MySQL is one of the most popular open-source relational database management systems. It is fast, easy to manage, scalable, and an integral part of the popular LAMP and LEMP stacks.

This guide explains how to install and secure MySQL 8.4 on an Ubuntu 26.04 machine. Upon completion, you will have a fully functional database server that you can use for your projects.

Quick Reference #

Prerequisites #

To follow this guide, you need to be logged in as a user with sudo privileges .

Installing MySQL on Ubuntu 26.04 #

The default Ubuntu 26.04 repositories include MySQL 8.4.

Start by updating the local package index:

sudo apt update

Install the MySQL server package:

sudo apt install mysql-server

Once the installation is completed, the MySQL service starts automatically. To verify that the MySQL server is running, type:

sudo systemctl status mysql

The output should show that the service is enabled and running:

● mysql.service - MySQL Community Server
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-04-25 09:14:23 UTC; 15s ago
Process: 1234 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 1242 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 4558)
Memory: 362.4M
CPU: 1.183s
CGroup: /system.slice/mysql.service
└─1242 /usr/sbin/mysqld

If the server fails to start, you can check the logs with journalctl :

sudo journalctl -u mysql

To check the installed version, run:

mysql --version

mysql Ver 8.4.8-0ubuntu1 for Linux on x86_64 ((Ubuntu))

Securing MySQL #

MySQL includes a script named mysql_secure_installation that helps you improve the database server security.

Run the script:

sudo mysql_secure_installation

You will be asked to configure the VALIDATE PASSWORD component, which tests the strength of MySQL users’ passwords:

Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy. Press y to enable the password validation plugin, or any other key to skip:

There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Next, you will be asked to remove the anonymous user, restrict root user access to the local machine, remove the test database, and reload privilege tables. Answer y to all questions:

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!

Logging In as Root #

You can interact with the MySQL server from the command line using the MySQL client utility, which is installed as a dependency of the MySQL server package.

On Ubuntu 26.04, the MySQL root account uses the auth_socket plugin by default. This plugin authenticates users that connect from localhost through the Unix socket file, which means you cannot authenticate as root by providing a password.

To log in to the MySQL server as the root user, type:

sudo mysql

You will be presented with the MySQL shell:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.4.8-0ubuntu1 (Ubuntu)
Copyright (c) 2000, 2024, Oracle and/or its affiliates.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

To exit the MySQL shell, type exit or press Ctrl+D.

Changing Root Authentication #

If you want to log in to your MySQL server as root using an external program such as phpMyAdmin, you have two options.

Option 1: Change the Authentication Method #

Change the authentication method from auth_socket to caching_sha2_password:

ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'very_strong_password';
FLUSH PRIVILEGES;

Option 2: Create a Dedicated Administrative User #

The recommended approach is to create a new administrative user with access to all databases:

CREATE USER 'administrator'@'localhost' IDENTIFIED BY 'very_strong_password';
GRANT ALL PRIVILEGES ON *.* TO 'administrator'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Creating a Database and User #

Once MySQL is secured, you can create databases and user accounts. For example, to create a database named myapp and a user that has access to it:

Log in to the MySQL shell:

sudo mysql

Create the database:

CREATE DATABASE myapp;

Create a user and grant privileges on the database:

CREATE USER 'myappuser'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON myapp.* TO 'myappuser'@'localhost';
FLUSH PRIVILEGES;

To allow the user to connect from any host (for remote access), replace 'localhost' with '%'.

Enabling Remote Access #

By default, MySQL only listens on localhost (127.0.0.1). To allow remote connections, you need to change the bind address.

Open the MySQL configuration file:

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

Find the line that starts with bind-address and change it to 0.0.0.0 to listen on all interfaces, or to a specific IP address:

bind-address = 0.0.0.0

Restart the MySQL service for the changes to take effect:

sudo systemctl restart mysql

For production, consider enabling TLS so remote connections are encrypted. This protects credentials and data in transit when connecting over untrusted networks.

Configuring the Firewall #

If you have a firewall enabled and want to allow connections to MySQL from remote machines, you need to open port 3306.

To allow access from a specific IP address:

sudo ufw allow from 192.168.1.100 to any port 3306

To allow access from any IP address (not recommended for production):

sudo ufw allow 3306/tcp

FAQ #

What version of MySQL does Ubuntu 26.04 include?
Ubuntu 26.04 ships with MySQL 8.4 in its default repositories. To check the exact version installed on your system, run mysql --version.

What is the difference between auth_socket and caching_sha2_password?
auth_socket authenticates users based on the operating system user connecting through the Unix socket. No password is needed, but you must use sudo. caching_sha2_password uses traditional password-based authentication.

How do I reset the MySQL root password?
Stop the MySQL service with sudo systemctl stop mysql, start it with --skip-grant-tables, log in without a password, run ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';, then restart the service normally.

Is mysql_native_password still supported?
It is still available, but it is deprecated and disabled by default in MySQL 8.4. Use caching_sha2_password for new installations unless you have a specific compatibility requirement.

Can I install a newer MySQL release on Ubuntu 26.04?
Yes. If you need a newer release than the one in the Ubuntu repositories, you can use the official MySQL APT repository . For most setups, the Ubuntu package is the simplest choice.

Conclusion #

We have shown you how to install and secure MySQL 8.4 on Ubuntu 26.04. Now that your database server is up and running, your next step could be to learn how to manage MySQL user accounts and databases .