13.4 mysql用户管理
时间:2022-04-27
本文章向大家介绍13.4 mysql用户管理,主要内容包括mysql用户管理目录概要、mysql用户管理、针对具体的权限去授权、show grants;需求、基本概念、基础应用、原理机制和需要注意的事项等,并结合实例形式分析了其使用技巧,希望通过本文能帮助到大家理解应用这部分内容。
mysql用户管理目录概要
- grant all on . to 'user1' identified by 'passwd';
- grant SELECT,UPDATE,INSERT on db1.* to 'user2'@'192.168.133.1' identified by 'passwd';
- grant all on db1.* to 'user3'@'%' identified by 'passwd';
- show grants;
- show grants for user2@192.168.133.1;
mysql用户管理
- 场景,为了安全,新建的站点,创建新的用户,或者给予使用已有账户,给予权限
- grant all on . to 'user1' identified by 'passwd';
- grant 表示 授权
- all 表示所有权限,查看,创建,删除等等
- on . to 'user1' identified by 'passwd';
- 若是登录到mysql中后,输错了字符,并按了回车键,直接输入分号 ; 就会推出, 回到mysql的命令行
- 退出mysql除了使用 quit 命令,还可以使用 exit 命令,还可以ctrl+d快捷键退出
- 登录到mysql
[root@hf-01 ~]# mysql -uroot -p'hanfeng'
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
- 创建普通用户user1,命令
- grant all on . to 'user1'@'127.0.0.1' identified by '123456a';——>在输入命令的时候,千万要注意符号,一旦漏失了符号 ' ',那么后面就无法登录到user1的mysql
- 'user1'@'127.0.0.1' 指定用户@指定来源IP (指定用户可以写 % 就是通配,表示所有的IP)如果指定了来源IP,那么只能通过来源IP登录
- 符号*.* 表示所有库,所有表
- 第一个 * 表示库名,可以写成mysql.* 那就表示对mysql所有的表
- identified by 'passwd' 指定user1的mysql密码
- grant语句,是不会记录到命令历史中的因为不安全
mysql> grant all on *.* to 'user1'@'127.0.0.1' identified by '123456a';
Query OK, 0 rows affected (0.02 sec)
mysql>
- 退出数据库,并尝试user1是否可以登录
[root@hf-01 ~]# mysql -uuser1 -p'123456a'
Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'user1'@'localhost' (using password: YES)
[root@hf-01 ~]#
- 会看到登录失败,因为它默认的是sock,需要指定 -h 指定IP,会看到成功登录到user1的数据库
[root@hf-01 ~]# mysql -uuser1 -p123456a -h127.0.0.1
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 13
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> quit
Bye
- 授权localhost,授权本地,用sock去连接
- 重新登录root,并输入localhost,创建成功后,并退出
- grant all on . to 'user1'@'localhost' identified by '123456a';
[root@hf-01 ~]# mysql -uroot -p'hanfeng'
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 14
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> grant all on *.* to 'user1'@'localhost' identified by '123456a';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@hf-01 ~]#
- 这时不加-h 也可以登录到user1了,因为现在授权就是针对localhost,localhost就是针对的sock
[root@hf-01 ~]# mysql -uuser1 -p123456a
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 15
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> exit
Bye
- 退出数据库除了用 quit 命令,还可以用 exit 命令,还可以ctrl+d快捷键退出
针对具体的权限去授权
- grant SELECT,UPDATE,INSERT on db1.* to 'user2'@'192.168.133.1' identified by 'passwd';
- 针对SELECT,UPDATE,INSERT,针对 db1这个库所有的表给用户user2来源IP,并设定密码
- grant all on db1.* to 'user3'@'%' identified by 'passwd';
- 针对所有的IP去授权
- show grants; 查看所有的授权
- 在登录到某一用户下,show grants;会查看到当前用户的权限的
- 登录user1用户的mysql,去查看授权
[root@hf-01 ~]# mysql -uuser1 -p123456a
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 16
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> show grants;
+-----------------------------------------------------------------------------------------------------------------------+
| Grants for user1@localhost |
+-----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*B012E8731FF1DF44F3D8B26837708985278C3CED' |
+-----------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql>
- show grants for user1@127.0.0.1; 指定用户去查看授权
- 登录root用户的mysql,然后查看user1用户的mysql的授权
[root@hf-01 ~]# mysql -uroot -p'hanfeng'
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 17
Server version: 5.6.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> show grants for user1@'127.0.0.1';
+-----------------------------------------------------------------------------------------------------------------------+
| Grants for user1@127.0.0.1 |
