Rocky10 编译安装 Asp.net Core_9 Nginx_1.28.0 Mariadb_11.8.3 Redis_8.2.0 (实测 笔记)
一、查看硬件信息
1、查看物理cpu个数、核心数量、线程数
grep 'physical id' /proc/cpuinfo | sort -u | wc -l
grep 'core id' /proc/cpuinfo | sort -u | wc -l
grep 'processor' /proc/cpuinfo | sort -u | wc -l
2、查看cpu信息
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
3、查看内存和硬盘
free -h && df -h
4、查看IP地址
ip addr
5、查看dns配置文件
cat /etc/resolv.conf
6、用户和用户组 列表文件
cat /etc/group
cat /etc/passwd
7、查看可以登录系统的用户
cat /etc/passwd | grep -v /sbin/nologin | cut -d : -f 1
8、把 /usr/local/src 目录,转到 /data 下
mkdir -p /data
mv /usr/local/src /data
ln -s /data/src /usr/local/src
9、主机名设置、查看
hostnamectl --static set-hostname tRocky
hostname
=====================================================
bombardier 安装及使用
ln -s /usr/local/src/bombardier /bin
bombardier -c 125 -n 10000 http://localhost:5000
iftop安装及使用
dnf install epel-release -y
dnf install iftop
=====================================================
二、基础设置
1、安装基础包
dnf install vim wget lsof gcc gcc-c++ tar bzip2 gzip firewalld openssl-devel make chrony cronie -y
2、配置Vim显示格式
vim /etc/vimrc,打开文件在末尾添加以下内容
set nocompatible
set number
filetype on
set history=1000
set background=dark
syntax on
set autoindent
set smartindent
set tabstop=2
set shiftwidth=2
set showmatch
set guioptions-=T
set vb t_vb=
set ruler
set nohls
set incsearch
set nobackup
:wq 保存退出
VIM格式化使用方法(打开文件后,输入以下命令,第二个G是shift+g)
gg=G
3、chrony来实现时间同步(默认不再支持ntp软件包)
设置时区
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
加入开启启动
systemctl enable chronyd && systemctl start chronyd
设置NTP同步时间,设置时区
timedatectl set-ntp true
timedatectl set-timezone Asia/Shanghai
查看配置文件
cat /etc/chrony.conf
查看和更改系统的时间和日期
timedatectl
修改时间
date -s 2000-01-01
同步时间
systemctl restart chronyd
chronyc sources -v
设置定时任务,自动执行 (https://blog.csdn.net/zhai198/article/details/146015828)
dnf install cronie
mkdir -p /data/crond
添加以下内容 (每天 02:00同步一次,并且日志记录到 /data/crond/ntpdate.log)(或者crontab -e 打开后添加)
echo "00 02 * * * systemctl restart chronyd && chronyc sources -v 1>>/data/crond/ntpdate.log 2>&1" >> /var/spool/cron/root
4、设置网络(使用新的NetworkManager,弃用了原本的 network)
查看配置文件(不建议直接修改)
cat /etc/NetworkManager/system-connections/enp0s3.nmconnection
显示当前网络设置、当前网络连接
nmcli
nmcli d
nmcli c show
常用命令(enp0s3 为网络连接名称、c 为connection 简写 、m 为 modify 简写)
nmcli c m enp0s3 ipv4.address 192.168.0.10/24 # 修改 IP 地址和子网掩码
nmcli c m enp0s3 ipv4.gateway 192.168.0.1 # 修改默认网关
nmcli c m enp0s3 ipv4.method manual # 修改为静态配置,默认是 auto
nmcli c m enp0s3 ipv6.method disabled # 将 IPv6 禁用
nmcli c m enp0s3 connection.autoconnect yes # 开机启动
nmcli c m enp0s3 ipv4.dns 8.8.8.8 # 修改 DNS
nmcli c m enp0s3 +ipv4.dns 8.8.8.8 # (+号,表示添加DNS)
nmcli c m enp0s3 -ipv4.dns 8.8.8.8 # (-号,表示删除 DNS)
nmcli connection add type ethernet ifname enp0s3 # 新建网络连接
nmcli c delete enp0s3 # 删除网络连接
nmcli c reload # 重新载入一下配置文件
nmcli c down enp0s3 # 停止网络连接
nmcli c up enp0s3 # 启用网络连接
5、设置PUTTY远程登录时,不使用密码,使用密钥文件登录
服务器上创建目录
mkdir -p /root/.ssh
在"客户机"生成对称密钥,把客户机上的公钥复制到服务器(公钥文件:id_rsa.pub)
[root@centos ~] ssh-keygen -m PEM -t rsa -b 4096
根据提示操作,生成公钥
上传到服务器指定目录(*** 或使用软件远程复制id_rsa.pub到服务器/root/.ssh中。)
scp id_rsa.pub root@192.168.1.10/root/.ssh
查看服务器上,公钥是否已经存在
cd /root/.ssh
ll
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入密钥到authorized_keys
cat id_rsa.pub >> authorized_keys
ll /root/.ssh
