A previous version of this tutorial was written by Hazel Virdó
本教程的先前版本由HazelVirdó编写
介绍 (Introduction)
MySQL is an open-source database management system, commonly installed as part of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. It implements the relational model and uses Structured Query Language (better known as SQL) to manage its data.
MySQL是一个开源数据库管理系统,通常作为流行的LAMP (Linux,Apache,MySQL,PHP / Python / Perl)堆栈的一部分安装。 它实现了关系模型,并使用结构化查询语言(又称SQL)来管理其数据。
This tutorial will go over how to install MySQL version 8.0 on an Ubuntu 20.04 server. By completing it, you will have a working relational database that you can use to build your next website or application.
本教程将介绍如何在Ubuntu 20.04服务器上安装MySQL 8.0版。 完成后,您将拥有一个可用的关系数据库,可用于构建下一个网站或应用程序。
先决条件 (Prerequisites)
To follow this tutorial, you will need:
要遵循本教程,您将需要:
One Ubuntu 20.04 server with a non-root administrative user and a firewall configured with UFW. To set this up, follow our initial server setup guide for Ubuntu 20.04.
一台Ubuntu 20.04服务器,具有非root用户和配置了UFW的防火墙。 要进行设置,请遵循我们针对Ubuntu 20.04的初始服务器设置指南 。
第1步-安装MySQL (Step 1 — Installing MySQL)
On Ubuntu 20.04, you can install MySQL using the APT package repository. At the time of this writing, the version of MySQL available in the default Ubuntu repository is version 8.0.19.
在Ubuntu 20.04上,您可以使用APT软件包存储库安装MySQL。 在撰写本文时,默认的Ubuntu存储库中可用MySQL版本是8.0.19版本。
To install it, update the package index on your server if you’ve not done so recently:
要安装它,请更新服务器上的软件包索引(如果您最近没有这样做的话):
- sudo apt update sudo apt更新
Then install the mysql-server package:
然后安装mysql-server软件包:
- sudo apt install mysql-server sudo apt安装mysql服务器
This will install MySQL, but will not prompt you to set a password or make any other configuration changes. Because this leaves your installation of MySQL insecure, we will address this next.
这将安装MySQL,但不会提示您设置密码或进行任何其他配置更改。 因为这会使您MySQL安装不安全,所以我们接下来将解决此问题。
第2步-配置MySQL (Step 2 — Configuring MySQL)
For fresh installations of MySQL, you’ll want to run the DBMS’s included security script. This script changes some of the less secure default options for things like remote root logins and sample users.
对于MySQL的全新安装,您将需要运行DBMS随附的安全脚本。 该脚本更改了一些不太安全的默认选项,例如远程root登录和样本用户。
Run the security script with sudo:
使用sudo运行安全脚本:
- sudo mysql_secure_installation 须藤mysql_secure_installation
This will take you through a series of prompts where you can make some changes to your MySQL installation’s security options. The first prompt will ask whether you’d like to set up the Validate Password Plugin, which can be used to test the password strength of new MySQL users before deeming them valid.
这将引导您完成一系列提示,在其中您可以对MySQL安装的安全性选项进行一些更改。 第一个提示将询问您是否要设置验证密码插件,该插件可用于在认为新MySQL用户有效之前测试其密码强度。
If you elect to set up the Validate Password Plugin, any MySQL user you create that authenticates with a password will be required to have a password that satisfies the policy you select. The strongest policy level — which you can select by entering 2 — will require passwords to be at least eight characters long and include a mix of uppercase, lowercase, numeric, and special characters:
如果您选择设置“验证密码插件”,则您创建的任何使用密码进行身份验证MySQL用户都将必须具有符合所选策略的密码。 最强的策略级别(您可以通过输入2来选择)将要求密码长度至少为八个字符,并包括大写,小写,数字和特殊字符的组合:
Output
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: Y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
2
Regardless of whether you choose to set up the Validate Password Plugin, the next prompt will be to set a password for the MySQL root user. Enter and then confirm a secure password of your choice:
无论您是否选择设置“验证密码插件”,下一个提示都是为MySQL 根用户设置密码。 输入,然后确认您选择的安全密码:
Output
Please set the password for root here.
New password:
Re-enter new password:
Note that even though you’ve set a password for the root MySQL user, this user is not currently configured to authenticate with a password when connecting to the MySQL shell.
