How to Install MariaDB on Ubuntu (26.04, 24.04, 22.04)

MariaDB is an open-source relational database management system forked from MySQL in 2009. It provides a drop-in replacement for MySQL with enhanced performance, additional storage engines, and extended features while maintaining protocol-level compatibility. MariaDB powers applications from small personal projects to enterprise production systems requiring high availability and scalability.

This guide covers installing MariaDB from Ubuntu’s default repositories, which provide stable, tested versions optimized for each Ubuntu release. By the end of this guide, you’ll have a secured MariaDB installation with production-grade security settings, ready to host databases for web applications, content management systems, or custom projects.

Default MariaDB Versions by Ubuntu Release

Ubuntu ships different MariaDB versions depending on which LTS release you’re running. These version differences matter because each MariaDB branch introduces new features, performance improvements, and occasionally changes SQL behavior or configuration file formats. Understanding which version your Ubuntu release includes helps you plan application compatibility, choose the right deployment target, and anticipate when you might need to upgrade.

Ubuntu freezes package versions when each LTS release ships, then backports security fixes for the entire support period without introducing new features. If you need a newer MariaDB version than your Ubuntu release provides, you’ll need to add the official MariaDB repository or upgrade Ubuntu itself. For most users, the default repository version offers the right balance of stability and security for production workloads.

Ubuntu Release	Default MariaDB	MariaDB Status	Best For
Ubuntu 26.04	MariaDB 11.8.x	Long-term support through 2029	New deployments requiring latest features and extended support
Ubuntu 24.04 LTS	MariaDB 10.11.x	Long-term support through 2028	Production servers prioritizing stability with extended LTS coverage
Ubuntu 22.04 LTS	MariaDB 10.6.x	Long-term support through 2026	Legacy applications requiring MariaDB 10.6 compatibility

Each version receives security updates and critical bug fixes throughout the Ubuntu release’s support period without introducing new features or breaking changes. This approach prioritizes stability over cutting-edge functionality, making default repository versions suitable for production environments that value predictability.

This guide supports Ubuntu 26.04, 24.04 LTS, and 22.04 LTS. All commands work identically across these releases.

Pre-Installation Steps

Update Package Index

Before installing new packages, refresh the APT package index to ensure you’re installing the latest available versions and dependencies.

sudo apt update

If your system has pending updates, apply them before proceeding to avoid version conflicts.

sudo apt upgrade

Install MariaDB on Ubuntu

Install MariaDB Server and Client

Install both the MariaDB server (database engine) and client (command-line interface) packages from Ubuntu’s default repositories.

sudo apt install mariadb-server mariadb-client -y

APT automatically handles dependencies and configures the database server. The installation process initializes the data directory and sets up default configuration files in /etc/mysql/.

Verify Installation

Confirm the installed MariaDB version matches your Ubuntu release.

mariadb --version

Expected output shows the version and build information.

mariadb from 11.8.5-MariaDB, client 15.2 for debian-linux-gnu (x86_64) using EditLine wrapper

The version number confirms which MariaDB branch is installed. The output format is consistent across Ubuntu 26.04, 24.04, and 22.04, with version numbers matching the table above.

Start and Enable MariaDB Service

MariaDB installs as a systemd service but may not start automatically. Check the current service status.

sudo systemctl status mariadb

If the service shows as inactive or stopped, start it manually.

sudo systemctl start mariadb

Enable MariaDB to start automatically on system boot.

sudo systemctl enable mariadb

Verify the service is now active and running.

sudo systemctl status mariadb

The output should indicate the service is active and running.

● mariadb.service - MariaDB 10.11.14 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Thu 2026-01-23 10:30:45 UTC; 2min ago

Secure MariaDB Installation

Run the Security Configuration Script

MariaDB ships with insecure default settings designed for quick development setups. The mysql_secure_installation script removes these development-oriented defaults and applies production-grade security settings. Running this script is standard practice for any MariaDB installation that will store real data or face network exposure.

sudo mysql_secure_installation

Security Configuration Options

The script guides you through several security improvements. Answer “Y” (yes) to all prompts for maximum security.

