NAME

       mysql_secure_installation - improve MySQL installation security

SYNOPSIS

       mysql_secure_installation

DESCRIPTION

       This program enables you to improve the security of your MySQL installation in the following ways:

       •   You can set a password for root accounts.

       •   You can remove root accounts that are accessible from outside the local host.

       •   You can remove anonymous-user accounts.

       •   You can remove the test database (which by default can be accessed by all users, even anonymous
           users), and privileges that permit anyone to access databases with names that start with test_.

       mysql_secure_installation helps you implement security recommendations similar to those described at
       Section 2.10.4, “Securing the Initial MySQL Accounts”.

       As of MySQL 5.7.2, mysql_secure_installation is an executable binary available on all platforms. Before
       5.7.2, it was a script available for Unix and Unix-like systems.

       Normal usage is to connect to the local MySQL server; invoke mysql_secure_installation without arguments:

           shell> mysql_secure_installation

       When executed, mysql_secure_installation prompts you to determine which actions to perform.

       As of MySQL 5.7.2, mysql_secure_installation supports these additional features:

       •   The validate_password plugin can be used for password strength checking. If the plugin is not
           installed, mysql_secure_installation prompts the user whether to install it. Any passwords entered
           later are checked using the plugin if it is enabled.

       •   Most of the usual MySQL client options such as --host and --port can be used on the command line and
           in option files. For example, to connect to the local server over IPv6 using port 3307, use this
           command:

               shell> mysql_secure_installation --host=::1 --port=3307

       mysql_secure_installation supports the following options, which can be specified on the command line or
       in the [mysql_secure_installation] and [client] groups of an option file. For information about option
       files used by MySQL programs, see Section 4.2.6, “Using Option Files”.

       •   --help, -?

           Display a help message and exit.

       •   --defaults-extra-file=file_name

           Read this option file after the global option file but (on Unix) before the user option file. If the
           file does not exist or is otherwise inaccessible, an error occurs.  file_name is interpreted relative
           to the current directory if given as a relative path name rather than a full path name.

       •   --defaults-file=file_name

           Use only the given option file. If the file does not exist or is otherwise inaccessible, an error
           occurs.  file_name is interpreted relative to the current directory if given as a relative path name
           rather than a full path name.

       •   --defaults-group-suffix=str

           Read not only the usual option groups, but also groups with the usual names and a suffix of str. For
           example, mysql_secure_installation normally reads the [client] and [mysql_secure_installation]
           groups. If the --defaults-group-suffix=_other option is given, mysql_secure_installation also reads
           the [client_other] and [mysql_secure_installation_other] groups.

       •   --host=host_name, -h host_name

           Connect to the MySQL server on the given host.

       •   --no-defaults

           Do not read any option files. If program startup fails due to reading unknown options from an option
           file, --no-defaults can be used to prevent them from being read.

           The exception is that the .mylogin.cnf file, if it exists, is read in all cases. This permits
           passwords to be specified in a safer way than on the command line even when --no-defaults is used.
           (.mylogin.cnf is created by the mysql_config_editor utility. See mysql_config_editor(1).)

       •   --password=password, -p password

           This option is accepted but ignored. Whether or not this option is used, mysql_secure_installation
           always prompts the user for a password.

       •   --port=port_num, -P port_num

           The TCP/IP port number to use for the connection.

       •   --print-defaults

           Print the program name and all options that it gets from option files.

       •   --protocol={TCP|SOCKET|PIPE|MEMORY}

           The connection protocol to use for connecting to the server. It is useful when the other connection
           parameters normally would cause a protocol to be used other than the one you want. For details on the
           permissible values, see Section 4.2.2, “Connecting to the MySQL Server”.

       •   --socket=path, -S path

           For connections to localhost, the Unix socket file to use, or, on Windows, the name of the named pipe
           to use.

       •   --ssl*

           Options that begin with --ssl specify whether to connect to the server using SSL and indicate where
           to find SSL keys and certificates. See Section 6.4.2, “Command Options for Encrypted Connections”.

       •   --tls-version=protocol_list

           The protocols permitted by the client for encrypted connections. The value is a comma-separated list
           containing one or more protocol names. The protocols that can be named for this option depend on the
           SSL library used to compile MySQL. For details, see Section 6.4.6, “Encrypted Connection Protocols
           and Ciphers”.

           This option was added in MySQL 5.7.10.

       •   --use-default

           Execute noninteractively. This option can be used for unattended installation operations. This option
           was added in MySQL 5.7.4.

       •   --user=user_name, -u user_name

           The MySQL user name to use when connecting to the server.

COPYRIGHT

       Copyright © 1997, 2017, Oracle and/or its affiliates. All rights reserved.

       This documentation is free software; you can redistribute it and/or modify it only under the terms of the
       GNU General Public License as published by the Free Software Foundation; version 2 of the License.

       This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
       even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
       Public License for more details.

       You should have received a copy of the GNU General Public License along with the program; if not, write
       to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see
       http://www.gnu.org/licenses/.

SEE ALSO

       For more information, please refer to the MySQL Reference Manual, which may already be installed locally
       and which is also available online at http://dev.mysql.com/doc/.

AUTHOR

       Oracle Corporation (http://dev.mysql.com/).

MySQL 5.7                                          09/13/2017                               MYSQL_SECURE_INST(1)