glibc的安装、安全用户角色权限

安装步骤

1.安装依赖库

2.解压查看

[root@localhost ~]# yum list installed |grep libaio

[root@localhost ~]# tar -xvf mysql-8.0.33-linuxglibc2.12-x86_64.tar

[root@localhost ~]# tar -xvf mysql-8.0.33-linuxglibc2.12-x86_64.tar.xz

[root@localhost ~]# ls mysql-8.0.33-linuxglibc2.12-x86_64/

1. 创建⽤户

[root@localhost ~]# useradd -r -s /sbin/nologin

[root@localhost ~]# id mysql

1. 清空其他环境 mariadb

[root@localhost ~]# rm -rf /etc/my.cnf

1. 将解压⽂件放置在根⽬录下

[root@localhost ~]# mv mysql-8.0.33-linuxglibc2.12-x86_64/ /mysql8

[root@localhost ~]# ls /mysql8/

bin docs include lib LICENSE man README

share support-files

1. 切换mysql8⽬录，创建⼀个mysqfiles

cd /mysql8/

mkdir mysql-files

7.修改mysql-files⽂件权限750和所属

[root@localhost mysql8]# chown mysql:mysql mysqlfiles/

[root@localhost mysql8]# chmod 750 mysql-files/

[root@localhost mysql8]# ls -l

8.初始化数据库，找到初始密码

[root@localhost mysql8]# ./bin/mysqld --initialize

--user=mysql --basedir=/mysql8

9.查看是否初始化成功过，可以看⽂件夹中是否有data⽂件夹

[root@localhost mysql8]# ls

10.设置ssl安全加密连接 敏感数据

[root@localhost mysql8]# ls ./bin/*ssl*

./bin/mysql_ssl_rsa_setup

[root@localhost mysql8]# ./bin/mysql_ssl_rsa_setup

--datadir=/mysql8/data

[root@localhost mysql8]# ls ./data/

11.其他配置

[root@localhost mysql8]# cp supportfiles/mysql.server /etc/init.d/mysql8

[root@localhost mysql8]# ls /etc/init.d/mysql8

[root@localhost mysql8]# ls /etc/init.d/

# 默认情况下，启动⽂件认识安装⽬录在/usr/local/⽬录下

[root@localhost mysql8]# sed -n '/^basedir=/p'/etc/init.d/mysql8

[root@localhost mysql8]# sed -i '/^basedir=/cbasedir=/mysql8' /etc/init.d/mysql8

[root@localhost mysql8]# sed -n '/^basedir=/p' /etc/init.d/mysql8

[root@localhost mysql8]# sed -n '/^datadir=/p'/etc/init.d/mysql8

[root@localhost mysql8]# sed -i '/^datadir=/cdatadir=/mysql8/data'

12.启动服务 不能使⽤systemctl

[root@localhost mysql8]# service mysql8 start

[root@localhost mysql8]# ls /mysql8/data/*.err

14. 安全配置 ⽣产环境

[root@localhost mysql8]# mysql_secure_installation

[root@localhost mysql8]# mysql -uroot -p456

1.密码安全策略

查看密码策略

修改策略

mysql> show variables like 'validate%';

+--------------------------------------+--------+

| Variable_name | Value |

+--------------------------------------+--------+

| validate_password.check_user_name | ON |

| validate_password.dictionary_file | |

| validate_password.length | 8 |

| validate_password.mixed_case_count | 1 |

| validate_password.number_count | 1 |

| validate_password.policy | MEDIUM |

| validate_password.special_char_count | 1 |

+--------------------------------------+--------+

7 rows in set (0.00 sec)

mysql> set global validate_password.length=0;

2.⽤户

创建⽤户

mysql> set global validate_password.policy=LOW;

mysql> show variables like 'validate%';

+--------------------------------------+-------+

| Variable_name | Value |

+--------------------------------------+-------+

| validate_password.check_user_name | ON |

| validate_password.dictionary_file | |

| validate_password.length | 4 |

| validate_password.mixed_case_count | 0 |

| validate_password.number_count | 0 |

| validate_password.policy | LOW |

| validate_password.special_char_count | 0 |

+--------------------------------------+-------+

ysql> create user 'efg'@'%' identified by 'efg';

ERROR 1819 (HY000): Your password does not satisfy

the current policy requirements

删除⽤户

mysql> create user 'efgh'@'%' identified by 'efgh';

Query OK, 0 rows affected (0.01 sec)

mysql> select host,user from mysql.user;

+-----------+------------------+

| host | user |

+-----------+------------------+

| % | efgh |

| % | root |

| % | zhangmin |

| localhost | mysql.infoschema |

| localhost | mysql.session |

| localhost | mysql.sys |

| localhost | test1 |

+-----------+------------------+

mysql> drop user 'zhangmin';

Query OK, 0 rows affected (0.02 sec)

mysql> select user from mysql.user;

+------------------+

修改⽤户

查看⽤户

3.⻆⾊

| user |

+------------------+

| efgh |

| root |

| mysql.infoschema |

| mysql.session |

| mysql.sys |

| test1 |

+------------------+

6 rows in set (0.00 sec)

mysql> alter user 'zhangmin' identified by

'abc123';

Query OK, 0 rows affected (0.01 sec)

3.⻆⾊

创建⻆⾊

查看⻆⾊

修改⻆⾊

删除⻆⾊

4.权限

mysql> create role 'a';

Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'a';

+-------------------------------+

| Grants for a@% |

+-------------------------------+

| GRANT USAGE ON *.* TO `a`@`%` |

+-------------------------------+

1 row in set (0.00 sec)

4.权限

刷新权限

为root账号添加权限

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

mysql> grant system_user on *.* to "root";

mysql> show grants for 'root';

| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE,

DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES,

INDEX, ALTER, SHOW DATABASES, SUPER, CREATE

TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION

SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW,

CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT,

TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE

ON *.* TO `root`@`%` WITH GRANT OPTION |

新增权限

修改权限

| GRANT SYSTEM_USER ON *.* TO `root`@`%`

2 rows in set (0.00 sec)

修改权限

查看权限

删除权限

mysql> show grants for "efgh";

| GRANT SELECT, INSERT, DELETE ON *.* TO `efgh`@`%`

1 row in set (0.00 sec)

mysql> revoke all on *.* from "efgh";

Query OK, 0 rows affected (0.00 sec)

mysql> show grants for "efgh";