SME Server up to and including version 9.x runs MySQL as a database server.
SME Server 10 uses MariaDB to provide this function. A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default.
- MySQL website: http://www.mysql.com
- MySQL 4.1 manual: http://dev.mysql.com/doc/refman/4.1/en/
- MariaDB documentation: https://mariadb.org/documentation/
The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MariaDB installed on SME Server is version 5.5.68.You can upgrade MariaDB, using their rpms, to a higher version but you are advised not to do so, as this might break your SME Server configuration. The Horde webmail interface relies on MariaDB. Upgrading to version 10.x has potential to break stuff like webmail. If you insist on upgrading MariaDB you may be able to find instructions in the forum, but be advised that no support can be expected from the developers and all bugs reported in the bugtracker will not be taken into account.
MariaDB on SME Server runs on a socket instead of on a port which you might be accustomed to. This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below).
[mysqld] [mysqld_safe] [mysql-5.7] [mariadb-10.1] [mariadb-10.2] [mariadb-10.3] [mariadb-10.5]
Access to MariaDB/MySQL from my application
As stated above on SME Server you have to use socket, this is more secure than using port. By default the service only listen on the server using socket, so trying to connect with any port will result in a failure.
Most application will have to define a string to access the socket, as below pointing to localhost (not 127.0.0.1, nor the LAN ip) and the full path to the socket. In some situation you will have to define the socket path and the host (localhost again and not 127.0.0.1) in variables.
define( 'DB_HOST', 'localhost:/var/lib/mysql/mysql.sock' );
MariaDB/MySQL root password
There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.
The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.
Login as MySQL root user
To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.
Resetting the MySQL root password
To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user.
systemctl stop mariadb expand-template /root/.my.cnf expand-template /var/lib/mysql/set.password /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables < /var/lib/mysql/set.password exit systemctl start mariadb
cd /var/service/mysqld sv d . expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password sv u .
For SME Server 7.2 and earlier releases do the following (they use the runsvctrl command instead of the sv command):
cd /var/service/mysqld runsvctrl d . expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password runsvctrl u .
Restoring accidentally deleted MySQL root user
mariadb 5.5 and up to 10.5 systemctl stop mariadb echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">/var/lib/mysql/set.rootuser echo "GRANT PROXY ON @ TO 'root'@'`config get DomainName`' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser echo "GRANT PROXY ON @ TO 'root'@'localhost' WITH GRANT OPTION;">>/var/lib/mysql/set.rootuser expand-template /root/.my.cnf expand-template /var/lib/mysql/set.password /usr/libexec/mysqld --socket=/var/lib/mysql/mysql.sock --bootstrap --user=mysql --skip-grant-tables <( cat /var/lib/mysql/set.rootuser /var/lib/mysql/set.password) exit systemctl start mariadb
for MySQL 5.1.73
cd /var/service/mysqld sv d . echo 'use mysql;'>set.rootuser echo "INSERT INTO `user` VALUES ('localhost','root',,'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',,,,,0,0,0,0);">>set.rootuser expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password sv u .
Note: The following is only applicable on SME 7.3 and MySQL 4.1
cd /var/service/mysqld sv d . echo 'use mysql;'>set.rootuser echo -n 'INSERT INTO user VALUES("localhost","root","",'>>set.rootuser echo '"Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","","","","",0,0,0);'>>set.rootuser expand-template /root/.my.cnf expand-template /var/service/mysqld/set.password /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password sv u .
MariaDB/MySQL fails to start
you need to investigate the cause by inspecting two logs :
- service log
journalctl -u mariadb
- mariadb log
tail -f /var/log/mariadb/mariadb.log
Corrupted user table
Your error in mariadb log will include
ERROR: 130 Incorrect file format 'user'
This could mostly occurs after a power outage. mysql.user table is a MYSIAM type
# ll /var/lib/mysql/mysql/user.* -rw-rw---- 1 mysql mysql 10630 3 jui 21:08 /var/lib/mysql/mysql/user.frm -rw-rw---- 1 mysql mysql 488 3 jui 21:08 /var/lib/mysql/mysql/user.MYD -rw-rw---- 1 mysql mysql 2048 3 jui 21:08 /var/lib/mysql/mysql/user.MYI
In this case you might see user.MYD or user.MYI with 0 byte size. If the issue is on MYI this is the index you should be able to rebuild, if it is on the MYD, this is the data, you will need a backup to restore from.
as root, first start mariadb without grant table
systemctl stop mariadb /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --skip-grant-tables
then use mysql command line
if wound any error try
mysqlcheck mysql --repair
if it fails then you needs to do a restore. You might have a dump in /home/e-smith/db/mysql/mysql.dump. Wishing it is up to date. I suggest you to copy it and just extract the part for the table you are missing. You need what is under
-- -- Table structure for table `user` --
-- -- Dumping data for table `user` --
Considering your table dump is now in a file called /home/e-smith/db/mysql/mysql.user.dump, do
mysql mysql < /home/e-smith/db/mysql/mysql.user.dump expand-template /var/lib/mysql/set.password mysql mysql < /var/lib/mysql/set.password mysqladmin shutdown systemctl start mariadb
Access MariaDB/MySQL using port from the localhost and local network
MariaDB/MySQL on SME Server runs on a socket instead of on a port. MariaDB/MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet. If you wish to enable local network access, execute the following commands on a SME Server shell as root (note access private is not needed as this is the default, and TCPPort 3306 neither as all ports are open to the LAN by default):
config setprop mariadb LocalNetworkingOnly no expand-template /etc/my.cnf systemctl restart /service/mysqld
config setprop mysqld LocalNetworkingOnly no expand-template /etc/my.cnf sv t /service/mysqld
Access MySQL from a remote network
If you wish to enable access to MariaDB/MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands:
config set mariadb service access public status enabled TCPPort 3306 signal-event remoteaccess-update signal-event smeserver-mysql-update
config set mysqld service access public status enabled TCPPort 3306 signal-event remoteaccess-update signal-event reboot
Keep in mind this enables access to your MariaDB/MySQL database for ANYONE, so make sure you have strong passwords on ALL your MariaDB/MySQL databases. Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command.
