用户与授权:MySQL系列之六

其他 2018-06-09 15:47:46 阅读次数: 2

title: 用户与授权:MySQL系列之六
date: 2018-06-09 15:00:00
tags: MySQL
categories: MySQL
---

一、用户管理

1、用户账号

用户的账号由用户名和HOST俩部分组成('USERNAME'@'HOST'

HOST的表示:

  • 主机名

  • 具体IP地址

  • 网段/掩码

可以使用通配符表示,%和_;192.168.%即表示这个网段的所有主机

2、增加删除账号

主要:在数据库中修改了用户信息需要执行FLUSH PRIVILEGES;来刷新授权表使其生效

  • 创建

mysql MariaDB [mysql]> CREATE USER 'user1'@'192.168.%'; MariaDB [mysql]> CREATE USER 'user2'@'192.168.%' IDENTIFIED BY 'your_password'; MariaDB [mysql]> SELECT user,host,password FROM user; +-------+-----------+-------------------------------------------+ | user | host | password | +-------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | user1 | 192.168.% | | | user2 | 192.168.% | *9E72259BA9214F692A85B240647C4D95B0F2E08B | +-------+-----------+-------------------------------------------+

  • 删除

mysql MariaDB [mysql]> DROP USER user2@'192.168.%'; MariaDB [mysql]> SELECT user,host,password FROM user; +-------+-----------+-------------------------------------------+ | user | host | password | +-------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | user1 | 192.168.% | | +-------+-----------+-------------------------------------------+

  • 重命名

mysql MariaDB [mysql]> RENAME USER user1@'192.168.%' TO testuser@'%'; MariaDB [mysql]> SELECT user,host,password FROM mysql.user; +----------+-----------+-------------------------------------------+ | user | host | password | +----------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | testuser | % | | +----------+-----------+-------------------------------------------+

  • 修改密码

mysql MariaDB [mysql]> SET PASSWORD FOR testuser@'%' =PASSWORD('testpass'); MariaDB [mysql]> SELECT user,host,password FROM mysql.user; +----------+-----------+-------------------------------------------+ | user | host | password | +----------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | testuser | % | *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 | +----------+-----------+-------------------------------------------+

其他修改密码的方法:

UPDATE user SET password=PASSWORD('testpass') WHERE user='testuser';

# mysqladmin -uroot -poldpass password 'newpass'

3、破解管理账号密码

  • 空数据库的情况下恢复密码

mysql # systemctl stop mariadb # rm -rf /var/lib/mysql/* #删库跑路 # systemctl start mariadb

  • 有数据的情况下恢复密码

mysql 1)在/etc/my.cnf配置文件的[mydqld]下添加skip-grant-tables和skip-networking参数 2)# systemctl restart mariadb 重启服务 3)执行mysql登录到数据库 4)MariaDB [(none)]> UPDATE mysql.user SET password=PASSWORD('newpassword') WHERE user='root' AND host='localhost'; #更新密码 5)MariaDB [(none)]> FLUSH PRIVILEGES; #刷新授权表 6)退出,修改配置文件,删除skip-grant-tables和skip-networking参数,重启服务

也可以在启动mysqld进程时,为其使用如下选项:
--skip-grant-tables

--skip-networking

二、授权管理

1、授权

​ 语法:GRANT priv_type ON [object_type] priv_level TO user@'%' [IDENTIFIED BY 'password'] [WITH GRANT OPTION];

授权时如果用户不存在则创建,所以我们一般不会单独去创建一个用户,而是授权创建一块完成。

  • priv_type 授权类型
  • SELECT
  • ​INSERT
  • ​UPDATE
  • ​DELETE
  • ​CREATE
  • ​DROP
  • INDEX
  • ALTER
  • ​SHOW DATABASES
  • ​CREATE TEMPORARY TABLES
  • ​LOCK TABLES
  • ​CREATE VIEW
  • SHOW VIEW
  • CREATE USER
  • ALL PRIVILEGES 或 ALL
  • object_type 授权对象
  • TABLE
  • FUNCTION
  • PROCEDURE
  • priv_level 授权级别
  • *或*.* 表示所有库
  • db_name.* 表示指定库中的所有表
  • db_name.tbl_name 指定库中的指定表
  • tbl_name 表示当前库的表
  • db_name.routine_name 表示指定库的函数,存储过程,触发器
  • WITH GRANT OPTION
  • MAX_QUERIES_PER_HOUR count
  • MAX_UPDATES_PER_HOUR count
  • MAX_CONNECTIONS_PER_HOUR count
  • MAX_USER_CONNECTIONS count
MariaDB [school]> GRANT SELECT(stuid,name) ON TABLE school.students TO admin@'%' IDENTIFIED BY 'admin';  #把students表的stuid和name字段的查询权限授权于admin@'%'用户
MariaDB [school]> FLUSH PRIVILEGES;  #刷新授权表

2、查询授权

MariaDB [school]> SHOW GRANTS FOR admin@'%'\G  #查看指定用户的权限
*************************** 1. row ***************************
Grants for admin@%: GRANT USAGE ON *.* TO 'admin'@'%' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
*************************** 2. row ***************************
Grants for admin@%: GRANT SELECT (stuid, name) ON `school`.`students` TO 'admin'@'%'
[root@working ~]# mysql -uadmin -padmin -h192.168.0.7
MariaDB [(none)]> SHOW GRANTS FOR CURRENT_USER()\G  #查询自己的权限
*************************** 1. row ***************************
Grants for admin@%: GRANT USAGE ON *.* TO 'admin'@'%' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
*************************** 2. row ***************************
Grants for admin@%: GRANT SELECT (stuid, name) ON `school`.`students` TO 'admin'@'%'

3、收回授权

MariaDB [school]> REVOKE SELECT(stuid) ON school.students FROM admin@'%';  #收回admin@'%'用户对stuid字段的查询权限

猜你喜欢

转载自www.cnblogs.com/L-dongf/p/9159597.html
今日推荐
周排行
(BIND最佳实践)Linux运维最佳实践
makefile ifeq之坑: 1. syntax error near unexpected token 2. *** missing separator. Stop.
easyui datagrid操作栏内置图片按钮
SQLyog连接MySQL时出现的2058错误解决方法
linux音频开发
hashcode方法 简析
SpringBoot中使用Transaction注解遇到的坑
逆战-CSS中子元素在父元素中的4种水平垂直居中方法
Expression.Blend.4 Chapter 图片和视频的使用
springMVC返回void值
每日归档
更多
2024-09-17(0)
2024-09-16(0)
2024-09-15(0)
2024-09-14(0)
2024-09-13(0)
2024-09-12(0)
2024-09-11(0)
2024-09-10(0)
2024-09-09(0)
2024-09-08(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022