How to Install MariaDB on RHEL 7
MariaDB is a community-developed, fully open-source relational database management system that serves as the default MySQL-compatible database engine on Red Hat Enterprise Linux 7. Maintained by the original developers of MySQL, MariaDB offers full SQL compliance, excellent performance, and a rich set of storage engines. Because RHEL 7 ships MariaDB in its base repositories, installation is straightforward and does not require any third-party repository configuration. This guide walks you through installing MariaDB, securing it, creating databases and users, granting privileges, and verifying remote connectivity on RHEL 7.
Prerequisites
- A RHEL 7 server with root or sudo access
- An active RHEL 7 subscription (the
rhel-7-server-rpmsrepository must be enabled) - No conflicting MySQL Community Server packages installed
firewalldrunning if remote database access is required
Check the available MariaDB package version in the base repositories:
sudo yum info mariadb-serverRHEL 7 ships MariaDB 5.5 in its base channel. If you need MariaDB 10.x, you can enable the Software Collections (SCL) repository or configure the official MariaDB yum repository. This guide covers the base repository version, which is the simplest and most supported approach for RHEL 7.
Step 1: Install MariaDB Server
Install the mariadb-server package and the mariadb client package using yum:
sudo yum install -y mariadb-server mariadbYum installs all required dependencies including mariadb-libs and the Perl DBI modules used by some administrative scripts. Confirm the installed version after the process completes:
mysqld --version
# mysqld Ver 5.5.68-MariaDB Distrib 5.5.68-MariaDB, for Linux (x86_64)The main configuration file is /etc/my.cnf and additional configuration snippets are loaded from /etc/my.cnf.d/. The data directory defaults to /var/lib/mysql.
Step 2: Start and Enable the MariaDB Service
Use systemctl to start the mariadb service and configure it to start automatically at boot:
sudo systemctl start mariadb
sudo systemctl enable mariadbVerify that the service started successfully:
sudo systemctl status mariadbYou should see output similar to:
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2024-03-15 10:30:00 UTC; 5s ago
Process: 12345 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 12344 (mysqld_safe)Unlike MySQL 5.7, MariaDB 5.5 does not generate a temporary root password. The root account is initially accessible without a password from localhost, which is why running the security script immediately is important.
Step 3: Secure the MariaDB Installation
Run the mysql_secure_installation script to set a root password, remove anonymous users, disallow remote root login, and delete the test database:
sudo mysql_secure_installationWork through each prompt:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
Enter current password for root (enter for none): [press Enter]
Set root password? [Y/n]: Y
New password: [enter a strong password]
Re-enter new password: [confirm password]
Password updated successfully!
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: YAfter completing mysql_secure_installation, verify that the root password works:
mysql -u root -p -e "SELECT VERSION();"Step 4: Create Databases and Users
Connect to MariaDB as root and create a new database for your application:
mysql -u root -pInside the MariaDB shell, create a database with UTF-8 multibyte character encoding:
-- Create the application database
CREATE DATABASE webapp CHARACTER SET utf8 COLLATE utf8_general_ci;
-- List all databases to confirm creation
SHOW DATABASES;
-- Switch to the new database
USE webapp;
-- Create a sample table to test the database
CREATE TABLE sites (
id INT AUTO_INCREMENT PRIMARY KEY,
domain VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
INSERT INTO sites (domain) VALUES ('example.com'), ('test.org');
SELECT * FROM sites;Create additional databases for different environments if needed:
CREATE DATABASE webapp_staging CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE webapp_test CHARACTER SET utf8 COLLATE utf8_general_ci;Step 5: Create Users and Grant Privileges
Create dedicated database users rather than using the root account for application connections. MariaDB supports fine-grained privilege control:
-- Create a user for local connections only
CREATE USER 'webapp_user'@'localhost' IDENTIFIED BY 'Str0ng#Pass2024';
-- Grant all privileges on the webapp database
GRANT ALL PRIVILEGES ON webapp.* TO 'webapp_user'@'localhost';
-- Create a read-only user for reporting
CREATE USER 'report_user'@'localhost' IDENTIFIED BY 'R3port#Pass2024';
GRANT SELECT ON webapp.* TO 'report_user'@'localhost';
-- Create a user for a specific remote host
CREATE USER 'webapp_user'@'10.0.1.20' IDENTIFIED BY 'Str0ng#Pass2024';
GRANT ALL PRIVILEGES ON webapp.* TO 'webapp_user'@'10.0.1.20';
-- Apply all privilege changes immediately
FLUSH PRIVILEGES;Verify the grants assigned to each user:
SHOW GRANTS FOR 'webapp_user'@'localhost';
SHOW GRANTS FOR 'report_user'@'localhost';To revoke a specific privilege if needed:
REVOKE INSERT, UPDATE, DELETE ON webapp.* FROM 'report_user'@'localhost';
FLUSH PRIVILEGES;Step 6: Configure MariaDB for Remote Access
By default MariaDB listens only on 127.0.0.1. To allow remote connections, edit the MariaDB configuration to bind to the server’s network interface:
sudo vi /etc/my.cnfIn the [mysqld] section, change or add the bind-address directive. To listen on all interfaces:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
bind-address=0.0.0.0
symbolic-links=0To bind only to a specific IP address of the server (more secure):
bind-address=192.168.1.10Restart MariaDB to apply the configuration change:
sudo systemctl restart mariadbStep 7: Open the Firewall for Port 3306
Open TCP port 3306 through firewalld to allow external MySQL/MariaDB clients to connect:
# Open port 3306 for all sources (use with caution)
sudo firewall-cmd --permanent --add-port=3306/tcp
sudo firewall-cmd --reload
# Verify the rule is active
sudo firewall-cmd --list-portsFor better security, restrict access to a specific trusted network:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port protocol="tcp" port="3306" accept'
sudo firewall-cmd --reloadStep 8: Test the Remote Connection
From a remote machine that has the mysql client installed, test the connection using the application user created earlier:
# Replace 192.168.1.10 with your MariaDB server IP
mysql -h 192.168.1.10 -u webapp_user -p webappInside the MariaDB shell on the remote connection, verify the connection and database:
SELECT @@hostname;
SELECT DATABASE();
SHOW TABLES;
EXIT;Step 9: SELinux and MariaDB
SELinux is enabled in enforcing mode on RHEL 7 by default. MariaDB’s default paths are already labelled correctly. If you change the data directory location, apply the correct context:
# Check SELinux context of the data directory
ls -dZ /var/lib/mysql
# If relocating the data directory to /data/mariadb
sudo mkdir -p /data/mariadb
sudo semanage fcontext -a -t mysqld_db_t "/data/mariadb(/.*)?"
sudo restorecon -Rv /data/mariadb
sudo chown -R mysql:mysql /data/mariadbCheck for any SELinux AVC denials that might affect MariaDB:
sudo ausearch -m avc -ts recent | grep mysqldYou have successfully installed and configured MariaDB on RHEL 7. The installation used the packages included in the RHEL 7 base repositories, eliminating the need for third-party repository management. You secured the root account with mysql_secure_installation, created a dedicated application database with proper UTF-8 encoding, set up users with appropriately scoped privileges, configured the server for remote access, and opened the required firewall port. For production use, consider tuning the /etc/my.cnf configuration for your specific workload, enabling the slow query log to identify performance bottlenecks, and scheduling regular backups using mysqldump.
