105
edits
Changes
From SME Server
Jump to navigationJump to searchPresentation formating for FAQ
{{Languages}}
{{Languages}}
SME Server runs MySQL as a database server.
SME Server runs MySQL as a database server.
A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default.
A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default.
* MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/
* MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/
==General==
The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MySQL installed on SME Server is version 4.1.20.
The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MySQL installed on SME Server is version 4.1.20.
This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below).
This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below).
==MySQL root password==
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.
The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.
The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.
===Login as MySQL root user===
To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.
To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.
===Resetting the MySQL root password===
To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user.
To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user.
runsvctrl u .
runsvctrl u .
===Restoring accidently deleted MySQL root user===
Note: The following is only applicable on SME 7.3 and MySQL 4.1
Note: The following is only applicable on SME 7.3 and MySQL 4.1
cd /var/service/mysqld
cd /var/service/mysqld
sv u .
sv u .
==Access MySQL from the local network==
MySQL on SME Server is run on a socket instead of on a port.
MySQL on SME Server is run on a socket instead of on a port.
MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet.
MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet.
sv t /service/mysqld
sv t /service/mysqld
==Access MySQL from a remote network==
If you wish to enable access to MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands:
If you wish to enable access to MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands:
Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command.
Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command.
==Create MySQL user(s) with access from other computers==
SME Server's default mysql database users, and most of the database examples in the wiki, allow login only from ''localhost''.
SME Server's default mysql database users, and most of the database examples in the wiki, allow login only from ''localhost''.
If you want to access a mysql database on your SME server from other computers, you must not only make the configuration changes described above, you must also create a user who is allowed to login from those systems (see [http://dev.mysql.com/doc/refman/4.1/en/connection-access.html 5.5.4. Access Control, Stage 1: Connection Verification] for more detail).
If you want to access a mysql database on your SME server from other computers, you must not only make the configuration changes described above, you must also create a user who is allowed to login from those systems (see [http://dev.mysql.com/doc/refman/4.1/en/connection-access.html 5.5.4. Access Control, Stage 1: Connection Verification] for more detail).
===Allow mysql login from any LAN workstation===
Assuming your local network is 192.168.xx.0, you can create a user with mysql access from any LAN workstation (or VPN client) using the command shown below (couresy of [http://forums.contribs.org/index.php/topic,32270.msg136322.html#msg136322 DarkMirage]).
Assuming your local network is 192.168.xx.0, you can create a user with mysql access from any LAN workstation (or VPN client) using the command shown below (couresy of [http://forums.contribs.org/index.php/topic,32270.msg136322.html#msg136322 DarkMirage]).
{{Tip box|The suggestion here is to assign privileges based on IP number (using a wild card if desired), the same can also be done for hostnames. In some cases, like dynamicaly assgned IP addresses, this might be a more suitable and robust solution.}}
{{Tip box|The suggestion here is to assign privileges based on IP number (using a wild card if desired), the same can also be done for hostnames. In some cases, like dynamicaly assgned IP addresses, this might be a more suitable and robust solution.}}
FLUSH PRIVILEGES;"</nowiki>
FLUSH PRIVILEGES;"</nowiki>
===Security Implications of allowing remote mysql login===
It is technically possible to combine the above techniques to allow remote mysql login from any host on the Internet (allow network login, open the firewall, then set the network address to '%'). This would be a bad idea.
It is technically possible to combine the above techniques to allow remote mysql login from any host on the Internet (allow network login, open the firewall, then set the network address to '%'). This would be a bad idea.
If you have remote users who need access to your mysql database(s), encourage them to use a VPN connection, or an SSH tunnel, or (at a minimum), restrict the allowed login hosts to their internet IP address.
If you have remote users who need access to your mysql database(s), encourage them to use a VPN connection, or an SSH tunnel, or (at a minimum), restrict the allowed login hosts to their internet IP address.
==Enable InnoDB engine==
To enable the InnoDB engine, run the following commands:
To enable the InnoDB engine, run the following commands:
sv t /service/mysqld
sv t /service/mysqld
==Administration==
Information about user managament can be found in the [http://dev.mysql.com/doc/refman/4.1/en/user-account-management.html MySQL User Account Management section] of the [http://dev.mysql.com/doc/refman/4.1/en/ MySQL manual], which holds a lot of useful information, a small section is listed here for convenience.
Information about user managament can be found in the [http://dev.mysql.com/doc/refman/4.1/en/user-account-management.html MySQL User Account Management section] of the [http://dev.mysql.com/doc/refman/4.1/en/ MySQL manual], which holds a lot of useful information, a small section is listed here for convenience.
===Create a new database===
* See the developers guide if you wish to automate the creation of a database within an rpm
* See the developers guide if you wish to automate the creation of a database within an rpm
or
or
}}
}}
===Creating MySQL user(s)===
Decide which permissions you will have to give to the user on what database. Details about this can be found in the MySQL Manual found at the MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server:
Decide which permissions you will have to give to the user on what database. Details about this can be found in the MySQL Manual found at the MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server:
In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MySQL server (don't forget the single quotes). More information can be found in the MySQL Server Manual at the MySQL website linked here.
In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MySQL server (don't forget the single quotes). More information can be found in the MySQL Server Manual at the MySQL website linked here.
===Listing available databases===
To view a list of available databases on the system you can issue the following command while logged in in MySQL:
To view a list of available databases on the system you can issue the following command while logged in in MySQL:
show databases;
show databases;
===Remove a database===
Get access to the SME Server shell and MySQL and issue the following command:
Get access to the SME Server shell and MySQL and issue the following command:
Replace databasename with the name of the database.
Replace databasename with the name of the database.
===Remove a user===
Get access to the SME Server shell and MySQL and issue the following command:
Get access to the SME Server shell and MySQL and issue the following command:
{{Tip box|mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.}}
{{Tip box|mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.}}
==Optimizing MYSQL default settings==
SME Server uses MYSQL for the webmail package, and the default configuration is optimized for that.
SME Server uses MYSQL for the webmail package, and the default configuration is optimized for that.
