CENTOS6.4中若使用指令安裝apache相關依套件時，可能會順便安裝phpMyAdmin，

或是可以使用yum install -y phpmyadmin 直接安裝，

若存在檔案/etc/httpd/conf.d/phpMyAdmin.conf時，

檢視檔案/etc/httpd/conf.d/phpMyAdmin.conf，

找尋Directory字串，看看CENTOS版本安裝的phpmyAdmin路徑在哪

例如：

<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

可以得知安裝路徑在 /usr/share/phpMyAdmin

有時網站會有新版想手動更新時，則採取如下步驟

1.下載

wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/4.1.1/phpMyAdmin-4.1.1-all-languages.tar.gz

2.解壓縮

tar -zxvf phpMyAdmin-4.1.1-all-languages.tar.gz

會產生一個目錄phpMyAdmin-4.1.1-all-languages

3.搬移產生的目錄檔案到apache預設的網站目錄下，並更名為phpMyAdmin

mv phpMyAdmin-4.1.1-all-languages /var/www/html/phpMyAdmin

4.建立phpMyAdmin設定檔

複製範本設定檔 config.sample.inc.php 並重新命名為 config.inc.php
cp /var/www/html/phpMyAdmin/config.sample.inc.php /var/www/html/phpMyAdmin/config.inc.php

5.設定驗證模式

編輯/var/www/html/phpMyAdmin/config.inc.php

(若使用yum安裝路徑則為/usr/share/phpMyAdmin/config.inc.php)

        找到

        /* Authentication type */
        $cfg['Servers'][$i]['auth_type'] = 'cookie';

        改為

        /* Authentication type */
        $cfg['Servers'][$i]['auth_type'] = 'http';

備註：

認證模式有三種

1.config

帳號、密碼寫在 config.inc.php 裡，是最基本的認證方式，安全性也最低。
2.cookies

透過 MySQL 做認證。
3.http

除了使用 MySQL 認帳外，還提供基本的 HTTP 認證模式。

安全性 http>cookies>config

6.若是已存在 /etc/httpd/conf.d/phpMyAdmin.conf 時，

將原本phpMyAdmin指向於/usr/share/phpMyAdmin/的路徑改為

/var/www/html/phpmyAdmin/，

若不修改則依然會執行舊版的phpMyAdmin。

(若不存在無須執行此步驟)

若無/etc/httpd/conf.d/phpMyAdmin.conf 檔案，

想增加安全性時則可參考下列內容

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin

<Directory /var/www/html/phpMyAdmin/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /var/www/html/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /var/www/html/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

7..重新啟動apache

service httpd restart

8..測試

由於預設只開放localhost連線進入phpMyAdmin

瀏覽器執行 http://localhost/phpMyAdmin後

使用mySQL最大權限帳號root登入

備註：

若發生下列問題時，請先停止mySQL後，再重新啟動mySQL

phpMyAdmin - 錯誤

#2002 - Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
伺服器沒有回應（或者是伺服器的 socket 沒有被正確的設定）

若是需要使用phpmyAdmin進階功能時，請執行步驟9、10

9.，建立phpMyAdmin 所需的資料表

9.1. 登入phpmyAdmin後

9.2.點選「匯入」頁籤連結

9.3.點選「瀏覽」按鈕

9.4.選擇 /var/www/html/phpMyAdmin/example/create_tables.sql

9.5.點選「執行」按鈕

出現下列訊息：

匯入成功完成，共執行了 17 個查詢指令。 (create_tables.sql)

-- --------------------------------------------------------
-- SQL Commands to set up the pmadb as described in the documentation.
--
-- This file is meant for use with MySQL 5 and above!
--
-- This script expects the user pma to already be existing. If we would put a
-- line here to create him too many users might just use this script and end
-- up with having the same password for the controluser.
--
-- This user "pma" must be defined in config.inc.php (controluser/controlpass)
--
-- Please don't forget to set up the tablenames in config.inc.php
--

-- --------------------------------------------------------

--
-- Database : `phpmyadmin`
--
CREATE DATABASE IF NOT EXISTS `phpmyadmin`
DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;# 影響了 1 行。

USE phpmyadmin;# MySQL 回傳的查詢結果為空 (即零行)。

-- [...]

10.建立授權

10.1. 使用管理者帳號連入mysql

mysql -h localhost -u root -p

10.2.建立pma@localhost 帳號

GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pma@localhost的密碼';

10.3. 授權給pma@localhost，執行下列指令

        GRANT SELECT (
           Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
           Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
   File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
           Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
          Execute_priv, Repl_slave_priv, Repl_client_priv
       ) ON mysql.user TO pma@localhost;
      GRANT SELECT ON mysql.db TO pma@localhost;
      GRANT SELECT ON mysql.host TO pma@localhost;
      GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO pma@localhost;
      GRANT SELECT, INSERT, DELETE, UPDATE ON `phpmyadmin`.* TO 'pma'@localhost;
      flush privileges;

10.4.編輯phpMyAdmin設定檔

vi /var/www/html/phpMyAdmin/config.inc.php

將下列註記取消，並修改紅字部份帳號pma的密碼

             $cfg['Servers'][$i]['controluser'] = 'pma';
             $cfg['Servers'][$i]['controlpass'] = 'pma@localhost的密碼';

