MariaDB packages bind MariaDB to 127.0.0.1 (the loopback IP address) by default as a security measure using the
bind-addressconfiguration directive. Old MySQL packages sometimes disabled TCP/IP networking altogether using the
skip-networking directive. Before going in to how to configure these, let's explain what each of them actually does:
- skip-networking is fairly simple. It just tells MariaDB to run without any of the TCP/IP networking options.
- bind-address requires a little bit of background information. A given server usually has at least two networking interfaces (although this is not required) and can easily have more. The two most common are a Loopback network device and a physical Network Interface Card (NIC) which allows you to communicate with the network. MariaDB is bound to the loopback interface by default because it makes it impossible to connect to the TCP port on the server from a remote host (the bind-address must refer to a local IP address, or you will receive a fatal error and MariaDB will not start). This of course is not desirable if you want to use the TCP port from a remote host, so you must remove this bind-address directive (MariaDB only supports one bind-address, but binds to 0.0.0.0, or :: (every IP) if the bind-address directive is left out).
Finding the defaults file
Common locations for defaults files:
* /etc/my.cnf (*nix/BSD)
* $MYSQL_HOME/my.cnf (*nix/BSD) *Most Notably /etc/mysql/my.cnf
* SYSCONFDIR/my.cnf (*nix/BSD)
* DATADIR\my.ini (Windows)
Editing the defaults file
Once you have located the defaults file, use a text editor to open the file and try to find lines like this under the [mysqld] section:
[mysqld]
...
skip-networking
...
bind-address = <some ip-address>
...
(The lines may not be in this order, and the order doesn't matter.)
If you are able to locate these lines, make sure they are both commented out (prefaced with hash (#) characters), so that they look like this:
[mysqld]
...
#skip-networking
...
#bind-address = <some ip-address>
...
(Again, the order of these lines don't matter)
Granting user connections from remote hosts
Now that your MariaDB server installation is setup to accept connections from remote hosts, we have to add a user that is allowed to connect from something other than 'localhost' (Users in MariaDB are defined as 'user'@'host', so 'chadmaynard'@'localhost' and 'chadmaynard'@'1.1.1.1' (or 'chadmaynard'@'server.domain.local') are different users that can have completely different permissions and/or passwords.
To create a new user:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 5.5.28-MariaDB-mariadb1~lucid mariadb.org binary distribution
Copyright (c) 2000, 2012, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
- if you are interested in viewing any existing remote users, issue the following SQL statement on the mysql.user table:
SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+--------+-----------+
| User | Host |
+--------+-----------+
| daniel | % |
| root | 127.0.0.1 |
| root | ::1 |
| root | gandalf |
+--------+-----------+
4 rows in set (0.00 sec)
(If you have a fresh install, it is normal for no rows to be returned)
Now you have some decisions to make. At the heart of every grant statement you have these things:
- list of allowed privileges
- what database/tables these privileges apply to
- username
- host this user can connect from
- and optionally a password
It is common for people to want to create a "root" user that can connect from anywhere, so as an example, we'll do just that, but to improve on it we'll create a root user that can connect from anywhere on my local area network (LAN), which has addresses in the subnet 192.168.100.0/24. This is an improvement because opening a MariaDB server up to the Internet and granting access to all hosts is bad practice.
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;
(% is a wildcard)
At this point we have accomplished our goal and we have a user 'root' that can connect from anywhere on the 192.168.100.0/24 LAN.
For more information about how to use GRANT, please see the
GRANT page.
Caveats
- if your system is running a software firewall (or behind a hardware firewall or NAT) you must allow connections destined to TCP port that MariaDB runs on (by default and almost always 3306).
- to undo this change, simply uncomment the bind-address line in your defaults file.
Login or
signup to receive notifications when this page changes.
configuring-mariadb-for-remote-client-access(原文連結)