本文共 10466 字,大约阅读时间需要 34 分钟。
is an open-source database management system, commonly used as an alternative for the MySQL portion of the popular (Linux, Apache, MySQL, PHP/Python/Perl) stack. It is intended to be a drop-in replacement for MySQL and Debian now only ships with MariaDB packages. If you attempt to install MySQL server related packages, you’ll receive the compatible MariaDB replacement versions instead.
是一个开源数据库管理系统,通常用作流行的 (Linux,Apache,MySQL,PHP / Python / Perl)堆栈MySQL部分的替代方案。 它旨在替代MySQL,而Debian现在仅随MariaDB软件包一起提供。 如果您尝试安装与MySQL服务器相关的软件包,则会收到兼容的MariaDB替代版本。
The short version of this installation guide consists of these three steps:
本安装指南的简短版本包括以下三个步骤:
Update your package index using apt
使用apt
更新您的软件包索引
Install the mariadb-server
package using apt
. The package also pulls in related tools to interact with MariaDB
使用apt
安装mariadb-server
软件包。 该软件包还引入了与MariaDB交互的相关工具
Run the included mysql_secure_installation
security script to restrict access to the server
运行附带的mysql_secure_installation
安全脚本以限制对服务器的访问
This tutorial will explain how to install MariaDB version 10.3 on a Debian 10 server, and verify that it is running and has a safe initial configuration.
本教程将说明如何在Debian 10服务器上安装MariaDB 10.3版,并验证其是否正在运行并具有安全的初始配置。
To follow this tutorial, you will need:
要遵循本教程,您将需要:
One Debian 10 server set up by following , including a non-root user with sudo
privileges and a firewall.
通过遵循设置一台Debian 10服务器,包括具有sudo
特权的非root用户和防火墙。
On Debian 10, MariaDB version 10.3 is included in the APT package repositories by default. It is marked as the default MySQL variant by the Debian MySQL/MariaDB packaging team.
在Debian 10上,默认情况下APT软件包存储库中包含MariaDB 10.3版。 Debian MySQL / MariaDB打包团队将其标记为默认MySQL变体。
To install it, update the package index on your server with apt
:
要安装它,请使用apt
更新服务器上的软件包索引:
Then install the package:
然后安装软件包:
These commands will install MariaDB, but will not prompt you to set a password or make any other configuration changes. Because the default configuration leaves your installation of MariaDB insecure, we will use a script that the mariadb-server
package provides to restrict access to the server and remove unused accounts.
这些命令将安装MariaDB,但不会提示您设置密码或进行任何其他配置更改。 因为默认配置使您对MariaDB的安装不安全,所以我们将使用mariadb-server
软件包提供的脚本来限制对服务器的访问并删除未使用的帐户。
For new MariaDB installations, the next step is to run the included security script. This script changes some of the less secure default options. We will use it to block remote root logins and to remove unused database users.
对于新的MariaDB安装,下一步是运行附带的安全脚本。 该脚本更改了一些不太安全的默认选项。 我们将使用它来阻止远程root用户登录并删除未使用的数据库用户。
Run the security script:
运行安全脚本:
This will take you through a series of prompts where you can make some changes to your MariaDB installation’s security options. The first prompt will ask you to enter the current database root password. Since we have not set one up yet, press ENTER
to indicate “none”.
这将引导您完成一系列提示,您可以在其中更改MariaDB安装的安全性选项。 第一个提示将要求您输入当前的数据库根密码。 由于尚未设置,请按ENTER
表示“无”。
The next prompt asks you whether you’d like to set up a database root password. Type N
and then press ENTER
. In Debian, the root account for MariaDB is tied closely to automated system maintenance, so we should not change the configured authentication methods for that account. Doing so would make it possible for a package update to break the database system by removing access to the administrative account. Later, we will cover how to optionally set up an additional administrative account for password access if socket authentication is not appropriate for your use case.
下一个提示询问您是否要设置数据库根密码。 键入N
,然后按ENTER
。 在Debian中,MariaDB的根帐户与自动系统维护紧密相关,因此我们不应更改该帐户的已配置身份验证方法。 这样做将使软件包更新有可能通过删除对管理帐户的访问来破坏数据库系统。 稍后,我们将介绍如何在套接字身份验证不适用于您的用例的情况下如何选择设置其他管理帐户来访问密码。
From there, you can press Y
and then ENTER
to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MariaDB immediately respects the changes you have made.
在此处,您可以按Y
,然后按ENTER
以接受所有后续问题的默认设置。 这将删除一些匿名用户和测试数据库,禁用远程root登录,并加载这些新规则,以便MariaDB立即尊重您所做的更改。
In Debian systems running MariaDB 10.3, the root MariaDB user is set to authenticate using the unix_socket
plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) administrative rights.
在运行MariaDB 10.3的Debian系统中,默认情况下,将root MariaDB用户设置为使用unix_socket
插件而不是使用密码进行身份验证。 在许多情况下,这可以提高安全性和可用性,但是当您需要允许外部程序(例如phpMyAdmin)的管理权限时,也会使事情变得复杂。
Because the server uses the root account for tasks like log rotation and starting and stopping the server, it is best not to change the root account’s authentication details. Changing credentials in the /etc/mysql/debian.cnf
configuration file may work initially, but package updates could potentially overwrite those changes. Instead of modifying the root account, the package maintainers recommend creating a separate administrative account for password-based access.
