MySQL database security configuration practices

The following articles mainly introduce the actual operations of MySQL database security configuration. This article provides examples, of course, these instances are often used in the actual operations of the MySQL database security configuration, if you are a popular database. The following article will be meaningful to you.

Keywords: MySQL kernel Database Security Configuration User Authentication Module password restoration Stored Procedure writing MySQL database index

Summary:

Because MySQL is a multi-platform database, its default configuration should be considered to be applicable in various circumstances, so further security reinforcement should be carried out in our own use environment. As a MySQL System Administrator, we have the responsibility to maintain the data security and integrity of the MySQL database system.

If the user who starts the MySQL database is mysql, the following directories and files are safe. Pay attention to the data directory and the following attributes:

 
 

  
  
shell>ls-l/usr/local/mysql  
  
  
total40  
  
  
drwxrwxr-x2rootroot4096Feb2720:07bin  
  
  
drwxrwxr-x3rootroot4096Feb2720:07include  
  
  
drwxrwxr-x2rootroot4096Feb2720:07info  
  
  
drwxrwxr-x3rootroot4096Feb2720:07lib  
  
  
drwxrwxr-x2rootroot4096Feb2720:07libexec  
  
  
drwxrwxr-x3rootroot4096Feb2720:07man  
  
  
drwxrwxr-x6rootroot4096Feb2720:07mysql-test  
  
  
drwxrwxr-x3rootroot4096Feb2720:07share  
  
  
drwxrwxr-x7rootroot4096Feb2720:07sql-bench  
  
  
drwx------4mysqlmysql4096Feb2720:07var  
  
  
shell>ls-l/usr/local/mysql/var  
  
  
total8  
  
  
drwx------2mysqlmysql4096Feb2720:08mysql  
  
  
drwx------2mysqlmysql4096Feb2720:08test  
  
  
shell>ls-l/usr/local/mysql/var/mysql  
  
  
total104  
  
  
-rw-------1mysqlmysql0Feb2720:08columns_priv.MYD  
  
  
-rw-------1mysqlmysql1024Feb2720:08columns_priv.MYI  
  
  
-rw-------1mysqlmysql8778Feb2720:08columns_priv.frm  
  
  
-rw-------1mysqlmysql302Feb2720:08db.MYD  
  
  
-rw-------1mysqlmysql3072Feb2720:08db.MYI  
  
  
-rw-------1mysqlmysql8982Feb2720:08db.frm  
  
  
-rw-------1mysqlmysql0Feb2720:08func.MYD  
  
  
-rw-------1mysqlmysql1024Feb2720:08func.MYI  
  
  
-rw-------1mysqlmysql8641Feb2720:08func.frm  
  
  
-rw-------1mysqlmysql0Feb2720:08host.MYD  
  
  
-rw-------1mysqlmysql1024Feb2720:08host.MYI  
  
  
-rw-------1mysqlmysql8958Feb2720:08host.frm  
  
  
-rw-------1mysqlmysql0Feb2720:08tables_priv.MYD  
  
  
-rw-------1mysqlmysql1024Feb2720:08tables_priv.MYI  
  
  
-rw-------1mysqlmysql8877Feb2720:08tables_priv.frm  
  
  
-rw-------1mysqlmysql428Feb2720:08user.MYD  
  
  
-rw-------1mysqlmysql2048Feb2720:08user.MYI  
  
  
-rw-------1mysqlmysql9148Feb2720:08user.frm 
 
 

If the owner and attributes of these files are not the same, use the following two commands to correct them:

 
 

  
  
shell>chown-Rmysql.mysql/usr/local/mysql/var  
  
  
shell>chmod-Rgo-rwx/usr/local/mysql/var 
 
 

Starting remote services with the root user has always been a security taboo, because if the service program encounters problems, remote attackers are very likely to gain full control of the host. MySQL has made minor changes since version 3.23.15. After installation by default, the service should be started by mysql users, and root users are not allowed to start the service.

If you have to use the root user for startup, you must add the -- user = root parameter (./safe_mysqld -- user = root &). MySQL has the SQL statements of LOAD DATA INFILE and SELECT... INTO OUTFILE. If the root user starts the MySQL server, the MySQL database user has the write permission of the root user. However, MySQL still imposes some restrictions. For example, load data infile can only read globally readable files, and SELECT... into outfile cannot overwrite existing files.