Part 5. How to install MariaDB on Debian 11?

Introduction

This page is part of a full tutorial on how to install a web werver on a virtual machine. This fifth part of the tutorial explains how to install MariaDB on our server. MariaDB is an open-source relational database management system. As MariaDB is a fork of MySQL, it is commonly used as an alternative to MySQL. It is thus MariaDB that we will install on our server rather than MySQL. But from the end user's point of view, it won't change anything since both systems are compatible.

The following assume a virtual machine has been created and Debian 11 is already installed with Apache and PHP. If not, please go to the home page and follow the guide.

Before installing MariaDB, update your system:

sudo apt update && sudo apt -y upgrade

Install MariaDB

Debian 11’s default software repositories include MariaDB. Let's install the MariaDB package:

sudo apt install mariadb-server

Check MariaDB is properly installed with the following command:

systemctl status mariadb

The MariaDB deamon should be active:

student@debianwebserver:~$ systemctl status mariadb
● mariadb.service - MariaDB 10.5.15 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-12-10 07:46:44 CET; 4min 32s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 1838 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=>
    Process: 1839 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status>
    Process: 1841 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`cd /usr/bin/..; /u>
    Process: 1901 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, statu>
    Process: 1903 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
   Main PID: 1888 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 9 (limit: 4563)
     Memory: 77.3M
        CPU: 413ms
     CGroup: /system.slice/mariadb.service
             └─1888 /usr/sbin/mariadbd

Press q to quit the systemctl command.

Securing MariaDB

The default installation leaves your MariaDB installation insecure. After installing MariaDB you have to run the security script. This script will ask you to define some security information.

sudo mysql_secure_installation

When running this command, after a short introduction message, you'll be asked for the root password. Since this is a fresh installation of MariaDB, no root password is define, just press Enter.

student@debianwebserver:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

In the next prompt, you'll be asked if you want to switch to the unix-socket authentication. By answering Yes, the MariaDB account will be connected to the system root user, in another words, the Debian root user. The unix_socket authentication plugin is not suited to multiple Unix users accessing a single MariaDB user account. To keep the web server generic, answer no (n).

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

The next prompt ask you whether you’d like to change the root password. Later, we'll disallow remote root access on MariaDB client. So, we don't need to change the root password (currently empty). Only the Debian root user can log into MariaDB as root. Answer no n:

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

To secure the installation, remove anonymous users. Answer yes (y) to the next question:

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Disallow remote root access for securty reasons. Answer yes (y) to the next question:

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

Remove the test database since anyone can access. Answer yes (y) to the next question:

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reload the table privilege for the changes to be effective immediately. Answer yes (y) to the next question:

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

It was the last step, your installation is secured:

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

First login

Now that the installation is secure, it is possible to connect to the database:

sudo mariadb

Since MariaDB is compatible with MySQL, you can also login with :

sudo mysql

Both commands have the same effect:

student@debianwebserver:~$ sudo mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 37
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

student@debianwebserver:~$ sudo mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

You are now logged in MariaDB as root. Let's create a new user.

Create new user

MySQL is currently installed with a root user. It is not safe to work with this user. Let's create a new MySQL user. In the MariaDB command line interface, create a new user with the command below

Don't forget to change the username and password before running the following command:

MariaDB [(none)]> CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

Then, grant your new user the appropriate privileges (if needed):

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;

Exit MariaDB command line:

MariaDB [(none)]> exit

Check the new user is created by log-in in MariaDB with the user you just created:

-u specify the username
-p specify we are using a password

maridb -u username -p

After entering the password, you should be loged in the MariaDB command line interface:

student@debianwebserver:~$ mariadb -u username -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 40
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>