CentOS下安裝MySQL5.6.10和安全配置教程詳解_Mysql

註：以下所有操作都在CentOS 6.5 x86_64位系統下完成。

#準備工作#

在安裝MySQL之前，請確保已經使用yum安裝了以下各類基礎組件（如果系統已內建，還可以考慮yum update下基礎組件）：

gcccmakeopenssl+openssl-develpcre+pcre-develbzip2+bzip2-devellibcurl+curl+curl-devellibjpeg+libjpeg-devellibpng+libpng-develfreetype+freetype-develphp-mcrypt+libmcrypt+libmcrypt-devellibxslt+libxslt-develgmp+gmp-devellibxml2+libxml2-develmhashncurses+ncurses-develxml2

然後建立mysql的使用者組和使用者，並且不允許登入許可權：

# id mysqlid: mysql：無此使用者# groupadd mysql# useradd -g mysql -s /sbin/nologin mysql# id mysqluid=500(mysql) gid=500(mysql) 組=500(mysql)

#MySQL的安裝#

給MySQL的安裝準備目錄：

# mkdir -p /data/mysql/data# chown -R mysql:mysql /data/mysql

開始源碼安裝MySQL：

# cd /usr/local/src# wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz# tar zxf mysql-5.6.10.tar.gz# cd mysql-5.6.10# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1...CMake Warning:Manually-specified variables were not used by the project:MYSQL_USER-- Build files have been written to: /usr/local/src/mysql-5.6.10# make && make install# mkdir -p /usr/local/mysql-5.6.10/etc# mkdir -p /usr/local/mysql-5.6.10/tmp# ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql# chown -R mysql:mysql /usr/local/mysql-5.6.10# chown -R mysql:mysql /usr/local/mysql

給當前環境添加MySQL的bin目錄：

# vim /etc/profileexport MYSQL_HOME=/usr/local/mysqlexport PATH=$PATH:$MYSQL_HOME/bin$ source /etc/profile

執行初初始化配置指令碼並建立系統內建的資料庫和表：

# cd /usr/local/mysql# scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data...OKTo start mysqld at boot time you have to copysupport-files/mysql.server to the right place for your systemPLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !To do so, start the server, then issue the following commands:./bin/mysqladmin -u root password 'new-password'./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password'Alternatively you can run:./bin/mysql_secure_installationwhich will also give you the option of removing the testdatabases and anonymous user created by default. This isstrongly recommended for production servers.See the manual for more instructions.You can start the MySQL daemon with:cd . ; ./bin/mysqld_safe &You can test the MySQL daemon with mysql-test-run.plcd mysql-test ; perl mysql-test-run.plPlease report any problems with the ./bin/mysqlbug script!The latest information about MySQL is available on the web athttp://www.mysql.comSupport MySQL by buying support/licenses at http://shop.mysql.comWARNING: Found existing config file ./my.cnf on the system.Because this file might be in use, it was not replaced,but was used in bootstrap (unless you used --defaults-file)and when you later start the server.The new default config file was created as ./my-new.cnf,please compare it with your file and take the changes you need.WARNING: Default config file /etc/my.cnf exists on the systemThis file will be read by default by the MySQL serverIf you do not want to use this, either remove it, or use the--defaults-file argument to mysqld_safe when starting the server

註：由於MySQL在啟動的時候，會先去/etc/my.cnf找設定檔，如果沒有找到則搜尋$basedir/my.cnf，也即/usr/local/mysql-5.6.10/my.cnf，所以必須確保/etc/my.cnf沒有存在，否則可能導致無法啟動。

實際操作上發現系統上存在該檔案，所以這裡可能需要將該檔案先備份改名，然後再根據上面的配置寫設定檔：

# mv /etc/my.cnf /etc/my.cnf.bak# vim /usr/local/mysql-5.6.10/my.cnf[mysqld]basedir=/usr/local/mysql-5.6.10datadir=/data/mysql/datasocket=/usr/local/mysql-5.6.10/tmp/mysql.sockuser=mysqlsql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

