CENTOS6.4中若使用指令安裝apache相關依套件時,可能會順便安裝phpMyAdmin,

或是可以使用yum install -y phpmyadmin 直接安裝,

若存在檔案/etc/httpd/conf.d/phpMyAdmin.conf時,

檢視檔案/etc/httpd/conf.d/phpMyAdmin.conf,

找尋Directory字串,看看CENTOS版本安裝的phpmyAdmin路徑在哪

例如:

<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

可以得知安裝路徑在 /usr/share/phpMyAdmin

有時網站會有新版想手動更新時,則採取如下步驟

1.下載

wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/4.1.1/phpMyAdmin-4.1.1-all-languages.tar.gz

2.解壓縮

tar -zxvf phpMyAdmin-4.1.1-all-languages.tar.gz

會產生一個目錄phpMyAdmin-4.1.1-all-languages

3.搬移產生的目錄檔案到apache預設的網站目錄下,並更名為phpMyAdmin

mv phpMyAdmin-4.1.1-all-languages /var/www/html/phpMyAdmin

4.建立phpMyAdmin設定檔

複製範本設定檔 config.sample.inc.php 並重新命名為 config.inc.php
cp /var/www/html/phpMyAdmin/config.sample.inc.php /var/www/html/phpMyAdmin/config.inc.php

5.設定驗證模式

   編輯/var/www/html/phpMyAdmin/config.inc.php

   (若使用yum安裝路徑則為/usr/share/phpMyAdmin/config.inc.php)

        找到

        /* Authentication type */
        $cfg['Servers'][$i]['auth_type'] = 'cookie';

        改為

        /* Authentication type */
        $cfg['Servers'][$i]['auth_type'] = 'http';

      備註:

                認證模式有三種

      1.config  

         帳號、密碼寫在 config.inc.php 裡,是最基本的認證方式,安全性也最低。
      2.cookies    

         透過 MySQL 做認證。
      3.http         

         除了使用 MySQL 認帳外,還提供基本的 HTTP 認證模式。

      安全性 http>cookies>config

6.若是已存在 /etc/httpd/conf.d/phpMyAdmin.conf 時,

   將原本phpMyAdmin指向於/usr/share/phpMyAdmin/的路徑改為

   /var/www/html/phpmyAdmin/,

   若不修改則依然會執行舊版的phpMyAdmin。

  (若不存在無須執行此步驟)

 

若無/etc/httpd/conf.d/phpMyAdmin.conf 檔案,

想增加安全性時則可參考下列內容

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin

<Directory /var/www/html/phpMyAdmin/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /var/www/html/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

 

7..重新啟動apache

   service httpd restart

8..測試

   由於預設只開放localhost連線進入phpMyAdmin

   瀏覽器執行 http://localhost/phpMyAdmin後

   使用mySQL最大權限帳號root登入

   備註:

           若發生下列問題時,請先停止mySQL後,再重新啟動mySQL

phpMyAdmin - 錯誤

#2002 - Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
伺服器沒有回應(或者是伺服器的 socket 沒有被正確的設定)

 

若是需要使用phpmyAdmin進階功能時,請執行步驟9、10 

9.,建立phpMyAdmin 所需的資料表

   9.1. 登入phpmyAdmin後

   9.2.點選「匯入」頁籤連結

   9.3.點選「瀏覽」按鈕

   9.4.選擇  /var/www/html/phpMyAdmin/example/create_tables.sql

   9.5.點選「執行」按鈕

         出現下列訊息:

匯入成功完成,共執行了 17 個查詢指令。 (create_tables.sql)

-- --------------------------------------------------------
-- SQL Commands to set up the pmadb as described in the documentation.
--
-- This file is meant for use with MySQL 5 and above!
--
-- This script expects the user pma to already be existing. If we would put a
-- line here to create him too many users might just use this script and end
-- up with having the same password for the controluser.
--
-- This user "pma" must be defined in config.inc.php (controluser/controlpass)
--
-- Please don't forget to set up the tablenames in config.inc.php
--

-- --------------------------------------------------------

--
-- Database : `phpmyadmin`
--
CREATE DATABASE IF NOT EXISTS `phpmyadmin`
DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;# 影響了 1 行。

USE phpmyadmin;# MySQL 回傳的查詢結果為空 (即零行)。


-- [...]

 

 

10.建立授權

     10.1. 使用管理者帳號連入mysql

                mysql -h localhost -u root -p

     10.2.建立pma@localhost 帳號

     GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pma@localhost的密碼';

     10.3. 授權給pma@localhost,執行下列指令

        GRANT SELECT (
           Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
           Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
           File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
           Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
          Execute_priv, Repl_slave_priv, Repl_client_priv
       ) ON mysql.user TO pma@localhost;
      GRANT SELECT ON mysql.db TO pma@localhost;
      GRANT SELECT ON mysql.host TO pma@localhost;
      GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO pma@localhost;
      GRANT SELECT, INSERT, DELETE, UPDATE ON `phpmyadmin`.* TO 'pma'@localhost;
      flush privileges;

     10.4.編輯phpMyAdmin設定檔

             vi /var/www/html/phpMyAdmin/config.inc.php

            將下列註記取消,並修改紅字部份帳號pma的密碼

             $cfg['Servers'][$i]['controluser'] = 'pma';
             $cfg['Servers'][$i]['controlpass'] = 'pma@localhost的密碼';

              /* Storage database and tables */
             $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
             $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
             $cfg['Servers'][$i]['relation'] = 'pma__relation';
             $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
             $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
             $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
             $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
             $cfg['Servers'][$i]['history'] = 'pma__history';
             $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
             $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
             $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
             $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
             $cfg['Servers'][$i]['recent'] = 'pma__recent';
             $cfg['Servers'][$i]['users'] = 'pma__users';
             $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
             $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';

