Aranjeunna nyarios yén kecap konci anu pangsaéna nyaéta anu anjeun henteu kedah émut. Dina kasus MySQL ieu mungkin berkat plugin nu sareng versi na pikeun MariaDB - .
Kadua plugin ieu sanés énggal; seueur anu parantos nyarios ngeunaan éta dina blog anu sami ieu, contona dina tulisan ngeunaan . Nanging, nalika ningali naon anu énggal dina MariaDB 10.4, kuring mendakan yén unix_socket ayeuna dipasang sacara standar sareng mangrupikeun salah sahiji metode auténtikasi ("salah sahiji", sabab dina MariaDB 10.4 langkung ti hiji plugin sayogi pikeun hiji pangguna pikeun auténtikasi, anu dipedar dina dokumén ).
Salaku Cenah mah, ieu teu warta, sarta lamun masang MySQL ngagunakeun bungkusan .deb dirojong ku tim Debian, pamaké root dijieun pikeun auténtikasi stop kontak. Ieu leres pikeun MySQL sareng MariaDB.
root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <[email protected]>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:[email protected]">[email protected]</a>>Kalayan bungkusan Debian pikeun MySQL, pangguna akar dioténtikasi sapertos kieu:
root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)Hal anu sami sareng pakét .deb pikeun MariaDB:
10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)Bungkusan .deb tina gudang resmi Percona ogé ngonpigurasikeun auténtikasi pamaké root dina auth-stop kontak sareng Percona Server. Hayu urang masihan conto kalawan sareng Ubuntu 16.04:
root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket | |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Janten naon sihirna? Plugin mariksa yén pangguna Linux cocog sareng pangguna MySQL nganggo pilihan stop kontak SO_PEERCRED pikeun ngumpulkeun inpormasi ngeunaan pangguna anu ngajalankeun program klien. Ku kituna, plugin ngan bisa dipaké dina sistem nu ngarojong pilihan SO_PEERCRED, kayaning Linux Ubuntu. Pilihan stop kontak SO_PEERCRED ngidinan Anjeun pikeun manggihan uid prosés pakait sareng stop kontak nu. Teras anjeunna parantos nampi nami pangguna anu aya hubunganana sareng uid ieu.
Ieu conto sareng pangguna "vagrant":
vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'Kusabab teu aya pangguna "vagrant" dina MySQL, kami ditolak aksés. Hayu urang nyiptakeun pangguna sapertos kitu sareng cobian deui:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)
vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)Kajadian!
Nya, kumaha upami distribusi non-Debian dimana ieu henteu disayogikeun sacara standar? Hayu urang coba Percona Server pikeun MySQL 8 dipasang dina CentOS 7:
mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name | Value |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loadedGebleg. Naon anu leungit? Plugin teu dimuat:
mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)Hayu urang tambahkeun plugin kana prosésna:
mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)
mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket | ACTIVE | AUTHENTICATION | auth_socket.so | GPL |
48 rows in set (0.00 sec)Ayeuna urang gaduh sadayana anu urang peryogikeun. Hayu urang cobian deui:
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)Anjeun ayeuna tiasa lebet nganggo nami pangguna "percona".
[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312
Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user | host | plugin | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket | |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)Sarta eta digawé deui!
Patarosan: naha éta tiasa log in kana sistem dina login percona sami, tapi salaku pangguna anu béda?
[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'Henteu, éta moal jalan.
kacindekan
MySQL cukup fleksibel dina sababaraha aspék, salah sahiji metodeu auténtikasi. Sakumaha anjeun tiasa tingali tina tulisan ieu, aksés tiasa didamel tanpa kecap akses, dumasar kana pangguna OS. Ieu tiasa mangpaat dina sababaraha skenario, sareng salah sahijina nyaéta nalika migrasi ti RDS / Aurora ka MySQL biasa nganggo masih meunang aksés, tapi tanpa kecap akses.
sumber: www.habr.com