• Switch to unix_socket authentication: Allows the root database user to authenticate using the system’s root account without a password. This ties database access to system-level authentication, which is more secure for local administrative access.
• Set root password: Creates a password for the MariaDB root user. Even with unix_socket authentication enabled, setting a password provides a fallback authentication method.
• Remove anonymous users: Deletes user accounts with empty usernames that allow anyone to log in without credentials. These accounts exist solely for testing and pose a security risk in production.
• Disallow root login remotely: Prevents the root account from connecting to the database over the network. Root access should only be available from localhost to limit exposure.
• Remove test database: Deletes the default “test” database that all users can access. This database serves no production purpose and creates an unnecessary attack surface.
• Reload privilege tables: Applies all security changes immediately without requiring a server restart.

Interactive Prompts and Responses

The script walks you through six security decisions. Understanding what each prompt controls helps you make informed choices for your environment. The recommendations below apply production-grade security suitable for servers handling real data.

The security script runs interactively, pausing at each prompt for your response. Type Y and press Enter to accept the recommended security option, or n to skip. For production environments, accept all recommendations by answering Y to every prompt.

Current Root Password

Enter current password for root (enter for none): [Press ENTER]

Fresh MariaDB installations have no password protection on the root account. Pressing Enter here acknowledges this and lets the script proceed to secure your installation.

Unix Socket Authentication (unix_socket)

Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
 ... Success!

This ties database root access to your Linux system account. After enabling this, you connect to MariaDB as root by running sudo mysql without typing a database password. The database verifies you’re the system administrator through Linux’s authentication system rather than checking a stored password. This eliminates weak password risks while keeping administrative access straightforward. Network connections still require passwords; this only affects local console access.

Root Password

Change the root password? [Y/n] Y
New password: [Enter your password]
Re-enter new password: [Confirm your password]
Password updated successfully!
Reloading privilege tables..
 ... Success!

Setting a root password creates a backup authentication method even with unix_socket enabled. You’ll need this password if you disable unix_socket later, connect using database management tools that don’t support socket authentication, or need to troubleshoot authentication issues. Store this password in a password manager since you won’t type it during normal administrative tasks.

Anonymous Users

Remove anonymous users? [Y/n] Y
 ... Success!

This deletes test accounts with blank usernames that allow anyone to connect without authentication. These accounts exist purely for quick testing on development machines. On servers handling real data, anonymous accounts create an open door for unauthorized access. After removal, every connection requires a valid username and password.

Remote Root Login

Disallow root login remotely? [Y/n] Y
 ... Success!

Restricts root account connections to localhost only. The root account retains unlimited database privileges, making it a prime target for attackers. Allowing network connections means automated brute-force tools can continuously attempt to guess your root password. After this change, root access requires console or SSH access to the server itself. Create dedicated administrative users with specific privileges for remote database management.

Test Database

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Deletes the default test database that grants read-write access to all users regardless of authentication. Attackers can abuse this open access to store malicious payloads, consume disk space with junk data, or probe for privilege escalation paths. The database also serves no legitimate purpose beyond initial MariaDB experimentation. You’ll create properly secured databases with controlled access for your actual applications.

Reload Privilege Tables

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Forces MariaDB to reload its internal permission tables, applying every security change you just made without requiring a database restart. Until you reload these tables, the old insecure settings remain active in memory even though you modified them. This final step activates your new security configuration immediately.

After completing the security script, your MariaDB installation is configured with production-grade security defaults. The database is now ready for creating application-specific users and databases.

Basic MariaDB Administration

Service Management Commands

Control the MariaDB service using systemd commands. These operations require root privileges.

Stop the database server (terminates all connections).

sudo systemctl stop mariadb

Restart the server (required after configuration file changes).

sudo systemctl restart mariadb

Reload configuration without disconnecting clients (when supported).

sudo systemctl reload mariadb

Disable automatic startup on boot.

sudo systemctl disable mariadb

Configure Firewall for MariaDB

MariaDB binds to localhost (127.0.0.1) by default, which prevents network connections from other machines. This is the most secure configuration and suitable for web servers where the application and database run on the same system. No firewall changes are needed for localhost-only access.

