MariaDB started life as a drop-in fork of MySQL and has since diverged: a faster release cadence, an open governance model, the Aria storage engine, native parallel replication, and storage engines like ColumnStore and Spider that MySQL does not ship. On Fedora, MariaDB is the long-standing default relational database. The current Fedora repo carries the MariaDB 11.8 LTS series, packaged with SELinux integration, backup tooling, and the full set of mariadb-* client utilities.
This guide installs MariaDB Server from the default Fedora repository, then walks through the full setup that production needs: setting the root password (the package leaves it open on first start), creating an application database and user, enabling remote access through firewalld, tuning the InnoDB buffer pool, and taking backups with both mysqldump and the included mariadb-backup physical backup tool. Tested on Fedora 44 with the same commands verified on Fedora 43 and 42.
Prerequisites
You need a Fedora 44, 43, or 42 system (Workstation, Server, or Cloud Edition all work) with sudo access. SELinux can stay in enforcing mode, which is the Fedora default. The mariadb-server package pulls mysql-selinux as a dependency, so the policy is loaded automatically and no setenforce 0 hack is required.
Step 1: Set reusable shell variables
Pin a root password, an application database name, and an application user once. Every later command references these:
export MARIADB_ROOT_PW="Strong@Pass2026!"
export APP_DB="appdb"
export APP_USER="appuser"
export APP_USER_PW="AppPass2026!"
export REMOTE_CIDR="10.0.1.0/24"Confirm the variables are set:
echo "Root PW: set (${#MARIADB_ROOT_PW} chars)"
echo "App DB: ${APP_DB}"
echo "App user: ${APP_USER}"
echo "Remote IP: ${REMOTE_CIDR}"The default Fedora MariaDB package enables cracklib_password_check, which rejects weak passwords. Pick passwords with mixed case, digits, and a special character.
Step 2: Check the available version
Confirm what Fedora’s repos offer before installing:
dnf info mariadb-serverFedora carries the MariaDB 11.8 LTS series:
Available packages
Name : mariadb-server
Epoch : 3
Version : 11.8.6
Release : 2.fc44
Architecture : x86_64
Download size : 11.5 MiB
Installed size : 78.1 MiB
Source : mariadb11.8-11.8.6-2.fc44.src.rpm
Repository : fedora
URL : http://mariadb.orgStep 3: Install MariaDB Server
One command installs the server, all the client tools (mariadb, mariadb-dump, mariadb-admin, etc.), mariadb-backup for physical hot backups, the SELinux policy, and the Perl DBI bindings for legacy maintenance scripts:
sudo dnf install -y mariadb-serverThe transaction installs around 78 MiB of packages including all the optional storage engines:
Installing:
mariadb-server x86_64 3:11.8.6-2.fc44 fedora
Installing dependencies:
mariadb x86_64
mariadb-backup x86_64
mariadb-client-utils x86_64
mariadb-common x86_64
mariadb-connector-c-config noarch
mariadb-cracklib-password-check x86_64
mariadb-errmsg x86_64
mariadb-gssapi-server x86_64
mariadb-server-utils x86_64
mysql-selinux x86_64
perl-DBD-MariaDB x86_64
perl-DBI x86_64
Complete!Step 4: Start and enable MariaDB
Enable the service for boot time and start it now. The unit name is mariadb; mysql.service and mysqld.service are auto-created symlinks so legacy scripts keep working:
sudo systemctl enable --now mariadbConfirm the daemon is running. The status line should report MariaDB 11.8 active:
sudo systemctl status mariadb --no-pagerThe full status output names the binary mariadbd and shows the Galera pre-start script as a no-op when Galera is not in use:
● mariadb.service - MariaDB 11.8 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Wed 2026-05-20 22:48:50 UTC; 3s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 14222 ExecStartPre=/usr/libexec/mariadb-check-socket (code=exited, status=0/SUCCESS)
Process: 14245 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir mariadb.service (code=exited, status=0/SUCCESS)Step 5: Verify the version
Check the client reports MariaDB rather than the legacy MySQL fork tag:
mariadb --versionThe version string identifies the MariaDB server build and the client protocol version:
mariadb from 11.8.6-MariaDB, client 15.2 for Linux (x86_64) using EditLine wrapperFull end-to-end verification on the test box: the service is active, the client reports MariaDB 11.8.6, root login works after Step 6, and the application database shows up alongside the system schemas:
Step 6: Set the root password
On a fresh install, root@localhost uses the unix_socket plugin: anyone with sudo on the host can log in as root with no password. Lock that down before doing anything else.