-rw-r--r-- 1 root root 394 12月 5 09:37 authorized_keys
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入后,删除公钥文件
rm id_rsa.pub
设置目录和文件读取权限
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
设置sshd配置文件
vim /etc/ssh/sshd_config
找到GSSAPICleanupCredentials,并且修改为以下内容
GSSAPICleanupCredentials yes
:wq 保存退出
重启sshd服务,让其生效
systemctl restart sshd
客户端设置PUTTY,进行远程登录
打开软件 PuTTYgen
点击load 选择之前客户机生成私钥文件id_rsa, 点击save private key 生成 pKey.ppk文件
打开软件 PuTTY
点击Session,在HostName(or IP address)输入服务器地址
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为root)
点击Connection下的SSH下的Auth,点击Browse 选择之前生成 pKeyppk文件
点击Session,在Saved Sessions中,输入需要保存的Session名称,点击保存
设置完成后,即可以远程连接到服务器
打开软件 PuTTY
点击Session,在"Default Settings"下,找到之前已经保存的Session,双击打开连接
如果显示 Authenticating with public key "xxxxx-xxxx"时,即表未成功
设置新用户,并且使用密码和证书双重认证远程登录。同时禁止root远程登录 (如不需要,可忽略)
root登录后,修改root密码 (安全建议:密码为15位,大小字母+数字+特殊字符)
passwd
添加新用户,并且设置密码
adduser vicowong
passwd vicowong
创建目录,复制密钥相关文件到用户目录,并且设置权限
mkdir /home/vicowong/.ssh -p
cp /root/.ssh/authorized_keys /home/vicowong/.ssh
chmod 700 /home/vicowong/.ssh
chmod 600 /home/vicowong/.ssh/authorized_keys
chown vicowong:vicowong /home/vicowong/.ssh -R
设置防火墙,设置远程连接端口(这里是26322)
systemctl enable firewalld && systemctl start firewalld
firewall-cmd --zone=public --add-port=26322/tcp --permanent
firewall-cmd --reload && firewall-cmd --list-ports
安装semanage(用于设置selinux策略)
dnf install policycoreutils-python-utils
查看当前 selinux 是否启用 即 Enforcing 状态 (否则有可能设置 selinux 策略不成功)
getenforce
查看当前 selinux 关于远程ssh连接端口的设置
semanage port -l | grep ssh
ssh_port_t tcp 22
添加新端口
semanage port -a -t ssh_port_t -p tcp 26322
--------------------------------------------------------------------------------------------
移除端口
semanage port -d -t ssh_port_t -p tcp 26322
-------------------------------------------------------------------------------------------
设置sshd配置文件
vim /etc/ssh/sshd_config
找到以下内容,并且进行修改
Port 26322
Protocol 2
PermitRootLogin no
AllowUsers vicowong
StrictModes yes
#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication yes
AuthenticationMethods publickey,password
X11Forwarding no
MaxStartups 10:30:60
:wq 保存退出
# AuthorizedKeysFile
# PasswordAuthentication
# X11Forwarding
以上三个搜索,查看是否有重复设置
重启sshd服务,让其生效
systemctl restart sshd
使用新用户登录(重新打开一个新终端,原来的终端先不关,避免因设置不当导致没法连接远程)
打开软件 PuTTY,点击之前保存的Sessions,点击Load读取之前的配置
在Port框输入端口(当前账号为26322)
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为vicowong)
点击Session 点击Save。保存当前修改。
点击Open,打开终端。
设置后,必须远程将进行密码和证书双重认证。
远程登录会以vicowong这个账号进行登录。安装维护需要root权限时,可以使用su实现
su root
三、共用工具包
1、安装jemalloc(需要 bzip2 库解压)
cd /usr/local/src/
wget https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2
tar xjf jemalloc-5.3.0.tar.bz2 && cd jemalloc-5.3.0
./configure && make && make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig -v
find / -name jemalloc
2、编译 升级 zlib
cd /usr/local/src/
wget http://zlib.net/zlib-1.3.1.tar.gz
tar zvxf zlib-1.3.1.tar.gz && cd zlib-1.3.1
./configure && make && make install
ldconfig -v
find / -name libz.so.1.3.1
ll /usr/local/lib
3、openssl
dnf install openssl
openssl version
openssl version -a
openssl ciphers -v
ssh -V
四、安装nginx
1、安装pcre2
dnf install pcre2*
2、创建用户及用户组
groupadd www
useradd -g www www -s /sbin/nologin -M
mkdir -p /data/www/web
chmod +w /data/www/web
