mysql 远程访问配置
通常状况,my.cnf放置于在以下目录:
/etc/mysql/my.cnf (Debian linux)
/etc/my.cnf (Red Hat Linux/Fedora Linux)
/var/db/mysql/my.cnf (FreeBSD)
然后用vi编辑my.cnf,修改内容从以下行:
[mysqld]
你所需要:
1. 确保skip-networking被删除或者屏蔽,否则不支持TCP/IP 访问
2. 增加行bind-address = 65.55.55.2,替代65.55.55.2 为你的服务器地址
修改后,配置为:
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/English
bind-address = 65.55.55.2
# skip-networking
....
..
保存并关闭配置文件
重启mysql服务器:# /etc/init.d/mysql restart
GRANT ALL PRIVILEGES ON *.* TO myuser@'%' IDENTIFIED BY'mypassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;
如果你想允许用户myuser从ip为192.168.1.6的主机连接到mysql服务器,并使用mypassword作为密码
GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'192.168.1.3' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;
如果只想允许操作某一个数据库而不是全部数据库,就把*.*换成 数据库名.*:
GRANT ALL PRIVILEGES ON user.* TO 'myuser'@'192.168.1.3' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
#################################
开启Mysql数据库的远程连接权限:
grant all privileges on *.* to 'root' @'%' identified by'wrx123';
如果只是授权到%,那还不包括本地访问,必须再打一句
flush privileges;
mysql 新设置用户或更改密码后需用flush privileges刷新MySQL的系统权限相关表,否则会出现拒绝访问,还有一种方法,就是重新启动mysql服务器,来使新设置生效。
use mysql;
update user set host = '%' where user = '用户名';(如果写成host=localhost那此用户就不具有远程访问权限)
FLUSH PRIVILEGES;
第三步: 配置防火墙
如果系统装有防火墙iptables,得设置下
修改防火墙配置文件:
vi /etc/sysconfig/iptables
增加下面一行:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport3306 -j ACCEPT
如果想开通21等端口,只需要将3306换成21等要开放的端口就可以了。
附:iptables
==============================================
# Firewall configuration written bysystem-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -jACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -jACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22-j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80-j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 21-j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-withicmp-host-prohibited
COMMIT
================================================
配置后,重新启动 iptable
service iptables restart
这时就可以从外网访问Mysql了。
第四步 测试
From remote system type command:
$ mysql -u webadmin –h 65.55.55.2 –p
第五 删除远程访问权限
如果不再需要远程访问了,想要删除远程访问权限,就把grant换成revoke命令,把命令中的to换成from,如下
授权的命令是
GRANT ALL PRIVILEGES ON *.* TO myuser@'%' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
那么去权的命令就是
REVOKE ALL PRIVILEGES ON *.* FROM myuser@'%';