Ew dibêjin şîfreya herî baş ew e ku hûn ne hewce ne ku ji bîr bikin. Di doza MySQL de, ev bi saya pêvekê gengaz e û guhertoya wê ji bo MariaDB - .
Van her du pêvekan qet ne nû ne, ew li ser vê blogê pir hatine nîqaş kirin, mînakî di gotara li ser . Lêbelê, dema ku li tiştên nû yên di MariaDB 10.4 de dinihêrim, min kifş kir ku unix_socket naha ji hêla xwerû ve hatî saz kirin û yek ji awayên pejirandinê ye ("yek ji", ji ber ku di MariaDB 10.4 de ji yek bikarhênerek bêtir ji yek pêvek ji bo pejirandinê heye, ku di belgeyê de tê ravekirin ).
Wekî ku min got, ev ne nûçeyek e, û gava ku hûn MySQL-ê bi karanîna tîmê piştgirî saz dikin Debian Ji bo pakêtên .deb, bikarhênerek root ji bo pejirandina socket tê afirandin. Ev hem ji bo MySQL û hem jî ji bo MariaDB derbas dibe.
root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:pkg-mysql-maint@lists.alioth.debian.org">pkg-mysql-maint@lists.alioth.debian.org</a>>Bi çenteyan Debian Ji bo MySQL, bikarhênerê root wiha tê pejirandin:
root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)Heman tişt bi pakêta .deb ya ji bo MariaDB re jî heye:
10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)Pakêtên .deb ji depoya fermî ya Percona di heman demê de erêkirina bikarhênerê root di bin auth-socket û ji bo Pêşkêşkara Percona mîheng dikin. Werin em bi mînakekê bidin и Ubuntu 16.04:
root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Ji ber vê yekê sihir çi ye? Pêvek kontrol dike ku bikarhêner Linux bi karanîna vebijarka soketa SO_PEERCRED, bikarhênerê MySQL-ê li hev dike da ku agahdariya li ser bikarhênerê ku bernameya xerîdar dixebitîne berhev bike. Ji ber vê yekê, pêvek tenê dikare li ser pergalên ku vebijarka SO_PEERCRED piştgirî dikin, wekî LinuxVebijêrka soketa SO_PEERCRED dihêle hûn UID-ya pêvajoya ku bi soketê ve girêdayî ye diyar bikin. Dûv re pêvajo navê bikarhêner ê ku bi wê UID-ê ve girêdayî ye distîne.
Li vir mînakek bi bikarhêner "vagrant" heye:
vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'Ji ber ku di MySQL-ê de bikarhênerek "vagrant" tune, ji me re destûr nayê girtin. Ka em bikarhênerek wusa biafirînin û dîsa biceribînin:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)
vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)Bûye!
Baş e, çi li ser ne-Debian belavkirina ku ev bi xweber nayê peyda kirin? Werin em Percona Server ji bo MySQL 8 biceribînin, ku li ser hatî saz kirin CentOS 7:
mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name | Value |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loadedBummer. Çi kêm bû? Plugin nehat barkirin:
mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)Ka em pêvekek li pêvajoyê zêde bikin:
mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)
mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket | ACTIVE | AUTHENTICATION | auth_socket.so | GPL |
48 rows in set (0.00 sec)Niha her tiştê ku em hewce ne hene. Ka em dîsa biceribînin:
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)Naha hûn dikarin bi karanîna navê bikarhêner "percona" têkevinê.
[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket | |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Û ew dîsa xebitî!
Pirs: gelo dê gengaz be ku meriv di bin heman têketina percona de, lê wekî bikarhênerek cûda, têkeve pergalê?
[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'Na, wê nexebite.
encamê
MySQL di çend aliyan de pir maqûl e, yek ji wan jî rêbaza erêkirinê ye. Wekî ku hûn ji vê postê dibînin, li ser bingeha bikarhênerên OS-ê, bêyî şîfre dikare were bidestxistin. Ev dikare di hin senaryoyan de bikêr be, û yek ji wan dema ku ji RDS/Aurora koçî MySQL-ya birêkûpêk bi kar tîne ye. ji bo ku hîn jî bigihîjin, lê bêyî şîfre.
Source: www.habr.com
