MySQL-用戶和權限管理
阿新 • • 發佈:2018-10-10
mysqld 多少 sla 查看系統 sig pri revoke 主機ip 命令
元數據數據庫:mysql
系統授權表:
db, host, user
columns_priv, tables_priv, procs_priv, proxies_priv
用戶賬號:
‘USERNAME‘@‘HOST‘:
@‘HOST‘:
主機名;
IP地址或Network;
通配符: % _
示例:172.16.%.%
用戶管理
創建用戶:CREATE USER CREATE USER ‘USERNAME‘@‘HOST‘ [IDENTIFIED BY ‘password‘]; 默認權限:USAGE create user 創建完用戶之後它的權限很有限、創建完用戶之後是立即生效的 用戶重命名:RENAME USER RENAME USER old_user_name TO new_user_name 刪除用戶: DROP USER ‘USERNAME‘@‘HOST‘ 示例:刪除默認的空用戶 DROP USER ‘‘@‘localhost‘; 修改密碼: mysql>SET PASSWORD FOR ‘user‘@‘host‘ = PASSWORD(‘password‘); mysql>UPDATE mysql.user SET password=PASSWORD(‘password‘) WHERE clause; 此方法需要執行下面指令才能生效: mysql> FLUSH PRIVILEGES; #mysqladmin -u root -poldpass password ‘newpass‘ 忘記管理員密碼的解決辦法: 啟動mysqld進程時,為其使用如下選項: --skip-grant-tables --skip-networking 使用UPDATE命令修改管理員密碼 關閉mysqld進程,移除上述兩個選項,重啟mysqld
用戶管理示例:
查看系統表裏面的用戶: MariaDB [db1]> select user,host,password from mysql.user; +---------+---------------+-------------------------------------------+ | user | host | password | +---------+---------------+-------------------------------------------+ | root | localhost | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | root | 127.0.0.1 | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | cobbler | 192.168.137.% | *128977E278358FF80A246B5046F51043A2B1FCED | | mage | 192.168.137.% | *128977E278358FF80A246B5046F51043A2B1FCED | +---------+---------------+-------------------------------------------+ 創建一個用戶只允許單臺遠程主機IP能連接 MariaDB [db1]> create user test@‘192.168.137.56‘ identified by ‘centos‘; Query OK, 0 rows affected (0.01 sec) 查看創建好的用戶 MariaDB [db1]> select user,host,password from mysql.user; +---------+----------------+-------------------------------------------+ | user | host | password | +---------+----------------+-------------------------------------------+ | root | localhost | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | root | 127.0.0.1 | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | test | 192.168.137.56 | *128977E278358FF80A246B5046F51043A2B1FCED | | cobbler | 192.168.137.% | *128977E278358FF80A246B5046F51043A2B1FCED | | mage | 192.168.137.% | *128977E278358FF80A246B5046F51043A2B1FCED | +---------+----------------+-------------------------------------------+ 5 rows in set (0.00 sec) 客戶端驗證此用戶 [root@node6 ~mysql -utest -p -h192.168.137.57 Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 12 Server version: 10.2.15-MariaDB-log MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. MariaDB [(none)]> select user(); +---------------------+ | user() | +---------------------+ | [email protected] | +---------------------+ 1 row in set (0.00 sec) 刪除用戶: MariaDB [db1]> drop user mage@‘192.168.137.%‘; Query OK, 0 rows affected (0.00 sec) MariaDB [db1]> select user,host,password from mysql.user; +---------+----------------+-------------------------------------------+ | user | host | password | +---------+----------------+-------------------------------------------+ | root | localhost | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | root | 127.0.0.1 | *A498955BAB852BEF5B0C78584202F0326BB117A7 | | test | 192.168.137.56 | *128977E278358FF80A246B5046F51043A2B1FCED | | cobbler | 192.168.137.