 


 

使用 yum install -y phpmyadmin安裝時,由步驟4開始執行,

將步驟4改為如下:

複製範本設定檔 config.sample.inc.php 並重新命名為 config.inc.php
cp /usr/share/phpMyAdmin/config.sample.inc.php /usr/share/phpMyAdmin/config.inc.php

其餘同上列步驟5、6、8、9、10

 

 

其他:執行phpMyadmin發生錯誤的處理方法

一、執行發生403錯誤

   Forbidden

   You don't have permission to access /phpMyAdmin on this server.
   Apache/2.2.15 (CentOS) Server at 127.0.0.1 Port 80

   

   檢查/var/log/httpd/error_log,發現有以下訊息

   [Thu Jan 30 11:55:26 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
   [Thu Jan 30 11:55:29 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
   [Thu Jan 30 11:55:32 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
   [Thu Jan 30 20:03:23 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied

 

     

      解決方案:

      若/etc/httpd/conf.d/phpMyAdmin.conf已經設定本機端可存取

      且系統有啟用SELinux時,

      試著執行指令 chcon -t httpd_sys_content_t /var/www/html/phpMyAdmin

二、執行後瀏覽器一片空白

   檢查/var/log/httpd/error_log,發現有以下訊息

   [Fri Jan 31 10:29:57 2014] [error] [client ::1] PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
   [Fri Jan 31 10:29:57 2014] [error] [client ::1] PHP Fatal error:  Unknown: Failed opening required '/var/www/html/phpMyAdmin/index.php'       (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0

  解決方案:

  發現關鍵字Permission denied,因此可以判定又是權限的問題,

  當系統有啟用SELinux時,常發生權限不足造成難以判定的錯誤。

  1.如果CENTOS系統有使用圖形化界面時,建議安裝下列工具,

    協助SELinux造成的問題除錯,安裝完成後建議重開機使其生效。

    SELinux troubleshoot server(setroubleshoot-server-3.0.47-6.el6(x86_64))
    Analysis plugins for use with setroubleshoot(setroubleshoot-plugins-3.0.40-2.el6(noarch))
    Helps troubleshoot SELinux problems(setroubleshoot-3.0.47-6.el6(x86_64))

  2.開啟php除錯

    /ec/php.ini
    display_errors = on   

  當1.2.都執行過後重新執行過後,再次執行phpMyAdmin時,

  會有SELinux除錯工具的提示訊息出現,執行其建議的解決方案,

  其訊息類似如下:

  SELinux is preventing /usr/sbin/httpd from read access on the 檔案 index.php.

*****  插件 catchall_boolean (47.5 信賴度) 項建議*************************************

如果 您想要allow httpd to read user content
接著 you must tell SELinux about this by enabling the 'httpd_read_user_content'boolean.
執行
setsebool -P httpd_read_user_content 1

*****  插件 catchall_boolean (47.5 信賴度) 項建議*************************************

如果 您想要allow httpd to read home directories
接著 you must tell SELinux about this by enabling the 'httpd_enable_homedirs'boolean.
執行
setsebool -P httpd_enable_homedirs 1

*****  插件 catchall (6.38 信賴度) 項建議*********************************************

如果 您認為 httpd 就預設值應擁有 index.php file 的 read 存取權限。
接著 您應將此回報為錯誤。
您可產生本機政策模組,以允許這項存取。
執行
現在透過執行以下指令來允許此存取:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

額外資訊:
來源情境                          system_u:system_r:httpd_t:s0
目標情境                          unconfined_u:object_r:user_home_t:s0
目標物件                          index.php [ file ]
來源                             httpd
來源路徑                          /usr/sbin/httpd
連接埠                            <未知>
主機                             我的主機名稱
來源 RPM 套件                     httpd-2.2.15-29.el6.centos.x86_64
目標 RPM 套件                     
方針 RPM                         selinux-policy-3.7.19-231.el6.noarch
Selinux 已啟用                    True
方針類型                          targeted
強制模式                          Enforcing
主機名稱                          我的主機名稱
平台                             Linux 我的主機名稱
                                2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3
                                21:39:27 UTC 2014 x86_64 x86_64
警示計數                          2
第一次看見                         西元2014年01月31日 (週五) 10時29分54秒
最後一次看見                        西元2014年01月31日 (週五) 10時29分57秒
本地 ID                         2a0061ce-d6e1-42d8-94bb-e1e2f9295943

原始稽核訊息
type=AVC msg=audit(1391135397.679:35): avc:  denied  { read } for  pid=2248 comm="httpd" name="index.php" dev=sda2 ino=4719179 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1391135397.679:35): arch=x86_64 syscall=open success=no exit=EACCES a0=7fdf1ee25870 a1=0 a2=1b6 a3=702e7865646e692f items=0 ppid=2228 pid=2248 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,user_home_t,file,read

audit2allow

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:file read;

audit2allow -R

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:file read;

    

試著執行信賴度較高的執行建議

setsebool -P httpd_read_user_content 1  

再次執行phpMyAdmin就能使用了

 

 

,

K 發表在 痞客邦 PIXNET 留言(1) 人氣()


留言列表 (1)

發表留言
  • Shih-Wei Huang
  • 非常感謝!!!

您尚未登入,將以訪客身份留言。亦可以上方服務帳號登入留言

請輸入暱稱 ( 最多顯示 6 個中文字元 )

請輸入標題 ( 最多顯示 9 個中文字元 )

請輸入內容 ( 最多 140 個中文字元 )

請輸入左方認證碼:

看不懂,換張圖

請輸入驗證碼