How to install MariaDB or MySQL on Ubuntu

Running a SQL database on Ubuntu enables applications to persist structured data, enforce transactions, and query efficiently. MariaDB and MySQL are widely used relational database servers with compatible clients and a near-identical protocol.

On Ubuntu, both servers install from apt, run under systemd, and read configuration under /etc/mysql, with entry points such as /etc/mysql/mariadb.conf.d/50-server.cnf and /etc/mysql/mysql.conf.d/mysqld.cnf. The daemon provides a local Unix socket and typically listens on TCP port 3306 for client connections.

The server packages conflict, so only one of mariadb-server or mysql-server should be installed at a time. Keeping the default local bind reduces exposure, and application access should use a dedicated user with least privileges instead of the root database account.

Steps to install MariaDB or MySQL on Ubuntu:

Launch the terminal.

Update the apt package list.

$ sudo apt update
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Get:1 http://ports.ubuntu.com/ubuntu-ports noble InRelease [256 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports noble-updates InRelease [126 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports noble-backports InRelease [126 kB]
Get:4 http://ports.ubuntu.com/ubuntu-ports noble-security InRelease [126 kB]
##### snipped #####
Reading package lists...
Building dependency tree...
Reading state information...
All packages are up to date.

Install the mariadb-server package using apt.

$ sudo apt install --assume-yes mariadb-server
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  galera-4 gawk iproute2 libatm1t64 libbpf1 libcap2-bin
##### snipped #####
The following NEW packages will be installed:
  galera-4 gawk iproute2 libatm1t64 libbpf1 libcap2-bin
  mariadb-client mariadb-common mariadb-server mariadb-server-core
##### snipped #####
Setting up mariadb-server (1:10.11.13-0ubuntu0.24.04.1) ...
Processing triggers for mariadb-server (1:10.11.13-0ubuntu0.24.04.1) ...

Replace the package name with mysql-server to install MySQL instead.

mariadb-server and mysql-server conflict, so installing one can remove the other server packages.

Enable the database service using systemd.

$ sudo systemctl enable --now mariadb
Synchronizing state of mariadb.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable mariadb

The service is typically enabled automatically after installation.
Related: How to manage MySQL or MariaDB service in Linux

Verify the database service is running.

$ sudo systemctl status mariadb --no-pager
● mariadb.service - MariaDB 10.11.13 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-12-29 10:57:11 UTC; 4s ago
   Main PID: 1212 (mariadbd)
     Status: "Taking your SQL requests now..."
##### snipped #####

Replace mariadb with mysql when installing mysql-server.

Run mysql_secure_installation.

$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
##### snipped #####

Prompt wording and order can differ between MariaDB and MySQL packages.

Press Enter at the current root password prompt when no password is set.
```
Enter current password for root (enter for none):
```
Switch root to unix_socket authentication if prompted.
```
Switch to unix_socket authentication [Y/n] Y
```
unix_socket authentication restricts root logins to local OS accounts like root via sudo.

Enable the VALIDATE PASSWORD component if prompted.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

Select a VALIDATE PASSWORD policy level if prompted.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters, and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Set or change the root password if prompted.
```
Change the root password? [Y/n] Y
New password:
Re-enter new password:
```
Related: How to set or reset MySQL or MariaDB root password

On Ubuntu, the root database user can be configured for unix_socket or auth_socket authentication, so mysql -u root -p can fail with ERROR 1698. Prefer sudo mysql for local administration or create a separate user with a password.
Remove anonymous users when prompted.
```
Remove anonymous users? [Y/n] Y
```
Removing anonymous users blocks unauthenticated local logins.
Disallow remote root login when prompted.
```
Disallow root login remotely? [Y/n] Y
```
Remove the test database when prompted.
```
Remove test database and access to it? [Y/n] Y
```
The test database is intended for learning and should not exist on production systems.
Reload privilege tables when prompted.
```
Reload privilege tables now? [Y/n] Y
```
Open the SQL prompt with local administrative access.
```
$ sudo mysql
mysql> SELECT 1;
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)
```
Use mysql -u root -p when root is configured for password authentication.
Create an application database.
```
mysql> CREATE DATABASE appdb;
Query OK, 1 row affected (0.00 sec)
```
Application credentials belong to a dedicated user, not root.

Create a restricted database user.

mysql> CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongPasswordHere!';
Query OK, 0 rows affected (0.00 sec)

Grant privileges on the application database.

mysql> GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Exit the SQL prompt.
```
mysql> exit
Bye
```

Verify authentication using the new user.

$ mysql -u appuser -p appdb
Enter password:
mysql> SELECT CURRENT_USER();
+-------------------+
| CURRENT_USER()    |
+-------------------+
| appuser@localhost |
+-------------------+
1 row in set (0.00 sec)

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.