我正在尝试连接到用于开发的本地 mysql 服务器
服务器启动正常,但我无法以非 root 用户身份连接到它。
[root@somepc ]# mysql -u [someuser] -p[somepass]
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13 "Permission denied")
作为 root,这可以按预期工作。因此该用户确实有权访问 mysql。
mysql -u [user] -p[password]
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
当我检查作为我的用户的权限时
stat /var/lib/mysql/mysql.sock
stat: cannot stat '/var/lib/mysql/mysql.sock': Permission denied
对于非 root 用户来说这些权限应该是什么?
答案1
该问题与套接字文件权限错误有关
namei -l /var/lib/mysql/mysql.sock Wed 07 Feb 2018 12:53:54 SAST
f: /var/lib/mysql/mysql.sock
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root lib
drwx------ mysql mysql mysql
mysql.sock - No such file or directory
作为 root,我可以看到套接字文件的权限是
ll /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 07.02.2018 12:42 /var/lib/mysql/mysql.sock=
因此问题出在 mysql 的目录上,如上所示。
drwx------ mysql mysql mysql
我通过授予每个人访问权限解决了这个问题。因为这是我用于开发的本地机器。
sudo chmod go+rx /var/lib/mysql/
在生产机器上,我会考虑将正确的用户归入 mysql 组。
sudo chmod g+rx /var/lib/mysql/
grep mysql /etc/group
mysql:x:89:[someusers]
请运用常识,将[]
上述内容替换为您需要的内容
现在按预期工作
mysql -u [user] -p[password]
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
答案2
解决此问题的另一个方法是连接时不使用套接字。
mysql -u [aaron] -p[aarw] -h 127.0.0.1
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.30-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
您的用户需要获得正确的授权才能连接到服务器。这两种方式都可以。
-- Grants for '[username]'@'localhost'
GRANT ALL PRIVILEGES ON *.* TO '[username]'@'localhost' IDENTIFIED BY PASSWORD '*somehash' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON `%`.* TO '[username]'@'localhost' WITH GRANT OPTION;
在运行它之前,您需要了解其安全隐患。允许所有主机连接,包括互联网上的任何地方。
-- Grants for '[username]'@'%'
GRANT ALL PRIVILEGES ON *.* TO '[username]'@'%' IDENTIFIED BY PASSWORD '*somehash' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON `%`.* TO '[username]'@'%' WITH GRANT OPTION;