请注意,即使您已经为MySQL 根用户设置了密码,但在连接到MySQL Shell时,当前尚未将该用户配置为使用密码进行身份验证。
If you used the Validate Password Plugin, you’ll receive feedback on the strength of your new password. Then the script will ask if you want to continue with the password you just entered or if you want to enter a new one. Assuming you’re satisfied with the strength of the password you just entered, enter Y to continue the script:
如果您使用了验证密码插件,您将收到有关新密码强度的反馈。 然后,脚本将询问您是否要继续使用刚输入的密码,还是要输入一个新密码。 假设您对刚输入的密码的强度感到满意,请输入Y继续执行脚本:
Output
Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y
From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately respects the changes you have made.
在此处,您可以按Y ,然后按ENTER以接受所有后续问题的默认设置。 这将删除一些匿名用户和测试数据库,禁用远程root登录,并加载这些新规则,以便MySQL立即尊重您所做的更改。
Once the script completes, your MySQL installation will be secured. You can now move on to creating a dedicated database user with the MySQL client.
脚本完成后,您MySQL安装将受到保护。 现在,您可以继续使用MySQL客户端创建专用的数据库用户。
第3步-创建专用MySQL用户并授予权限 (Step 3 — Creating a Dedicated MySQL User and Granting Privileges)
Upon installation, MySQL creates a root user account which you can use to manage your database. This user has full privileges over the MySQL server, meaning it has complete control over every database, table, user, and so on. Because of this, it’s best to avoid using this account outside of administrative functions. This step outlines how to use the root MySQL user to create a new user account and grant it privileges.
安装后,MySQL将创建一个根用户帐户,您可以使用该帐户来管理数据库。 该用户具有MySQL服务器的全部特权,这意味着它可以完全控制每个数据库,表,用户等。 因此,最好避免在管理功能之外使用此帐户。 此步骤概述了如何使用MySQL 根用户创建新用户帐户并为其授予特权。
In Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This plugin requires that the name of the operating system user that invokes the MySQL client matches the name of the MySQL user specified in the command, so you must invoke mysql with sudo privileges to gain access to the root MySQL user:
在运行MySQL 5.7 (及更高版本)的Ubuntu系统中,默认情况下,MySQL 根用户设置为使用auth_socket插件而不是使用密码进行身份验证。 此插件要求调用MySQL客户端的操作系统用户的名称与命令中指定MySQL用户的名称相匹配,因此必须使用sudo特权调用mysql才能访问root用户MySQL:
- sudo mysql 须藤MySQL
Note: If you installed MySQL with another tutorial and enabled password authentication for root, you will need to use a different command to access the MySQL shell. The following will run your MySQL client with regular user privileges, and you will only gain administrator privileges within the database by authenticating:
注意:如果将MySQL与其他教程一起安装并为root启用了密码认证,则将需要使用其他命令来访问MySQL Shell。 以下内容将以常规用户权限运行您MySQL客户端,并且您将仅通过身份验证在数据库内获得管理员权限:
- mysql -u root -p mysql -u root -p
Once you have access to the MySQL prompt, you can create a new user with a CREATE USER statement. These follow this general syntax:
一旦可以访问MySQL提示符,就可以使用CREATE USER语句创建一个新用户。 这些遵循以下一般语法:
CREATE USER 'username'@'host' IDENTIFIED WITH authentication_plugin BY 'password';
创建用户' 用户名 '@' 主机 '通过authentication_plugin BY' 密码 '识别;
After CREATE USER, you specify a username. This is immediately followed by an @ sign and then the hostname from which this user will connect. If you only plan to access this user locally from your Ubuntu server, you can specify localhost. Wrapping both the username and host in single quotes isn’t always necessary, but doing so can help to prevent errors.
在CREATE USER ,您可以指定一个用户名。 紧随其后的是@符号,然后是该用户将从其连接的主机名。 如果仅打算从Ubuntu服务器本地访问该用户,则可以指定localhost 。 将用户名和主机都用单引号引起来并非总是必要的,但是这样做可以防止出现错误。
You have several options when it comes to choosing your user’s authentication plugin. The auth_socket plugin mentioned previously can be convenient, as it provides strong security without requiring valid users to enter a password to access the database. But it also prevents remote connections, which can complicate things when external programs need to interact with MySQL.
