Installing MySQL Server on Red Hat Enterprise Linux

This article covers a basic installation of a MySQL server on Red Hat Enterprise Linux. You might need to install other packages, such as PHP extensions to let apps use MySQL, like extensions for PHP. Check your application documentation for details.

Note: Red Hat Enterprise Linux 7 has replaced MySQL with MariaDB. To reflect this, instructions for MariaDB procedures are included in this article.



Installing the database application

The easiest way to install the database core server is through the Red Hat package manager. Follow the steps below to install the database core server.


sudo yum install mysql-server
sudo /sbin/service mysqld start

We'll talk about how to manually change the root password and remove an anonymous user later, but to do it the easy way run this command now:

sudo /usr/bin/mysql_secure_installation

Hit "enter" to give no password for root when that program asks for it. To apply some reasonable security to your new MySQL server say "yes" to all the questions the program asks. In order, those will let you set the root password, remove anonymous users, disable remote root logins, delete the test database the installer included, and then reload the privileges so your changes will take effect.

MariaDB installation

sudo yum install mariadb-server mariadb


If you have iptables enabled and want to connect to MySQL from another machine you'll need to open a port in your server's firewall (the default port is 3306). You don't need to do this if the application using MySQL is running on the same machine.

If you do need to open a port (again, only if you're accessing MySQL from a different machine from the one you're installing on), you can use the following rules in iptables to open port 3306:

-I INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT

Starting and stopping the database service

When you've completed the installation, you can start the service by using the commands shown below. If the system is already started, you will see a message telling you that the service is already running.

Starting and stopping MySQL

Use the following command to start MySQL:

sudo /sbin/service mysqld start

If the system has already started, you will see a message telling you that the service is already running.

use the following command to stop MySQL:

sudo /sbin/service msqld stop

Starting and stopping MariaDB

Use the following command to start MariaDB:

sudo systemctl start mariadb.service

Use the following command to stop MariaDB:

sudo systemctl stop mariadb.service

Launching at reboot

To ensure that the database server launches after a reboot, you must enable the chkconfig utility. Use the following commands to do this.

Enable chkconfig on MySQL

sudo chkconfig mysqld on

Enable chkconfig on MariaDB

sudo systemctl enable mariadb.service

The MySQL shell

There is more than one way to manage a MySQL server, so we'll focus on the most basic and compatible approach: The mysql shell.

At the command prompt, run:

/usr/bin/mysql -u root -p

That will attempt to launch the mysql client and enter the shell as user "root". When you're prompted for a password enter the one you set at install time or, if you haven't set one, just hit enter to submit no password.

You should be greeted by the mysql shell prompt:


Setting the root password

If you got in by entering a blank password, or want to change the root password you've set, you can do it by entering the following command in the mysql shell. Replace the "password" in quotes with your desired password:

UPDATE mysql.user SET Password = PASSWORD('password') WHERE User = 'root';

It's kind of a mouthful. The reason for this is that MySQL keeps user data in its own database, so to change the password we have to run an SQL command to update the database.

Next we'll reload the stored user information to make our change go into effect:


Note that we're using all-caps for SQL commands. If you type those commands in lowercase they'll work too. By convention the commands are written in all-caps to make them stand out from field names and other data that's being manipulated.

Looking at users

As mentioned in the previous section, MySQL stores the user information in its own database. The name of the database is "mysql". Inside that database the user information is in a "table", a dataset, named "User".

If you want to see what users are set up in MySQL you need to run a query against the "user" table in the "mysql" database. Let's do that now:

SELECT User, Host, Password FROM mysql.user;

Breaking that down...

The "SELECT" command tells MySQL you're asking for data.

The "User, Host, Password" part tells MySQL what fields you want it to look in. Fields are categories for the data in a table. In this case we're looking for the username, the host associated with the username, and the encrypted password entry.

Finally, the "FROM mysql.user" part of the command tells MySQL to get the data from the "mysql" database and the "user" table.

And then the command ends with a semicolon

About that semicolon

All SQL queries end with a semicolon. MySQL will wait for you to keep entering additions to a query until it sees a semicolon.

