Skip to content

MariaDB

What Is It?

MariaDB is an open-source relational database management system, a fork of MySQL. It is used as the backend database for applications like WordPress.

Installation

dnf install mariadb-server

Key Files and Directories

Path Purpose
/etc/my.cnf Main configuration
/etc/my.cnf.d/ Additional configuration
/var/lib/mysql/ Database files

Default Ports

Port Protocol Purpose
3306 TCP MariaDB/MySQL client connections

Configuration

MariaDB uses a hierarchical configuration system:

  • /etc/my.cnf — main configuration file
  • /etc/my.cnf.d/ — additional configuration files (loaded automatically)
  • /var/lib/mysql/ — database data files

Minimal Working Configuration

Installation and initial setup:

# Install
sudo dnf install mariadb-server

# Start and enable
sudo systemctl start mariadb
sudo systemctl enable mariadb

# Secure the installation
sudo mysql_secure_installation

The mysql_secure_installation script walks through:

  1. Setting a root password
  2. Removing anonymous users
  3. Disabling remote root login
  4. Removing the test database
  5. Reloading privilege tables

Creating a database and user (for WordPress or other applications):

-- Connect to MariaDB
mysql -u root -p

-- Create a database
CREATE DATABASE wordpress;

-- Create a user with a password
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'secure_password';

-- Grant privileges on the database
GRANT ALL ON wordpress.* TO 'admin'@'localhost';

-- Apply changes
FLUSH PRIVILEGES;

-- Exit
exit;

Important Directives

bind-address
Which IP address MariaDB listens on. Default 127.0.0.1 (localhost only). Set to 0.0.0.0 to accept remote connections (use with caution).
port
TCP port for connections. Default is 3306.
datadir
Location of database files. Default /var/lib/mysql/.
max_connections
Maximum number of simultaneous client connections.
character-set-server
Default character set. Use utf8mb4 for full Unicode support.
skip-networking
Disable TCP/IP connections entirely (only UNIX socket). Useful when the application and database are on the same host.

Common Commands

# Connect to MariaDB as root
mysql -u root -p

# Connect to a specific database
mysql -u admin -p wordpress

# Show databases
SHOW DATABASES;

# Show tables in current database
USE wordpress;
SHOW TABLES;

# Show users and their hosts
SELECT User, Host FROM mysql.user;

# Show grants for a user
SHOW GRANTS FOR 'admin'@'localhost';

# Backup a database
mysqldump -u root -p wordpress > wordpress_backup.sql

# Restore a database
mysql -u root -p wordpress < wordpress_backup.sql

# Check service status
systemctl status mariadb

Logging and Debugging

  • Error log: /var/log/mariadb/mariadb.log (or check log_error setting)
  • General query log: Enable with general_log = 1 in config (logs all queries — use only for debugging, very verbose)
  • Slow query log: Enable with slow_query_log = 1 to find poorly performing queries
  • systemd journal: journalctl -u mariadb
  • Connection test: mysql -u root -p -e "SELECT 1" — quick connectivity check

Troubleshooting checklist:

  1. systemctl status mariadb — is the service running?
  2. journalctl -u mariadb — any startup errors?
  3. mysql -u root -p — can you connect?
  4. Check /var/lib/mysql/ permissions — must be owned by mysql:mysql
  5. ss -tulpn | grep 3306 — is MariaDB listening?

Security Considerations

  • Run mysql_secure_installation: Always run this after initial installation to remove defaults that are insecure for production.
  • Strong passwords: Never use simple passwords like pass for database users in production. Generate random passwords with openssl rand -base64 16.
  • Restrict access: Use 'user'@'localhost' rather than 'user'@'%' unless remote access is genuinely needed. This limits connections to the local machine.
  • Separate users per application: Each application should have its own database user with grants only on its own database.
  • Backup regularly: Use mysqldump for logical backups. Test restoration periodically.
  • Do not expose port 3306: Keep MariaDB listening on localhost only unless remote access is required. If needed, restrict with firewall rules.
  • File permissions: Database files in /var/lib/mysql/ should be owned by mysql:mysql and not world-readable.

Further Reading

  • Technologies: WordPress
  • SOPs: Web Server Management