Install MySql on CentOS

Installing & Configuring MySQL Server

This Howto will show you how to install MySQL 5.x, start the service, make sure the server starts on reboot, login via terminal, change the root database admin password, change the name of the root user, add a new user with specific privileges to a specific database, add a new DBA, add a new database, remove all anonymous logins, remove all non-root users, added file security steps, disable remote access (via port 3306), purge the scrollback history, and finally the installation of the gui tool mysql-administrator.

Applicable to Centos Versions:

• Centos 5.x
• Centos 6.x

Requirements

1. Login to a terminal as root using one of these options: (su –login | su -l | or: su -)
2. Yum and rpm must also be installed and functional (something is seriously wrong if they aren’t)

Doing the Work

1. Install mysql mysql-server:

# yum install mysql mysql-server
Loading "priorities" plugin
Loading "changelog" plugin
Loading "fastestmirror" plugin
Loading "allowdowngrade" plugin
Loading "kernel-module" plugin
Loading "fedorakmod" plugin
Loading "installonlyn" plugin
Loading "protectbase" plugin
Setting up Install Process
Setting up repositories
livna                     100% |=========================| 1.1 kB    00:00
updates                   100% |=========================| 1.2 kB    00:00
core                      100% |=========================| 1.1 kB    00:00
extras                    100% |=========================| 1.1 kB    00:00
Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 1.8 MB    00:06
extras    : ################################################## 5594/5594
0 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for mysql to pack into transaction set.
mysql-5.0.27-1.fc6.i386.r 100% |=========================|  36 kB    00:00
---> Package mysql.i386 0:5.0.27-1.fc6 set to be updated
---> Downloading header for mysql-server to pack into transaction set.
mysql-server-5.0.27-1.fc6 100% |=========================|  33 kB    00:00
---> Package mysql-server.x86_64 0:5.0.27-1.fc6 set to be updated
---> Downloading header for mysql to pack into transaction set.
mysql-5.0.27-1.fc6.x86_64 100% |=========================|  36 kB    00:00
---> Package mysql.x86_64 0:5.0.27-1.fc6 set to be updated
--> Running transaction check
--> Processing Dependency: perl-DBI for package: mysql-server
--> Processing Dependency: perl(DBI) for package: mysql
--> Processing Dependency: perl(DBI) for package: mysql-server
--> Processing Dependency: perl-DBD-MySQL for package: mysql-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for perl-DBI to pack into transaction set.
perl-DBI-1.52-1.fc6.x86_6 100% |=========================|  16 kB    00:00
---> Package perl-DBI.x86_64 0:1.52-1.fc6 set to be updated
---> Downloading header for perl-DBD-MySQL to pack into transaction set.
perl-DBD-MySQL-3.0007-1.f 100% |=========================| 8.5 kB    00:00
---> Package perl-DBD-MySQL.x86_64 0:3.0007-1.fc6 set to be updated
--> Running transaction check
 
Dependencies Resolved
=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 mysql                   i386       5.0.27-1.fc6     updates           3.3 M
 mysql                   x86_64     5.0.27-1.fc6     updates           3.3 M
 mysql-server            x86_64     5.0.27-1.fc6     updates            10 M
 
Installing for dependencies:
 perl-DBD-MySQL          x86_64     3.0007-1.fc6     core              147 k
 perl-DBI                x86_64     1.52-1.fc6       core              605 k
 
Transaction Summary
=============================================================================
Install      5 Package(s)
Update       0 Package(s)
Remove       0 Package(s)         
 
Total download size: 18 M
Is this ok [y/N]:

1. Start MySQL server daemon (mysqld):

# chkconfig --level 2345 mysqld on; service mysqld start
Initializing MySQL database:  Installing all prepared tables
Fill help tables
 
To start mysqld at boot time you have to copy support-files/mysql.server
to the right place for your system
 
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h angstrom password 'new-password'
See the manual for more instructions.
 
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
 
You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:
cd sql-bench ; perl run-all-tests
 
Please report any problems with the /usr/bin/mysqlbug script!
 