That means that you can break lines up into smaller parts to make them easier to read. For example, the above command also works if you enter it in multiple lines in the mysql shell, as in:

mysql> SELECT User, Host, Password
    -> FROM mysql.user;

When you hit "enter" after the "Password" part you'll get a new line so you can keep typing. The "->" indicates that the shell thinks you're still in the middle of a statement. You can type a semicolon by itself to end the command if you simply forgot it on the first line.

User hosts

Okay, with that important aside about the semicolon done, let's look at the output of that query:

SELECT User, Host, Password FROM mysql.user;
| User             | Host      | Password                                  |
| root             | localhost | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | demohost  | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
|                  | %         |                                           |

As you can see, users are associated with a host - specifically, the host they connect to. The "root" user in this case is defined for localhost, for the IP address of localhost, and the hostname of the server ("demohost" in this example). You'll usually only need to set a user for one host, the one you typically connect from.

If you're running your application on the same machine as the MySQL server the host it connects to by default will be "localhost". That means any new users you create will need to have "localhost" in its "host" field.

If your application connects remotely the "host" entry MySQL will look for is the IP address or DNS hostname of the remote machine (the one the client is coming from).

A special value for the host is "%", as you'll see for the blank user (more on that shortly). That's a wildcard that applies to any host value. You usually won't want to use that because it's more secure to limit access specifically to trusted hosts.

Anonymous users

In the example output above you'll notice there's one entry that has a host value but no username or password. That's an "anonymous user". When a client connects with no username specified it's trying to connect as an anonymous user.

You usually don't want one of those in there, but some MySQL installations include one by default. If you see one of those you should either delete the user (refer to the username with empty quotes, like '') or set a password for it (we cover both tasks later in this series).

Create a database

That covers some basic concepts surrounding users, so now let's look at creating a database.

It's worth noting at this point that there is a difference between a "database server" and an actual "database", even though you'll often see those terms used interchangeably. MySQL itself is a database server, meaning that it keeps track of databases and controls access to them. An actual database is where all the data goes. That's what applications are trying to get at when they talk to MySQL.

Some applications will create a database as part of their setup process, while others require you to create a database yourself and tell the application about it later. Fortunately it's an easy process.

To create a database, log into the mysql shell and run:


That's all there is to it. Replace "demodb" with the name of the database you want to create, of course. You can make sure it's there by running a query to list all databases:

| Database           |
| information_schema |
| demodb             |
| mysql              |
3 rows in set (0.00 sec)

Adding database users and permissions

It's not a good idea to have applications connecting to the database using the root user. That gives them more privileges than they need. We'll create a user named "demouser" that applications can use to connect to the new database.

To make the user run the following in the mysql shell:

INSERT INTO mysql.user (User,Host,Password) VALUES('demouser','localhost',PASSWORD('demopassword'));

When you make changes to the user table in the mysql database you need to tell MySQL to read the changes by flushing the privileges. To wit:


You can make sure the user is there by running that "select" query again:

SELECT User, Host, Password FROM mysql.user;
| User             | Host      | Password                                  |
| root             | localhost | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | demohost  | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| demouser         | localhost | *0756A562377EDF6ED3AC45A00B356AAE6D3C6BB6 |

Grant database user permissions

Right now our new user has no privileges. It can be used to log on, but it can't be used to make any database changes. Let's give it full permissions for our new database by running:

GRANT ALL PRIVILEGES ON demodb.* to demouser@localhost;

And follow it up with the usual:


To check those privileges were set, we'll run:

SHOW GRANTS FOR 'demouser'@'localhost';
| Grants for demouser@localhost                                                                                   |
| GRANT USAGE ON *.* TO 'demouser'@'localhost' IDENTIFIED BY PASSWORD '*0756A562377EDF6ED3AC45A00B356AAE6D3C6BB6' |
| GRANT ALL PRIVILEGES ON `demodb`.* TO 'demouser'@'localhost'                                                    |
2 rows in set (0.00 sec)

What you get back are the commands needed to reproduce that user's permissions if you were to rebuild the server. The "USAGE on *.*" part basically means they get no privileges on anything by default. Then that gets overridden by the second command, which is the grant you ran for the new database.


And that's all you need if you're just creating a database and a user. We were a bit long on concepts there but that should give you a solid grounding from which to learn more. Good work.

In the next article we'll do some basic security and stability checks by looking at the MySQL server's configuration files and a few key tools.

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER