á¡áá±á¬ááºážáá¯á¶ážá
áá¬ážááŸááºááẠáááºááŸááºáááááºáááá¯áᯠááá¯ááŒáááºá MySQL ááá
á¹á
ááœáẠplugin ááŒá±á¬áá·áºáááºážáááºááŒá
áºááá¯ááºáááºá
á€ááááºá¡ááºááŸá
áºáá¯áá¯á¶ážááẠá¡áá
áºá¡áááºážááá¯ááºáá«á á¥ááá¬á¡á¬ážááŒáá·áº áá±á¬ááºážáá«ážááœáẠá€áá°áá®áá±á¬ááá±á¬á·ááºááœáẠáááºážááá¯á·á¡ááŒá±á¬ááºáž á¡áá»á¬ážá¡ááŒá¬ážááŒá±á¬áá¬ážáááºá
áá»áœááºáá±á¬áºááŒá±á¬áá²á·ááá·áºá¡ááá¯ááºážá á€áááºááŸá¬ ááááºážááá¯ááºáá«á Debian á¡ááœá²á·ááŸáá¶á·ááá¯ážáá±ážáá¬ážáá±á¬ .deb áááºáá±á·áá»áºáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯á MySQL ááá¯ááá·áºááœááºážáá±á¬á¡áá«ááœááºá root á¡áá¯á¶ážááŒá¯áá°áá áºáŠážááẠsocket á á áºááŸááºááŒá±á¬ááºážá¡áá±á¬ááºá¡áá¬ážááŒáááºá¡ááœáẠáááºáá®ážáá¬ážáááºá áááºážááẠMySQL ááŸáá·áº MariaDB ááŸá áºáá¯áá¯á¶ážá¡ááœáẠááŸááºáá«áááºá
root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <[email protected]>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:[email protected]">[email protected]</a>>
MySQL á¡ááœáẠDebian áááºáá±á·áá»áºáá»á¬ážááŒáá·áºá á¡ááŒá áºá¡áá¯á¶ážááŒá¯áá°ááᯠá¡á±á¬ááºáá«á¡ááá¯ááºáž á á áºááŸááºááŒá±á¬ááºážáááºáá±ááŒáá¬ážáá«áááºá
root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)
MariaDB á¡ááœáẠ.deb áááºáá±á·áá»áº ááŸáá·áº á¡áá¬ážáá°áááº-
10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
ááá¬ážááẠPercona ááá¯ááŸá±á¬ááºááŸá¯á០.deb áááºáá±á·áá»áºáá»á¬ážááẠauth-socket á¡á±á¬ááºááœáẠááŸáá·áº Percona áá¬áá¬á¡ááœáẠá¡ááŒá
áºá¡áá¯á¶ážááŒá¯áá° á
á
áºááŸááºááŒá±á¬ááºážá¡áá±á¬ááºá¡áá¬ážááŒááŸá¯ááá¯áááºáž á
á®á
ááºáááºááŸááºáá±ážáá«áááºá á¥ááá¬áá
áºáá¯áá²á· ááŒá±á¬ááŒáá·áºáá¡á±á¬ááº
root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)
áá«ááᯠááŸá±á¬áºááá¯áá¬áá¬áá²á ááááºá¡ááºááẠLinux á¡áá¯á¶ážááŒá¯áá°ááẠáááá¯ááºážááá·áºáááá¯ááááºááᯠáá¯ááºáá±á¬ááºáá±ááá·áº á¡áá¯á¶ážááŒá¯áá°á¡ááŒá±á¬ááºáž á¡áá»ááºá¡áááºá á¯áá±á¬ááºážááẠSO_PEERCRED socket ááœá±ážáá»ááºááŸá¯ááᯠá¡áá¯á¶ážááŒá¯á MySQL á¡áá¯á¶ážááŒá¯áá°ááŸáá·áº ááá¯ááºáá®ááŸá¯ááŸááááŸá á á áºáá±ážáááºá ááá¯á·ááŒá±á¬áá·áºá Linux áá²á·ááá¯á·áá±á¬ SO_PEERCRED ááœá±ážáá»ááºááŸá¯ááᯠáá¶á·ááá¯ážááá·áº á áá áºáá»á¬ážááœááºáᬠááááºá¡ááºááᯠá¡áá¯á¶ážááŒá¯ááá¯ááºáááºá SO_PEERCRED socket option ááẠááá·áºá¡á¬áž socket ááŸáá·áºáááºá ááºááá·áº áá¯ááºáááºážá ááºá uid ááá¯ááŸá¬ááœá±ááá¯ááºá á±áá«áááºá ááá¯á·áá±á¬áẠáá°ááẠဠuid ááŸáá·áºáááºá ááºáá±á¬ á¡áá¯á¶ážááŒá¯áá°á¡áááºááᯠáááºáá¶áááŸáááŒá®ážááŒá áºáááºá
á€áááºááŸá¬ á¡áá¯á¶ážááŒá¯áá° "vagrant" ááŸáá·áº á¥ááá¬áá áºáá¯ááŒá áºáááºá
vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'
MySQL ááœáẠ"vagrant" á¡áá¯á¶ážááŒá¯áá°áááŸááá±á¬ááŒá±á¬áá·áºá áá»áœááºá¯ááºááá¯á·ááẠá¡áá¯á¶ážááŒá¯ááœáá·áºááᯠááŒááºážáááºáá¶ááá«áááºá ááá¯ááá¯á·áá±á¬á¡áá¯á¶ážááŒá¯áá°áá áºáŠážááᯠáááºáá®ážááŒá®áž áááºá ááºážááŒáá·áºááŒáá«á áá¯á·á
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)
vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)
ááŒá áºááœá¬ážááŒá®!