Create MariaDB/MySQL user(s) with access from other computers
SME Server's default MariaDB/MySQL database users, and most of the database examples in the wiki, allow login only from localhost.
If you want to access a MariaDB/MySQL database on your SME server from other computers, you must not only make the configuration changes described above, you must also create a user who is allowed to login from those systems (see 5.5.4. Access Control, Stage 1: Connection Verification for more detail).
Allow mysql login from any LAN workstation
Assuming your local network is 192.168.1.0, you can create a user with MariaDB/MySQL access from any LAN workstation (or VPN client) using the command shown below (courtesy of DarkMirage).
You probably want to change:
- the database name (MyDB)
- the user name (MyUser)
- the password (MyPW) and
- the allowed computers (192.168.1.%)
## In the command below, \ escapes a linebreak. ## Either include them, or place the entire command on one line mysql -e "\ create database MyDB; \ GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,ALTER \ ON *.* \ TO 'MyUser'@'192.168.1.%' \ IDENTIFIED BY 'MyPW'; \ FLUSH PRIVILEGES;"
Security Implications of allowing remote MariaDB/MySQL login
It is technically possible to combine the above techniques to allow remote MariaDB/MySQL login from any host on the Internet (allow network login, open the firewall, then set the network address to '%'). This would be a bad idea.
If you have remote users who need access to your MariaDB/MySQL database(s), encourage them to use a VPN connection, or an SSH tunnel, or (at a minimum), restrict the allowed login hosts to their internet IP address. On top of that, you are encouraged to enforce encrypted connection at the level of you MariaDB/MySQL service to avoid any clear text exchange on the LAN or worse on the Internet.
Enable InnoDB engine
To enable the InnoDB engine, run the following commands:
db configuration setprop mysqld InnoDB enabled expand-template /etc/my.cnf sv t /service/mysqld
To disable the InnoDB engine, run the following commands:
db configuration setprop mysqld InnoDB disabled expand-template /etc/my.cnf sv t /service/mysqld
Information about user managament can be found in the MySQL User Account Management section of the MySQL manual, which holds a lot of useful information, a small section is listed here for convenience.
Create a new database
- See the developers guide if you wish to automate the creation of a database within an rpm
- Get access to the SME Server shell and issue the following commands:
mysqladmin create 'dbname' --default-character-set=utf8
This will create an empty database called dbname.
Creating MySQL user(s)
Decide which permissions you will have to give to the user on what database. Details about this can be found in the MariaDB/MySQL Manual found at the MariaDB/MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server:
Suppose we want to create a user which has read-only access on all tables in the database called 'test':
GRANT SELECT ON test.* TO 'user'@'host' IDENTIFIED BY 'password';
In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MariaDB/MySQL server (don't forget the single quotes). More information can be found in the MariaDB/MySQL Server Manual at the MariaDB/MySQL website linked here.
Listing available databases
To view a list of available databases on the system you can issue the following command while logged in in MariaDB/MySQL:
Remove a database
Get access to the SME Server shell and MariaDB/MySQL and issue the following command:
drop database databasename;
Replace databasename with the name of the database.
Remove a user
Get access to the SME Server shell and MariaDB/MySQL and issue the following command:
USE mysql; DELETE FROM user WHERE user = 'username'; FLUSH PRIVILEGES;
Replace username with the username you wish to delete.
Optimizing MariaDB/MySQL default settings for SME 10
Here are the available settings from the configuration database to tweak you MariaDB service. If no default value indicated, please refers the the manual of your database version for its own default value:
to alter a value, just do
config set mariadb KeyBufferSize 18M MyisamSortBufferSize 8M expand-template /etc/my.cnf systemctl restart mariadb
if your needed option is not available then create a dedicated template custom. Be careful to use a name starting with a number between 016 and 039.
mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ vim /etc/e-smith/templates-custom/etc/my.cnf/017myvalues expand-template /etc/my.cnf systemctl restart mariadb
Optimizing MariaDB/MySQL default settings for up to SME9
SME Server uses MariaDB/MySQL for the webmail package, and the default configuration is optimized for that.
If you are using the SME server to provide MariaDB/MySQL databases for functions running on workstations, you may need to adjust some of the default MariaDB/MySQL parameters. Keep in mind it is difficult to optimize MYSQL for a number of different applications, as default values that are suitable for one application may not be suitable for another. In determining appropriate settings for MariaDB/MySQL, you will also need to consider the system resources & general specification of the server that MariaDB/MySQL is running on.
Pointers for tuning and optimizing the databases can be found at http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/ and http://lists.mysql.com/mysql/214398 and specifically re key_buffer_size at http://lists.mysql.com/mysql/214398
The following example comes from this forum thread http://forums.contribs.org/index.php/topic,46694.0.html and refers to this bug report http://bugs.contribs.org/show_bug.cgi?id=6287
To change the following parameters
Create a custom template fragment & edit it to include your required parameters
mkdir -p /etc/e-smith/templates-custom/etc/my.cnf/ vim /etc/e-smith/templates-custom/etc/my.cnf/016mysetup
Save & Exit
Ctrl o Ctrl x
Expand the changes & restart mysql
expand-template /etc/my.cnf sv t /service/mysqld
Check /etc/my.cnf to see that the changes are reflected.