首页 > 代码库 > 用户权限和访问控制
用户权限和访问控制
创建用户并设置密码
create user zorro identified by ‘123‘; 除了本机不能登录,任何一个都可以 (默认%)
create user zorro@localhost identified by ‘123‘;// 本机zorro用户登录
create user zorro@‘%‘ identified by ‘123‘;
create user zorro@‘172.16.20.9’ identified by ‘123’;//指定ip号
查询
select user from mysql.user;
修改用户名
rename user zorro to robin;
select user from mysql.user;
删除
drop user robin;
drop user robin@‘localhost’;//指定来源
mysql> select password(123);
+-------------------------------------------+
| password(123) |
+-------------------------------------------+
| *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
+-------------------------------------------+
1 row in set (0.00 sec)
修改用户密码(登录之后改)
set password for ‘zorro‘@‘%‘= password(‘123‘); //password()函数加密
set password = password(‘123‘);修改当前用户
mysqladmin -uroot -p123 password=‘123456’;登录之前改
root密码丢失
重置root口令
1.
shell> mysqld_safe --skip-grant-tables --skip-networking &
shell>mysql -S /var/lib/mysql/mysql.sock (-u root -p)
2.
mysql>update mysql.user set password=password(‘123‘) where host=‘localhost‘ and user=‘root‘ host=‘localhost’;
查询用户权限
show grants for zorro \G
*************************** 1. row ***************************
Grants for zorro@%: GRANT USAGE ON *.* TO ‘zorro‘@‘%‘ IDENTIFIED BY PASSWORD ‘*23AE809DDACAF96AF0FD78ED04B6A265E05AA257‘
USAGE表示没有任何权限
连接测试
mysql -u zorro -p123
ERROR 1045 (28000): Access denied for user ‘zorro‘@‘localhost‘ (using password: YES)
失败
权限
MySQL存取控制包含2个阶段:
阶段1:服务器检查是否允许你连接。
阶段2:假定你能连接,服务器检查你发出的每个请求。看你是否有足够的权限实施它。例如,如果你从数据库表中选择(select)行或从数据库删除表,服务器确定你对表有SELECT权限或对数据库有DROP权限。
授权grant
命令格式
grant 权限 on 库.表 to 用户@主机 [密码]
grant select on hr.* to zorro@‘localhost‘;
show grants for zorro \G
*************************** 1. row ***************************
Grants for zorro@%: GRANT USAGE ON *.* TO ‘zorro‘@‘%‘ IDENTIFIED BY PASSWORD ‘*23AE809DDACAF96AF0FD78ED04B6A265E05AA257‘
*************************** 2. row ***************************
Grants for zorro@%: GRANT SELECT ON `hr`.* TO ‘zorro‘@‘%‘
grant select,insert,desc,drop,delect on *.* to zorro@‘localhost‘;
权限范围:select,insert,desc,drop,update,alter...
移除权限revoke
命令格式
revoke 权限 on 库.表 from 用户@主机;
revoke select on hr.* from zorro‘localhost‘;
远程主机授权
grant all on hr.* to zorro@‘192.168.1.129‘ identified by ‘123‘;
grant all on hr.* to zorro@‘%‘ identified by ‘123‘;
grant和revoke可在几个层次上控制访问权限
整个服务器 grant all 和 revoke all
整个数据库 on databases.*
grant select,insert on hr.* to robin@‘localhost‘ identified by ‘123‘;
特定的表 on database.table;
grant select,insert on hr.tt to tom@‘localhost‘ identified by ‘123‘;
其他方法:
mysql> INSERT INTO user (Host,User,Password) VALUES(‘localhost‘,‘dummy‘,password());
mysql> FLUSH PRIVILEGES;
练习:
1.创建帐号zorro 允许从本机和任意位置登录
create user zorro@‘%‘;
create user zorro@‘%‘ identified by ‘123‘;
create user zorro@‘localhost‘ identified by ‘123‘;
2.修改zorro名字为king
rename user zorro@‘%‘ to king@‘%‘;
rename user zorro@‘localhost‘ to king@‘localhost‘;
3.设置king用户的密码位123
set password for king@‘localhost‘=password(‘123‘);
set password for king@‘%‘=password(‘123‘);
4.以king帐号登录到mysql数据库 设置密码位abc
set password=password(‘123‘);
重置root密码
1.停止mysql(pkill mysql)
2./usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables &
3.update mysql.user set password=password(‘123‘) where user=‘root‘ and host=‘localhost‘;
4.停止mysql (pkill mysql)
5./usr/local/mysql/bin/mysqld_safe --user=mysql &
6.正常登录
跳过授权
vim /etc/my.cnf
[mysqld]
skip-grant-tables
----------------------------------------------------------------------
create user robin; 添加帐号
set password for robin=password(‘123‘); 设置密码
create user zorro identified by ‘123‘; 创建帐号同时设置密码
rename user zorro to newzorro; 修改帐号名字
drop user newzorro; 删除帐号
set password=password(‘123‘); 设置当前帐号密码
root密码丢失
实验环境
删除数据目录
重新初始化
管理密码为空(直接登录)
重置root密码
shell>/usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables &
--skip-grant-tables 跳过授权表不进行验证.
