Table of Contents

Introduction

MariaDB is an open-source relational database management system and a popular drop-in replacement for MySQL. Created by Michael "Monty" Widenius, one of the original MySQL developers, MariaDB maintains full compatibility with MySQL while offering performance improvements, additional storage engines, and a commitment to remaining open source. It is commonly used as the database component of the LAMP (Linux, Apache, MySQL/MariaDB, PHP/Python/Perl) stack and LEMP (Linux, Nginx, MySQL/MariaDB, PHP) stack.

This tutorial walks you through installing MariaDB on an Ubuntu server, securing the installation, creating an administrative user with password authentication, and verifying that the database server is running correctly. You will also find troubleshooting tips and security best practices for production deployments.

Tested on Ubuntu 20.04, 22.04, and 24.04. The commands in this guide work across all currently supported Ubuntu LTS releases. The default MariaDB version in the Ubuntu repository varies by release: Ubuntu 20.04 ships MariaDB 10.3, Ubuntu 22.04 ships MariaDB 10.6, and Ubuntu 24.04 ships MariaDB 10.11. All installation and configuration steps remain the same regardless of the Ubuntu version or MariaDB version you receive from the default repositories.

The quick version of this installation consists of three steps:

  • Update your package index using apt
  • Install the mariadb-server package using apt. The package also pulls in related tools to interact with MariaDB
  • Run the included mysql_secure_installation security script to restrict access to the server
				
					sudo apt update
sudo apt install mariadb-server
sudo mysql_secure_installation

Key Takeaways

mariadb illustration for: Key Takeaways
  • MariaDB installs from Ubuntu's default repositories with sudo apt install mariadb-server on Ubuntu 20.04, 22.04, and 24.04.
  • Always run mysql_secure_installation after installing to remove anonymous users, disable remote root login, and drop the test database.
  • On Ubuntu, the MariaDB root account uses unix_socket authentication by default, meaning you log in with sudo mariadb rather than a password. This is more secure for local administration.
  • Create a separate administrative user with password authentication for applications or tools like phpMyAdmin that need password-based database access.
  • Use systemctl commands to manage the MariaDB service: start, stop, restart, and status.

Prerequisites

To follow this tutorial, you will need a server running Ubuntu (20.04, 22.04, or 24.04). This server should have a non-root administrative user and a firewall configured with UFW. Set this up by following the initial server setup guide for Ubuntu.

If you are working with firewall rules for the first time, the How To Set Up a Firewall with UFW on Ubuntu tutorial covers everything you need.

Step 1: Installing MariaDB

Ubuntu's default APT repositories include MariaDB. The version depends on your Ubuntu release:

Ubuntu Version Default MariaDB Version Support Status
20.04 LTS MariaDB 10.3 EOL June 2024
22.04 LTS MariaDB 10.6 Supported until July 2026
24.04 LTS MariaDB 10.11 Supported until February 2028

Note: If you need a newer MariaDB version than what your Ubuntu release provides by default, you can add the official MariaDB repository for your Ubuntu version. For most use cases, the version from Ubuntu's default repository works well.

First, update the package index on your server with apt:

				
					sudo apt update

Then install the package:

				
					sudo apt install mariadb-server

This installs the MariaDB server along with the client tools (mariadb, mysqladmin, mysqldump, and others) that you will use to interact with the database.

Start MariaDB if it is not already running:

				
					sudo systemctl start mariadb.service

Enable MariaDB to start automatically on boot:

				
					sudo systemctl enable mariadb.service

The default configuration leaves your MariaDB installation without a root password and with some insecure defaults. The next step addresses that with the included security script.

Step 2: Configuring MariaDB

For new MariaDB installations, the next step is to run the included security script. This script changes several less secure default options, including removing remote root logins and sample users.

Run the security script:

				
					sudo mysql_secure_installation

This takes you through a series of prompts where you can make changes to your MariaDB installation's security options. The first prompt asks for the current database root password. Since you have not set one up yet, press ENTER to indicate "none".

				
					[secondary_label Output]
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

The next prompt asks whether you want to set up a database root password. On Ubuntu, the root account for MariaDB is tied closely to automated system maintenance, so you should not change the configured authentication methods for that account. Doing so could allow a package update to break the database system by removing access to the administrative account. Type N and then press ENTER.

				
					[secondary_label Output]
. . .
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] <^>N<^>

Later in this tutorial, you will cover how to set up a separate administrative account for password access if socket authentication is not appropriate for your use case.

From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MariaDB immediately implements the changes you have made.

Understanding unix_socket Authentication

On Ubuntu, MariaDB uses unix_socket authentication for the root user by default instead of password-based authentication. This means the database identifies you by your operating system username and the socket connection rather than requiring a password.

