https://mariadb.com/docs/server/mariadb-quickstart-guides/installing-mariadb-server-guide
summary of the file: mariadb-server.README.Debian
debian install mariadb on remote server
completely uninstall MariaDB
First steps.
Do I have a firewall? Do I have the nftables firewall?
x@c7:~$ dpkg -l | grep nftables
...
x@c7:~$ systemctl status nftables
Check if the firewall is active
x@c7:~$ systemctl status nftables
● nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: enable>
Active: active (exited) since Fri 2026-01-16 16:16:25 PST; 2 weeks 1 day ago
...
x@c7:~$ sudo nft list ruleset
[sudo] password for x:
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
iifname "lo" accept
icmp type echo-request accept
tcp dport 22 accept
tcp dport { 80, 443 } accept
tcp dport { 3000, 3306 } accept
log prefix "Server Block: " flags all
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
x@c7:~$
Update Package Installer and Package index
x@c7:~$ sudo apt-get update
x@c7:~$ sudo apt update
The file mariadb-server.README.Debian is a package documentation file specific to the Debian (and Ubuntu) Linux distribution of the MariaDB server. It provides important, distribution-specific information, configuration details, and behavioral differences from the standard MariaDB documentation.
•No mysql_secure_installation Needed: Because MariaDB is secure by default in newer Debian installs (no anonymous users, no test database, etc.), the mysql_secure_installation script is largely unnecessary and might even fail if run, as it attempts to perform actions already handled by the package.
•Configuration File Locations: It details where configuration files are located. Most MariaDB option files are typically found in the /etc/mysql/mariadb.d/ directory, rather than a single /etc/mysql/my.cnf file.
•Replication Notes: It may contain specific notes on configuring replication, such as warnings against setting --tmpdir to a memory-based filesystem if the server is acting as a replication slave, as temporary files need to survive a machine restart.
The file is installed as part of the mariadb-server package and can be found in the /usr/share/doc/mariadb-server/ directory on a Debian system, often compressed as mariadb-server.README.Debian.gz. You can view the contents of the file on the Debian Sources website.
From the link: https://sources.debian.org/src/mariadb-10.0/10.0.32-0%2Bdeb8u1/debian/mariadb-server-10.0.README.Debian
=============================
You may never ever delete the special mysql user "debian-sys-maint". This user together with the credentials in /etc/mysql/debian.cnf are used by the init scripts to stop the server as they would require knowledge of the mysql root users password else.
So in most of the times you can fix the situation by making sure that the debian.cnf file contains the right password, e.g. by setting a new one (remember to do a "flush privileges" then).
============================
The privilege tables are automatically updated so all there is left is read the changelogs on mariadb.com to see if any changes affect custom apps.
================================
The MySQL manual describes certain steps to do at this stage in a separate chapter. They are not necessary as the Debian packages does them automatically.
The only thing that is left over for the admin is
- creating new users and databases
- read the rest of this text
=============
For security reasons, the Debian package has enabled networking only on the loop-back device using "bind-address" in /etc/mysql/my.cnf. Check with "netstat -tlnp" where it is listening. If your connection is aborted immediately see if "mysqld: all" or similar is in /etc/hosts.allow and read hosts_access(5).
==============================
Unfortunately due to licensing restrictions, debian currently not able to provide the mysql-doc package in any format. For the most up to date documentation, please go to http://dev.mysql.com/doc.
============
It is strongly recommended to set a password for the mysql root user (which
/usr/bin/mysql -u root -e "flush privileges"
If you already had a password set add "-p" before "-u" to the lines above.
If you are tired to type the password in every time or want to automate your
scripts you can store it in the file $HOME/.my.cnf. It should be chmod 0600
(-rw------- username username .my.cnf) to ensure that nobody else can read
it. Every other configuration parameter can be stored there, too. You will
find an example below and more information in the MySQL manual in
/usr/share/doc/mariadb-doc or www.mysql.com.
ATTENTION: It is necessary, that a .my.cnf from root always contains a "user" line wherever there is a "password" line, else, the Debian maintenance scripts, that use /etc/mysql/debian.cnf, will use the username "debian-sys-maint" but the password that is in root's .my.cnf. Also note, that every change you make in the /root/.my.cnf will affect the mysql cron script, too.
# an example of $HOME/.my.cnf
[client]
user = your-mysql-username
password = enter-your-good-new-password-here
Install the package
x@c7:~$ sudo apt install mariadb-server mariadb-client galera-4
Installing:
galera-4 mariadb-client mariadb-server
Installing dependencies:
gawk libsnappy1v5
libcgi-fast-perl libterm-readkey-perl
libcgi-pm-perl mariadb-client-core
libconfig-inifiles-perl mariadb-common
libdbd-mariadb-perl mariadb-plugin-provider-bzip2
libdbi-perl mariadb-plugin-provider-lz4
libfcgi-bin mariadb-plugin-provider-lzma
libfcgi-perl mariadb-plugin-provider-lzo
libfcgi0t64 mariadb-plugin-provider-snappy
libgpm2 mariadb-server-core
libhtml-template-perl mysql-common
liblzo2-2 psmisc
libmariadb3 pv
libncurses6 rsync
libpcre2-posix3 socat
libsigsegv2
Suggested packages:
gawk-doc libsql-statement-perl mailx doc-base
libmldbm-perl gpm mariadb-test python3-braceexpand
libnet-daemon-perl libipc-sharedcache-perl netcat-openbsd
Summary:
Upgrading: 0, Installing: 34, Removing: 0, Not Upgrading: 8
Download size: 20.8 MB
Space needed: 202 MB / 23.4 GB available
Continue? [Y/n]
...
