Quick Install

From PmaWiki
Jump to: navigation, search



Choose an appropriate distribution kit from the official phpmyadmin.net downloads page. Some kits contain only the English messages, others contain all languages in UTF-8 format (this should be fine in most situations), others contain all languages and all character sets.

Extract files

Untar or unzip the distribution (be sure to unzip the subdirectories):

tar -xzvf phpMyAdmin-*.*.*.*.tar.gz

in your web server's document root (e.g., /var/www/). If you don't have direct access to your document root or don't have shell access, put the files in a directory on your local machine, and, after step 3, transfer the directory on your web server using, for example, FTP.

Ensure that all the scripts have the appropriate owner (if PHP is running in safe mode, having some scripts with an owner different from the owner of other scripts will be a problem). See the section on Security, FAQ 4.2 and FAQ 1.26 for suggestions.


Now you must configure your installation. There are two methods that can be used. Traditionally, users have hand-edited a copy of config.inc.php, but now a wizard-style setup script is provided for those who prefer a graphical installation. Creating a phpmyadmin/config.inc.php is still a quick way to get started and needed for some advanced features.


To manually create the file, simply use a plain text editor to create a file named config.inc.php in the main (top-level) phpMyAdmin directory (the one that contains index.php) but not in the config directory (a symlink might not work here). You can also copy config.sample.inc.php and edit the "blowfish secret" to get a minimal configuration file for a quick start. phpMyAdmin first loads libraries/config.default.php and then overrides those values with anything found in ./config.inc.php. If the default value is okay for a particular setting, there is no need to include it in config.inc.php. You'll need a few directives to get going, a simple configuration may look like this:

// use here a value of your choice (maximum 46 characters):
$cfg['blowfish_secret'] = 'a8b7c6d';    

$i = 0;

// 'cookie' (or 'http' , especially if mcrypt could not be loaded,
// but cookie giving more meaningful error messages in the testing phase)
// older PHP versions had some problems with "cookie" on 64 bit boxes though
$cfg['Servers'][$i]['auth_type'] = 'cookie';

// PHP 5 support for new MySQL 4.1.3+ features:
$cfg['Servers'][$i]['extension'] = 'mysqli';

// if you insist on "root" having no password, pma3 needs: 
$cfg['Servers'][$i]['AllowNoPasswordRoot'] = true; 

for mysql<=4.1.2 (or running with --skip-show-databases) and auth_type 'http' or 'cookie' and for gentoo users (gentoo changed the libraries/config.default.php ! ) a valid controluser is needed:

// use here a value of your choice
$cfg['blowfish_secret'] = 'ba17c1ec07d61217';

$i = 0;

// 'cookie' or 'http'
$cfg['Servers'][$i]['auth_type']   = 'cookie';

// or any existing user, change later to "pma" 
$cfg['Servers'][$i]['controluser'] = 'root';

// with proper password
$cfg['Servers'][$i]['controlpass'] = '';

after successful login you should create a controluser with a secure password and change the last two lines to:

// as used in scripts/create_tables(_mysql_4_1_2+).sql
$cfg['Servers'][$i]['controluser'] = 'pma';

// controluser password
$cfg['Servers'][$i]['controlpass'] = 'a1b2c3';

If your MySQL version is 4.1.2 or older, please see controluser as you will need to create such user before using auth_types cookie or http.

Or, if you prefer to not be prompted every time you log in:

$i = 0;
$cfg['Servers'][$i]['auth_type'] = 'config'; 
$cfg['Servers'][$i]['user']      = 'root';

// put here your password after setting one (strongly recommended!)
$cfg['Servers'][$i]['password']  = '';

But don't forget to secure the phpMyAdmin folder (e.g., by means of .htaccess) against unwanted access!

For a full explanation of possible configuration values, see the Configuration Directives page.

With setup script

Instead of manually editing config.inc.php, you can use the setup script (not available in some distibutions like opensuse). First you must manually create the folder config in the phpMyAdmin directory. This is a security measure. On a Linux/Unix system you can use the following commands:

cd phpMyAdmin
mkdir config                        # create directory for saving
chmod o+rw config                   # give it world writable permissions

And to edit an existing configuration, copy it over first:

cp config.inc.php config/           # copy current configuration for editing
chmod o+w config/config.inc.php     # give it world writable permissions

On other platforms, simply create the folder and ensure that your web server has read and write access to it. FAQ 1.26 can help with this.

Next, open http://your_host/path/to/phpMyAdmin/setup/ (pma2.x: http://your_host/path/to/phpMyAdmin/scripts/setup.php) in your browser (substituting the correct path information). Note that changes are not saved to disk until you explicitly choose Save from the Configuration area of the screen. Don't fill in any controluser or pmamyqdmin db on first setup (or you will have trouble with auth type cookie or http login). Normally the script saves the new config.inc.php to the config/ subdirectory, but if the web server does not have the proper permissions you may see the error "Cannot load or save configuration." Ensure that the config/ directory exists and has the proper permissions - or use the Download link to save the config file locally and upload (via FTP or some similar means) to the proper location.

Once the file has been saved, it must be moved out of the config/ directory and the permissions must be reset, again as a security measure:

mv config/config.inc.php .         # move file to current (phpMyAdmin/) directory
chmod o-rw config.inc.php          # remove world read and write permissions

Now the file is ready to be used. You can choose to review or edit the file with your favorite editor, if you prefer to set some advanced options which the setup script does not provide. In safe_mode the owner of the file must be the one php runs under.

If you are using the auth_type config, it is suggested that you protect the phpMyAdmin installation directory because using config does not require a user to enter a password to access the phpMyAdmin installation. Use of an alternate authentication method is recommended, for example with HTTP–AUTH in a .htaccess file or switch to using auth_type cookie or http. See the page on Security or the multi–user sub–section of the FAQ for additional information, especially FAQ 4.4. Open the main phpMyAdmin directory in your browser. phpMyAdmin should now display a welcome screen and your databases, or a login dialog if using HTTP or cookie authentication mode.


You should deny access to the ./libraries sub folder in your web server configuration. For Apache you can use supplied .htaccess file in that folder, for other web servers, you should configure this yourself. Such configuration prevents from possible path exposure and cross side scripting vulnerabilities that might happen to be found in that code. See the Security section for more details.

Personal tools