The latest information about MySQL is available on the web at
 
http://www.mysql.com
 
Support MySQL by buying support/licenses at http://shop.mysql.com
                                                           [  OK  ]
Starting MySQL:                                            [  OK  ]

1. Login as root database admin to MySQL server:

# mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.27
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
 
mysql>

1. Delete ALL users who are not root:

mysql> delete from mysql.user where not (host="localhost" and user="root");
Query OK, 5 rows affected (0.15 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql>

1. Change root database admin password: (note: once this step is complete you’ll need to login with: mysql -p -u root)

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mypass');
 
Query OK, 0 rows affected (0.00 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql>

1. Change root username to something less guessable for higher security.

mysql> update mysql.user set user="mydbadmin" where user="root";
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2  Changed: 2  Warnings: 0
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql>

1. Remove anonymous access to the database(s):

mysql> DELETE FROM mysql.user WHERE User = '';
Query OK, 2 rows affected (0.00 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql>

1. Add a new user with database admin privs for all databases:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql>

1. Add a new user with database admin privs for a specific database, in this case the database is called “bugzilla”: (note: The ‘bugzilla’ database must first be added, see below.)

mysql> GRANT ALL PRIVILEGES ON bugzilla.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> 
 
Alternatively, you can give someone access to only certain privileges by substituting "ALL PRIVILEGES"
with any combination of the following (commas included):
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES

1. Add a MySQL database:

mysql> create database bugzilla;
Query OK, 1 row affected (0.15 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
 
mysql> quit
Bye

1. Installing mysql-administrator:

The MySql Administrator packages for Centos 5.x can be found here:
 
MySQL Administrator Packages:
http://people.centos.org/hughesjr/mysql-gui-tools/i386/
 
Possible Dependencies:
http://centos.karan.org/el5/extras/testing/i386/RPMS/
 
To install these packages download the desired tools into a directory on your desktop or a directory
on the server, cd into the directory and issue this command: rpm -ivh *.rpm
 
Make sure that the rpms you want to install are the only files in the directory.

1. Improving local file security (after saving and exiting remember to: service mysqld restart for changes to take effect):

The next change is to disable the use of LOAD DATA LOCAL INFILE command, which will help to
prevent against unauthorized reading from local files. This matters especially when new SQL
Injection vulnerabilities in PHP applications are found.
 
For that purpose, the following parameter should be added in the [mysqld] section in:
/etc/my.cnf

set-variable=local-infile=0

1. Disabling remote access to the MySQL server (after saving and exiting remember to: service mysqld restart for changes to take effect).

This change applies to the 3306/tcp port, on which MySQL listens by default. Because,
according to the initial assumptions, the database will be used only by locally installed PHP
applications, we can freely disable listening on that port. This will limit possibilities of
attacking the MySQL database by direct TCP/IP connections from other hosts. Local communication
will be still possible throw the mysql.sock socket. In order to disable listening on the
mentioned port, the following parameter should be added to the [mysqld] section of /etc/my.cnf:
 
skip-networking
 
If, for some reason, remote access to the database is still required (e.g. to perform remote
data backup), the SSH protocol can be used as follows:
 
(modify to your needs)
backuphost$ ssh mysqlserver /usr/local/mysql/bin/mysqldump -A > backup

Troubleshooting

How to test

1. Make sure mysql and mysql server are indeed installed and that they are the correct versions:

# rpm -qa | grep mysql && chkconfig --list | grep mysql
mysql-5.0.27-1.fc6
mysql-5.0.27-1.fc6
mysql-gui-common-1.1.10-3.fc6
mysql-server-5.0.27-1.fc6
mysql-administrator-1.1.10-3.fc6
mysqld          0:off   1:off   2:off   3:off   4:off   5:off   6:off

1. Starting mysqld on boot:

# chkconfig --level 2345 mysqld on && service mysqld restart && chkconfig --list | grep mysqld
Stopping MySQL:                                            [  OK  ]
Starting MySQL:                                            [  OK  ]
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off

1. Clear MySQL scrollback history (so sensitive data such as passwords cannot be seen by others with access):

]# cat /dev/null > ~/.mysql_history

1. Show all users in the MySQL Server database:

mysql> select * from mysql.user;
8 rows in set (0.00 sec)

1. Delete a user from the MySQL Server database:

mysql> delete from mysql.user where host = "dev.mydomain.com";Query OK, 2 rows affected (0.00 sec)

1. Delete a null user (user without a username) from the MySQL Server database:

mysql> delete from mysql.user where user = ' ';
Query OK, 1 rows affected (0.00 sec)

Common problems and fixes

Problem: User has not properly logged in with roots environment.

Fix: (switch to root with one of the following methods):
su –login
su -l
su -

More Information

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net

This has been tested on Centos 5.x and 6.x