Configure MariaDB for Remote Access
By default, MariaDB is configured to listen only on the local loopback address (127.0.0.1). To allow remote connections, you need to modify the configuration file to bind to the server's public IP address or all interfaces.
sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
2. Locate the bind-address line under the [mysqld] section and change 127.0.0.1 to the server's public IP address or 0.0.0.0 to listen on all available network interfaces.
bind-address = 0.0.0.0
Here is the Before:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
Here is the After:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
3. Save the file and exit the editor (Ctrl+O, then Enter, then Ctrl+X for nano).
4. Restart the MariaDB service for the changes to take effect:
sudo systemctl restart mariadb
x@c7:~$ sudo mariadb -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 31
Server version: 11.8.3-MariaDB-0+deb13u1 from Debian -- Please help get to 10k stars at https://github.com/MariaDB/Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
Exit from the MariaDB prompt
MariaDB [(none)]> quit
Bye
x@c7:~$
Set the root password
sudo mariadb-secure-installation
Follow the prompts to configure your security settings.
NOTE: MariaDB is secure by default in Debian. Running this script is
useless at best, and misleading at worst. This script will be
removed in a future MariaDB release in Debian. Please read
mariadb-server.README.Debian for details.
Enter 'y' for Change the root password? [Y/n] y
Enter root user password or leave blank:
Leave blank, the default password Enter password on first login after script finishes
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
x@c7:~$
Restart with new password
x@c7:~$ sudo systemctl restart mariadb
x@c7:~$
Verify login as root.
x@c7:~$ sudo mariadb -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 31
Server version: 11.8.3-MariaDB-0+deb13u1 from Debian -- Please help get to 10k stars at https://github.com/MariaDB/Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
* PASSWORDS:
/usr/bin/mysql -u root -D mysql -e "update user set password=password('new-password') where user='root'"
/usr/bin/mysql -u root -e "flush privileges"
Grant Remote User Privileges
Log in to the MariaDB shell as the root user:
sudo mariadb -u root -p
Enter the root password you set.
Create a new user and grant them privileges to a specific database from any remote IP (indicated by %):
sql
CREATE USER 'new_user'@'%' IDENTIFIED BY 'STRONG_PASSWORD';
GRANT ALL PRIVILEGES ON database_name.* TO 'new_user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Replace 'new_user', 'STRONG_PASSWORD', and database_name with your desired credentials and database name.
Test if port 3306 is available
MariaDB [(none)]> EXIT;
Bye
x@c7:~$ telnet c7.xcvvc.com 3306
Trying 69.55.235.35...
Connected to c7.xcvvc.com.
Escape character is '^]'.
h
11.8.3-MariaDB-0+deb13u1 from Debian"-x<^DyTz=(UV.~Wvk7l>1mysql_native_passwordConnection closed by foreign host.
x@c7:~$
Start and Verify the Service
Check the status
x@c7:~$ sudo systemctl status mariadb
[sudo] password for x:
● mariadb.service - MariaDB 11.8.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: enabled)
Active: active (running) since Sun 2026-02-01 10:54:59 PST; 32min ago
...
Start service if not running
sudo systemctl start mariadb
Verify installation by connecting as root:Bash
x@c7:~$ mariadb -u root -p
Enter password:
optional: create a user "mysql" and a group "mysql"
To completely uninstall MariaDB
To completely uninstall MariaDB from Debian, follow these steps using the command line. This process will permanently delete all databases and configuration files, so ensure you have a backup of any important data beforehand.
sudo systemctl stop mariadb
Remove all MariaDB packages with the --purge option: The --purge flag ensures that configuration files are also deleted.
sudo apt-get --purge remove "mariadb-*" "mysql-*"
You may be prompted to confirm the removal and the deletion of databases. Type Y and press Enter to continue. Remove any remaining dependencies and clean up:
sudo apt autoremove -y
sudo apt autoclean
Manually remove remaining data and configuration directories: Although the --purge command removes default configuration files, some custom files or directories might remain.
sudo rm -rf /etc/mysql
sudo rm -rf /var/lib/mysql
sudo rm -rf /var/log/mysql
Remove the MariaDB system user and group (optional but recommended for a clean removal):
sudo userdel -r mysql
sudo groupdel mysql
After these steps, MariaDB will be completely uninstalled from your Debian system. You can verify that no packages are left by running dpkg -l | grep -i mariadb or dpkg -l | grep -i mysql.