前言
在数字化时代,数据就像是我们的宝藏,而MySQL数据库就是守护这宝藏的坚实堡垒。而今天,我们将一起踏上一场建造这座堡垒的奇妙之旅,在Ubuntu的世界里,我们将搭建MySQL 8.0,为我们的数据打造一个安全而稳固的家园。不论您是探险家、建筑师还是魔法师,这篇文章都将为您带来一场奇妙的冒险!
脚本编写
#!/bin/bash # 添加 MySQL APT 仓库 wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb # 在安装过程中,可能会弹出提示让你选择 MySQL 版本和其他组件。 # 选择 MySQL 8.0 并继续安装。 # 更新包列表,这里可以不用 sudo apt-get update # 安装 MySQL 服务器 sudo apt-get install -y mysql-server # 启动 MySQL 服务 sudo systemctl start mysql.service # 使 MySQL 服务开机自启 sudo systemctl enable mysql.service # 运行安全安装向导 sudo mysql_secure_installation # 可选: 登录到 MySQL 以创建数据库或用户,默认是空密码,下面会讲 # sudo mysql -u root -p
脚本实现部署
- 给脚本赋权
chmod +x 脚本名称 - 执行脚本
过程参数
执行到下面这步可以看出,
Connecting to mysql using a blank password,也就是使用空密码
1、选择密码复杂度
There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
2、询问你是否要移除匿名用户。匿名用户允许任何人不需要用户名和密码就可以登录MySQL,这通常只在测试环境中使用。在生产环境中,保留匿名用户会带来安全风险,因为它可能允许未授权的用户访问数据库。
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) :
3、是否禁止root账户非localhost登录
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) :
4、这个提示询问你是否要移除 “test” 数据库。默认情况下,MySQL 会创建一个名为 “test” 的数据库,任何人都可以访问。这个数据库通常只用于测试,并且在进入生产环境之前应该被移除。
By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) :
5、MySQL 安装向导建议重新加载权限表。这是为了确保你到目前为止所做的所有更改(如移除匿名用户、移除 “test” 数据库等)都会立即生效。这是一个重要的步骤,以确保你的安全设置被正确应用。
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) :
成功页面
彩蛋
你会神奇的发现你输入mysql,然后直接回车,它就可以登录。前提是root账户,下图就是详细的原因
如果你需要登录验证,可以执行以下命令
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_new_password'; FLUSH PRIVILEGES;
坏蛋
有了彩蛋,当然坏蛋也是少不了的,你会发现不管怎么样你远程都是登录不了,即使你设置为root@%也会出现下面的报错
mysql> CREATE USER 'root'@'%' IDENTIFIED BY '12345678'; ERROR 1396 (HY000): Operation CREATE USER failed for 'root'@'%'
并且在mysql8以后默认不允许远程root登录,所以其实我们上面即使设计了也还是没用
解决方法
如果硬要登录,修改配置文件重新启动(这里不单单是只针对root账户,而是针对所有账户)
我的配置文件是在/etc/mysql/mysql.conf.d/mysqld.cnf
# If MySQL is running as a replication slave, this should be # changed. Ref https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_tmpdir # tmpdir = /tmp # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1
将上面的bind-address改为0.0.0.0即可
再次执行会显示如下结果,也就是成功了
