mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-11-25 05:37:32 +00:00
48 lines
1.4 KiB
Text
48 lines
1.4 KiB
Text
= Allow or prevent access from the network to the database server
|
|
== Allow access to the database from the network
|
|
To allow remote connections, you need to open the port 3306 on the firewall.
|
|
|
|
----
|
|
$ sudo firewall-cmd --add-service=mysql --permanent
|
|
$ sudo firewall-cmd --reload
|
|
----
|
|
|
|
In addition you have to grant rights to the user you want to use to connect to the database.
|
|
|
|
From the mysql shell, for example, grant all the privileges on the database _test_ to _my_user_ user connecting from the host _192.168.1.1_ using the password _PaSsWoRd_:
|
|
|
|
----
|
|
mysql> GRANT ALL PRIVILEGES ON test.* TO 'my_user'@'192.168.1.1' IDENTIFIED BY 'PaSsWoRd';
|
|
----
|
|
|
|
== Limit the access to the database only from localhost
|
|
|
|
On the other hand, if you want to avoid to expose the database service on the network, edit the configuration file
|
|
|
|
* `/etc/my.cnf.d/mariadb-server.cnf` for MariaDB
|
|
* `/etc/my.cnf.d/community-mysql-server.cnf` for MySQL
|
|
* `/etc/my.cnf` for MySQL installed from the third party repository
|
|
|
|
and add/uncomment/modify this option in the `[mysqld]` section
|
|
|
|
----
|
|
bind-address=127.0.0.1
|
|
----
|
|
|
|
Restart the service (use `mysqld` in place of `mariadb` if it is the case)
|
|
|
|
----
|
|
$ sudo systemctl restart mariadb
|
|
----
|
|
|
|
Verify that the service is listening only on localhost (127.0.0.1). The output of this command:
|
|
|
|
----
|
|
$ ss -ntl |grep 3306
|
|
----
|
|
|
|
should look like:
|
|
|
|
----
|
|
LISTEN 0 80 127.0.0.1:3306 0.0.0.0:*
|
|
----
|