一、密码恢复及设置
目标:
本案例要求熟悉MySQL管理密码的控制,完成以下任务操作:
- 练习重置MySQL管理密码的操作
- 通过正常途径设置MySQL数据库的管理密码
步骤:
步骤一:重置MySQL管理密码
1)首先停止已运行的MySQL服务程序
[root@dbsvr1 ~]# systemctl stop mysqld.service //停止服务
[root@dbsvr1 ~]# systemctl status mysqld.service //确认状态
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: inactive (dead) since 五 2017-04-07 23:01:38 CST; 21s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 20260 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 20238 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 20262 (code=exited, status=0/SUCCESS)
2)然后跳过授权表启动MySQL服务程序
这一步主要利用mysqld的 --skip-grant-tables选项
修改my.cnf配置,添加 skip_grant_tables=1启动设置:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
skip_grant_tables=1
.. ..
[root@dbsvr1 ~]# systemctl restart mysqld.service
[root@dbsvr1 ~]# service mysql status
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: active (running) since 五 2017-04-07 23:40:20 CST; 40s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 11698 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 11676 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 11701 (mysqld)
CGroup: /system.slice/mysqld.service
└─11701 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.p...
3)使用mysql命令连接到MySQL服务,重设root的密码
由于前一步启动的MySQL服务跳过了授权表,所以可以root从本机直接登录
[root@dbsvr1 ~]# mysql -u root
Enter password: //直接回车即可
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
进入 mysql> 环境后,通过修改mysql库中user表的相关记录,重设root用户从本机登录的密码:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.01 sec)
mysql> exit //退出mysql> 环境
Bye
通过执行“FLUSH PRIVILEGES;”可使授权表立即生效,对于正常运行的MySQL服务,也可以用上述方法来修改密码,不用重启服务。本例中因为是恢复密码,最好重启MySQL服务程序,所以上述“FLUSH PRIVILEGES;”操作可跳过。
4)重新以正常方式启动MySQL服务程序,验证新密码
如果前面是修改/etc/my.cnf配置的方法来跳过授权表,则重置root密码后,应去除相应的设置以恢复正常:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
#skip_grant_tables=1 //注释掉或删除此行
.. ..
按正常方式,通过mysql脚本重启服务即可:
[root@dbsvr1 ~]# systemctl restart mysqld.service
验证无密码登录时,将会被拒绝:
[root@dbsvr1 ~]# mysql -u root
Enter password: //没有跳过授权表回车会报错
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
只有提供重置后的新密码,才能成功登入:
[root@dbsvr1 ~]# mysql -u root –p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
步骤二:正常设置MySQL管理密码
正常的前提是:已知当前MySQL管理用户(root)的密码。
1)方法1,在Shell命令行下设置
使用mysqladmin管理工具,需要验证旧的密码。比如,以下操作将会把root的密码设置为 1234567:
[root@dbsvr1 ~]# mysqladmin -u root -p password '1234567'
Enter password: //验证原来的密码
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. //提示明文修改不安全,并不是报错
2)方法2,以root登入mysql> 后,使用SET PASSWORD指令设置
这个与新安装MySQL-server后首次修改密码时要求的方式相同,平时也可以用:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
Query OK, 0 rows affected, 1 warning (0.00 sec)
3)方法3,以root登入mysql> 后,使用GRANT授权工具设置
这个是最常见的用户授权方式(下一节会做更多授权的练习):
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
Query OK, 0 rows affected, 1 warning (0.00 sec)
4)方法4,以root登入mysql> 后,使用UPDATE更新相应的表记录
这种方法与恢复密码时的操作相同:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 0 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.00 sec)
在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
二、用户授权及撤销
目标:
- 允许root从192.168.4.0/24网段 访问,对所有库/表有完全权限,密码为tarena
- 添加一个管理账号dba007,完全控制及授权
- 撤销root从本机访问的权限,然后恢复
- 允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
- 撤销webuser的完全权限,改为查询权限
方案:
使用2台RHEL 7虚拟机,如下图所示。其中192.168.4.10是MySQL服务器,授权及撤销操作均在此服务器上执行;而192.168.4.120作为测试客户机,需要安装好MySQL-client软件包,以便提供mysql命令。
同时,MySQL服务器本身(192.168.4.10)也可以作为测试客户机。
步骤:
步骤一:用户授权及撤销
1)允许root从192.168.4.0/24访问,对所有库表有完全权限,密码为tarena。
授权之前,从192.168.4.0/24网段的客户机访问时,将会被拒绝:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10
Enter password: //输入正确的密码
ERROR 2003 (HY000): Host '192.168.4.120' is not allowed to connect to this MySQL server
授权操作,此处可设置与从localhost访问时不同的密码:
mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY 'tarena';
Query OK, 0 rows affected (0.00 sec)
再次从192.168.4.0/24网段的客户机访问时,输入正确的密码后可登入:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10
Enter password: //此处输入的密码是tarena才可以登录,tarena是主机授权的登录密码
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 20
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
从网络登入后,测试新建一个库、查看所有库:
mysql> CREATE DATABASE rootdb; //创建新库rootdb
Query OK, 1 row affected (0.06 sec)
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| home |
| mysql |
| performance_schema |