在选择用户的身份验证插件时,您有多种选择。 前面提到的auth_socket插件很方便,因为它提供了强大的安全性,而无需有效的用户输入密码来访问数据库。 但是它也阻止了远程连接,当外部程序需要与MySQL交互时,远程连接会使事情变得复杂。
As an alternative, you can leave out the WITH authentication plugin portion of the syntax entirely to have the user authenticate with MySQL’s default plugin, caching_sha2_password. The MySQL documentation recommends this plugin for users who want to log in with a password due to its security.
或者,您可以完全忽略语法的WITH authentication plugin部分,以使用户通过MySQL的默认插件caching_sha2_password身份验证。 MySQL文档为安全性高而希望使用密码登录的用户推荐此插件 。
Run the following command to create a user that authenticates with caching_sha2_password. Be sure to change sammy to your preferred username and password to a strong password of your choosing:
运行以下命令以创建使用caching_sha2_password身份验证的用户。 确保将sammy更改sammy选用户名,并将password更改为您选择的强密码:
CREATE USER 'sammy'@'localhost' IDENTIFIED BY 'password';
创建用户' sammy '@'localhost'由' password '标识;
Note: There is a known issue with some versions of PHP that causes problems with caching_sha2_password. If you plan to use this database with a PHP application — phpMyAdmin, for example — you may want to create a user that will authenticate with the older, though still secure, mysql_native_password plugin instead:
注意 :某些版本PHP存在一个已知问题,该问题会导致caching_sha2_password出现问题。 如果您打算将此数据库与PHP应用程序一起使用(例如phpMyAdmin),则可能希望创建一个将通过较旧但仍安全的mysql_native_password插件进行身份验证的用户:
CREATE USER 'sammy'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
创建用户' sammy '@'localhost'用mysql_native_password通过' password '标识;
If you aren’t sure, you can always create a user that authenticates with caching_sha2_plugin and then ALTER it later on with this command:
如果不确定,始终可以创建一个使用caching_sha2_plugin身份验证的用户,然后稍后使用以下命令对其进行ALTER :
ALTER USER 'sammy'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
ALTER USER ' 森 '@' localhost'的WITH mysql_native_password BY ' 密码 ' IDENTIFIED;
After creating your new user, you can grant them the appropriate privileges. The general syntax for granting user privileges is as follows:
创建新用户后,您可以为其授予适当的特权。 授予用户特权的一般语法如下:
GRANT PRIVILEGE ON database.table TO 'username'@'host';
数据库上的 GRANT PRIVILEGE 。 表 TO' 用户名 '@' 主机 ';
The PRIVILEGE value in this example syntax defines what actions the user is allowed to perform on the specified database and table. You can grant multiple privileges to the same user in one command by separating each with a comma. You can also grant a user privileges globally by entering asterisks (*) in place of the database and table names. In SQL, asterisks are special characters used to represent “all” databases or tables.
此示例语法中的PRIVILEGE值定义允许用户对指定的database和table执行哪些操作。 通过用逗号分隔每个用户,可以在一个命令中向同一用户授予多个特权。 您还可以通过输入星号( * )代替数据库和表名来全局授予用户特权。 在SQL中,星号是用于表示“所有”数据库或表的特殊字符。
To illustrate, the following command grants a user global privileges to CREATE, ALTER, and DROP databases, tables, and users, as well as the power to INSERT, UPDATE, and DELETE data from any table on the server. It also grants the user the ability to query data with SELECT. However, you should only grant users the permissions they need, so feel free to adjust your own user’s privileges as necessary.
为了说明这一点,以下命令向用户授予CREATE , ALTER和DROP数据库,表和用户的全局特权,并授予服务器上任何表的INSERT , UPDATE和DELETE数据的权限。 它还使用户能够使用SELECT查询数据。 但是,您应该只授予用户所需的权限,因此可以根据需要随意调整自己的用户权限。
You can find the full list of available privileges in the official MySQL documentation.
您可以在官方MySQL文档中找到可用特权的完整列表。
Run this GRANT statement, replacing sammy with your own MySQL user’s name, to grant these privileges to your user:
运行以下GRANT语句,将sammy替换为您自己MySQL用户名,以向您的用户授予以下特权:
GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT on *.* TO 'sammy'@'localhost' WITH GRANT OPTION;
在*。*上进行GRANT CREATE,ALTER,DROP,INSERT,UPDATE,DELETE,SELECT,使用GRANT选项将其转换为' samy '@'localhost';
Note that this statement also includes WITH GRANT OPTION. This will allow your MySQL user to grant any that it has to other users on the system.