由于服务器使用root帐户执行日志轮换以及启动和停止服务器等任务,因此最好不要更改root帐户的身份验证详细信息。 最初可能会在/etc/mysql/debian.cnf
配置文件中更改凭据,但软件包更新可能会覆盖这些更改。 软件包维护者建议不要创建根帐户,而要修改根帐户,而要修改基于密码的访问权限。
To do so, we will create a new account called admin
with the same capabilities as the root account, but configured for password authentication. To do this, open up the MariaDB prompt from your terminal:
为此,我们将创建一个名为admin
的新帐户,该帐户具有与根帐户相同的功能,但已配置为进行密码身份验证。 为此,请从终端打开MariaDB提示符:
Now, we will create a new user with root privileges and password-based access. Change the username and password to match your preferences:
现在,我们将创建一个具有root用户特权和基于密码的访问权限的新用户。 更改用户名和密码以匹配您的首选项:
MariaDB [(none)]> GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Flush the privileges to ensure that they are saved and available in the current session:
刷新特权以确保它们已保存并在当前会话中可用:
MariaDB [(none)]> FLUSH PRIVILEGES;
Following this, exit the MariaDB shell:
之后,退出MariaDB shell:
MariaDB [(none)]> exit
Finally, let’s test the MariaDB installation.
最后,让我们测试一下MariaDB安装。
When installed from the default repositories, MariaDB should start running automatically. To test this, check its status.
从默认存储库安装后,MariaDB应该自动开始运行。 要对此进行测试,请检查其状态。
You’ll receive output that is similar to the following:
您将收到类似于以下内容的输出:
● mariadb.service - MariaDB 10.3.15 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-07-12 20:35:29 UTC; 47min ago Docs: man:mysqld(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 2036 (mysqld) Status: "Taking your SQL requests now..." Tasks: 30 (limit: 2378) Memory: 76.1M CGroup: /system.slice/mariadb.service └─2036 /usr/sbin/mysqldJul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: Phase 6/7: Checking and upgrading tablesJul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: Running 'mysqlcheck' with connection arguments: --socket='/var/run/mysqld/mysqld.sock' --host='localhost' --socket='/var/run/mysqld/mysqld.sock' --host='localhost' --socket='/var/run/mysqld/mysqld.sock'Jul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: # Connecting to localhost...Jul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: # Disconnecting from localhost...Jul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: Processing databasesJul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: information_schemaJul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: performance_schemaJul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: Phase 7/7: Running 'FLUSH PRIVILEGES'Jul 12 20:35:29 deb-mariadb1 /etc/mysql/debian-start[2074]: OKJul 12 20:35:30 deb-mariadb1 /etc/mysql/debian-start[2132]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables
If MariaDB isn’t running, you can start it with the command sudo systemctl start mariadb
.
如果MariaDB未运行,则可以使用命令sudo systemctl start mariadb
启动它。
For an additional check, you can try connecting to the database using the mysqladmin
tool, which is a client that lets you run administrative commands. For example, this command says to connect to MariaDB as root and return the version using the Unix socket:
要进行其他检查,可以尝试使用mysqladmin
工具连接到数据库,该工具是允许您运行管理命令的客户端。 例如,以下命令说要以root用户身份连接到MariaDB并使用Unix套接字返回版本:
You should receive output similar to this:
您应该收到类似于以下的输出:
Output mysqladmin Ver 9.1 Distrib 10.3.15-MariaDB, for debian-linux-gnu on x86_64Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Server version 10.3.15-MariaDB-1Protocol version 10Connection Localhost via UNIX socketUNIX socket /var/run/mysqld/mysqld.sockUptime: 48 min 14 secThreads: 7 Questions: 474 Slow queries: 0 Opens: 177 Flush tables: 1 Open tables: 31 Queries per second avg: 0.163
If you configured a separate administrative user with password authentication, you could perform the same operation by typing:
如果使用密码身份验证配置了单独的管理用户,则可以通过键入以下命令执行相同的操作:
mysqladmin -u admin -p version
mysqladmin -u admin -p版本
This means that MariaDB is up and running and that your user is able to authenticate successfully.
这意味着MariaDB已启动并正在运行,并且您的用户能够成功进行身份验证。
In this guide you installed MariaDB to act as an SQL server. During the installation process you also secured the server. Optionally, you also created a separate user to ensure administrative access to MariaDB across package updates.
在本指南中,您安装了MariaDB以充当SQL Server。 在安装过程中,您还保护了服务器。 (可选)您还创建了一个单独的用户,以确保跨软件包更新对MariaDB的管理访问。
Now that you have a running and secure MariaDB server, here some examples of next steps that you can take to work with the server:
既然您已经有一个运行中且安全的MariaDB服务器,那么下面是您可以使用该服务器的一些后续步骤示例:
You can also incorporate MariaDB into a larger application stack:
您还可以将MariaDB合并到更大的应用程序堆栈中:
翻译自:
转载地址:http://bthgb.baihongyu.com/