When you run sudo mariadb, your system sends your OS credentials over the Unix socket, and MariaDB grants access if those credentials match a valid database user. This approach has several benefits:

  • No database password can be brute-forced for the root account
  • System-level access controls (who can run sudo) protect the database
  • Automated maintenance scripts like logrotate and package upgrades continue to work without storing passwords in configuration files

For interactive use and remote access, create a separate user with password authentication, which Step 3 covers.

Step 3: (Optional) Creating an Administrative User that Employs Password Authentication

On Ubuntu systems running MariaDB, the root MariaDB user is set to authenticate using the unix_socket plugin by default rather than with a password. This allows for greater security and usability in many cases, but it can also complicate things when you need to allow an external program (such as phpMyAdmin or a web application) administrative rights.

Because the server uses the root account for tasks like log rotation and starting and stopping the server, it is best not to change the root account's authentication details. Changing credentials in the /etc/mysql/debian.cnf configuration file may work initially, but package updates could potentially overwrite those changes. Instead of modifying the root account, the package maintainers recommend creating a separate administrative account for password-based access.

To do this, create a new account called admin with the same capabilities as the root account, but configured for password authentication. Open up the MariaDB prompt from your terminal:

				
					sudo mariadb

Then create a new user with root privileges and password-based access. Change the username and password to match your preferences:

				
					GRANT ALL ON *.* TO '<^>admin<^>'@'localhost' IDENTIFIED BY '<^>password<^>' WITH GRANT OPTION;

Flush the privileges to ensure that they are saved and available in the current session:

				
					FLUSH PRIVILEGES;

Following this, exit the MariaDB shell:

				
					exit

Finally, test the MariaDB installation.

Step 4: Testing MariaDB

When installed from the default repositories, MariaDB starts running automatically. To test this, check its status:

				
					sudo systemctl status mariadb

You will receive output similar to the following:

				
					[secondary_label Output]
● mariadb.service - MariaDB 10.6.16 database server
 Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
 Active: active (running) since Thu 2026-02-26 13:38:18 UTC; 3min 55s ago
 Docs: man:mysqld(8)
 https://mariadb.com/kb/en/library/systemd/
 Main PID: 25914 (mysqld)
 Status: "Taking your SQL requests now..."
 Tasks: 31 (limit: 2345)
 Memory: 65.6M
 CGroup: /system.slice/mariadb.service
 └─25914 /usr/sbin/mysqld
. . .

If MariaDB is not running, you can start it with the command sudo systemctl start mariadb.

For an additional check, try connecting to the database using the mysqladmin tool, which is a client that lets you run administrative commands. For example, this command connects to MariaDB as root using the Unix socket and returns the version:

				
					sudo mysqladmin version

You will receive output similar to this:

				
					[secondary_label Output]
mysqladmin Ver 9.1 Distrib 10.6.16-MariaDB, for debian-linux-gnu on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version 10.6.16-MariaDB-0ubuntu0.22.04.1
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 4 min 49 sec

Threads: 7 Questions: 467 Slow queries: 0 Opens: 177 Flush tables: 1 Open tables: 31 Queries per second avg: 1.615

If you configured a separate administrative user with password authentication, you can perform the same operation by typing:

				
					mysqladmin -u <^>admin<^> -p version

This confirms that MariaDB is up and running and that your user is able to authenticate successfully.

Step 5: Basic MariaDB Administration Commands

Once MariaDB is installed and running, here are essential commands for day-to-day management:

Command Description
sudo systemctl start mariadb Start the MariaDB service
sudo systemctl stop mariadb Stop the MariaDB service
sudo systemctl restart mariadb Restart the MariaDB service
sudo systemctl status mariadb Check if MariaDB is running
sudo systemctl enable mariadb Enable MariaDB to start on boot
mariadb --version Display the installed MariaDB version
sudo mariadb Open the MariaDB shell as root

To check which version of MariaDB is installed on your system:

				
					mariadb --version

To see all active databases:

				
					sudo mariadb -e "SHOW DATABASES;"

Step 6: Securing MariaDB for Production

Beyond the mysql_secure_installation script, there are additional steps to harden your MariaDB server for a production environment.

Restricting Network Access

By default, MariaDB listens only on localhost (127.0.0.1), which means it does not accept remote connections. You can verify this by checking the bind-address directive in the MariaDB configuration:

				
					sudo grep bind-address /etc/mysql/mariadb.conf.d/50-server.cnf
				
			
				
					[secondary_label Output]
bind-address = 127.0.0.1

If you need remote database access, change the bind-address to your server's private IP address (not 0.0.0.0 in production) and configure your firewall to allow connections only from trusted IP addresses:

				
					sudo ufw allow from <^>trusted_ip_address<^> to any port 3306

[warning] Warning: Setting bind-address to 0.0.0.0 exposes your database to the entire internet. Always restrict access to specific IP addresses or private network ranges in production.

