CentOS下安装MySQL5.6.10和安全配置教程详解

gcc
cmake
openssl+openssl-devel
pcre+pcre-devel
bzip2+bzip2-devel
libcurl+curl+curl-devel
libjpeg+libjpeg-devel
libpng+libpng-devel
freetype+freetype-devel
php-mcrypt+libmcrypt+libmcrypt-devel
libxslt+libxslt-devel
gmp+gmp-devel
libxml2+libxml2-devel
mhash
ncurses+ncurses-devel
xml2

# id mysql
id: mysql：无此用户
# groupadd mysql
# useradd -g mysql -s /sbin/nologin mysql
# id mysql
uid=500(mysql) gid=500(mysql) 组=500(mysql)

# mkdir -p /data/mysql/data
# chown -R mysql:mysql /data/mysql

# cd /usr/local/src
# wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz
# tar zxf mysql-5.6.10.tar.gz
# cd mysql-5.6.10
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1
...
CMake Warning:
Manually-specified variables were not used by the project:
MYSQL_USER
-- Build files have been written to: /usr/local/src/mysql-5.6.10
# make && make install
# mkdir -p /usr/local/mysql-5.6.10/etc
# mkdir -p /usr/local/mysql-5.6.10/tmp
# ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql
# chown -R mysql:mysql /usr/local/mysql-5.6.10
# chown -R mysql:mysql /usr/local/mysql

# vim /etc/profile
export MYSQL_HOME=/usr/local/mysql
export PATH=$PATH:$MYSQL_HOME/bin
$ source /etc/profile

# cd /usr/local/mysql
# scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data
...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
./bin/mysqladmin -u root password 'new-password'
./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password'
Alternatively you can run:
./bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd . ; ./bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the ./bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
WARNING: Found existing config file ./my.cnf on the system.
Because this file might be in use, it was not replaced,
but was used in bootstrap (unless you used --defaults-file)
and when you later start the server.
The new default config file was created as ./my-new.cnf,
please compare it with your file and take the changes you need.
WARNING: Default config file /etc/my.cnf exists on the system
This file will be read by default by the MySQL server
If you do not want to use this, either remove it, or use the
--defaults-file argument to mysqld_safe when starting the server

# mv /etc/my.cnf /etc/my.cnf.bak
# vim /usr/local/mysql-5.6.10/my.cnf
[mysqld]
basedir=/usr/local/mysql-5.6.10
datadir=/data/mysql/data
socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
user=mysql
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
[1] 3970
[root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'.
141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data

# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.10 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
mysql> update user set password=password('yourpassword') where user='root';
mysql> flush privileges;
mysql> exit;

# ps aux | grep mysql
root 3970 0.0 0.2 106308 1492 pts/1 S 19:02 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networking
mysql 4143 0.1 18.0 558280 90316 pts/1 Sl 19:02 0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
root 4313 0.0 0.1 103252 836 pts/0 S+ 19:05 0:00 grep mysql
# kill -9 3970
# kill -9 4143

# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
# chmod +x /etc/init.d/mysqld

# chkconfig mysqld on
# service mysqld
Usage: mysqld {start|stop|restart|reload|force-reload|status} [ MySQL server options ]
# service mysqld start
Starting MySQL.

# /usr/local/mysql-5.6.10/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):

# mysqld_safe --user=mysql

mysql> user mysql;
mysql> update user set password=password('yourpassword') where user='root';
mysql> flush privileges;

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
mysql> drop daabase test;
mysql> use mysql;
mysql> select host,user from user;
+--------------+------+
| host | user |
+--------------+------+
| 127.0.0.1 | root |
| ::1 | root |
| centos | |
| centos | root |
| localhost | |
| localhost | root |
+--------------+------+
mysql> delete from user where not(host='localhost' and user='root');
mysql> flush privileges;

mysql>create database yourdbname default charset utf8 collate utf8_general_ci;
mysql>create user 'yourusername'@'localhost' identified by 'yourpassword';
mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';

# chown -R mysql:mysql /data/mysql/data
# chmod -R go-rwx /data/mysql/data