shell>mysql 进去就行了
mysql> update mysql.user set password=password(‘123‘) where user=‘root‘ and host=‘localhost‘; 更新密码
pkill mysql
service mysqldd restart
授权
1.是否能连接数据库 localhost %
2.验证帐号密码
1.能否连接数据库
第一部分 本地来源
第二部分 远程来源
create user zorro@‘%‘ identified by ‘123‘;
select user,password,host from mysql.user;
create user zorro@‘localhost‘ identified by ‘123‘;
2,授权
grant all on db.* to zorro@‘localhost‘; db库所有表具有所有权限
grant select,insert on db.t5 to robin@‘localhost‘ identified by ‘123‘; 授权同时创建帐号
回收权限revoke all on db.* from zorro@‘localhost‘;
*.* mysql.user
db.* mysql.db
db.t5 mysql.tables_priv
db.t5(id) mysql.columns_priv
用户信息mysql.user存储所有用户信息,权限信息分布不同的表中
grant all on *.* to abc1@localhost identified by ‘123‘;
abc1 权限保存在 mysql.user
grant all on db.* to abc2@localhost identified by ‘123‘;
abc2 权限保存在 mysql.db
grant all on db.test20 to abc3@localhost identified by ‘123‘;
abc3 权限保存在 mysql.tables_priv
grant select(name) on db.test20 to abc4@localhost identified by ‘123‘;
abc4 权限保存在 mysql.columns_priv
select * from mysql.tables_priv;
能不能update更新权限?
更新授权表,获取对所有库所有表的权限
mysql> create user tom@‘localhost‘;
mysql> set password for ‘tom‘@‘localhost‘ =password(‘123‘);
mysql> update mysql.user set Select_priv=‘Y‘ where user=‘tom‘;
mysql> select * from mysql.user where user=‘tom‘;
mysql> flush privileges;
更新授权表,获取对kkk库所有表的权限
mysql> insert into mysql.db(Host,Db,User,Insert_priv) values(‘localhost‘,‘kkk‘,‘tom‘,‘Y‘);
mysql> flush privileges;
更新授权表,获取对kkk库t1表的权限
mysql> insert into mysql.tables_priv(Host,Db,User,Table_name,Table_priv) values(‘localhost‘,‘kkk‘,‘tom‘,‘t1‘,‘Update‘);
mysql> flush privileges;
更新授权表,获取对kkk库t2表的id列update权限
mysql> insert into mysql.columns_priv(Host,Db,User,Table_name,Column_name,Column_priv) values(‘localhost‘,‘kkk‘,‘tom‘,‘t2‘,‘did‘,‘Update‘); ----------列权限
mysql> insert into mysql.tables_priv(Host,Db,User,Table_name,Column_priv) values(‘localhost‘,‘kkk‘,‘tom‘,‘t2‘,‘Update‘); ----------表权限
mysql> flush privileges;
用户权限和访问控制