mysql_secure_installation(1) 맨 페이지 - 윈디하나의 솔라나라




     mysql_secure_installation - improve MySQL installation


     This program enables you to improve the security of your
     MySQL installation in the following ways:

     *   You can set a password for root accounts.

     *   You can remove root accounts that are accessible from
         outside the local host.

     *   You can remove anonymous-user accounts.

     *   You can remove the test database (which by default can
         be accessed by all users, even anonymous users), and
         privileges that permit anyone to access databases with
         names that start with test_.

     mysql_secure_installation helps you implement security
     recommendations similar to those described at Section 2.9.4,
     Securing the Initial MySQL Account.

     Normal usage is to connect to the local MySQL server; invoke
     mysql_secure_installation without arguments:

         shell> mysql_secure_installation

     When executed, mysql_secure_installation prompts you to
     determine which actions to perform.

     The validate_password component can be used for password
     strength checking. If the plugin is not installed,
     mysql_secure_installation prompts the user whether to
     install it. Any passwords entered later are checked using
     the plugin if it is enabled.

     Most of the usual MySQL client options such as --host and
     --port can be used on the command line and in option files.
     For example, to connect to the local server over IPv6 using
     port 3307, use this command:

         shell> mysql_secure_installation --host=::1 --port=3307

     mysql_secure_installation supports the following options,
     which can be specified on the command line or in the
     [mysql_secure_installation] and [client] groups of an option
     file. For information about option files used by MySQL
     programs, see Section 4.2.6, Using Option Files.

     *   --help, -?

         Display a help message and exit.

     *   --defaults-extra-file=file_name

         Read this option file after the global option file but
         (on Unix) before the user option file. If the file does
         not exist or is otherwise inaccessible, an error occurs.
         file_name is interpreted relative to the current
         directory if given as a relative path name rather than a
         full path name.

     *   --defaults-file=file_name

         Use only the given option file. If the file does not
         exist or is otherwise inaccessible, an error occurs.
         file_name is interpreted relative to the current
         directory if given as a relative path name rather than a
         full path name.

     *   --defaults-group-suffix=str

         Read not only the usual option groups, but also groups
         with the usual names and a suffix of str. For example,
         mysql_secure_installation normally reads the [client]
         and [mysql_secure_installation] groups. If the
         --defaults-group-suffix=_other option is given,
         mysql_secure_installation also reads the [client_other]
         and [mysql_secure_installation_other] groups.

     *   --host=host_name, -h host_name

         Connect to the MySQL server on the given host.

     *   --no-defaults

         Do not read any option files. If program startup fails
         due to reading unknown options from an option file,
         --no-defaults can be used to prevent them from being

         The exception is that the .mylogin.cnf file, if it
         exists, is read in all cases. This permits passwords to
         be specified in a safer way than on the command line
         even when --no-defaults is used. (.mylogin.cnf is
         created by the mysql_config_editor utility. See

     *   --password=password, -p password

         This option is accepted but ignored. Whether or not this
         option is used, mysql_secure_installation always prompts
         the user for a password.

     *   --port=port_num, -P port_num

         The TCP/IP port number to use for the connection.

     *   --print-defaults

         Print the program name and all options that it gets from
         option files.

     *   --protocol={TCP|SOCKET|PIPE|MEMORY}

         The connection protocol to use for connecting to the
         server. It is useful when the other connection
         parameters normally would cause a protocol to be used
         other than the one you want. For details on the
         permissible values, see Section 4.2.2, Connecting to the
         MySQL Server.

     *   --socket=path, -S path

         For connections to localhost, the Unix socket file to
         use, or, on Windows, the name of the named pipe to use.

     *   --ssl*

         Options that begin with --ssl specify whether to connect
         to the server using SSL and indicate where to find SSL
         keys and certificates. See Section 6.4.2, Command
         Options for Encrypted Connections.

     *   --ssl-fips-mode={OFF|ON|STRICT} Controls whether to
         enable FIPS mode on the client side. The --ssl-fips-mode
         option differs from other --ssl-xxx options in that it
         is not used to establish encrypted connections, but
         rather to affect which cryptographic operations are
         permitted. See Section 6.6, FIPS Support.

         These --ssl-fips-mode values are permitted:

         *   OFF: Disable FIPS mode.

         *   ON: Enable FIPS mode.

         *   STRICT: Enable strict FIPS mode.

             If the OpenSSL FIPS Object Module is not available,
             the only permitted value for --ssl-fips-mode is OFF.
             In this case, setting --ssl-fips-mode to ON or
             STRICT causes the client to produce a warning at
             startup and to operate in non-FIPS mode.

     *   --tls-version=protocol_list

         The protocols permitted by the client for encrypted
         connections. The value is a comma-separated list
         containing one or more protocol names. The protocols
         that can be named for this option depend on the SSL
         library used to compile MySQL. For details, see
         Section 6.4.6, Encrypted Connection Protocols and

     *   --use-default

         Execute noninteractively. This option can be used for
         unattended installation operations.

     *   --user=user_name, -u user_name

         The MySQL user name to use when connecting to the

     Copyright c 1997, 2018, Oracle and/or its affiliates. All
     rights reserved.

     This documentation is free software; you can redistribute it
     and/or modify it only under the terms of the GNU General
     Public License as published by the Free Software Foundation;
     version 2 of the License.

     This documentation is distributed in the hope that it will
     be useful, but WITHOUT ANY WARRANTY; without even the
     implied warranty of MERCHANTABILITY or FITNESS FOR A
     PARTICULAR PURPOSE. See the GNU General Public License for
     more details.

     You should have received a copy of the GNU General Public
     License along with the program; if not, write to the Free
     Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
     Boston, MA 02110-1301 USA or see

See Also
     For more information, please refer to the MySQL Reference
     Manual, which may already be installed locally and which is
     also available online at

     Oracle Corporation (
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.