■■ mod_vhost_mysql2 — Maintains virtual host configurations in a MySQL database (2.x) ■■ mod_vhs — Stores virtual host configuration data in a MySQL database (2.x) NOTE Chapters 23 and 24 discuss Apache and using Apache modules in detail. PHP, an extremely popular Web scripting language, has at least two different APIs for using MySQL in PHP-based applications. Python, a popular and easy- to-use object-oriented programming language, has a module that incorporates MySQL into Python-based programs in a standard, uniform fashion. Other pro- gramming languages also incorporate MySQL via modules, loadable libraries, or APIs. Even the zsh shell includes a set of predefined shell functions for using MySQL command line client programs (mysql, mysqlshow, mysqldump, mysqldiff, and mysqladmin). If you’re convinced that MySQL is the database you want to use, it will help to make sure it is installed. Use the rpmquery command to see if the packages mysql-server, mysql, and mysql-devel are installed. You can use the fol- lowing commands to see if these packages are installed: # rpmquery mysql-server mysql-server-3.23.58-14 # rpmquery mysql mysql-3.23.58-14 # rpmquery mysql-devel mysql-devel-3.23.58-14 The versions installed on your system might be different by the time you read this. If these packages aren’t installed (you’ll need at least mysql-server and mysql), install them. mysql-server contains the MySQL server, sample configuration files, the system initialization scripts, a logrotate script for the server’s log files, and a two directories the server uses at runtime. The mysql package contains the client programs, a shared library the client utilities need to interact with the server, and manual pages and language files for the client pro- grams. The mysql-devel package installs the header files and libraries neces- sary to write MySQL programs in C, C++, and Objective-C. NOTE Chapter 30 explains how to install RPM-based software packages. Other MySQL-related packages that might be installed or that you might want to install include: ■■ mod_auth_mysql — Provides an Apache module that uses MySQL to control access to Web pages 354 Chapter 15 21_599496 ch15.qxd 8/30/05 6:39 PM Page 354 ■■ libdbi-dbd-mysql — Installs a device-independent database driver for use by programs using ldbdbi ■■ php-mysql — Contains a PHP module that enables PHP to connect to and manipulate MySQL databases ■■ mysql-bench — Includes a suite of benchmark tests and test data to use for benchmarking MySQL’s performance on your system Securing the MySQL Installation Part of the MySQL installation process installs a script to create a database (named mysql) of administrative tables that handle access control and data- base privileges, a test database (imaginatively named test), an administra- tive user for the database (named root), and an anonymous user (named anonymous). This script is executed the first time you start the mysqld data- base daemon. Neither the root account nor the anonymous account is pass- word-protected, so the first thing you want to do is create a password for the root account. In our opinion, naming the administrative user root was a poor choice because it is quite confusing in that the superuser on your system is also named root. This user has superuser privileges on the database, so root is a natural but unfortunate choice. Just so there’s no confusion, MySQL’s root user is not the same as the system’s root user. Before attempting to change any passwords, verify that the database is run- ning. One way to do so is to become the (system) root user and use the service utility: # service mysqld status mysqld (pid 24900) is running If mysqld, the MySQL server daemon, isn’t running, you can start it using the usual command: # service mysql start Starting MySQL: [ OK ] Another way to do test the server, one that doesn’t require root access, is to use the mysqladmin and/or mysqlshow commands to see whether the server is running and responding to connections. For example, the following mysqladmin command shows the server version: $ mysqladmin version mysqladmin Ver 8.23 Distrib 3.23.58, for redhat-linux-gnu on i386 Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL license Configuring a Database Server 355 21_599496 ch15.qxd 8/30/05 6:40 PM Page 355 Server version 3.23.58 Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 2 min 55 sec Threads: 1 Questions: 2 Slow queries: 0 Opens: 6 Flush tables: 1 Open tabl es: 0 Queries per second avg: 0.011 The output might differ slightly, depending on the version of MySQL installed. The mysqlshow command can be used to get information about the server, such as what databases it is serving and the tables that exist in those databases. For example, a bare mysqlshow command displays the available databases: $ mysqlshow + + | Databases | + + | mysql | | test | + + You’ll learn more about the MySQL client programs in the next section. After you’ve established that MySQL is running, set the passwords for the MySQL root account using the mysqladmin commands shown in the follow- ing listing (you must be root to execute these commands): # mysqladmin -u root password “sekritword” # mysqladmin -u root -h hostname “sekritword” The