MySQL系列之六 用戶與授權
一、用戶管理
1、用戶賬號
用戶的賬號由用戶名和HOST倆部分組成(’USERNAME’@’HOST’)
HOST的表示:
- 主機名
- 具體IP地址
- 網段/掩碼
可以使用通配符表示,%和_;192.168.%即表示這個網段的所有主機
2、增加刪除賬號
主要:在數據庫中修改瞭用戶信息需要執行FLUSH PRIVILEGES;來刷新授權表使其生效
創建
MariaDB [mysql]> CREATE USER 'user1'@'192.168.%'; MariaDB [mysql]> CREATE USER 'user2'@'192.168.%' IDENTIFIED BY 'your_password'; MariaDB [mysql]> SELECT user,host,password FROM user; +-------+-----------+-------------------------------------------+ | user | host | password | +-------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | user1 | 192.168.% | | | user2 | 192.168.% | *9E72259BA9214F692A85B240647C4D95B0F2E08B | +-------+-----------+-------------------------------------------+
刪除
MariaDB [mysql]> DROP USER user2@'192.168.%'; MariaDB [mysql]> SELECT user,host,password FROM user; +-------+-----------+-------------------------------------------+ | user | host | password | +-------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | user1 | 192.168.% | | +-------+-----------+-------------------------------------------+
重命名
MariaDB [mysql]> RENAME USER user1@'192.168.%' TO testuser@'%'; MariaDB [mysql]> SELECT user,host,password FROM mysql.user; +----------+-----------+-------------------------------------------+ | user | host | password | +----------+-----------+-------------------------------------------+ | root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 | | root | centos7 | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | centos7 | | | testuser | % | | +----------+-----------+-------------------------------------------+
修改密碼
MariaDB [mysql]> SET PASSWORD FOR testuser@'%' =PASSWORD('testpass');
MariaDB [mysql]> SELECT user,host,password FROM mysql.user;
+----------+-----------+-------------------------------------------+
| user | host | password |
+----------+-----------+-------------------------------------------+
| root | localhost | *4A54C3F37C03C7FBACE31591D6A8C546F93DF5C5 |
| root | centos7 | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | centos7 | |
| testuser | % | *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 |
+----------+-----------+-------------------------------------------+
其他修改密碼的方法:
UPDATE user SET password=PASSWORD('testpass') WHERE user='testuser';
# mysqladmin -uroot -poldpass password 'newpass'
3、破解管理賬號密碼
空數據庫的情況下恢復密碼
# systemctl stop mariadb # rm -rf /var/lib/mysql/* #刪庫跑路 # systemctl start mariadb
有數據的情況下恢復密碼
1)在/etc/my.cnf配置文件的[mydqld]下添加skip-grant-tables和skip-networking參數
2)# systemctl restart mariadb 重啟服務
3)執行mysql登錄到數據庫
4)MariaDB [(none)]> UPDATE mysql.user SET password=PASSWORD(‘newpassword’) WHERE user=’root’ AND host=’localhost’; #更新密碼
5)MariaDB [(none)]> FLUSH PRIVILEGES; #刷新授權表
6)退出,修改配置文件,刪除skip-grant-tables和skip-networking參數,重啟服務
也可以在啟動mysqld進程時,為其使用如下選項:
–skip-grant-tables
–skip-networking
二、授權管理
1、授權
語法:GRANT priv_type ON [object_type] priv_level TO user@’%’ [IDENTIFIED BY ‘password’] [WITH GRANT OPTION];
授權時如果用戶不存在則創建,所以我們一般不會單獨去創建一個用戶,而是授權創建一塊完成。
priv_type 授權類型
– SELECT
– INSERT
– UPDATE
– DELETE
– CREATE
– DROP
– INDEX
– ALTER
– SHOW DATABASES
– CREATE TEMPORARY TABLES
– LOCK TABLES
– CREATE VIEW
– SHOW VIEW
– CREATE USER
– ALL PRIVILEGES 或 ALL
object_type 授權對象
– TABLE
– FUNCTION
– PROCEDURE
priv_level 授權級別
– *或*.* 表示所有庫
– db_name.* 表示指定庫中的所有表
– db_name.tbl_name 指定庫中的指定表
– tbl_name 表示當前庫的表
– db_name.routine_name 表示指定庫的函數,存儲過程,觸發器
WITH GRANT OPTION
– MAX_QUERIES_PER_HOUR count
– MAX_UPDATES_PER_HOUR count
– MAX_CONNECTIONS_PER_HOUR count
– MAX_USER_CONNECTIONS count
MariaDB [school]> GRANT SELECT(stuid,name) ON TABLE school.students TO admin@'%' IDENTIFIED BY 'admin'; #把students表的stuid和name字段的查詢權限授權於admin@'%'用戶 MariaDB [school]> FLUSH PRIVILEGES; #刷新授權表
2、查詢授權
MariaDB [school]> SHOW GRANTS FOR admin@'%'\G #查看指定用戶的權限 *************************** 1. row *************************** Grants for admin@%: GRANT USAGE ON *.* TO 'admin'@'%' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' *************************** 2. row *************************** Grants for admin@%: GRANT SELECT (stuid, name) ON `school`.`students` TO 'admin'@'%'
[root@working ~]# mysql -uadmin -padmin -h192.168.0.7 MariaDB [(none)]> SHOW GRANTS FOR CURRENT_USER()\G #查詢自己的權限 *************************** 1. row *************************** Grants for admin@%: GRANT USAGE ON *.* TO 'admin'@'%' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' *************************** 2. row *************************** Grants for admin@%: GRANT SELECT (stuid, name) ON `school`.`students` TO 'admin'@'%'
3、收回授權
MariaDB [school]> REVOKE SELECT(stuid) ON school.students FROM admin@'%'; #收回admin@'%'用戶對stuid字段的查詢權限
總結
到此這篇關於MySQL用戶與授權的文章就介紹到這瞭,更多相關MySQL用戶與授權內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!