Pasahitz onena gogoratu behar ez duzuna dela diote. MySQL-ren kasuan hau pluginari esker posible da eta bere bertsioa MariaDBrako - .
Bi plugin hauek ez dira batere berriak, asko eztabaidatu dira blog honetan, adibidez buruzko artikuluan. . Hala ere, MariaDB 10.4-n zer berri dagoen aztertzen ari nintzenean, unix_socket orain lehenespenez instalatuta dagoela eta autentifikazio metodoetako bat dela ("bat", MariaDB 10.4-n plugin bat baino gehiago erabilgarri baitago erabiltzaile batek autentifikaziorako, hau da. dokumentuan azaltzen da ).
Esan bezala, hau ez da albistea, eta Debian taldeak onartzen dituen .deb paketeak erabiliz MySQL instalatzean, root erabiltzaile bat sortzen da socket autentifikaziorako. Hau egia da bai MySQL eta bai MariaDB.
root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <[email protected]>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:[email protected]">[email protected]</a>>MySQLrako Debian paketeekin, root erabiltzailea honela autentifikatzen da:
root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)Gauza bera gertatzen da MariaDBrako .deb paketearekin:
10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)Percona biltegi ofizialeko .deb paketeek root erabiltzaileen autentifikazioa ere konfiguratzen dute auth-socket-en eta Percona Server-erako. Eman dezagun adibide bat eta Ubuntu 16.04:
root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Orduan, zer da magia? Pluginak Linux erabiltzailea MySQL erabiltzailearekin bat datorrela egiaztatzen du SO_PEERCRED socket aukera erabiliz, bezero-programa exekutatzen ari den erabiltzaileari buruzko informazioa biltzeko. Horrela, plugina SO_PEERCRED aukera onartzen duten sistemetan soilik erabil daiteke, Linux adibidez. SO_PEERCRED socket aukerak socketarekin lotutako prozesuaren uid-a ezagutzeko aukera ematen du. Eta orduan dagoeneko jasotzen du uid honekin lotutako erabiltzaile-izena.
Hona hemen "vagrant" erabiltzailearekin adibide bat:
vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'MySQL-n erabiltzaile "alboko"rik ez dagoenez, sarbidea ukatzen zaigu. Sortu dezagun erabiltzaile bat eta saiatu berriro:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)
vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)Gertatu da!
Tira, zer gertatzen da Debian ez den banaketa batekin, non hau lehenespenez ematen ez den? Proba dezagun Percona Server for MySQL 8 CentOS 7-n instalatuta:
mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name | Value |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loadedZoragarria. Zer falta zen? Plugin ez da kargatu:
mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)Gehi diezaiogun plugin bat prozesuari:
mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)
mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket | ACTIVE | AUTHENTICATION | auth_socket.so | GPL |
48 rows in set (0.00 sec)Orain behar dugun guztia daukagu. Saia gaitezen berriro:
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)Orain saioa hasi dezakezu "percona" erabiltzaile-izena erabiliz.
[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket | |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Eta berriro funtzionatu zuen!
Galdera: Posible al da sisteman saioa hasteko percona saio-hasipen berdinarekin, baina beste erabiltzaile gisa?
[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'Ez, ez da aterako.
Irteera
MySQL nahiko malgua da hainbat alderditan, horietako bat autentifikazio metodoa da. Argitalpen honetan ikus dezakezunez, pasahitzik gabe sar daiteke sarbidea, OS erabiltzaileen arabera. Hau erabilgarria izan daiteke zenbait eszenatokitan, eta horietako bat RDS/Aurora-tik MySQL arruntera migratzean da. oraindik sarbidea lortzeko, baina pasahitzik gabe.
Iturria: www.habr.com