首页 > 代码库 > 一次mysql的授权故障排除

一次mysql的授权故障排除

描述一下情况,有一个数据库xiyouzyadlog用sync授权 ,结果我在授权的时候授权给了xiyoumainTXZYANDROID 所有权限,
导致sync用户登陆能看到所有的数据库,于是删除sync用户结果sync登陆后依然能看到所有的数据库包括mysql,然后百度查看mysql的授权,结果出现下面的结果,下面就演示下如何删除没有用的授权信息

mysql> show grants for  sync@‘localhost‘;
+-------------------------------------------------------------------------------------------------------------+
| Grants for sync@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘sync‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*B805E12E6933FF815F344D9F4B0D7236B223DC86‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyoumainTXZYANDROID`.* TO ‘sync‘@‘localhost‘        |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyouzyadlog`.* TO ‘sync‘@‘localhost‘                |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `mysql`.`xiyouzyadlog` TO ‘sync‘@‘localhost‘          |
+-------------------------------------------------------------------------------------------------------------+



删除无用的授权信息
revoke SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON xiyoumainTXZYANDROID.* from sync@localhost;


mysql> show grants for  sync@‘localhost‘;
+-------------------------------------------------------------------------------------------------------------+
| Grants for sync@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘sync‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*B805E12E6933FF815F344D9F4B0D7236B223DC86‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyouzyadlog`.* TO ‘sync‘@‘localhost‘                |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `mysql`.`xiyouzyadlog` TO ‘sync‘@‘localhost‘          |
+-------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

mysql> 

删除无用的授权信息
revoke SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON mysql.xiyouzyadlog from sync@localhost;


mysql> show grants for  sync@‘localhost‘;
+-------------------------------------------------------------------------------------------------------------+
| Grants for sync@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘sync‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*B805E12E6933FF815F344D9F4B0D7236B223DC86‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyouzyadlog`.* TO ‘sync‘@‘localhost‘                |
+-------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> 






mysql> show grants for  sync@‘192.168.15.%‘;
+----------------------------------------------------------------------------------------------------------------+
| Grants for sync@192.168.15.%                                                                                   |
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘sync‘@‘192.168.15.%‘ IDENTIFIED BY PASSWORD ‘*B805E12E6933FF815F344D9F4B0D7236B223DC86‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyoumainTXZYANDROID`.* TO ‘sync‘@‘192.168.15.%‘        |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyouzyadlog`.* TO ‘sync‘@‘192.168.15.%‘                |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `mysql`.`xiyouzyadlog` TO ‘sync‘@‘192.168.15.%‘          |
+----------------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

mysql> 


删除无用的授权信息
revoke SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `xiyoumainTXZYANDROID`.* from ‘sync‘@‘192.168.15.%‘
revoke SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON `mysql`.`xiyouzyadlog` from  ‘sync‘@‘192.168.15.%‘

最后别忘记flush privileges;

好了,大功告成


本文出自 “yaoshenshen” 博客,谢绝转载!

一次mysql的授权故障排除