MySQL5.7初始配置

 MySQL5.7初始配置

 

 Windows7 環境安裝MySQL5.7配置命令

《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《《

 

MYSQL_HOME D:\mysql\mysql-5.7.20-win32
MYSQL_CONNECTOR_HOME D:\mysql\mysql-connector-c-6.1.11-win32\bin

PATH ;%MYSQL_HOME%\bin;%MYSQL_CONNECTOR_HOME%\bin

 

####################配置文件開始###################

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
# *** DO NOT EDIT THIS FILE. It's a template which will be copied to the
# *** default location during install, and will be replaced if you
# *** upgrade to a newer version of MySQL.

[mysqld]
character-set-server = utf8

bind-address = 0.0.0.0
port = 3306

basedir = "D:\mysql\mysql-5.7.20-win32/"
datadir = "D:\mysql\mysql-5.7.20-win32/data/"
tmpdir = "D:\mysql\mysql-5.7.20-win32/data/"
socket = "D:\mysql\mysql-5.7.20-win32/data/mysql.sock"
log-error = "D:\mysql\mysql-5.7.20-win32/data/mysql_error.log"

#server_id = 2

#skip-locking

max_connections = 100
table_open_cache = 256
query_cache_size = 1M
tmp_table_size = 32M
thread_cache_size = 8

innodb_data_home_dir = "D:\mysql\mysql-5.7.20-win32/data/"
innodb_flush_log_at_trx_commit = 1
innodb_log_buffer_size = 128M
innodb_buffer_pool_size = 128M
innodb_log_file_size = 10M
innodb_thread_concurrency = 16
innodb-autoextend-increment = 1000

join_buffer_size = 128M
sort_buffer_size = 32M
read_rnd_buffer_size = 32M
max_allowed_packet = 32M
explicit_defaults_for_timestamp = true

sql-mode = "STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"

#skip-grant-tables

#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

[mysql]
default-character-set=utf8

[mysql.server]
default-character-set=utf8

[mysql_safe]
default-character-set=utf8

[client]

####################配置文件結束###################

 

mysqld remove
mysqld --install MySQL --defaults-file="D:\mysql\mysql-5.7.20-win32\my.ini"
mysqld --initialize
net start MySQL
net stop mysql

初始的隨機密碼能夠在日誌文件中找到(log-error = "D:\mysql\mysql-5.7.20-win32/data/mysql_error.log")

ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

安裝完mysql 以後，登錄之後，無論運行任何命令，老是提示這個
step 1: SET PASSWORD = PASSWORD('your new password');
step 2: ALTER USER 'root'@'localhost' PASSWORD EXPIRE NEVER;
step 3: flush privileges;

完成以上三步退出再登，使用新設置的密碼就好了，以上除了紅色的本身修改爲新密碼外，其餘原樣輸入便可
參考1: https://dev.mysql.com/doc/refman/5.6/en/alter-user.html
參考2: http://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html
參考3: http://stackoverflow.com/questions/33467337/reset-mysql-root-password-using-alter-user-statement-after-install-on-mac

 

select user,host,authentication_string,password_expired from mysql.user;
update mysql.user set authentication_string=password('qwe123') where user='root' and host='localhost';
alter user 'root'@'localhost' identified by 'qwe123';
FLUSH PRIVILEGES;

 

》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》

 

MariaDB 安裝配置

下載地址 http://downloads.mariadb.com/MariaDB/mariadb-10.2.11/winx64-packages/

 

# Example MariaDB config file for large systems.
#
# This is for a large system with memory = 512M where the system runs mainly
# MariaDB.
#
# MariaDB programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, do:
# 'my_print_defaults --help' and see what is printed under
# Default options are read from the following files in the given order:
# More information at: http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.

# The following options will be passed to all MariaDB clients

###############################

# Installation steps: 
# 1: mysqld --install MariaDB --defaults-file="D:\mariadb-10.2.11-winx64\my.ini"
# 2: MySQL: mysqld --initialize
#    MariaDB: mysql_install_db.exe --datadir="D:\mariadb-10.2.11-winx64\mydb"
# 3: net start MariaDB
# 4: net stop MariaDB

# Update localhost root password:
# 1: select user,host,authentication_string,password_expired from mysql.user; 
# 2: update mysql.user set authentication_string=password('qwe123') where user='root' and host='localhost';
# 3: alter user 'root'@'localhost' identified by 'qwe123';
# 4: FLUSH PRIVILEGES;