chown -R www:www /data/www/web
3、编译nginx
cd /usr/local/src/
wget http://nginx.org/download/nginx-1.28.0.tar.gz
tar zvxf nginx-1.28.0.tar.gz && cd nginx-1.28.0
vim src/core/nginx.h
#define nginx_version 1000000
#define NGINX_VERSION "1.0.0"
#define NGINX_VER "IIS"
./configure --prefix=/opt/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-ld-opt="-ljemalloc" \
--with-http_v2_module \
--with-pcre \
--with-zlib=/usr/local/src/zlib-1.3.1
make && make install
4、配置nginx
vim /opt/nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log logs/error.log crit;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /opt/nginx/conf/vhosts/*.conf;
}
mkdir -p /opt/nginx/conf/vhosts
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
server_name localhost;
set $root /data/www/web;
root $root;
location / {
index index.html index.htm;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
expires 7d;
access_log off;
}
}
5、编写首页
vim /data/www/web/index.html
<html>
<head><title>nginx index.html</title></head>
<body>
<h1>index.html</h1>
</body>
</html>
6、nginx 启用服务
vim /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/opt/nginx/logs/nginx.pid
ExecStartPre=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf -t
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl list-unit-files|grep enabled|grep nginx
systemctl start nginx.service
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload && firewall-cmd --list-ports
查看nginx版本
/opt/nginx/sbin/nginx -V
ps -ef|grep nginx
lsof -n | grep jemalloc
五、安装 dotnet core9
-------------------------------------------------
删除 dotnet-sdk-6.0
dnf remove dotnet-sdk-6.0
rm -rf /usr/share/dotnet
rm -rf /usr/bin/dotnet
rm -rf /etc/yum.repos.d/microsoft-prod.repo
dnf clean all
dnf upgrade
shutdown -r now
dnf install dotnet-sdk-6.0
-------------------------------------------------
1、安装 dotnet-sdk-9.0
dnf install dotnet-sdk-9.0
dotnet --info
2、网站文件 (假设有一个 asp.net core mvc项目 netcore9)
mkdir -p /data/www/netcore9
试运行。(复制编译好的代码到 /data/www/netcore9)
dotnet netcore9.dll
3、修改nginx、以支持
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
}
}
systemctl restart nginx
systemctl status nginx
4、安装 Supervisor
dnf install epel-release -y
dnf install supervisor -y
systemctl enable supervisord & systemctl status supervisord
配置Supervisor
mkdir -p /etc/supervisor/conf.d
echo_supervisord_conf > /etc/supervisor/supervisord.conf
vim /etc/supervisor/supervisord.conf
查找
;[include]
;files = relative/directory/*.ini
修改为
[include]
files=conf.d/*.conf
查找 [unix_http_server] 下账号和密码设置,设置密码 (使用 supervisorctl 强制输入密码,增强安全性)
username=supervisor_user
password=supervisor_userpwd
:wq 保存退出
5、配置 Core 项目开机自动启动
vim /etc/supervisor/conf.d/netcore9.conf
输入以下内容
[program:netcore9]
command=dotnet netcore9.dll --urls="http://[*]:5000"; 运行的命令
directory=/data/www/netcore9/ ; 命令执行目录
autorestart=true ; 自动重启
stderr_logfile=/var/log/netcore9.err.log ; 错误日志
stdout_logfile=/var/log/netcore9.out.log ; 输出日志
environment=ASPNETCORE_ENVIRONMENT=Production ; 环境变量
user=www ; 进程执行的用户身份
stopsignal=INT
:wq 保存退出
7、Supervisor 启用服务
vim /etc/systemd/system/supervisord.service
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=supervisord -c /etc/supervisor/supervisord.conf
ExecStop=supervisorctl shutdown
ExecReload=supervisorctl reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
