• 设置root管理员在数据库中的密码值(注意,该密码并非root管理员在系统中的密码,这里的密码值默认应该为空,可直接按回车键)。
    • 设置root管理员在数据库中的专有密码。
    • 随后删除匿名账户,并使用root管理员从远程登录数据库,以确保数据库上运行的业务的安全性。
    • 删除默认的测试数据库,取消测试数据库的一系列访问权限。
    • 刷新授权列表,让初始化的设定立即生效。对于上述数据库初始化的操作步骤,刘遄老师已经在下面的输出信息旁边进行了简单注释,确保各位读者更直观地了解要输入的内容:
    1. [root@linuxprobe ~]# mysql_secure_installation 
    2. /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
    3. NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
    4.       SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
    5. In order to log into MariaDB to secure it, we'll need the current
    6. password for the root user.  If you've just installed MariaDB, and
    7. you haven't set the root password yet, the password will be blank,
    8. so you should just press enter here.
    9. Enter current password for root (enter for none):  当前数据库密码为空,直接按回车键
    10. OK, successfully used password, moving on...
    11. Setting the root password ensures that nobody can log into the MariaDB
    12. root user without the proper authorisation.
    13. Set root password? [Y/n] y
    14. New password:输入要为root管理员设置的数据库密码
    15. Re-enter new password:再次输入密码
    16. Password updated successfully!
    17.  ... Success!
    18. By default, a MariaDB installation has an anonymous user, allowing anyone
    19. to log into MariaDB without having to have a user account created for
    20. them.  This is intended only for testing, and to make the installation
    21. go a bit smoother.  You should remove them before moving into a
    22. production environment.
    23. Remove anonymous users? [Y/n] y(删除匿名账户)
    24. ... Success!
    25. Normally, root should only be allowed to connect from 'localhost'.  This
    26. ensures that someone cannot guess at the root password from the network.
    27. Disallow root login remotely? [Y/n] y(禁止root管理员从远程登录)
    28.  ... Success!
    29. By default, MariaDB comes with a database named 'test' that anyone can
    30. access.  This is also intended only for testing, and should be removed
    31. before moving into a production environment.
    32. Remove test database and access to it? [Y/n] y(删除test数据库并取消对它的访问权限)
    33.  - Dropping test database...
    34.  ... Success!
    35.  - Removing privileges on test database...
    36.  ... Success!
    37. Reloading the privilege tables will ensure that all changes made so far
    38. Reload privilege tables now? [Y/n] y(刷新授权表,让初始化后的设定立即生效)
    39.  ... Success!
    40. Cleaning up...
    41. All done!  If you've completed all of the above steps, your MariaDB
    42. installation should now be secure.
    43. Thanks for using MariaDB!

    在很多生产环境中都需要使用站库分离的技术(即网站和数据库不在同一个服务器上),如果需要让root管理员远程访问数据库,可在上面的初始化操作中设置策略,以允许root管理员从远程访问。然后还需要设置防火墙,使其放行对数据库服务程序的访问请求,数据库服务程序默认会占用3306端口,在防火墙策略中服务名称统一叫作mysql:

    1. [root@linuxprobe ~]# mysql -u root -p
    2. Enter password: 此处输入root管理员在数据库中的密码
    3. Welcome to the MariaDB monitor. Commands end with ; or \g.
    4. Your MariaDB connection id is 5
    5. Server version: 5.5.35-MariaDB MariaDB Server
    6. Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
    7. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    8. MariaDB [(none)]>

    在登录MariaDB数据库后执行数据库命令时,都需要在命令后面用分号(;)结尾,这也是与Linux命令最显著的区别。大家需要慢慢习惯数据库命令的这种设定。下面执行如下命令查看数据库管理系统中当前都有哪些数据库:

    1. MariaDB [(none)]> SET password = PASSWORD('linuxprobe');
    2. Query OK, 0 rows affected (0.00 sec)
    3. MariaDB [(none)]> exit
    4. Bye
    5. [root@linuxprobe ~]# mysql -u root -p
    6. Enter password:此处输入root管理员在数据库中的新密码
    7. ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)