first command sets the password for MySQL’s root user when it is con- necting from localhost, to sekritword. The second command changes the password for the MySQL when root is connecting from the hostname specified by hostname. What’s the difference? MySQL distinguishes connections by the username and by the host from which users are connecting. By default, MySQL assumes that a user is connecting from localhost (that is, the IP address 127.0.0.1), so username@localhost needs a password. However, in most cases, the localhost also has a fully qualified domain name (that is, a hostname), such as datagrunt.example.com, and MySQL considers such a connection distinct. Accordingly, username@hostname (say, username@datagrunt .example.com) also needs a password. Use the following command to see the results of your commands: $ mysql -e “select host, user, password from mysql.user” -u root -p Enter password: 356 Chapter 15 21_599496 ch15.qxd 8/30/05 6:40 PM Page 356 + + + + | host | user | password | + + + + | localhost | root | 5d2e19393cc5ef67 | | datagrunt.example.com | root | 5d2e19393cc5ef67 | | localhost | | | | datagrunt.example.com | | | + + + + You can see that the password for the root use has been set. You can also see that the password you entered has been encrypted. The -u root argument to the mysql command specifies the username; -p tells mysql to show a pass- word prompt. You should enter the password you used when you set the pass- word as shown earlier. Notice that a similar set of accounts exists for a user with no name; this is the anonymous user mentioned previously. You need to decide at this point if you want to permit anonymous access to the server. If you do, you can leave the accounts without a password or you can set a password. Alternatively, you can delete the anonymous accounts entirely. Whether you leave the accounts intact is a matter of local security policy. We leave them in place and don’t set pass- words on them for testing applications during development and delete them on production systems. The anonymous user has limited privileges (essen- tially, read-only), but it isn’t a good idea to have unsecured accounts on a pro- duction system. If you choose to set a password for the anonymous accounts, use the com- mands shown in the following example: # mysql -u root -p Enter password: mysql> set password for ‘’@localhost = password(‘magicword’); Query OK, 0 rows affected (0.00 sec) mysql> set password for ‘’@hostname = password(‘magicword’); Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye The semicolons (;) terminating each command are required. The first com- mand starts the MySQL shell, a command interpreter for the MySQL database server, using MySQL’s root account. The rest of the commands are executed from the MySQL shell, which uses the mysql> prompt. In your commands, replace magicword with the password you’ve chosen and hostname with Configuring a Database Server 357 21_599496 ch15.qxd 8/30/05 6:40 PM Page 357 the fully qualified domain name of your system. The flush privileges instruction causes MySQL to reread the access tables and makes the new pass- word for the anonymous account take effect. Notice that the anonymous user- name is specified using a pair of single quotes. This is necessary because the anonymous account doesn’t, strictly speaking, have a username. The last com- mand, quit, terminates the MySQL shell session and returns you to the com- mand prompt. TIP If you make a real mess of the instructions in this section or just want to start over, you can restore your MySQL installation to its original state by using the following procedure: 1. Stop MySQL: # service mysqld stop 2. Delete the MySQL data directories and files in /var/lib/mysql: # cd /var/lib/mysql # rm -rf mysql test 3. Restart MySQL: # service mysqld start This procedure works because the mysqld initialization script creates the initial databases if the directory /var/lib/mysql/mysql doesn’t exist. If you prefer to delete the anonymous accounts entirely, use the following commands: $ mysql -u root -p Enter password: mysql> delete from mysql.user where user = ‘’; Query OK, 2 rows affected (0.02 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec); mysql> quit Bye With the root account properly secured and having made a decision about how to handle the anonymous accounts, you are ready to learn a bit more about the MySQL client programs. 358 Chapter 15 21_599496 ch15.qxd 8/30/05 6:40 PM Page 358 Using the MySQL Client Programs What precisely is a MySQL client program? MySQL is a standard client-server program. The MySQL server daemon, mysqld, is the actual database server. It listens for incoming connections and retrieves, manipulates, and returns data. It has no interface other than that provided by a client API. Programs that are written to MySQL’s client API provide the user interface to the MySQL server. It is the client programs that enable you to submit queries to the database, to add and delete users, and so on. The client programs also make it easier to per- form certain tasks. For example, in theory, a SQL database can be manipulated entirely using SQL statements. However, to simplify certain activities, it is often more