MariaDB - Remote connections from specific IP
-
I have a hosted Maria DB. (SuiteCRM) I need to grant access (read only) to the specific SuiteCRM database, to a specific user (new user) so that he can generate some reports off of the data. Ideally, I would like to restrict access to his specific IP, or just a few select IPs.
I've created a user in MariaDB, and granted the user Select access. What is the best way and procedure, to allow this user remote access to the DB securely?
It's been a while since I've worked in detail with MariaDB, so I'm not sure what the best approach is, or what the procedure is. Any help would be appreciated.
Thanks!
-
Create a dedicated user account for him/her in the database so that he/she has to authenticate for read only access.
Use the firewall to control access to Port 3306 so that only the proper locations can talk to MariaDB at all.
-
For even more security, add SSL certifications.
https://www.cyberciti.biz/faq/how-to-setup-mariadb-ssl-and-secure-connections-from-clients/
-
@scottalanmiller said in MariaDB - Remote connections from specific IP:
Create a dedicated user account for him/her in the database so that he/she has to authenticate for read only access.
Use the firewall to control access to Port 3306 so that only the proper locations can talk to MariaDB at all.
OK, so it looks like I'm not missing anything in my thought process. Just create the RO user, then open up firewall port to select IPs. I'm using FirewallD, so I would grant access like this:?
firewall-cmd --zone=public --add-service=mysql --permanent
firewall-cmd --add-rich-rule 'rule family="ipv4" source address="xxx.xxx.xxx.xxx" service name="mysql" accept' --permanent
-
Looks right.
-
@scottalanmiller Well that worked, but it looks like I can connect from any IP, not just the one I specified. Digging further.....
-
@fuznutz04 said in MariaDB - Remote connections from specific IP:
@scottalanmiller Well that worked, but it looks like I can connect from any IP, not just the one I specified. Digging further.....
You don't want that first rule. That opened it to everything. You only want the second.
-
@jaredbusch said in MariaDB - Remote connections from specific IP:
@fuznutz04 said in MariaDB - Remote connections from specific IP:
@scottalanmiller Well that worked, but it looks like I can connect from any IP, not just the one I specified. Digging further.....
You don't want that first rule. That opened it to everything. You only want the second.
Bingo. Thanks!
