The following articles mainly introduce the actual operations of MySQL database security configuration. This article provides examples, of course, these instances are often used in the actual operations of the MySQL database security configuration, if you are a popular database. The following article will be meaningful to you.
Keywords: MySQL kernel Database Security Configuration User Authentication Module password restoration Stored Procedure writing MySQL database index
Summary:
Because MySQL is a multi-platform database, its default configuration should be considered to be applicable in various circumstances, so further security reinforcement should be carried out in our own use environment. As a MySQL System Administrator, we have the responsibility to maintain the data security and integrity of the MySQL database system.
If the user who starts the MySQL database is mysql, the following directories and files are safe. Pay attention to the data directory and the following attributes:
- shell>ls-l/usr/local/mysql
- total40
- drwxrwxr-x2rootroot4096Feb2720:07bin
- drwxrwxr-x3rootroot4096Feb2720:07include
- drwxrwxr-x2rootroot4096Feb2720:07info
- drwxrwxr-x3rootroot4096Feb2720:07lib
- drwxrwxr-x2rootroot4096Feb2720:07libexec
- drwxrwxr-x3rootroot4096Feb2720:07man
- drwxrwxr-x6rootroot4096Feb2720:07mysql-test
- drwxrwxr-x3rootroot4096Feb2720:07share
- drwxrwxr-x7rootroot4096Feb2720:07sql-bench
- drwx------4mysqlmysql4096Feb2720:07var
- shell>ls-l/usr/local/mysql/var
- total8
- drwx------2mysqlmysql4096Feb2720:08mysql
- drwx------2mysqlmysql4096Feb2720:08test
- shell>ls-l/usr/local/mysql/var/mysql
- total104
- -rw-------1mysqlmysql0Feb2720:08columns_priv.MYD
- -rw-------1mysqlmysql1024Feb2720:08columns_priv.MYI
- -rw-------1mysqlmysql8778Feb2720:08columns_priv.frm
- -rw-------1mysqlmysql302Feb2720:08db.MYD
- -rw-------1mysqlmysql3072Feb2720:08db.MYI
- -rw-------1mysqlmysql8982Feb2720:08db.frm
- -rw-------1mysqlmysql0Feb2720:08func.MYD
- -rw-------1mysqlmysql1024Feb2720:08func.MYI
- -rw-------1mysqlmysql8641Feb2720:08func.frm
- -rw-------1mysqlmysql0Feb2720:08host.MYD
- -rw-------1mysqlmysql1024Feb2720:08host.MYI
- -rw-------1mysqlmysql8958Feb2720:08host.frm
- -rw-------1mysqlmysql0Feb2720:08tables_priv.MYD
- -rw-------1mysqlmysql1024Feb2720:08tables_priv.MYI
- -rw-------1mysqlmysql8877Feb2720:08tables_priv.frm
- -rw-------1mysqlmysql428Feb2720:08user.MYD
- -rw-------1mysqlmysql2048Feb2720:08user.MYI
- -rw-------1mysqlmysql9148Feb2720:08user.frm
If the owner and attributes of these files are not the same, use the following two commands to correct them:
- shell>chown-Rmysql.mysql/usr/local/mysql/var
- shell>chmod-Rgo-rwx/usr/local/mysql/var
Starting remote services with the root user has always been a security taboo, because if the service program encounters problems, remote attackers are very likely to gain full control of the host. MySQL has made minor changes since version 3.23.15. After installation by default, the service should be started by mysql users, and root users are not allowed to start the service.
If you have to use the root user for startup, you must add the -- user = root parameter (./safe_mysqld -- user = root &). MySQL has the SQL statements of LOAD DATA INFILE and SELECT... INTO OUTFILE. If the root user starts the MySQL server, the MySQL database user has the write permission of the root user. However, MySQL still imposes some restrictions. For example, load data infile can only read globally readable files, and SELECT... into outfile cannot overwrite existing files.