Localhost-Only Configuration (Recommended)

Verify MariaDB is listening only on localhost by checking the bind-address setting.

sudo grep -E '^bind-address' /etc/mysql/mariadb.conf.d/50-server.cnf

Expected output shows MariaDB restricted to localhost.

bind-address = 127.0.0.1

This configuration means MariaDB accepts connections only from applications running on the same server. For most WordPress installations, LEMP stacks, and single-server applications, this is the correct and secure default.

Allowing Remote Connections (When Necessary)

Only enable remote database access when your architecture requires it, such as separate application and database servers. Remote database access increases your attack surface and requires strong authentication, encrypted connections, and network security.

To allow remote connections, modify the bind-address setting to listen on all interfaces.

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Change the bind-address line to accept connections from any IP address.

bind-address = 0.0.0.0

Restart MariaDB to apply the configuration change.

sudo systemctl restart mariadb

Configure UFW to allow MariaDB connections from specific IP addresses only. Never open port 3306 to the entire internet (0.0.0.0/0).

sudo ufw allow from 192.168.1.100 to any port 3306 comment 'MariaDB from app server'

Replace 192.168.1.100 with your application server’s actual IP address. For subnet access, use CIDR notation like 192.168.1.0/24.

For comprehensive firewall configuration including rule management and verification, see our UFW firewall guide for Ubuntu.

Remote Access Security Requirements

When enabling remote database access, implement these additional security measures:

• Create application-specific users with limited privileges instead of using root remotely
• Use strong passwords for all remote-accessible accounts
• Restrict user access by host when creating accounts (e.g., CREATE USER 'app'@'192.168.1.100' instead of 'app'@'%')
• Enable SSL/TLS connections for encrypted data transmission between servers
• Monitor connection logs regularly for unauthorized access attempts

For detailed guidance on creating database users with appropriate permissions, see the MySQL user management guide (commands are identical for MariaDB).

Connecting to MariaDB

Access the MariaDB command-line client using the root account. If you enabled unix_socket authentication during the security script, the system root user can connect without a password.

sudo mariadb

If you set a password for the MariaDB root user and did not enable unix_socket authentication, connect using the -p flag to prompt for the password.

mariadb -u root -p

You can execute SQL commands to create databases, manage users, and query data. Type EXIT; or press Ctrl+D to close the connection.

Next Steps for Web Applications

For web application deployments, MariaDB integrates with popular server stacks. Install Nginx on Ubuntu or Apache on Ubuntu as your web server, then add PHP on Ubuntu to complete your LEMP or LAMP stack. For web-based database management, consider installing phpMyAdmin for Ubuntu with Nginx. For complete LEMP stack installations with WordPress, see the WordPress with Nginx and MariaDB guide.

Basic Database Operations

Use these commands to perform basic database operations:

Create a database:

CREATE DATABASE myapp;

List all databases:

SHOW DATABASES;

Switch to a database:

USE myapp;

View current database:

SELECT DATABASE();

These basic commands help you verify MariaDB is working correctly before creating application schemas and user accounts.

Database Backup and Data Management

Understanding MariaDB’s data storage locations and backup requirements is essential for production environments. MariaDB stores all databases, tables, and configuration in specific directories that require regular backup attention.

Data Directory Locations

MariaDB uses these primary directories for data and configuration storage:

• /var/lib/mysql — All database files, tables, and indexes. This directory contains your actual data and grows as you add databases and records.
• /etc/mysql — Server configuration files including bind-address, port settings, and performance tuning parameters.
• /var/log/mysql — Error logs, slow query logs, and binary logs (if replication is enabled).