Open the MariaDB shell as root (this works because of the socket auth):
sudo mariadbAt the prompt, set the new root password, drop the anonymous user, remove the test database, and reload the grant tables:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Strong@Pass2026!';
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
FLUSH PRIVILEGES;
EXIT;From here on, root login requires the password:
mariadb -uroot -p"${MARIADB_ROOT_PW}" -e "SELECT VERSION(), USER();"The query returns the server version and the authenticated user:
VERSION() USER()
11.8.6-MariaDB root@localhostIf you prefer a guided wizard instead of the manual ALTER, the package also ships mariadb-secure-installation, which asks the same questions interactively.
Step 7: Create a database and an application user
Production apps should never run as the database root. Create a dedicated database with sensible character set defaults and a user scoped to it:
mariadb -uroot -p"${MARIADB_ROOT_PW}" <<SQL
CREATE DATABASE ${APP_DB} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '${APP_USER}'@'localhost' IDENTIFIED BY '${APP_USER_PW}';
GRANT ALL PRIVILEGES ON ${APP_DB}.* TO '${APP_USER}'@'localhost';
FLUSH PRIVILEGES;
SHOW DATABASES;
SELECT user, host FROM mysql.user;
SQLThe output confirms the new database alongside the internal ones, and the new user alongside the system accounts:
Database
appdb
information_schema
mysql
performance_schema
sys
User Host
appuser localhost
mariadb.sys localhost
mysql localhost
root localhostTest that the app user can connect and see only its own database:
mariadb -u"${APP_USER}" -p"${APP_USER_PW}" -e "SHOW DATABASES; SELECT DATABASE();"Step 8: Allow remote connections
MariaDB binds to every interface on port 3306 by default. Confirm:
sudo ss -tlnp | grep 3306Both IPv4 and IPv6 sockets should be owned by the mariadbd process:
LISTEN 0 80 0.0.0.0:3306 0.0.0.0:* users:(("mariadbd",pid=14336,fd=27))
LISTEN 0 80 [::]:3306 [::]:* users:(("mariadbd",pid=14336,fd=28))If you want to restrict the bind address, edit /etc/my.cnf.d/mariadb-server.cnf and add a bind-address line under [mariadbd], then restart MariaDB.
Grant the app user remote access from your application subnet (the host-side filter is the second half of MariaDB’s user@host auth model):
mariadb -uroot -p"${MARIADB_ROOT_PW}" <<SQL
CREATE USER '${APP_USER}'@'${REMOTE_CIDR}' IDENTIFIED BY '${APP_USER_PW}';
GRANT ALL PRIVILEGES ON ${APP_DB}.* TO '${APP_USER}'@'${REMOTE_CIDR}';
FLUSH PRIVILEGES;
SQLOpen 3306/tcp through firewalld if it is running. Cloud Edition ships without firewalld; Workstation and Server install and start it by default:
sudo firewall-cmd --permanent --add-port=3306/tcp
sudo firewall-cmd --reloadFor zone-scoped rules and rich-rule filtering by source subnet, see the firewalld guide for Fedora.
Step 9: Tune MariaDB for production
Fedora’s defaults are sized for small or development boxes. The most impactful tunables for InnoDB workloads are the buffer pool size, the redo log size, and the flush strategy. Edit the server config:
sudo vi /etc/my.cnf.d/mariadb-server.cnfAdd or adjust the following under the [mariadbd] section (this example targets a host with 8 GB RAM):
[mariadbd]
# Memory
innodb_buffer_pool_size = 4G
innodb_log_file_size = 512M
innodb_flush_log_at_trx_commit = 1
innodb_flush_method = O_DIRECT
# Connections
max_connections = 200
wait_timeout = 600
# Binary logging (for replication and PITR)
server-id = 1
log_bin = mariadb-bin
binlog_format = ROW
expire_logs_days = 7
# Character set
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ciRestart MariaDB to pick up the changes:
sudo systemctl restart mariadbConfirm the new settings loaded:
mariadb -uroot -p"${MARIADB_ROOT_PW}" -e "
SHOW VARIABLES WHERE Variable_name IN
('innodb_buffer_pool_size','max_connections','character_set_server','log_bin');"Step 10: Back up MariaDB
MariaDB ships two backup paths. For small to medium databases, mariadb-dump writes a logical SQL dump:
mariadb-dump -uroot -p"${MARIADB_ROOT_PW}" \
--single-transaction --routines --triggers --events \
"${APP_DB}" | gzip > "${APP_DB}-$(date +%F).sql.gz"Restore is just the reverse pipeline:
gunzip < "${APP_DB}-2026-05-21.sql.gz" | mariadb -uroot -p"${MARIADB_ROOT_PW}" "${APP_DB}"For databases larger than a few tens of gigabytes, dump-and-restore becomes slow. Use mariadb-backup for a hot physical copy of the data directory that restores in a fraction of the time:
sudo mkdir -p /var/backups/mariadb
sudo mariadb-backup --backup \
--target-dir=/var/backups/mariadb/$(date +%F) \
