MariaDB is an open-source relational database management system, which has made it a popular alternative to MySQL. It is often included in LAMP stacks (which consist of Linux, Apache, MySQL, and PHP, sometimes with Python and Perl compilers). This document provides a brief guide to setting up MariaDB.
The setup involves three steps: updating the package index, installing the mariadb-server,
and activating a security script restricting unauthorized access to the remote host.
The sequence of commands looks like this:
sudo apt update
sudo apt install mariadb-server
sudo mysql_secure_installation
For this tutorial, we will use a Hostman cloud server with Ubuntu 22.04 installed.
Before diving into this guide, we recommend performing initial setup steps, such as creating a user account with sudo privileges and setting basic UFW firewall rules.
Repositories are regularly updated to include stable versions of utilities. Distributions, on the other hand, include outdated releases that were current at the time of the build, so they need to be updated to avoid compatibility issues. This procedure is executed with the following command:
sudo apt update
Now we can install the package we need:
sudo apt install mariadb-server
The installation proceeds without prompting for a password or making any other configuration changes. Using MariaDB in this form on the server is not advisable, as it will operate in an insecure mode. To rectify this situation, we will apply the mysql_secure_installation
script that comes with the software. This script will restrict access to the server and eliminate unauthorized accounts.
The security script modifies the insecure options that are set by default. For instance, it creates test accounts and allows remote connections using the root account. This potentially poses a risk of hacking and unauthorized access to the information stored in the created database.
To run the script, use the following command:
sudo mysql_secure_installation
This command will initiate a series of prompts that allow you to change the database's security parameters.
The first prompt relates to the root account, and the system will request the password for the active database. Press Enter. This indicates that there is currently no protection.
Enter current password for root (enter for none):
Switch to unix_socket authentication [Y/n]
Enter n
and press Enter
Change the root password? [Y/n]
Enter Y
and press Enter.
New password:
Re-enter new password:
Enter and re-enter the new root user password and press Enter.
Answer Yes (Y
) to all the following prompts.
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]
The system will remove the test database and anonymous accounts, disable access through the root account, and load the updated rules.
The installation and configuration of the MariaDB package are complete, and you can now begin using it. Alternatively, you can proceed to an optional step to create an administrator account to enable password access.
By default, on Ubuntu, MariaDB is installed using the unix_socket
plugin, which means that password prompts do not apply. In most cases, this approach provides a high level of security. However, it also complicates administrative tasks, such as those done through phpMyAdmin. When starting or stopping the server or managing logs, the root account is used.
That is why we did not change its data. However, during a package update, these settings may change on their own, so it's better to enable password authentication right away. As an example, we will create an account named admin and give it the same privileges as the root account. First, open the MariaDB command line:
sudo mariadb
Next, create the new user:
GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Replace admin
and password
with any preferred combinations.
After creating the account, flush the privileges while keeping the settings in the current session:
FLUSH PRIVILEGES;
Now you can close the shell:
exit;
Next, you should test MariaDB to ensure that the settings are correct.
When the MariaDB is installed from the official repository, it automatically configures the settings to ensure that the MariaDB module starts automatically. However, it's still a good practice to manually check its status:
sudo systemctl status mariadb
The output on the screen will look something like this:
If the utility is not running, you will need to start it manually and also enable the service:
sudo systemctl enable mariadb
sudo systemctl start mariadb
After forcibly starting the service, you can make a test connection to the database using mysqladmin. It allows you to interact with the database with administrative rights, execute commands, and change settings. Here’s an example of connecting and displaying the version number:
sudo mysqladmin version
The output on the screen will look like this:
If access was configured using the administrator password, you can use the command:
mysqladmin -u admin -p version
The current version output confirms that the database is running and functioning, and that the user has access to its contents.
We have completed an overview of the installation and configuration for the MariaDB database management system. We discussed methods to protect against unauthorized access to the database and the creation of a new user who will have access to information equal to that of the root user.