# Change the password to qwe123
# 1: mysqladmin -u root -p password qwe123

# Setting up root remote access
# 1: mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'qwe123' WITH GRANT OPTION;
# 2: mysql> FLUSH PRIVILEGES;

# Create new database and user
# 1: create database weblm character set utf8;
# 2: grant all privileges on weblm.* to 'weblm'@'localhost' identified by 'weblm';
# 3: flush privileges;

###############################


[client]
#password = your_password
port = 3306
socket = "D:\mariadb-10.2.11-winx64/mydb/mysql.sock"

default-character-set = utf8

# Here follows entries for some specific programs

# The MariaDB server
[mysqld]
port = 3306

basedir = "D:\mariadb-10.2.11-winx64"
datadir = "D:\mariadb-10.2.11-winx64/mydb/"
tmpdir = "D:\mariadb-10.2.11-winx64/mydb/"
socket = "D:\mariadb-10.2.11-winx64/mydb/mysql.sock"
log-error = "D:\mariadb-10.2.11-winx64/mydb/mysql_error.log"

init_connect = 'SET collation_connection = utf8_unicode_ci'
init_connect = 'SET NAMES utf8'
character-set-server = utf8
collation-server = utf8_unicode_ci
skip-character-set-client-handshake

skip-external-locking
key_buffer_size = 256M
max_allowed_packet = 1M
table_open_cache = 256
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size = 16M

# Try number of CPU's*2 for thread_concurrency
#thread_concurrency = 8

# Point the following paths to different dedicated disks
#tmpdir = /tmp/

# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
# 
#skip-networking

# Replication Master Server (default)
# binary logging is required for replication
log-bin = mysql-bin

# binary logging format - mixed recommended
binlog_format = mixed

# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id = 1

# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
#    the syntax is:
#
#    CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
#    MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
#    where you replace <host>, <user>, <password> by quoted strings and
#    <port> by the master's port number (3306 by default).
#
#    Example:
#
#    CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
#    MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
#    start replication for the first time (even unsuccessfully, for example
#    if you mistyped the password in master-password and the slave fails to
#    connect), the slave will create a master.info file, and any later
#    change in this file to the variables' values below will be ignored and
#    overridden by the content of the master.info file, unless you shutdown
#    the slave server, delete master.info and restart the slaver server.
#    For that reason, you may want to leave the lines below untouched
#    (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id       = 2
#
# The replication master for this slave - required
#master-host     =   <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user     =   <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password =   <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port     =  <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin

# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = C:\\mysql\\data\\
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = C:\\mysql\\data\\
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 256M
#innodb_additional_mem_pool_size = 20M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 64M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates

default-character-set = utf8

[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

###############################

 

安裝後在/root目錄下沒有發現有.mysql_secret這個文件，因此沒有無法按照官方文檔上說的那樣使用，這裏記錄下，

解決方式：

首先修改MySQL受權登陸方式---（跳過受權驗證方式啓動MySQL）：
[root@test ~]# mysqld_safe --skip-grant-tables &
[1] 3401
[root@test ~]# 2016-05-19T12:47:56.564385Z mysqld_safe Logging to '/var/log/mysqld.log'.
2016-05-19T12:47:56.589376Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

檢查MySQL啓動狀況
[root@test ~]# ps -ef | grep mysql
root      3401  2880  0 20:47 pts/1    00:00:00 /bin/sh /usr/bin/mysqld_safe --skip-grant-tables
mysql     3548  3401  0 20:47 pts/1    00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --skip-grant-tables --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock

這時登陸MySQL再也不須要驗證
[root@test ~]# mysql

成功登陸MySQL後：

切換到mysql系統庫：
mysql> use mysql;

修改root帳戶登陸密碼：
mysql> update user set password=password('') where user='root';
ERROR 1054 (42S22): Unknown column 'password' in 'field list'
---報錯沒有password這個數據字段列

描述user表
mysql> desc user;
...
| authentication_string  | text                              | YES  |     | NULL                  |       |
| password_expired       | enum('N','Y')                     | NO   |     | N                     |       |
| password_last_changed  | timestamp                         | YES  |     | NULL                  |       |
| password_lifetime      | smallint(5) unsigned              | YES  |     | NULL                  |       |
| account_locked         | enum('N','Y')                     | NO   |     | N                     |       |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
---沒發現password列，可是找到這5個跟密碼相關的數據字段

