How to Install and Configure MariaDB on Fedora 35

MariaDB is one of the most popular open-source relational database management systems (RDBMS). It is highly compatible with MySQL and is often used as a drop-in replacement.

MariaDB was developed as a software fork of MySQL in 2009 in response to Oracle’s acquisition of MySQL. MariaDB intends to remain free and open-source software under the GNU General Public License. It is part of most cloud offerings and the default in most Linux distributions.

In this guide, we will learn how to install and configure MariaDB on Fedora 35 Server/Workstation.

Prerequisites

To follow along, ensure you have:

An up to date Fedora server/workstation
Root access to the server or a user with sudo access
Access to the internet from the server

Update the system

Before proceeding, ensure that the Fedora system is up to date:

The -y option ensures the system doesn’t pause for confirmation during the upgrade.

1
sudo dnf -y update

Installing MariaDB

MariaDB is available in the default Fedora repositories. You can confirm by searching:

1
sudo dnf search mariadb-server

Install MariaDB server:

1
sudo dnf install -y mariadb-server

Starting and enabling MariaDB

Start and enable MariaDB:

1
sudo systemctl enable --now mariadb

Confirm that the service is up and running:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
sudo systemctl status mariadb

● mariadb.service - MariaDB 10.5 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-11-13 05:46:38 UTC; 18s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 9385 ExecStartPre=/usr/libexec/mariadb-check-socket (code=exited, status=0/SUCCESS)
    Process: 9408 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir mariadb.service (code=exited, status=0/SUCCESS)
    Process: 9504 ExecStartPost=/usr/libexec/mariadb-check-upgrade (code=exited, status=0/SUCCESS)
   Main PID: 9490 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 13 (limit: 4585)
     Memory: 82.2M
        CPU: 460ms
     CGroup: /system.slice/mariadb.service
             &#x2514;&#x2500;9490 /usr/libexec/mariadbd --basedir=/usr

Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: See the MariaDB Knowledgebase at https://mariadb.com/kb or the
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: MySQL manual for more instructions.
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: Please report any problems at https://mariadb.org/jira
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: The latest information about MariaDB is available at https://mariadb.org/.
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: You can find additional information about the MySQL part at:
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: https://dev.mysql.com
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: Consider joining MariaDB's strong and vibrant community:
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadb-prepare-db-dir[9448]: https://mariadb.org/get-involved/
Nov 13 05:46:37 ip-10-2-40-174.us-west-2.compute.internal mariadbd[9490]: 2021-11-13  5:46:37 0 [Note] /usr/libexec/mariadbd (mysqld 10.5.12-MariaDB) starting as process 9490 ...
Nov 13 05:46:38 ip-10-2-40-174.us-west-2.compute.internal systemd[1]: Started MariaDB 10.5 database server.

Configuring MariaDB

For new MariaDB installations, the next step is to run the included security script. This script changes some insecure default options (for example removing anonymous users and the test database).

Run the security script:

1
sudo mysql_secure_installation

This will take you through a series of prompts. The first prompt asks for the current MariaDB root password. On a fresh install you can often press ENTER (empty).

On Fedora (and many distros), MariaDB often uses unix_socket authentication for the root account by default. That means you can administer MariaDB locally using sudo mariadb without needing a password. This is usually a good default for a single server.

In most cases you can answer Y to remove anonymous users, disallow remote root login, remove the test database, and reload privileges.

Example output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Testing MariaDB

Now that MariaDB is running, confirm that it can accept connections.

Connect locally (recommended)

If root uses unix_socket authentication, connect like this:

1
sudo mariadb

Output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
$ sudo mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.5.12-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Check mariadb version:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
MariaDB [(none)]> SELECT VERSION();

+-----------------+
| VERSION()       |
+-----------------+
| 10.5.12-MariaDB |
+-----------------+
1 row in set (0.000 sec)

MariaDB [(none)]>

For an additional check, you can use mysqladmin (administrative client) via the Unix socket:

1
sudo mysqladmin version

You should receive output similar to this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
$ sudo mysqladmin version

mysqladmin  Ver 9.1 Distrib 10.5.12-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version  10.5.12-MariaDB
Protocol version 10
Connection  Localhost via UNIX socket
UNIX socket  /var/lib/mysql/mysql.sock
Uptime:   5 min 38 sec

Threads: 1  Questions: 21  Slow queries: 0  Opens: 20  Open tables: 13  Queries per second avg: 0.062

This means that MariaDB is up and running and that your user is able to authenticate successfully.

(Optional) Create an application user

For apps, avoid using root. Create a dedicated user and grant only the needed privileges:

1
2
3
4
CREATE DATABASE appdb;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'CHANGE_ME_STRONG_PASSWORD';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;

You can then connect as that user:

1
mariadb -u appuser -p appdb

(Optional) Allow remote access

If you need remote connections, consider:

Bind address: in /etc/my.cnf.d/mariadb-server.cnf, set bind-address=0.0.0.0 (or a specific private IP).
Firewall: open 3306/tcp only to trusted sources (don’t expose MariaDB publicly).
Users: create users like 'appuser'@'10.%' or 'appuser'@'your_client_ip' instead of %.

Conclusion

In this guide, you installed MariaDB on Fedora 35, secured the installation with mysql_secure_installation, and verified connectivity. From here you can create databases/users for your applications and (if needed) configure controlled remote access.