Programming/MySQL: Difference between revisions
Brodriguez (talk | contribs) (Create page) |
Brodriguez (talk | contribs) (Add user permission stuff) |
||
| Line 14: | Line 14: | ||
To configure MySQL for security also run: | To configure MySQL for security also run: | ||
{{ bc | sudo mysql_secure_installation }} | {{ bc | sudo mysql_secure_installation }} | ||
== The MySQL Shell == | |||
You can access the MySQL server from a terminal via the MySQL shell. | |||
If you have a fresh install with no setup yet, then this is likely done via {{ ic |sudo mysql}}. | |||
If you have done some setup, such as setting a password for the root account or creating a user to login with, then use {{ ic |mysql -u <username> -p}}. | |||
== User Accounts == | |||
=== Connecting as Root === | |||
{{ Warn | Note that this is not recommended for any instances when the database should be secure. Use this only for development and testing instances, where security of data does not matter. }} | |||
For previous versions of MySQL, it was standard to default the root user as a login user with a password of {{ ic |root}}. This is no longer the default, but can easily be set with a few commands. First, enter the MySQL shell. Then enter: | |||
{{ bc | ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root'; }} | |||
* This will set the root user's password to "root". | |||
* Alternatively, alter the password to whatever you desire, if you want to add a tiny bit more security (setting root as a login-able password user is still not very recommended for security reasons). | |||
{{ bc | FLUSH PRIVILEGES; }} | |||
* This ensures that changes will propagate through the server without a reboot. | |||
Once set, the {{ ic |sudo mysql}} command will likely no longer work. Instead, login with root as {{ ic | mysql -u root -p}}. | |||
=== Adding a New User Account === | |||
Add a new user account with: | |||
{{ bc | CREATE USER '<username>'@'localhost' IDENTIFIED BY '<password>'; }} | |||
Where {{ ic |username}} and {{ic |password}} are replaced by the desired username and password for the user account. | |||
=== User Permissions === | |||
Once created, a user account needs to be given permission in order to be useful at all. Note that, from a security standpoint, it's always best to give the minimum possible permissions necessary for the user to do their job. | |||
==== Full Permissions ==== | |||
{{ Warn | Note that this is not recommended for any instances when the database should be secure. Use this only for development and testing instances, where security of data does not matter. }} | |||
To give a user full permissions (like the root account), launch the MySQL Shell, then run: | |||
{{ bc | GRANT ALL PRIVILEGES ON *.* TO '<username>'@'localhost' WITH GRANT OPTION; }} | |||
* Where {{ ic | username}} is replaced by the name of the user account to adjust. | |||
{{ bc | FLUSH PRIVILEGES; }} | |||
* This ensures that changes will propagate through the server without a reboot. | |||
Revision as of 23:14, 4 July 2020
Installation
Ubuntu
Basic installation can be performed with:
sudo apt install mysql-server
From here, you can access MySQL via:
sudo mysql
Securing the Installation
Note that the above command alone is an insecure installation, and is not suitable for things like production, or instances where stored data is not just test data and thus should be stored securely.
To configure MySQL for security also run:
sudo mysql_secure_installation
The MySQL Shell
You can access the MySQL server from a terminal via the MySQL shell.
If you have a fresh install with no setup yet, then this is likely done via sudo mysql.
If you have done some setup, such as setting a password for the root account or creating a user to login with, then use mysql -u <username> -p.
User Accounts
Connecting as Root
For previous versions of MySQL, it was standard to default the root user as a login user with a password of root. This is no longer the default, but can easily be set with a few commands. First, enter the MySQL shell. Then enter:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';
- This will set the root user's password to "root".
- Alternatively, alter the password to whatever you desire, if you want to add a tiny bit more security (setting root as a login-able password user is still not very recommended for security reasons).
FLUSH PRIVILEGES;
- This ensures that changes will propagate through the server without a reboot.
Once set, the sudo mysql command will likely no longer work. Instead, login with root as mysql -u root -p.
Adding a New User Account
Add a new user account with:
CREATE USER '<username>'@'localhost' IDENTIFIED BY '<password>';
Where username and password are replaced by the desired username and password for the user account.
User Permissions
Once created, a user account needs to be given permission in order to be useful at all. Note that, from a security standpoint, it's always best to give the minimum possible permissions necessary for the user to do their job.
Full Permissions
To give a user full permissions (like the root account), launch the MySQL Shell, then run:
GRANT ALL PRIVILEGES ON *.* TO '<username>'@'localhost' WITH GRANT OPTION;
- Where
usernameis replaced by the name of the user account to adjust.
FLUSH PRIVILEGES;
- This ensures that changes will propagate through the server without a reboot.