cnf дописываю следующие строки.

[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci

Перезапускаю MySQL

service mysql-server restart

GRANT ALL PRIVILEGES ON *.* TO пользователь@'%' IDENTIFIED BY 'пароль';
FLUSH PRIVILEGES;

Ссылки:
http://freebsd.xrain.ru/index.php/MySQL
http://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization-mysqld.html
http://dev.mysql.com/doc/refman/5.7/en/mysql-install-db.html
http://sysadmins.ru/post13350150.html
http://www.bsdportal.ru/kb.php?a=3
http://blog.bsdmaster.com/2011/05/mysqlbackup-mysql.html
https://sys-adm.in/os/nix/556-setup-remote-connection-to-mysql.html
http://qaru.site/questions/36067/how-to-allow-remote-connection-to-mysql
https://dba.stackexchange.com/questions/30768/access-denied-for-user-root
https://artkiev.com/blog/mysql-full-list-commands.htm
https://www.opennet.ru/docs/RUS/mysql_notes