MySQL/MariaDB用戶賬戶管理
阿新 • • 發佈:2018-07-29
for nts 存儲 creat data table 數據 tin 所有 用戶賬戶管理:
‘Username‘@‘Hostname‘ Username:任意的字符串組合,只能包含基本意義的字符;可以包含"_"、"."、"-"; Hostname:可以為FQDN(完全合格域名),域名,IP地址,可使用MySQL通配符"_"代表任意單個字符"%"代表任意多個任意字符; 創建用戶賬戶: CREATE USER語句: CREATE USER user [IDENTIFIED BY [PASSWORD] ‘password‘ | IDENTIFIED WITH auth_plugin [AS ‘auth_string‘]] 示例: MariaDB [mysql]> create user ‘testuser‘@‘%‘; MariaDB [mysql]> create user ‘testuser‘@‘%‘ identified by ‘qhdlink‘; 也可以使用DML語句創建用戶賬戶: INSERT INTO mysql.user SET User=‘testuser‘,Host=‘%‘,Password=PASSWORD(‘qhdlink‘); 示例: MariaDB [mysql]> insert into user set User=‘user1‘,Host=‘%‘,Password=PASSWORD(‘qhdlink‘),ssl_cipher=‘‘,x509_issuer=‘‘,x509_subject=‘‘,authentication_string=‘‘; 重命名用戶賬戶: RENAME USER語句: RENAME USER old_user TO new_user [, old_user TO new_user] ... 示例: MariaDB [mysql]> rename user ‘testuser‘@‘%‘ to ‘test‘@‘172.16.%.%‘; 也可以使用DML語句重命名用戶賬戶: 示例: MariaDB [mysql]> update user set User=‘user01‘,Host=‘172.16.75.%‘ where User=‘user1‘; 刪除用戶賬戶: DROP USER語句: DROP USER user [, user] ... 示例: MariaDB [mysql]> drop user ‘test‘@‘172.16.%.%‘; 也可以使用DML語句刪除用戶賬戶: 示例: MariaDB [mysql]> delete from user where User=‘user01‘; 用戶賬戶的密碼管理: 1.SET PASSWORD語句: SET PASSWORD [FOR user] = { PASSWORD(‘cleartext password‘) | OLD_PASSWORD(‘cleartext password‘) | ‘encrypted password‘ } 示例: MariaDB [mysql]> set password for ‘test‘@‘%‘ = PASSWORD(‘qhdlink‘); 2.也可以使用DML語句修改用戶賬戶密碼:(向該數據庫中插入一條數據) 示例: MariaDB [mysql]> update user set Password=PASSWORD(‘qhdlink.com‘) where User=‘test‘; 3.mysqladmin工具: # mysqladmin -uUSERNAME -hHOSTNAME -p password ‘NEW_PASSWORD‘ 註意:執行此操作的MySQL用戶需要對mysql.user表有修改權限; 忘記MySQL管理員的密碼的解決辦法: 方法一: 1.停止當前的MySQL或MariaDB服務; 2. 在/etc/my.cnf文件中加入下列兩條服務器參數: skip-grant-tables = ON skip-networking = ON 3.啟動MySQL或MariaDB服務,使用mysql或mysqladmin客戶端工具以空秘密的root用戶登錄,進行root用戶的密碼修改; 4.從/etc/my.cnf中刪除上述兩條服務器參數,再重啟服務即可; 方法二: 1.停止當前的MySQL或MariaDB服務; 2.使用命令啟動MySQL服務: # mysqld_safe --skip-grant-tables --skip-networking 3.啟動另一個會話連接,並使用mysql或mysqladmin客戶端工具以空密碼的root用戶的身份修改其密碼; 4.kill掉此前的mysqld-safe及衍生的mysqld服務; 5.再正常啟動服務即可; 用戶授權管理(當用戶不存在時自動創建該用戶): GRANT語句: GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level TO user_specification [, user_specification] ... [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}] [WITH with_option ...] priv_type: SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHUTDOWN, FILE, SHOW DATABASES, PROCESS, SUPER object_type: TABLE | FUNCTION | PROCEDURE priv_level: * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name *:表示所有的數據庫; *.*:表示所有數據庫中的所有表對象; db_name.*:表示指定數據庫中的所有表對象; db_name.tbl_name:表示指定數據庫中的指定的表對象; tbl_name:表示當前正在使用的數據庫中的指定的表對象; db_name.routine_name:表示指定數據庫中的指定存儲函數後存儲過程對象;通常需要使用object_type參數共同決定; user_specification: user [ IDENTIFIED BY [PASSWORD] ‘password‘ | IDENTIFIED WITH auth_plugin [AS ‘auth_string‘ ] ] ssl_option: SSL | X509 | CIPHER ‘cipher‘ | ISSUER ‘issuer‘ | SUBJECT ‘subject‘ with_option: GRANT OPTION | MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count 示例: MariaDB [mysql]> grant all privileges on hellodb.* to ‘test‘@‘%‘; MariaDB [mysql]> grant select,update on hellodb.students to ‘test‘@‘%‘; MariaDB [mysql]> grant select(Name,Age,ClassID) on hellodb.students to ‘test‘@‘%‘; 也可以對某些基本表創建視圖之後,再對視圖進行用戶權限授權: MariaDB [hellodb]> create view stu_base as select Name,Age,ClassID from students; MariaDB [hellodb]> grant all on hellodb.stu_base to ‘test‘@‘%‘; 取消授權/收回授權: REVOKE語句: REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ... REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ... 示例: MariaDB [mysql]> revoke delete on hellodb.* from ‘test‘@‘%‘; MariaDB [mysql]> revoke all on hellodb.students from ‘test‘@‘%‘; MariaDB [mysql]> revoke select(Age,ClassID) on hellodb.students from ‘test‘@‘%‘; 註意:在取消已經做出的授權時,REVOKE語句所指定的priv_level部分應該和授權時GRANT語句所指定的priv_level保持絕對一致;否則判定此次取消授權的操作失敗; 示例:前提是testdb數據庫中包含有tb1和tb2兩張表; MariaDB [testdb]> grant all on testdb.* to ‘test‘@‘%‘; MariaDB [testdb]> revoke all on testdb.tb2 from ‘test‘@‘%‘; ERROR 1147 (42000): There is no such grant defined for user ‘test‘ on host ‘%‘ on table ‘tb2‘ 正確的取回授權的方式: MariaDB [testdb]> revoke all on testdb.* from ‘test‘@‘%‘; MariaDB [testdb]> grant all on testdb.tb1 to ‘test‘@‘%‘; 此時,‘test‘@‘%‘用戶就只有對testdb數據庫中tb2表有所有操作權限; 查看用戶的授權: SHOW GRANTS語句: SHOW GRANTS [FOR user]
MySQL/MariaDB用戶賬戶管理