:wq 保存退出
systemctl enable supervisord && systemctl restart supervisord && systemctl status supervisord
查看supervisor运行状态
supervisorctl status
8、安装libgdiplus组件,支持 core 图片生成
dnf install automake autoconf libtool glib2-devel cairo-devel libjpeg* libtiff*
cd /usr/local/src
wget https://github.com/mono/libgdiplus/archive/6.0.5.tar.gz
tar zvxf libgdiplus-6.0.5.tar.gz && cd libgdiplus-6.0.5
./autogen.sh && make && make install
ln -s /usr/local/lib/libgdiplus.so /usr/lib64/gdiplus.dll
9、安装字体
dnf install mkfontscale fontconfig -y
//假设把windows下font目录的相应字体上传到服务器 /usr/local/src/TrueType
mkdir -p /usr/share/fonts/chinese
cd /usr/share/fonts/chinese
cp /usr/local/src/TrueType/* ./
mkfontscale && mkfontdir && fc-cache -fv
fc-list | grep times.ttf
fc-list :lang=zh
shutdown -r now
六、安装redis
1、安装依赖包
dnf install tcl -y
2、编译安装redis
cd /usr/local/src
wget https://github.com/redis/redis/archive/refs/tags/8.2.0.tar.gz
tar xvf redis-8.2.0.tar.gz && cd /usr/src/redis-8.2.0
make && make PREFIX=/opt/redis install
3、创建用户及用户组
groupadd redis
useradd -g redis redis -s /sbin/nologin -M
mkdir -p /opt/redis/logs
cp redis.conf /opt/redis
cp redis-full.conf /opt/redis
ll /opt/redis
chown -R redis:redis /opt/redis
4、配置 redis
vim /opt/redis/redis.conf
找到相关的行,修改
#bind 127.0.0.1
protected-mode no
requirepass redispwd
pidfile /opt/redis/redis_6379.pid
logfile /opt/redis/redis_6379.log
dir /opt/redis
5、redis 启用服务
vim /usr/lib/systemd/system/redis.service
[Unit]
Description=Redis Server
After=network.target
[Service]
Type=simple
PIDFile=/opt/redis/redis_6379.pid
ExecStart=/opt/redis/bin/redis-server /opt/redis/redis.conf
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
User=redis
[Install]
WantedBy=multi-user.target
systemctl enable redis && systemctl daemon-reload && systemctl start redis
6、打开使用端口
firewall-cmd --zone=public --add-port=6379/tcp --permanent
firewall-cmd --reload && firewall-cmd --list-ports
**************************************************************************************************
指定IP可以访问
[root@centos ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
显示所有规则
[root@centos ~]# firewall-cmd --reload && firewall-cmd --list-all
移除指定IP可以访问
[root@centos ~]# firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
**************************************************************************************************
7、查看当前版本
/opt/redis/bin/redis-server -v
/opt/redis/bin/redis-cli -v
8、安装完成后,打开客户端
[root@centos ~]# /opt/redis/bin/redis-cli -h 127.0.0.1 -p 6379
输入以下命令,测试写入及读取
127.0.0.1:6379 > auth redispwd
127.0.0.1:6379 > set name abc123
127.0.0.1:6379 > get name
退出
127.0.0.1:6379 >quit
编译安装 mariadb
1、创建用户及用户组
groupadd mysql
useradd -g mysql mysql -s /sbin/nologin -M
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
2、安装依赖包
dnf install cmake pcre2* bison* ncurses*
3、编译安装
cd /usr/local/src
wget https://mirrors.aliyun.com/mariadb/mariadb-11.8.3/source/mariadb-11.8.3.tar.gz
tar zxvf mariadb-11.8.3.tar.gz && cd mariadb-11.8.3
cmake . \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_EXE_LINKER_FLAGS="-ljemalloc" \
-DCMAKE_INSTALL_PREFIX=/opt/mysql \
-DMYSQL_DATADIR=/data/mysql \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
-DMYSQL_TCP_PORT=3306 \
-DMYSQL_USER=mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DINSTALL_DOCDIR=share/doc/mariadb \