--user=root --password="${MARIADB_ROOT_PW}"To restore from a physical backup, stop MariaDB, prepare the backup, copy it back into place, fix ownership and SELinux labels, then restart:
sudo systemctl stop mariadb
sudo mariadb-backup --prepare --target-dir=/var/backups/mariadb/2026-05-21
sudo rm -rf /var/lib/mysql/*
sudo mariadb-backup --copy-back --target-dir=/var/backups/mariadb/2026-05-21
sudo chown -R mysql:mysql /var/lib/mysql
sudo restorecon -Rv /var/lib/mysql
sudo systemctl start mariadbMariaDB vs MySQL on Fedora
The wire protocol, SQL syntax, and most of the data dictionary are compatible. Apps written against MySQL almost always work against MariaDB and vice versa. The differences that matter for new projects:
| Area | MariaDB on Fedora | MySQL on Fedora |
|---|---|---|
| Package name | mariadb-server | mysql-server |
| Service unit | mariadb.service | mysqld.service |
| Daemon binary | mariadbd | mysqld |
| Client | mariadb (with mysql compat symlink) | mysql |
| Config dir | /etc/my.cnf.d/ | /etc/my.cnf.d/ |
| Main config file | mariadb-server.cnf | community-mysql-server.cnf |
| Current Fedora 44 version | 11.8.6 LTS | 8.4.8 LTS |
| Storage engines | InnoDB, Aria, MyRocks, ColumnStore, Spider | InnoDB, MyISAM, NDB Cluster |
| Default root auth | unix_socket | auth_socket |
| Physical backup tool | mariadb-backup (included) | mysqlbackup (Enterprise only) |
| Licence | GPLv2 (server), LGPL/BSD (clients) | GPLv2 with FOSS exception |
For greenfield Fedora projects, MariaDB is the lower-friction default: it is what most of the Fedora ecosystem assumes, the SELinux integration is identical, and mariadb-backup ships in the box. Pick MySQL when an app or vendor specifically requires Oracle’s MySQL build, when you need a feature only present in MySQL (CLONE, X Protocol document store, MySQL Router), or when your fleet already standardises on Oracle MySQL.
Troubleshooting
Error: Access denied for user ‘root’@’localhost’
You ran mariadb without sudo before setting a password. Out of the box, root uses unix_socket which only matches when the OS user is root. Either prefix the command with sudo, or finish Step 6 to switch root to password auth.
Error: The password does not satisfy the current policy requirements
The cracklib_password_check plugin (enabled by default on Fedora) rejected the password. Either choose a stronger one, or disable the plugin for development:
sudo rm /etc/my.cnf.d/cracklib_password_check.cnf
sudo systemctl restart mariadbDo not remove the policy on production servers. Pick a stronger password instead.
mariadb fails to start with “InnoDB: Operating system error number 13”
Error 13 is “permission denied”. Usually triggered when files in /var/lib/mysql are owned by the wrong user or have stale SELinux labels (often after a manual restore from another host). Fix both at once:
sudo chown -R mysql:mysql /var/lib/mysql
sudo restorecon -Rv /var/lib/mysql
sudo systemctl restart mariadbCannot connect to MariaDB from another host
Three things to check, in order: (1) is the user grant scoped to the right source (SELECT user, host FROM mysql.user WHERE user='${APP_USER}';), (2) is mariadbd bound to the right interface (ss -tlnp | grep 3306), (3) is firewalld allowing 3306/tcp (sudo firewall-cmd --list-ports). Run nc -vz HOST 3306 from the remote box to separate a network issue from an auth issue.
Common MariaDB administration commands
Bookmark the commands you will use most often after the install:
| Command | What it does |
|---|---|
sudo systemctl status mariadb | Check whether MariaDB is running |
sudo systemctl restart mariadb | Apply config changes |
mariadb -uroot -p | Interactive root login |
mariadb -uUSER -p DB < file.sql | Import a SQL dump non-interactively |
mariadb-dump --all-databases | Logical dump of every database to stdout |
mariadb-backup --backup --target-dir=... | Hot physical backup of the data directory |
SHOW DATABASES; | List all databases |
SHOW PROCESSLIST; | See active connections and queries |
SHOW ENGINE INNODB STATUS\G | InnoDB diagnostic dump |
SHOW GRANTS FOR 'user'@'host'; | Print effective permissions |
FLUSH PRIVILEGES; | Reload grant tables after manual edits |
For a full web stack with Apache and PHP on top, follow the LAMP stack on Fedora guide. To manage MariaDB databases through a browser, install phpMyAdmin on Fedora. If you decide the Oracle MySQL build is the right call for your stack, the MySQL on Fedora walkthrough covers the equivalent setup. For containerised MariaDB where each app gets its own isolated database, run it under Docker on Fedora with the official mariadb:11.8 image.