+-----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'user1'@'127.0.0.1' IDENTIFIED BY PASSWORD '*B012E8731FF1DF44F3D8B26837708985278C3CED' |
+-----------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql>
show grants;需求
- show grants;看的是root
- 创建一个用户user2,并做一个授权
- grant SELECT,UPDATE,INSERT on db1.* to 'user2'@'192.168.133.1' identified by 'passwd';
mysql> grant SELECT,UPDATE,INSERT on db1.* to 'user2'@'192.168.133.1' identified by 'passwd';
Query OK, 0 rows affected (0.01 sec)
mysql>
- 查看user2的授权
- show grants for user2@'192.168.133.1';
mysql> show grants for user2@'192.168.133.1';
+------------------------------------------------------------------------------------------------------------------+
| Grants for user2@192.168.133.1 |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'192.168.133.1' IDENTIFIED BY PASSWORD '*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0' |
| GRANT SELECT, INSERT, UPDATE ON `db1`.* TO 'user2'@'192.168.133.1' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
- 有一种情况会用到它,比如说,给192.168.133.1做了授权了,但发现一个IP不够,还有一个192.168.133.2,也就是说user2用户不仅需要在192.168.133.1上登录,还需要在192.168.133.2上登录,这时候就需要把授权的命令全部在执行一遍
- 这时候就可以直接把GRANT USAGE ON . TO 'user2'@'192.168.133.1' IDENTIFIED BY PASSWORD '*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0' 复制一遍,将其中192.168.133.1改为192.168.133.2 并在语句结尾加上分号 ;
mysql> GRANT USAGE ON *.* TO 'user2'@'192.168.133.2' IDENTIFIED BY PASSWOORD '*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0';
Query OK, 0 rows affected (0.00 sec)
mysql>
- 然后再将第二行复制GRANT SELECT, INSERT, UPDATE ON
db1
.* TO 'user2'@'192.168.133.1' 把IP改为192.168.133.2,并加上分号 ;
mysql> GRANT SELECT, INSERT, UPDATE ON `db1`.* TO 'user2'@'192.168.133.2';
Query OK, 0 rows affected (0.01 sec)
mysql>
- 这时候在来查看show grants查看192.168.133.2
mysql> show grants for user2@'192.168.133.2';
+------------------------------------------------------------------------------------------------------------------+
| Grants for user2@192.168.133.2 |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'192.168.133.2' IDENTIFIED BY PASSWORD '*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0' |
| GRANT SELECT, INSERT, UPDATE ON `db1`.* TO 'user2'@'192.168.133.2' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
- show grants;会看到同样的密码,同样的用户,唯一改变的就是IP
- 在知道mysql的用户名,但不知道密码,也可以这样去授权
- BZOJ 3670: [Noi2014]动物园【KMP变形 】
- 【延迟注入】A5站长网某站存在SQL注入漏洞
- hihoCoder #1498 : Diligent Robots【数学】
- Codeforces Round #336 (Div. 2)【A.思维,暴力,B.字符串,暴搜,前缀和,C.暴力,D,区间dp,E,字符串,数学】
- 【防护】如何阻止SELECT * 语句
- COGS 862. 二进制数01串【dp+经典二分+字符串】
- 【AlphaGo Zero 核心技术-深度强化学习教程代码实战03】编写通用的格子世界环境类
- 冒泡排序简单操作模版及实例分析
- COGS 1299. bplusa【听说比a+b还要水的大水题???】
- python学习笔记之运算符
- 锐捷网络NBR部分路由器cookie欺骗权限绕过
- 手写快排模版
- COGS 68. [NOIP2005] 采药【01背包复习】
- UESTC 30 &&HDU 2544最短路【Floyd求解裸题】
- MySQL 教程
- MySQL 安装
- MySQL 管理与配置
- MySQL PHP 语法
- MySQL 连接
- MySQL 创建数据库
- MySQL 删除数据库
- MySQL 选择数据库
- MySQL 数据类型
- MySQL 创建数据表
- MySQL 删除数据表
- MySQL 插入数据
- MySQL 查询数据
- MySQL where 子句
- MySQL UPDATE 查询
- MySQL DELETE 语句
- MySQL LIKE 子句
- mysql order by
- Mysql Join的使用
- MySQL NULL 值处理
- MySQL 正则表达式
- MySQL 事务
- MySQL ALTER命令
- MySQL 索引
- MySQL 临时表
- MySQL 复制表
- 查看MySQL 元数据
- MySQL 序列 AUTO_INCREMENT
- MySQL 处理重复数据
- MySQL 及 SQL 注入
- MySQL 导出数据
- MySQL 导入数据
- MYSQL 函数大全
- MySQL Group By 实例讲解
- MySQL Max()函数实例讲解
- mysql count函数实例
- MYSQL UNION和UNION ALL实例
- MySQL IN 用法
- MySQL between and 实例讲解
- Uboot到底如何启动内核
- Flink部署及作业提交(On YARN)
- Flink部署及作业提交(On Flink Standalone)
- MySQL题集
- 《深入浅出SQL》问答录
- Python_字典实现简单预约系统
- java_二维数组简单快递系统
- RabbitMQ六种工作模式
- Java生成随机姓名、性别和年龄
- 商业数据分析从入门到入职(8)Python模块、文件IO和面向对象
- 7.13论坛常见问题以及解决办法
- 移植SDL到JZ2440显示BMP图片
- Vue图片验证码-自定义组件高级版
- Angular页面调试一个有用的小技巧 - normalizeDebugBindingName和normalizeDebugBindingValue
- 19个JS超有用的简写技巧