convenient to use programs that hide SQL functionality behind a simpler interface. MySQL’s client programs provide this simpler interface. You’ve already seen three of the MySQL client programs in action, mysqladmin, mysqlshow, and mysql. mysqladmin is a utility that enables you to perform administrative activities, such as: ■■ Creating, modifying, and deleting (dropping, in SQL parlance) databases ■■ Starting and stopping the MySQL server ■■ Confirming the database is up ■■ Finding out which server threads are running ■■ Killing specific MySQL server threads ■■ Retrieving status information from a running server ■■ Flushing (syncing) data to disk ■■ Changing passwords mysqladmin’s basic syntax is: mysqladmin -u username -p[password] command Replace username with the database username, such as root, that you want to use. The account specified in username must have the privileges required to perform the requested operation. If you specify just -p, MySQL will prompt you for username’s password. You can add the password after -p, but doing so isn’t a good idea because it will appear on screen. command specifies the operation you want to perform. For example, to create a database named techbooks, the command would be: mysqladmin -u username -p create techbooks To delete (drop) this database, use the following command: mysqladmin -u username -p drop techbooks Configuring a Database Server 359 21_599496 ch15.qxd 8/30/05 6:40 PM Page 359 To change the password for the root user, you would use the following command: mysqladmin -u username -p password ‘new_password’ Replace new_password with the password you want to assign to username and make sure to enclose the new password in single quotes (‘). In this case the command passed to mysqladmin is password ‘new_password’; the -p option is not being given an argument of password. To stop a running server, use the shutdown command, as shown in the fol- lowing example: mysqladmin -u username -p shutdown For more details about using the mysqladmin command, see the mysqladmin main page or refer to the MySQL documentation. mysqlshow is a utility that displays the structure of a MySQL database, the tables in that database, and the columns (or fields) that make up that database. It uses an option syntax similar mysqladmin, but takes different (and fewer) arguments: mysqlshow -u username -p [database [table [column]]] As before, replace username with the user account you want to use. If database is not specified, mysqlshow displays all of the available databases. If database is specified, mysqlshow lists the tables that exist in database. If table is also specified (it must exist in the indicated database), mysqlshow displays that table’s columns (fields). If column is also specified (the column must exist in the specified table, which must likewise exist in the requested database), mysqlshow displays that column’s characteristics. For example, the following command display the tables in the mysql database: $ mysqlshow -u root -p mysql Database: mysql + + | Tables | + + | columns_priv | | db | | func | | host | | tables_priv | | user | + + 360 Chapter 15 21_599496 ch15.qxd 8/30/05 6:40 PM Page 360 mysql, as already explained, is a MySQL shell or command interpreter. The commands it interprets are SQL statements. mysql gives you the most direct access to the MySQL’s database engine, but also requires that you speak fluent SQL. You enter SQL statements at a command prompt, the interpreter passes them to the database engine, and the database engine sends the results of those SQL statements back the interpreter, which displays the results on the screen. There are many other MySQL clients. Table 15-1 lists the ones you are most likely to use; there are others, but they are special-purpose programs that (we hope) you never need to use. We don’t have the space to go into all of MySQL’s capabilities, much less provide proper guidance on using all its commands and utilities. The initial setup instructions and the short introduction to some of the MySQL client commands should, nevertheless, get you started. Fortunately, one of MySQL’s strongest selling points is that it is ready to run with minimal setup after instal- lation and that it requires very little ongoing maintenance. MySQL’s simplicity makes it an ideal choice for busy system administrators who have enough to do keeping their mail servers from getting clogged up with spam and viruses without having to learn how to maintain a complicated RDBMS. As remarked at the beginning of this section, MySQL is an extremely popular database with Web programmers, precisely because it is easy to use and requires little in the way of ongoing care and feeding. If, after some period of time, you outgrow MySQL, it might be time to consider PostgreSQL, discussed in the next section. Table 15-1 MySQL Client Programs PROGRAM DESCRIPTION mysql Provides an interactive command interpreter for the MySQL server mysqlaccess Adds new users to MySQL mysqladmin Performs MySQL administrative functions mysqlbinlog Displays a MySQL binary log file in a format readable by humans mysqlbug Creates and files bug reports for MySQL mysqlcheck Tests, repairs, analyzes, and optimizes MySQL databases