Reviewing User Accounts

Periodically review which user accounts have access to your database:

				
					sudo mariadb -e "SELECT User, Host, plugin FROM mysql.user;"

Remove any accounts that are no longer needed:

				
					DROP USER '<^>unused_user<^>'@'<^>host<^>';
FLUSH PRIVILEGES;

Enabling the Slow Query Log

The slow query log helps you identify queries that take too long to run, which is useful for performance tuning:

				
					sudo mariadb -e "SET GLOBAL slow_query_log = 'ON'; SET GLOBAL long_query_time = 2;"

This logs any query that takes longer than 2 seconds. Check the log location with:

				
					sudo mariadb -e "SHOW VARIABLES LIKE 'slow_query_log_file';"

Troubleshooting Common MariaDB Issues

Here are solutions for problems you may encounter during or after installation.

MariaDB Fails to Start

If MariaDB does not start, check the error log:

				
					sudo journalctl -u mariadb --no-pager -n 50

Common causes include:

  • Port conflict: Another process (such as MySQL) is using port 3306. Check with sudo ss -tlnp | grep 3306.
  • Disk space: The data directory (/var/lib/mysql) needs available disk space. Verify with df -h.
  • Permission issues: The MariaDB data directory must be owned by the mysql user. Fix with sudo chown -R mysql:mysql /var/lib/mysql.

Cannot Connect to MariaDB

If you receive "Access denied" errors:

  1. Verify that MariaDB is running: sudo systemctl status mariadb
  2. Try connecting as root with sudo: sudo mariadb
  3. Check the authentication plugin for your user:
				
					sudo mariadb -e "SELECT User, Host, plugin FROM mysql.user WHERE User='root';"

If the plugin shows unix_socket, you must use sudo mariadb to connect as root.

mysql_secure_installation Fails with an Error

If the security script fails, it is often because the MariaDB service is not running. Start it first:

				
					sudo systemctl start mariadb
sudo mysql_secure_installation

MariaDB vs MySQL: Choosing the Right Database

Since MariaDB is a fork of MySQL, you may wonder which one to use. Here is a quick comparison:

Feature MariaDB MySQL
License GPL (fully open source) GPL + proprietary (Oracle)
Default on Ubuntu Yes (since 20.04) Available as separate package
Storage engines InnoDB, Aria, ColumnStore, Spider, and more InnoDB, MyISAM, NDB
JSON support Yes Yes (with different syntax in some cases)
Drop-in replacement Compatible with MySQL clients and protocols N/A
Community development Community-driven by MariaDB Foundation Corporate-driven by Oracle

For most Ubuntu server deployments, MariaDB is the recommended choice. It ships in the default repositories, receives timely security updates, and maintains compatibility with MySQL tools and libraries. If you are building a LAMP stack, MariaDB works as a direct substitute for MySQL.

FAQs

1. Is MariaDB a drop-in replacement for MySQL?

Yes. MariaDB was designed to be fully compatible with MySQL at the protocol and API level. Applications that work with MySQL will work with MariaDB without code changes. The mysql command-line client, mysqldump, and libraries like MySQL Connector work with both. MariaDB also supports the same SQL syntax, data types, and replication protocols.

2. How do I reset the MariaDB root password on Ubuntu?

If you use unix_socket authentication (the Ubuntu default), you do not need a root password. Connect with sudo mariadb instead. If you set a root password and forgot it, follow the How To Reset Your MySQL or MariaDB Root Password guide, which walks you through stopping the service, starting it without permission checks, and resetting the password.

3. Why does MariaDB use unix_socket authentication on Ubuntu?

Ubuntu configures MariaDB to use unix_socket authentication for the root account so that system maintenance tasks (log rotation, package upgrades, automated backups) work without storing a database password in plain text. This is more secure because it ties database access to your operating system user permissions. Only users who can run sudo can access the MariaDB root account.

4. How do I check which version of MariaDB is installed?

Run mariadb --version or connect to the database and run SELECT VERSION();. The output shows the version number, such as 10.6.16-MariaDB on Ubuntu 22.04 or 10.11.6-MariaDB on Ubuntu 24.04.

5. Can I install both MariaDB and MySQL on the same Ubuntu server?

No. The MariaDB and MySQL packages on Ubuntu conflict because they provide the same files and use the same port (3306). You can install one or the other, but not both simultaneously. If you need to migrate between them, use mysqldump to export and import your databases.

Conclusion

In this guide, you installed MariaDB on Ubuntu, secured it using the mysql_secure_installation script, and learned how the unix_socket authentication model works on Ubuntu. You also had the option to create a separate administrative user with password authentication, and you tested the MariaDB server to verify everything is working.

Beyond the basics, this guide covered essential administration commands, production security hardening, troubleshooting common issues, and how MariaDB compares to MySQL.

Next Steps

Now that you have a running and secure MariaDB server, here are some resources to continue building on your setup:

Ready to deploy MariaDB in production? managed databases handle provisioning, maintenance, backups, and scaling for you so you can focus on building your application. You can also spin up a cloud servers running Ubuntu and follow this tutorial to set up MariaDB yourself.