修改MySQL使用者root的密碼，這裡使用mysqld_safe安全模式啟動：

# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &[1] 3970[root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'.141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data

這個時候已經啟動了mysqd_safe安全模式，另開一個視窗作為用戶端連入MySQL伺服器：

# mysqlWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 1Server version: 5.6.10 Source distributionCopyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> use mysql;mysql> update user set password=password('yourpassword') where user='root';mysql> flush privileges;mysql> exit;

修改完畢之後使用kill把mysqld_safe進程殺死：

# ps aux | grep mysqlroot 3970 0.0 0.2 106308 1492 pts/1 S 19:02 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networkingmysql 4143 0.1 18.0 558280 90316 pts/1 Sl 19:02 0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sockroot 4313 0.0 0.1 103252 836 pts/0 S+ 19:05 0:00 grep mysql# kill -9 3970# kill -9 4143

或者回到剛才啟動mysqld_safe的視窗ctrl+c將進程殺死也行。

複製服務啟動指令碼：

# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld# chmod +x /etc/init.d/mysqld

設定開機啟動MySQL服務並正常開啟MySQL服務（非必要項）：

# chkconfig mysqld on# service mysqldUsage: mysqld {start|stop|restart|reload|force-reload|status} [ MySQL server options ]# service mysqld startStarting MySQL.

以後就可以直接通過service mysqld命令來開啟/關閉MySQL資料庫了。

最後，建議生產環境下運行安全設定指令碼，禁止root使用者遠端連線，移除test資料庫和匿名使用者等：

# /usr/local/mysql-5.6.10/bin/mysql_secure_installationNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQLSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MySQL to secure it, we'll need the currentpassword for the root user. If you've just installed MySQL, andyou haven't set the root password yet, the password will be blank,so you should just press enter here.Enter current password for root (enter for none):

註：上面輸入的root密碼指的是前面設定的MySQL的root賬戶的密碼。

至此，MySQL資料庫已經安裝完畢。

#MySQL的安全配置#

1、確保啟動MySQL不能使用系統的root帳號，必須是建立的mysql帳號，比如：

# mysqld_safe --user=mysql

2、MySQL安裝好運行初始化資料庫後，預設的root賬戶密碼為空白，必須給其設定一個密碼，同時保證該密碼具有較高的安全性。比如：

mysql> user mysql;mysql> update user set password=password('yourpassword') where user='root';mysql> flush privileges;

3、刪除預設資料庫及使用者：

mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || test |+--------------------+mysql> drop daabase test;mysql> use mysql;mysql> select host,user from user;+--------------+------+| host | user |+--------------+------+| 127.0.0.1 | root || ::1 | root || centos | || centos | root || localhost | || localhost | root |+--------------+------+mysql> delete from user where not(host='localhost' and user='root');mysql> flush privileges;

註：上面的user表中的資料可能會有所不同。

4、當開發網站串連資料庫的時候，建議建立一個使用者只針對某個庫有update/select/delete/insert/drop table/create table等許可權，減小某個項目的資料庫的使用者名稱和密碼被竊取後造成其他項目受影響，比如：

mysql>create database yourdbname default charset utf8 collate utf8_general_ci;mysql>create user 'yourusername'@'localhost' identified by 'yourpassword';mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';

5、資料庫檔案所在的目錄不允許未經授權的使用者訪問，需要控制對該目錄的訪問，比如：

# chown -R mysql:mysql /data/mysql/data# chmod -R go-rwx /data/mysql/data

以上所述是小編給大家介紹的CentOS下安裝MySQL5.6.10和安全配置教程詳解，希望對大家有所協助，如果大家有任何疑問請給我留言，小編會及時回複大家的。在此也非常感謝大家對雲棲社區網站的支援！