mysql权限相关
Posted aaallenn
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了mysql权限相关相关的知识,希望对你有一定的参考价值。
mysql权限相对于oracle的权限来说简单的就像1+1一样,可能是我目前学到的比较简单吧
1、创建用户并授予权限,语法结构和oracle一样
--创建用户
create user ‘yuanqk‘@‘localhost‘ identified by ‘yuanqk2010‘ --授权,此处是将所有权限授给[email protected]用户
grant all on yuanqk_gbk.* to ‘yuanqk‘@‘localhost‘
--上面两条命令可以合成一条,效果一样 grant all on yuanqk_gbk.* to ‘yuanqk‘@‘localhost‘ identified by ‘yuanqk2010‘
mysql> grant all on yuanqk_gbk.* to ‘yuanqk‘@‘localhost‘ identified by ‘yuanqk2010‘;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for [email protected];
+----------------------------------------------------------------------------+
| Grants for [email protected] |
+----------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘yuanqk‘@‘localhost‘ IDENTIFIED BY PASSWORD <secret> |
| GRANT ALL PRIVILEGES ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘ |
+----------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
[[email protected] mysql]# mysql -uyuanqk -pyuanqk2010 -S /data/3306/mysql.sock <===使用yuanqk用户登录
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.5.60-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql>
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| yuanqk_gbk | <===只有yuanqk_gbk库的相关权限
+--------------------+
2 rows in set (0.00 sec)
mysql>
--关于@localhost,该参数应该是控制哪些客户端可以连接mysql服务器的意思吧---------
--在创建个用户[email protected]‘172.168.179.%‘,这应该表示172.168.179这个网段的地址都可以通过test1用户连接到mysql数据库中
mysql> create user [email protected]‘172.168.179.%‘ identified by ‘test‘;
Query OK, 0 rows affected (0.00 sec)
mysql>
--测试连接,没有问题
[[email protected] mysql]# mysql -utest -ptest -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.5.60-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql>
--还可以这样创建,但是我测试连接总是报错,无法连接,不知道是否真的可以这么设置,不过没关系,知道1种方法就够用了
mysql> create user [email protected]‘172.168.179.0/24‘ identified by ‘test1‘;
Query OK, 0 rows affected (0.00 sec)
--测试连接,报下面的错,不知道是什么原因
[[email protected] mysql]# mysql -utest1 -ptest1 -h 172.168.179.252 -S /data/3306/mysql.sock
ERROR 1045 (28000): Access denied for user ‘test1‘@‘172.168.179.252‘ (using password: YES)
--如果想让test1可以连接到数据库,那么可以在数据库中重新创建个test1用户,但是@后面跟‘%‘,表示所有客户端都可以连接
mysql> grant all on yuanqk.* to [email protected]‘%‘ identified by ‘test1‘;
Query OK, 0 rows affected (0.00 sec)
[[email protected] mysql]# mysql -utest1 -ptest1 -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.5.60-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql>
mysql> select user,host from mysql.user;
+---------+------------------+
| user | host |
+---------+------------------+
| test1 | % | <===但是这个时候数据库中会有两个test1用户
| root | 127.0.0.1 |
| test | 172.168.179.% |
| test1 | 172.168.179.0/24 | <===但是这个时候数据库中会有两个test1用户
| root | ::1 |
| | localhost |
| root | localhost |
| yuanqk | localhost |
| yuanqk1 | localhost |
| | mysql |
| root | mysql |
+---------+------------------+
11 rows in set (0.00 sec)
mysql>
--可以考虑将[email protected]‘172.168.179.0/24‘这个用户删除掉
mysql> drop user [email protected]‘172.168.179.0/24‘;
Query OK, 0 rows affected (0.00 sec)
mysql>
--删除用户时,如果host字段对应的是主机名,且是大写的时候,好像是drop不掉的,这个时候可以用delete命令
-----------关于@localhost还可以这么配置--------------------
mysql> create user [email protected]‘172.168.179.0/255.255.255.0‘ identified by ‘test2‘;
Query OK, 0 rows affected (0.00 sec)
mysql>
[[email protected] mysql]# mysql -utest2 -ptest2 -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 26
Server version: 5.5.60-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql>
-------好,继续总结权限相关的东西----------------------------
--刚才通过grant all给用户授权,这样对于用户来说可能权限过大,有很多不需要的权限,那么就可以使用revoke来回收,语法结构和oracle也是一样的。
mysql> revoke insert on yuanqk_gbk.* from [email protected];
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for [email protected];
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘yuanqk‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*7B7BAF90C18E5D56BEBC190308B11429F282F5D5‘ |
| GRANT SELECT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘ |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
--下面就是mysql中的权限,还要加上INSERT,如果要最小化权限,那就根据实际情况,从下面的权限中挑出需要的权限,然后授予用户即可
[email protected] Desktop]# mysql -uroot -pyuanqk -S /data/3306/mysql.sock -e "show grants for [email protected]" |grep GRANT|tail -1 |tr ‘,‘ ‘\n‘
GRANT SELECT
UPDATE
DELETE
CREATE
DROP
REFERENCES
INDEX
ALTER
CREATE TEMPORARY TABLES
LOCK TABLES
EXECUTE
CREATE VIEW
SHOW VIEW
CREATE ROUTINE
ALTER ROUTINE
EVENT
TRIGGER ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘
[[email protected] Desktop]#
2、回收权限,这个上面记录过了
mysql> revoke insert on yuanqk_gbk.* from [email protected]; Query OK, 0 rows affected (0.00 sec)
3、从mysql的表中也可以看到用户拥有哪些权限
mysql> use mysql Database changed mysql> mysql> desc user; +------------------------+-----------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +------------------------+-----------------------------------+------+-----+---------+-------+ | Host | char(60) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Password | char(41) | NO | | | | | Select_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Insert_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Update_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Delete_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Drop_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Reload_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Shutdown_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Process_priv | enum(‘N‘,‘Y‘) | NO | | N | | | File_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Grant_priv | enum(‘N‘,‘Y‘) | NO | | N | | | References_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Index_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_db_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Super_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tmp_table_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Lock_tables_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Execute_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Repl_slave_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Repl_client_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_user_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Event_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Trigger_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tablespace_priv | enum(‘N‘,‘Y‘) | NO | | N | | | ssl_type | enum(‘‘,‘ANY‘,‘X509‘,‘SPECIFIED‘) | NO | | | | | ssl_cipher | blob | NO | | NULL | | | x509_issuer | blob | NO | | NULL | | | x509_subject | blob | NO | | NULL | | | max_questions | int(11) unsigned | NO | | 0 | | | max_updates | int(11) unsigned | NO | | 0 | | | max_connections | int(11) unsigned | NO | | 0 | | | max_user_connections | int(11) unsigned | NO | | 0 | | | plugin | char(64) | YES | | | | | authentication_string | text | YES | | NULL | | +------------------------+-----------------------------------+------+-----+---------+-------+ 42 rows in set (0.00 sec) mysql>
以上是关于mysql权限相关的主要内容,如果未能解决你的问题,请参考以下文章