查詢一下相關的密碼信息：
mysql> select user,host,authentication_string,password_expired from user;
+-----------+-----------+-------------------------------------------+------------------+
| user      | host      | authentication_string                     | password_expired |
+-----------+-----------+-------------------------------------------+------------------+
| root      | localhost | *9AA01F6E2A80A823ACB72CC07337E2911404B5B8 | Y                |
| mysql.sys | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N                |
+-----------+-----------+-------------------------------------------+------------------+
---到這裏不難發現root帳戶的密碼已過時，還比5.6多出了一個mysql.sys用戶

修改密碼
mysql> update user set authentication_string=password('123abc') where user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

密碼修改爲功,測試：

重啓MySQL：
[root@test ～]# /etc/init.d/mysqld restart

登陸測試:
[root@test ～]# mysql -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.12-enterprise-commercial-advanced
...
mysql> show databases;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
---報錯，須要使用alter user 修改密碼

mysql> alter user root@'localhost' identified by 'oracle';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
---報錯，密碼不知足制定的密碼負責度要求

mysql> alter user 'root'@'localhost' identified by 'Abc!123D';
Query OK, 0 rows affected (0.01 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

 關於密碼策略

mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+
6 rows in set (0.02 sec) 

mysql> show plugins;
+----------------------------+----------+--------------------+----------------------+-------------+
| Name                       | Status   | Type               | Library              | License     |
+----------------------------+----------+--------------------+----------------------+-------------+
| binlog                     | ACTIVE   | STORAGE ENGINE     | NULL                 | PROPRIETARY |

...
| validate_password          | ACTIVE   | VALIDATE PASSWORD  | validate_password.so | PROPRIETARY |
+----------------------------+----------+--------------------+----------------------+-------------+
---能夠經過在配置文件[mysqld]標籤中添加 validate_passwor=off ，來關閉密碼策略
以下:
...
| validate_password          | DISABLED | VALIDATE PASSWORD  | validate_password.so | PROPRIETARY |
+----------------------------+----------+--------------------+----------------------+-------------+

總結

1) 安裝好mysql後，第一次啓動時，root管理密碼會在/root/.mysql_secret中隨機生成

2) 至5.7後，MySQL的 mysql.user 表中的密碼字段由以前的 password 改成 authentication_string

3) 使用--skip-grant-tables 參數啓動，跳過MySQL的受權驗證，--skip-networking參數，跳過遠程登陸

4) 修改MySQL密碼方式：

法1：update user set authentication_string=password('123abc') where user='root';

法2：set password=password('newpassword');

法3：alter user root@'localhost' identified by 'oracle';

法4：在shell下使用MySQL工具：mysqladmin -uroot -poldpassword pasword "newpassword"

5) 關於MySQL密碼策略：

決定是否使用該插件(及強制/永久強制使用)

--validate-password=ON/OFF/FORCE/FORCE_PLUS_PERMANENT

 

validate_password_dictionary_file           > 插件用於驗證密碼強度的字典文件路徑。

validate_password_length                        > 密碼最小長度。

validate_password_mixed_case_count     > 密碼至少要包含的小寫字母個數和大寫字母個數。

validate_password_number_count　　　　> 密碼至少要包含的數字個數。

validate_password_policy                         > 密碼強度檢查等級， 0/LOW、1/MEDIUM、2/STRONG。

validate_password_special_char_count    > 密碼至少要包含的特殊字符數。

 

其中關於validate_password_policy-密碼強度檢查等級：

0/LOW　　　　>  只檢查長度。

1/MEDIUM      >  檢查長度、數字、大小寫、特殊字符。

2/STRONG      >  檢查長度、數字、大小寫、特殊字符字典文件。

後記

通過一段時間後，發現mysql初始密碼原來被記錄到了日誌文件中

查找日誌位置
[root@test /var/lib/mysql]# ps -ef | grep mysql
root      5604     1  0 22:40 pts/1    00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql     5802  5604  5 22:40 pts/1    00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root      5837  2880  0 22:40 pts/1    00:00:00 grep --color mysql
藏在日誌文件中的臨時密碼
[root@test /var/lib/mysql]# grep "A temporary password"  /var/log/mysqld.log 
2016-05-17T16:46:53.059632Z 1 [Note] A temporary password is generated for root@localhost: +wGVA#to(4tu