በጣም ጥሩው የይለፍ ቃል ማስታወስ የሌለብዎት ነው ይላሉ. በ MySQL ሁኔታ ይህ ለተሰኪው ምስጋና ይግባው እና የእሱ ስሪት ለ MariaDB - .
እነዚህ ሁለቱም ፕለጊኖች አዲስ አይደሉም፤ በዚሁ ጦማር ላይ ስለእነሱ ብዙ ተብሏል፤ ለምሳሌ ስለ መጣጥፍ . ነገር ግን በማሪያ ዲቢ 10.4 ውስጥ ምን አዲስ ነገር እንዳለ ስመለከት unix_socket አሁን በነባሪነት መጫኑን እና ከማረጋገጫ ዘዴዎች ውስጥ አንዱ እንደሆነ ደርሼበታለሁ (“አንዱ”፣ ምክንያቱም በማሪያዲቢ 10.4 ከአንድ በላይ ፕለጊን ለአንድ ተጠቃሚ ማረጋገጫ ይገኛል። በሰነዱ ውስጥ ተብራርቷል ).
እንዳልኩት፣ ይህ ዜና አይደለም፣ እና በዴቢያን ቡድን የሚደገፉትን .deb ጥቅሎችን በመጠቀም MySQL ሲጭኑ፣ ለሶኬት ማረጋገጫ ስር ተጠቃሚ ይፈጠራል። ይህ ለሁለቱም MySQL እና MariaDB እውነት ነው.
root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <[email protected]>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:[email protected]">[email protected]</a>>በዴቢያን ፓኬጆች ለ MySQL፣ ስርወ ተጠቃሚው በሚከተለው መልኩ የተረጋገጠ ነው፡
root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)ለ MariaDB የ .deb ጥቅል ሁኔታም ተመሳሳይ ነው፡
10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)ከኦፊሴላዊው የፐርኮና ማከማቻ .ዴብ ፓኬጆች በተጨማሪ የ root ተጠቃሚ ማረጋገጫን በauth-socket ስር እና ለፐርኮና አገልጋይ ያዋቅራሉ። ጋር አንድ ምሳሌ እንስጥ እና ኡቡንቱ 16.04:
root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)ታዲያ አስማት ምንድን ነው? ፕለጊኑ የደንበኛ ፕሮግራሙን ስለሚያካሂድ ተጠቃሚ መረጃን ለመሰብሰብ የ SO_PEERCRED ሶኬት አማራጭን በመጠቀም የሊኑክስ ተጠቃሚው ከ MySQL ተጠቃሚ ጋር እንደሚዛመድ ያረጋግጣል። ስለዚህ ፕለጊኑ እንደ ሊኑክስ ባሉ የSO_PEERCRED አማራጭን በሚደግፉ ስርዓቶች ላይ ብቻ ነው መጠቀም የሚቻለው። የ SO_PEERCRED ሶኬት አማራጭ ከሶኬት ጋር የተያያዘውን የሂደቱን ሂደት ለማወቅ ያስችልዎታል። እና ከዚያ ከዚህ uid ጋር የተገናኘውን የተጠቃሚ ስም አስቀድሞ ይቀበላል።
ከተጠቃሚው ጋር አንድ ምሳሌ እዚህ አለ "ቫግራንት"፡
vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'በ MySQL ውስጥ ምንም "ቫግራንት" ተጠቃሚ ስለሌለ መዳረሻ ተከልክለናል። እንደዚህ አይነት ተጠቃሚ እንፍጠር እና እንደገና እንሞክር፡-
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)
vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)ተከሰተ!
ደህና፣ ይህ በነባሪነት ያልቀረበበት የዴቢያን ያልሆነ ስርጭትስ? በCentOS 8 ላይ ለተጫነው የፐርኮና አገልጋይ ለ MySQL 7 እንሞክር፡-
mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name | Value |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loadedባመር የጎደለው ነገር ምንድን ነው? ተሰኪ አልተጫነም
mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)በሂደቱ ላይ ፕለጊን እንጨምር፡-
mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)
mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket | ACTIVE | AUTHENTICATION | auth_socket.so | GPL |
48 rows in set (0.00 sec)አሁን የምንፈልገውን ሁሉ አግኝተናል. እንደገና እንሞክር፡-
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)አሁን "ፐርኮና" የሚለውን የተጠቃሚ ስም በመጠቀም መግባት ትችላለህ.
[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket | |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)እና እንደገና ሠርቷል!
ጥያቄ፡ በተመሳሳዩ የፐርኮና መግቢያ ስር ወደ ስርዓቱ መግባት ይቻል ይሆን ነገርግን እንደ ሌላ ተጠቃሚ?
[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'አይ፣ አይሰራም።
መደምደሚያ
MySQL በብዙ ገፅታዎች በጣም ተለዋዋጭ ነው, ከነዚህም አንዱ የማረጋገጫ ዘዴ ነው. ከዚህ ልጥፍ ላይ እንደሚታየው፣ በስርዓተ ክወና ተጠቃሚዎች ላይ በመመስረት ያለይለፍ ቃል መዳረሻ ማግኘት ይቻላል። ይህ በተወሰኑ ሁኔታዎች ላይ ጠቃሚ ሊሆን ይችላል፣ እና አንደኛው ከ RDS/Aurora ወደ መደበኛ MySQL በመጠቀም ሲሰደድ ነው። አሁንም መዳረሻ ለማግኘት፣ ግን ያለይለፍ ቃል።
ምንጭ: hab.com