-DINSTALL_DOCREADMEDIR=share/doc/mariadb \
-DINSTALL_MANDIR=share/man \
-DINSTALL_MYSQLSHAREDIR=share/mysql \
-DINSTALL_MYSQLTESTDIR=share/mysql/test \
-DINSTALL_PLUGINDIR=lib/mysql/plugin \
-DINSTALL_SBINDIR=sbin \
-DINSTALL_SCRIPTDIR=bin \
-DINSTALL_SQLBENCHDIR=share/mysql/bench \
-DINSTALL_SUPPORTFILESDIR=share/mysql \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DWITH_EXTRA_CHARSETS=complex \
-DWITH_EMBEDDED_SERVER=ON \
-DWITH_SAFEMALLOC=OFF \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITHOUT_TOKUDB=1 \
make && make install
4、创建相关软连接
ln -s /opt/mysql/lib/lib* /usr/lib/
ln -s /opt/mysql/bin/mysql /bin
ln -s /opt/mysql/bin/mysqldump /bin
ln -s /opt/mysql/bin/mysqlbinlog /bin
find / -name mysql
mkdir /auth_pam_tool_dir
touch /auth_pam_tool_dir/auth_pam_tool
chown -R mysql:mysql /auth_pam_tool_dir
chmod -R 0770 /auth_pam_tool_dir
touch /var/log/mariadb.log
chown mysql:mysql /var/log/mariadb.log
5、配置mariadb
vim /etc/my.cnf
[client]
port = 3306
default-character-set = utf8mb4
socket = /tmp/mysql.sock
[mysqld]
port = 3306
datadir = /data/mysql
max_connections=1000
character-set-server = utf8mb4
socket = /tmp/mysql.sock
key_buffer_size = 256M
max_allowed_packet = 1M
table_open_cache = 256
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 16M
skip-external-locking
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
6、初始数据库
cd /opt/mysql/
./bin/mysql_install_db --basedir=/opt/mysql --datadir=/data/mysql --user=mysql --defaults-file=/etc/my.cnf
./bin/mysqld_safe --datadir=/data/mysql
./bin/mysql_secure_installation
7、mariadb 启用服务
vim /etc/systemd/system/mysqld.service
[Unit]
Description=MySQL Community Server
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
Alias=mysql.service
[Service]
User=mysql
Group=mysql
LimitNOFILE=65535
LimitNPROC=65535
# Execute pre and post scripts as root
PermissionsStartOnly=true
# Needed to create system tables etc.
# Start main service
ExecStart=/opt/mysql/bin/mysqld_safe
# Don't signal startup success before a ping works
# Give up if ping don't get an answer
TimeoutSec=30
Restart=always
PrivateTmp=false
8、重启用户,查看进程、打开端口
systemctl enable mysqld
systemctl restart mysqld && systemctl status mysqld
ps -ef|grep mysqld
lsof -n | grep jemalloc
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload && firewall-cmd --list-ports
9、客户端口登录(默认不验证密码)
mysql -u root -p
MariaDB [(none)]> status;
MariaDB [(none)]> show engines;
MariaDB [(none)]> show variables like '%ssl%';
10、增加授权用户(必须验证密码才能登录)
增加远程访问用户,
root是用户名,%是主机名或IP地址,这里的%代表任意主机或IP地址,也可指定唯一的IP地址
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
解决本地账号,没需密码就可以登录问题
仅保留mysql.global_priv表(旧版mysql.user )下的 mariadb.sys@localhost 和 root@% 这两个用户对应的记录,其它记录删除
MariaDB [(none)]> select user,host from mysql.global_priv;
MariaDB [(none)]> select user,host from mysql.user;
MariaDB [(none)]> DROP USER root@'localhost';
MariaDB [(none)]> DROP USER mysql@'localhost';
MariaDB [(none)]> select user,host from mysql.proxies_priv;
MariaDB [(none)]> exit;
授权指定用户访问指定数据库
CREATE user 'testuser'@'%' identified by 'oege@@1234';
GRANT all on test_db.* to 'testuser'@'%';
GRANT SET_USER_ID ON *.* TO 'testuser'@'%';
FLUSH PRIVILEGES;
需要重启
11、清除日志
cat /dev/null > ~/.mysql_history
浙公网安备 33010602011771号