áá±á¬ááºážááŒá®á áááºážááᯠáá°áááºážá¡ááá¯ááºáž ááá¶á·ááá¯ážáá±ážááá·áº Debian ááá¯ááºáá±á¬ ááŒáá·áºááŒá°ážááŸá¯ááŸáá·áºáááºáááºááá±á¬á CentOS 8 ááœáẠááá·áºááœááºážáá¬ážáá±á¬ MySQL 7 á¡ááœáẠPercona Server ááᯠá ááºážááŒáá·áºááŒáá«á áá¯á·á
mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name | Value |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loaded
ááááá¡á±á¬ááºááŒá áºáááºá áá¬ááœá± áá»á±á¬ááºáá¯á¶ážáá±áá²á ááááºá¡áẠááááºáá«
mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)
áá¯ááºáááºážá ááºááœáẠááááºá¡ááºáá áºáᯠááá·áºááŒáá«á áá¯á·á
mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)
mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket | ACTIVE | AUTHENTICATION | auth_socket.so | GPL |
48 rows in set (0.00 sec)
á¡áᯠáá«ááá¯á·ááŸá¬ ááá¯á¡ááºáá¬ááœá± á¡áá¯ááºááŸááááºá áááºá ááºážááŒáá·áºáá¡á±á¬ááº-
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)
á¡áá¯á¶ážááŒá¯áá°á¡ááẠ"percona" ááᯠá¡áá¯á¶ážááŒá¯á áááºááá¯áááºáá±á¬ááºááá¯ááºáááºá
[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket | |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)
ááŒá®ážáá±á¬á· á¡áá¯ááºááŒááºáá¯ááºáááºá
áá±ážááœááºáž- áá°áá®áá±á¬ percona á¡áá±á¬áá·áºáááºáá±á¬ááºááŸá¯á¡á±á¬ááºááœáẠá áá áºááá¯á· áá±á¬á·ááºá¡ááºáááºááẠááŒá áºááá¯ááºáá«áááºáá±á¬á ááá¯á·áá±á¬áº á¡ááŒá¬ážá¡áá¯á¶ážááŒá¯áá°á¡áá±ááŒáá·áºá
[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'
ááá¯ááºáá«á á¡áá¯ááºááá¯ááºáá«
áá±á¬ááºáá»ááº
MySQL ááẠáá»á¬ážá
áœá¬áá±á¬ ááŸá¯áá±á¬áá·áºáá»á¬ážááœáẠá¡áá±á¬áºáá±áž ááá¯ááºáá»á±á¬áá®ááœá± ááŸáááŒá®áž áááºážáá²á០áá
áºáá¯ááŸá¬ á
á
áºááŸááºááŒá±á¬ááºáž á¡áááºááŒá¯ááŒááºáž áááºážáááºáž ááŒá
áºáááºá á€ááá¯á·á
áºá០áááºááœá±á·ááŒááºáááá·áºá¡ááá¯ááºáž OS á¡áá¯á¶ážááŒá¯áá°áá»á¬ážá¡áá±á«áº á¡ááŒá±áá¶á á
áá¬ážááŸááºáá»á¬ážááá«áá² áááºáá±á¬ááºááœáá·áºááᯠáááŸáááá¯ááºáááºá áááºážááẠá¡áá»áá¯á·áá±á¬ á¡ááŒá±á¡áá±áá»á¬ážááœáẠá¡áá¯á¶ážáááºááá¯ááºááŒá®áž áááºážááá¯á·áá²á០áá
áºáá¯ááẠRDS/Aurora á០áá¯á¶ááŸáẠMySQL ááᯠá¡áá¯á¶ážááŒá¯á ááŒá±á¬ááºážááœáŸá±á·ááá·áºá¡áá«á
source: www.habr.com