注意,该语句还包括WITH GRANT OPTION 。 这将使您MySQL用户可以将其拥有的任何权限授予系统上的其他用户。
Warning: Some users may want to grant their MySQL user the ALL PRIVILEGES privilege, which will provide them with broad superuser privileges akin to the root user’s privileges, like so:
警告 :某些用户可能希望向其MySQL用户授予ALL PRIVILEGES特权,这将为他们提供类似于root用户特权的广泛超级用户特权,例如:
GRANT ALL PRIVILEGES ON *.* TO 'sammy'@'localhost' WITH GRANT OPTION;
将所有特权授予*。*到' sammy '@'localhost'并带有格randint选项;
Such broad privileges should not be granted lightly, as anyone with access to this MySQL user will have complete control over every database on the server.
不能轻易授予如此广泛的特权,因为任何有权访问此MySQL用户的人都将完全控制服务器上的每个数据库。
Following this, it’s good practice to run the FLUSH PRIVILEGES command. This will free up any memory that the server cached as a result of the preceding CREATE USER and GRANT statements:
在此之后,最好执行FLUSH PRIVILEGES命令。 由于先前的CREATE USER和GRANT语句,这将释放服务器缓存的所有内存:
- FLUSH PRIVILEGES; 冲洗特权;
Then you can exit the MySQL client:
然后,您可以退出MySQL客户端:
- exit 出口
In the future, to log in as your new MySQL user, you’d use a command like the following:
将来,要以新MySQL用户身份登录,请使用以下命令:
mysql -u sammy -p
mysql -u sammy -p
The -p flag will cause the MySQL client to prompt you for your MySQL user’s password in order to authenticate.
-p标志将导致MySQL客户端提示您输入MySQL用户的密码以进行身份验证。
Finally, let’s test the MySQL installation.
最后,让我们测试MySQL的安装。
第4步-测试MySQL (Step 4 — Testing MySQL)
Regardless of how you installed it, MySQL should have started running automatically. To test this, check its status.
无论您如何安装,MySQL都应该已经开始自动运行。 要对此进行测试,请检查其状态。
- systemctl status mysql.service systemctl状态mysql.service
You’ll see output similar to the following:
您将看到类似于以下内容的输出:
Output
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-04-21 12:56:48 UTC; 6min ago
Main PID: 10382 (mysqld)
Status: "Server is operational"
Tasks: 39 (limit: 1137)
Memory: 370.0M
CGroup: /system.slice/mysql.service
└─10382 /usr/sbin/mysqld
If MySQL isn’t running, you can start it with sudo systemctl start mysql.
如果MySQL未运行,则可以使用sudo systemctl start mysql来启动它。
For an additional check, you can try connecting to the database using the mysqladmin tool, which is a client that lets you run administrative commands. For example, this command says to connect as a MySQL user named sammy (-u sammy), prompt for a password (-p), and return the version. Be sure to change sammy to the name of your dedicated MySQL user, and enter that user’s password when prompted:
要进行其他检查,可以尝试使用mysqladmin工具连接到数据库,该工具是允许您运行管理命令的客户端。 例如,此命令说要以名为sammy ( -u sammy )MySQL用户身份进行连接,提示输入密码( -p ),然后返回版本。 确保将sammy更改为专用MySQL用户的名称,并在出现提示时输入该用户的密码:
sudo mysqladmin -p -u sammy version
sudo mysqladmin -p -u sammy版本
You should see output similar to this:
您应该看到类似于以下的输出:
Output
mysqladmin Ver 8.0.19-0ubuntu5 for Linux on x86_64 ((Ubuntu))
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Server version 8.0.19-0ubuntu5
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 10 min 44 sec
Threads: 2 Questions: 25 Slow queries: 0 Opens: 149 Flush tables: 3 Open tables: 69 Queries per second avg: 0.038
This means MySQL is up and running.
这意味着MySQL已启动并正在运行。
结论 (Conclusion)
You now have a basic MySQL setup installed on your server. Here are a few examples of next steps you can take:
现在,您已在服务器上安装了基本MySQL设置。 以下是一些您可以采取的后续步骤的示例:
翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