% | *128977E278358FF80A246B5046F51043A2B1FCED | +---------+----------------+-------------------------------------------+ 4 rows in set (0.00 sec) 修改用戶密碼: # set 修改用戶密碼: MariaDB [db1]> set password for test@‘192.168.137.56‘=password(‘123456‘); Query OK, 0 rows affected (0.00 sec) # update 修改表的方式來修改密碼,不過需要手動來刷新 MariaDB [db1]> update mysql.user set password=password(‘centos‘) where user=‘test‘; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 MariaDB [db1]> flush privileges; Query OK, 0 rows affected (0.00 sec)
MySQL權限管理
權限類別: 管理類 程序類 數據庫級別 表級別 字段級別 管理類: CREATE TEMPORARY TABLES CREATE USER FILE SUPER SHOW DATABASES RELOAD SHUTDOWN REPLICATION SLAVE REPLICATION CLIENT LOCK TABLES PROCESS 程序類: FUNCTION PROCEDURE TRIGGER CREATE ALTER DROP EXCUTE 庫和表級別: DATABASE TABLE ALTER CREATE CREATE VIEW DROP INDEX SHOW VIEW GRANT OPTION:能將自己獲得的權限轉贈給其他用戶 數據操作: SELECT INSERT DELETE UPDATE 字段級別: SELECT(col1,col2,...) UPDATE(col1,col2,...) INSERT(col1,col2,...) 所有權限: ALL PRIVILEGES 或 ALL
授權
參考:https://dev.mysql.com/doc/refman/5.7/en/grant.html
GRANT priv_type [(column_list)],... ON [object_type] priv_level TO ‘user‘@‘host‘ [IDENTIFIED BY ‘password‘] [WITH GRANT OPTION];
priv_type: ALL [PRIVILEGES]
object_type:TABLE | FUNCTION | PROCEDURE
priv_level: *(所有庫) | *.* | db_name.* | db_name.tbl_name | tbl_name(當前庫的表) | db_name.routine_name(指定庫的函數,存儲過程,觸發器)
with_option: GRANT OPTION
| MAX_QUERIES_PER_HOUR count # 限定在每個小時最多查詢多少次
| MAX_UPDATES_PER_HOUR count # 限定每個小時最多更新多少次
| MAX_CONNECTIONS_PER_HOUR count # 限定每個小時最多連接多少次
| MAX_USER_CONNECTIONS count # 限定每個小時用戶連接多少次
回收授權:
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ...
查看指定用戶獲得的授權:
Help SHOW GRANTS
SHOW GRANTS FOR ‘user‘@‘host‘;
SHOW GRANTS FOR CURRENT_USER[()];
註意:
MariaDB服務進程啟動時會讀取mysql庫中所有授權表至內存
(1) GRANT或REVOKE等執行權限操作會保存於系統表中,MariaDB的服務進程通常會自動重讀授權表,使之生效
(2) 對於不能夠或不能及時重讀授權表的命令,可手動讓MariaDB的服務進程重讀授權表:mysql> FLUSH PRIVILEGES;
MySQL權限管理示例
創建test用戶
MariaDB [db1]> create user test@‘192.168.137.56‘ identified by ‘centos‘;
只授權select權限給test用戶
MariaDB [hellodb]> grant select(stuid,name) on hellodb.students to ‘test‘@‘192.168.137.56‘;
Query OK, 0 rows affected (0.00 sec)
在客戶端驗證:
MariaDB [hellodb]> show databases;
+--------------------+
| Database |
+--------------------+
| hellodb |
| information_schema |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [hellodb]> desc students;
+-------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+------------------+------+-----+---------+----------------+
| StuID | int(10) unsigned | NO | PRI | NULL | auto_increment |
| Name | varchar(50) | NO | | NULL | |
+-------+------------------+------+-----+------。,---+----------------+
2 rows in set (0.01 sec)
MariaDB [hellodb]> select stuid,name from students;
取消權限:
MariaDB [hellodb]> revoke SELECT (name,stuid) ON `hellodb`.`students` TO ‘test‘@‘192.168.137.56‘;
MySQL-用戶和權限管理