mysqldump Backs up or restores data from or to a MySQL database mysqldumpslow Displays and summaries MySQL’s query log, producing information you can use to optimize slow queries mysqlimport Imports data into MySQL tables from text files of various formats mysqlshow Displays the structure of MySQL databases, tables, and columns mysqltest Runs a database test and compares the results to previous runs Configuring a Database Server 361 21_599496 ch15.qxd 8/30/05 6:40 PM Page 361 Using PostgreSQL PostgreSQL is the second most popular free RDBMS. It provides some features not available in MySQL, so if you find you need features or functionality that MySQL lacks, PostgreSQL might be the solution you need. As with MySQL, PostgreSQL is popular with Linux users because it is free; fast; feature-rich; easy to set up, use, and maintain; and provides fuller support for the ANSI SQL99 and SQL 2003 standards than MySQL does. Like MySQL, PostgreSQL is also widely supported by and integrated into a variety of third-party appli- cations. There are numerous Apache modules that make it possible to use PostgreSQL in Apache-based Web servers, and PHP’s support for PostgreSQL is surpassed only by PHP’s support for MySQL. Among scripting languages, Perl and Python have wide support for PostgreSQL, and PostgreSQL’s client API makes it possible and reasonably easy to include PostgreSQL support in C and C++ applications. Out of the box, PostgreSQL is ready to use. You’ll need to make sure that it is installed of course, and there are some postinstallation tasks you need to perform to secure the database and to make sure the database is functioning and answering requests. This section will also show you, briefly, how to use some of the PostgreSQL client commands. Why would you want to use PostgreSQL instead of MySQL? The easiest answer is that you should use PostgreSQL if it has a feature or functionality that MySQL doesn’t. If you are looking for standards compliance, PostgreSQL is more compliant with SQL standards than MySQL is and supports certain types of SQL queries that MySQL doesn’t. Traditionally, the biggest knock against MySQL was that it was just a glorified data file (an ISAM or index sequential access method file, to be precise) that supported SQL-driven data access. PostgreSQL, on the other hand, while providing persistent data storage using the file system, used to have a different in-memory layout to support SQL-driven data access. This distinction is no longer true because MySQL now provides multiple methods of persistent data storage and is no longer an ISAM-based one-trick pony. PostgreSQL is more marketing-buzzword-compliant, too, in that it supports spatial data types and is object-relational. The spatial data types make it possi- ble to create GIS applications using PostgreSQL. Object-relational means that PostgreSQL can use standard SQL access methods and relational data struc- tures to access and manipulate object-oriented data. To provide some guid- ance, we have prepared a sidebar, “MySQL or PostgreSQL,” that provides a side-by-side comparison of the two packages. To return to the original question, which one should you use? We can’t tell you. As a system administrator, these concerns are ordinarily peripheral to your primary job function. You maintain the system on which the database 362 Chapter 15 21_599496 ch15.qxd 8/30/05 6:40 PM Page 362 runs and possibly install/upgrade the software and perform the initial config- uration. It is up to information architects and database administrators (DBAs) to make decisions about which database to use and the relative merits of one database or another. Of course, not every site running Linux has the luxury of this kind of separation of duties. The system administrator of smaller sites is often also the DBA (and the network administrator, mail administrator, Web- master, telephone technician, and brewer of the morning coffee), so it pays to be familiar with the broad outlines of database features. Table 15-2 Database Feature Comparison FEATURE MYSQL POSTGRESQL ACID compliance Yes Yes Aggregate functions Yes Yes ANSI SQL compliance Incomplete Yes API for custom applications Yes Yes Complex queries (UNION, UNION ALL, EXCEPT) Yes Yes Cross-database compatibility features Yes Yes (continued) Configuring a Database Server 363 MYSQL OR POSTGRESQL? If you want to start an argument among in a group of people familiar with free RDBMSes, ask them which is better, PostgreSQL or MySQL. It is not this chapter’s intent to start an argument, so it avoids saying which is better. There are significant differences between MySQL and PostgreSQL, though, and knowing what these differences are might help you decide which one to use. Table 15-2 lists features generally expected to exist in a RDBMS and shows whether MySQL and PostgreSQL as shipped in Fedora Core and RHEL support them. As you can see in the table, PostgreSQL supports a larger set of features common in the commercial RDBMS world than MySQL. However, bigger isn’t necessarily better because the richer feature set might be overkill for your needs. In addition, the versions of PostgreSQL and MySQL that ship in Fedora Core and Red Hat Enterprise Linux lag somewhat behind the current stable versions of those products. At the time this book went to press, the versions of PostgreSQL and MySQL shipping with Fedora Core and RHEL were 7.4.7 and 3.23.58, respectively, while the latest and greatest released versions were 8.0 and 4.1.9 (MySQL 5.0 had just entered an alpha release state). For a fuller comparison of the features set of particular version PostgreSQL and MySQL, see the comparison table maintained by MySQL at http://dev.mysql.com/tech-resources/features.html. 21_599496 ch15.qxd 8/30/05 6:40 PM Page 363 [...]