Check your current database directory size to monitor growth over time.

sudo du -sh /var/lib/mysql

Backup Strategy Basics

Production databases require regular backups to prevent data loss from hardware failures, software bugs, or human error. MariaDB provides two primary backup approaches:

Logical backups (mysqldump) export databases as SQL statements that can recreate your data. These backups are portable across different MariaDB versions and easy to inspect or modify.

mysqldump -u root -p --all-databases > backup-$(date +%Y%m%d).sql

This creates a complete backup of all databases in a single SQL file. The date stamp in the filename helps track backup history.

Physical backups copy the raw data files from /var/lib/mysql. These backups are faster for large databases but require stopping MariaDB or using specialized tools like Mariabackup to ensure consistency.

Never copy /var/lib/mysql while MariaDB is running without using proper backup tools. File system copies of active database files will be corrupted and unusable for restoration.

For production environments, implement automated daily backups, test restoration procedures regularly, and store backups off-server to protect against hardware failure. Consider backup retention policies based on your recovery point objectives and available storage.

Troubleshooting Common Issues

If you encounter connection or service startup problems, these solutions address the most common MariaDB issues on Ubuntu.

Cannot Connect to MariaDB Server

Error: ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

Solution: Verify the MariaDB service is running:

sudo systemctl status mariadb

If the service is inactive or failed, start it manually:

sudo systemctl start mariadb

Check the error log if the service fails to start:

sudo journalctl -xeu mariadb.service

Access Denied for Root User

Error: ERROR 1698 (28000): Access denied for user 'root'@'localhost'

Solution: On Ubuntu, the MariaDB root user uses Unix socket authentication by default, meaning you must connect as the root system user. Always use sudo when connecting as root:

sudo mariadb

To verify the authentication method, connect as root and check:

SELECT user, host, plugin FROM mysql.user WHERE user='root';

You should see unix_socket for the plugin column, which is the recommended secure default.

Port Already in Use

Error: MariaDB fails to start with port 3306 already in use.

Solution: Check if another MySQL or MariaDB instance is running:

sudo ss -tlnp | grep 3306

If another database process is running on port 3306, either stop it or configure MariaDB to use a different port by editing /etc/mysql/mariadb.conf.d/50-server.cnf.

Remove MariaDB

To uninstall MariaDB from your Ubuntu system, use the following command. This guide installs MariaDB from the default Ubuntu repositories, so no third-party repository cleanup is needed.

sudo apt remove mariadb-server mariadb-client

After removing MariaDB, clean up unused dependencies that were installed as requirements. The autoremove command removes packages that were automatically installed to satisfy dependencies for MariaDB but are no longer needed:

sudo apt autoremove

Removing MariaDB configuration and data directories is permanent. Always back up your databases before proceeding if you need to preserve any data.

The commands above remove the MariaDB software but leave configuration files and databases intact in case you reinstall later. To completely remove all MariaDB data and configuration:

sudo rm -rf /etc/mysql /var/lib/mysql

This removes the main configuration directory (/etc/mysql) and all database files (/var/lib/mysql), freeing disk space and ensuring a clean slate if you reinstall MariaDB in the future.

Frequently Asked Questions

Conclusion

Installing MariaDB from Ubuntu’s default repositories provides a stable, well-tested database foundation for your server or development environment. While these repository versions may not be the absolute latest upstream release, they receive backported security fixes and are verified for compatibility with your Ubuntu release. This approach works well for most use cases, from web applications to data-driven services, without the maintenance overhead of third-party repositories. You now have MariaDB installed, secured, and ready to support your applications.

Useful Links

• MariaDB Official Website: Visit the official MariaDB website for information about the database, features, and download options.
• MariaDB Knowledge Base: Access the MariaDB Knowledge Base for comprehensive documentation, tutorials, and user guides.
• MariaDB Foundation: Explore the MariaDB Foundation website for information about the MariaDB community, development, and the latest news.
• MariaDB Foundation Documentation: Find detailed documentation on using and configuring MariaDB provided by the MariaDB Foundation.
• MariaDB GitHub Repository: You can access the MariaDB GitHub repository to view the source code, report issues, and contribute to development.