Help us understand the problem. What is going on with this article?

mysql_secure_installation の中身を追ってみた

More than 5 years have passed since last update.

MySQLをインストール後、初期設定に mysql_secure_installation を使用していたのですが、どのようなことをしているのか、わかっていなかったので、中身を追ってみました。

まずは、スクリプトファイルの場所を探しました。

$ which mysql_secure_installation | xargs ls -l
-rwxr-xr-x 1 root root 8198  1月 22 04:13 /usr/bin/mysql_secure_installation

/usr/bin/の中にある mysql_secure_installation を開いて中身を追っていきます。

root ユーザのパスワード変更

Change the root password? [Y/n]

root ユーザのパスワードを設定する箇所です。

set_root_password() {
    stty -echo
    echo $echo_n "New password: $echo_c"
    read password1
    echo
    echo $echo_n "Re-enter new password: $echo_c"
    read password2
    echo
    stty echo

    if [ "$password1" != "$password2" ]; then
        echo "Sorry, passwords do not match."
        echo
        return 1
    fi

    if [ "$password1" = "" ]; then
        echo "Sorry, you can't use an empty password here."
        echo
        return 1
    fi

    esc_pass=`basic_single_escape "$password1"`
    do_query "UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root';"
    if [ $? -eq 0 ]; then
        echo "Password updated successfully!"
        echo "Reloading privilege tables.."
        reload_privilege_tables
        if [ $? -eq 1 ]; then
                clean_and_exit
        fi
        echo
        rootpass=$password1
        make_config
    else
        echo "Password update failed!"
        clean_and_exit
    fi

    return 0
}
UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root'

匿名ユーザの削除

Remove anonymous users? [Y/n]

匿名ユーザを削除する箇所です。

remove_anonymous_users() {
    do_query "DELETE FROM mysql.user WHERE User='';"
    if [ $? -eq 0 ]; then
        echo " ... Success!"
    else
        echo " ... Failed!"
        clean_and_exit
    fi

    return 0
}
DELETE FROM mysql.user WHERE User=''

root ユーザーのリモートログイン禁止

Disallow root login remotely? [Y/n]

リモートログイン禁止箇所です。

remove_remote_root() {
    do_query "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    if [ $? -eq 0 ]; then
        echo " ... Success!"
    else
        echo " ... Failed!"
    fi
}
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

test データベースの削除

Remove test database and access to it?

test データベースを削除する箇所です。

remove_test_database() {
    echo " - Dropping test database..."
    do_query "DROP DATABASE test;"
    if [ $? -eq 0 ]; then
        echo " ... Success!"
    else
        echo " ... Failed!  Not critical, keep moving..."
    fi

    echo " - Removing privileges on test database..."
    do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
    if [ $? -eq 0 ]; then
        echo " ... Success!"
    else
        echo " ... Failed!  Not critical, keep moving..."
    fi

    return 0
}
DROP DATABASE test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'

権限テーブルの再読込

Reload privilege tables now? [Y/n]
reload_privilege_tables() {
    do_query "FLUSH PRIVILEGES;"
    if [ $? -eq 0 ]; then
        echo " ... Success!"
        return 0
    else
        echo " ... Failed!"
        return 1
    fi
}
FLUSH PRIVILEGES;

最後に mysql_secure_installation の実行前と実行後

Before

User Host Password
root localhost
root mysql
root 127.0.0.1
root ::1

After

User Host Password
root localhost *7EB93459
root 127.0.0.1 *7EB93459
root ::1 *7EB93459
naoyoshinori
2011年ETロボコンCS大会のモデル評価A-。UMLモデラー, Webプログラマー and Linuxエンジニア。Java/Groovy/Spock/Gradle/Linux
http://yoshi-naoyuki.jp/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away