... this, a secure (encrypted) tunnel is created between the main network and the remote nodes, and IP traffic is routed through that tunnel VNC, on the other hand, while it can be used across a VPN and uses the Internet to transport packets back and forth, is usually used to provide access to a single system and to allow a remote user full control over that system More succinctly, VPN makes a remote system. .. technology The VNC software is licensed under the GPL, so RealVNC’s business model depends on providing support, service, and valueadded software Setting Up a VNC Server In this context, a VNC server is the machine you want to access remotely So, if you’re at home and want to connect to the Linux system on your desk at work, the system at work is the server; the system at home is the VNC client Figure 16-1... pg_dump, but it has a number of options specific to its behavior that you’ll want to know about pg_dump is usually used to archive and retrieve data, such as for backup and upgrade purposes, so the options discussed focus on that purpose A typical archive/restore operation consists of dumping the database, dropping it, recreating it, and reloading it with the dumped data Using the -C option, pg_dump... software isn’t usually sufficient, either As an administrator, you usually need to be able to make sure that the database is accessible (or not as the case might be ), that the initial accounts are secure, and that the server is working This chapter showed you how to configure MySQL and PostgreSQL to a basic level of functionality As you learned, installing them is easy, but the postinstallation configuration... open and nonproprietary protocol, whereas the other products (from Symantec, Citrix, Insignia Solutions, and Microsoft) are closed protocols that are closely tied to the Windows GUI What VNC is not is a VPN, or virtual private network Speaking broadly, a VPN is a network configuration in which a main internal network has remote nodes (such as telecommuting employees) that use a VPN running over (perhaps... another required package, provides the header files and shared libraries required to create C and C++ programs that interact with PostgreSQL databases It also includes a C preprocessor to use against C and C++ programs that use the PostgreSQL API If these four packages aren’t installed, install them as described in Chapter 30 Other PostgreSQL packages that might also be installed or that you might... at this point, rule evaluation stops Otherwise, the next rule is evaluated, which rejects all other incoming TCP/IP 371 372 Chapter 15 connections, even if they use SSL In practice, you will likely find that it is easiest to permit access to specific users and databases based on IP address or, in the case of local connections, login account names To make the access rule changes take affect, you need... of starting Xvnc, the X Window System VNC server Speaking more precisely, Xvnc creates a VNC desktop on the server system to which VNC clients can connect There is a configuration step that must be performed by the root user, but starting the server does not require any special privileges The first time you start vncserver, you have to set the password that connecting clients must issue, as shown in... list, other RPMs provide PostgreSQL-related functionality that you likely won’t need To keep this section simple, we will only refer to programs and utilities provided by the four required packages Finalizing the PostgreSQL Installation On a fresh PostgreSQL installation, no data structures have been created Rather, the software has been installed, the postgres user and group have been created, and... what the screen looks like, what applications are running, and even to coherently describe the problem they’re having You also know how hard it is to make sure that the person you’re helping types the commands you want typed or executes the problem resolution procedure properly Using VNC, you have immediate access to the user’s system and can remotely diagnose and troubleshoot the problem at hand, . programs in action, mysqladmin, mysqlshow, and mysql. mysqladmin is a utility that enables you to perform administrative activities, such as: ■■ Creating, modifying, and deleting (dropping, in SQL parlance). connecting. By default, MySQL assumes that a user is connecting from localhost (that is, the IP address 127.0.0.1 ), so username@localhost needs a password. However, in most cases, the localhost also. utility that displays the structure of a MySQL database, the tables in that database, and the columns (or fields) that make up that database. It uses an option syntax similar mysqladmin, but takes