            /* Storage database and tables */
             $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
             $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
             $cfg['Servers'][$i]['relation'] = 'pma__relation';
             $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
             $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
             $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
             $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
             $cfg['Servers'][$i]['history'] = 'pma__history';
             $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
             $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
             $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
             $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
             $cfg['Servers'][$i]['recent'] = 'pma__recent';
             $cfg['Servers'][$i]['users'] = 'pma__users';
             $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
             $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';

使用 yum install -y phpmyadmin安裝時，由步驟4開始執行，

將步驟4改為如下：

複製範本設定檔 config.sample.inc.php 並重新命名為 config.inc.php
cp /usr/share/phpMyAdmin/config.sample.inc.php /usr/share/phpMyAdmin/config.inc.php

其餘同上列步驟5、6、8、9、10

其他：執行phpMyadmin發生錯誤的處理方法

一、執行發生403錯誤

Forbidden

You don't have permission to access /phpMyAdmin on this server.
Apache/2.2.15 (CentOS) Server at 127.0.0.1 Port 80

檢查/var/log/httpd/error_log，發現有以下訊息

[Thu Jan 30 11:55:26 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
[Thu Jan 30 11:55:29 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
[Thu Jan 30 11:55:32 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied
[Thu Jan 30 20:03:23 2014] [error] [client 127.0.0.1] (13)Permission denied: access to /phpMyAdmin denied

解決方案：

若/etc/httpd/conf.d/phpMyAdmin.conf已經設定本機端可存取

且系統有啟用SELinux時，

試著執行指令 chcon -t httpd_sys_content_t /var/www/html/phpMyAdmin

二、執行後瀏覽器一片空白

檢查/var/log/httpd/error_log，發現有以下訊息

[Fri Jan 31 10:29:57 2014] [error] [client ::1] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
[Fri Jan 31 10:29:57 2014] [error] [client ::1] PHP Fatal error: Unknown: Failed opening required '/var/www/html/phpMyAdmin/index.php' (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0

解決方案：

發現關鍵字Permission denied，因此可以判定又是權限的問題，

當系統有啟用SELinux時，常發生權限不足造成難以判定的錯誤。

1.如果CENTOS系統有使用圖形化界面時，建議安裝下列工具，

協助SELinux造成的問題除錯，安裝完成後建議重開機使其生效。

SELinux troubleshoot server(setroubleshoot-server-3.0.47-6.el6(x86_64))
Analysis plugins for use with setroubleshoot(setroubleshoot-plugins-3.0.40-2.el6(noarch))
Helps troubleshoot SELinux problems(setroubleshoot-3.0.47-6.el6(x86_64))

2.開啟php除錯

/ec/php.ini
display_errors = on

當1.2.都執行過後重新執行過後，再次執行phpMyAdmin時，

會有SELinux除錯工具的提示訊息出現，執行其建議的解決方案，

其訊息類似如下：

  SELinux is preventing /usr/sbin/httpd from read access on the 檔案 index.php.

***** 插件 catchall_boolean (47.5 信賴度) 項建議*************************************

如果您想要allow httpd to read user content
接著 you must tell SELinux about this by enabling the 'httpd_read_user_content'boolean.
執行
setsebool -P httpd_read_user_content 1

***** 插件 catchall_boolean (47.5 信賴度) 項建議*************************************

如果您想要allow httpd to read home directories
接著 you must tell SELinux about this by enabling the 'httpd_enable_homedirs'boolean.
執行
setsebool -P httpd_enable_homedirs 1

***** 插件 catchall (6.38 信賴度) 項建議*********************************************

如果您認為 httpd 就預設值應擁有 index.php file 的 read 存取權限。
接著您應將此回報為錯誤。
您可產生本機政策模組，以允許這項存取。
執行
現在透過執行以下指令來允許此存取：
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

額外資訊：
來源情境                          system_u:system_r:httpd_t:s0
目標情境                          unconfined_u:object_r:user_home_t:s0
目標物件 index.php [ file ]
來源 httpd
來源路徑 /usr/sbin/httpd
連接埠 <未知>
主機   我的主機名稱
來源 RPM 套件 httpd-2.2.15-29.el6.centos.x86_64
目標 RPM 套件
方針 RPM selinux-policy-3.7.19-231.el6.noarch
Selinux 已啟用 True
方針類型                          targeted
強制模式                          Enforcing
主機名稱我的主機名稱
平台 Linux 我的主機名稱
2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3
21:39:27 UTC 2014 x86_64 x86_64
警示計數 2
第一次看見西元2014年01月31日 (週五) 10時29分54秒
最後一次看見西元2014年01月31日 (週五) 10時29分57秒
本地 ID                         2a0061ce-d6e1-42d8-94bb-e1e2f9295943

原始稽核訊息
type=AVC msg=audit(1391135397.679:35): avc: denied { read } for pid=2248 comm="httpd" name="index.php" dev=sda2 ino=4719179 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

type=SYSCALL msg=audit(1391135397.679:35): arch=x86_64 syscall=open success=no exit=EACCES a0=7fdf1ee25870 a1=0 a2=1b6 a3=702e7865646e692f items=0 ppid=2228 pid=2248 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,user_home_t,file,read

audit2allow

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:file read;

audit2allow -R

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:file read;