| rootdb | //新建的rootdb库
| sys |
| userdb |
+--------------------+
7 rows in set (0.01 sec)
2)在Mysql服务器上建立一个管理账号dba007,对所有库完全控制,并赋予其授权的权限
新建账号并授权:
mysql> GRANT all ON *.* TO dba007@localhost
-> IDENTIFIED BY '1234567'
-> WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
查看dba007的权限:
mysql> SHOW GRANTS FOR dba007@localhost;
+-----------------------------------------------------------------------+
| Grants for dba007@localhost |
+-----------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'dba007'@'localhost' WITH GRANT OPTION |
+-----------------------------------------------------------------------+
1 row in set (0.00 sec)
3)撤销root从本机访问的权限,然后恢复
注意:如果没有事先建立其他管理账号,请不要轻易撤销root用户的本地访问权限,否则恢复起来会比较困难,甚至不得不重装数据库。
撤销root对数据库的操作权限:
mysql> REVOKE all ON *.* FROM root@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost;
+--------------------------------------------------------------+
| Grants for root@localhost |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+--------------------------------------------------------------+
2 rows in set (0.00 sec)
验证撤销后的权限效果:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u root -p //重新以root从本地登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 6
Server version: 5.6.15 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> CREATE DATABASE newdb2014; //尝试新建库失败
ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'newdb2014'
mysql> DROP DATABASE rootdb; //尝试删除库失败
ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'rootdb'
尝试以当前的root用户恢复权限,也会失败(无权更新授权表):
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
怎么办呢?
退出当前MySQL连接,以上一步添加的管理账号dba007登入:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u dba007 -p //以另一个管理账号登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 24
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
由管理账号dba007重新为root添加本地访问权限:
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost; //查看恢复结果
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
退出,再重新以root登入,测试一下看看,权限又恢复了吧:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u root -p //重新以root登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 25
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> CREATE DATABASE newdb2014; //成功创建新库
Query OK, 1 row affected (0.00 sec)
4)允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
添加授权:
mysql> GRANT all ON webdb.* TO webuser@'%' IDENTIFIED BY '888888';
Query OK, 0 rows affected (0.00 sec)
查看授权结果:
mysql> SHOW GRANTS FOR webuser@'%';
+----------------------------------------------------+
| Grants for webuser@% |
+----------------------------------------------------+
| GRANT USAGE ON *.* TO 'webuser'@'%' |
| GRANT ALL PRIVILEGES ON `webdb`.* TO 'webuser'@'%' |
+----------------------------------------------------+
2 rows in set (0.00 sec)
5)撤销webuser的完全权限,改为查询权限
撤销所有权限:
mysql> REVOKE all ON webdb.* FROM webuser@'%';
Query OK, 0 rows affected (0.00 sec)
只赋予查询权限:
mysql> GRANT select ON webdb.* TO webuser@'%';
Query OK, 0 rows affected (0.00 sec)
确认授权更改结果:
mysql> SHOW GRANTS FOR webuser@'%';
+--------------------------------------------+
| Grants for webuser@% |
+--------------------------------------------+
| GRANT USAGE ON *.* TO 'webuser'@'%' |
| GRANT SELECT ON `webdb`.* TO 'webuser'@'%' |
+--------------------------------------------+
2 rows in set (0.00 sec)
三、数据备份与恢复
目标:
本案例要求熟悉MySQL的备份与恢复,完成以下任务操作:
- 使用mysqldump备份数据库
- 使用mysql 恢复数据库
步骤:
步骤一:使用mysqldump进行逻辑备份
1)备份MySQL服务器上的所有库
将所有的库备份为mysql-all.sql文件:
[root@dbsvr1 ~]# mysqldump -u root -p --all-databases > /root/alldb.sql
Enter password: //验证口令
[root@dbsvr1 mysql]# file /root/alldb.sql //确认备份文件类型
/root/alldb.sql: UTF-8 Unicode English text, with very long lines
查看备份文件alldb.sql的部分内容:
[root@dbsvr1 ~]# grep -vE '^/|^-|^$' /root/alldb.sql | head -15
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `home` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `home`;
DROP TABLE IF EXISTS `biao01`;
CREATE TABLE `biao01` (
`id` int(2) NOT NULL,
`name` varchar(8) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
LOCK TABLES `biao01` WRITE;
UNLOCK TABLES;
DROP TABLE IF EXISTS `biao02`;
CREATE TABLE `biao02` (
`id` int(4) NOT NULL,
`name` varchar(8) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
.. ..
注意:若数据库都使用MyISAM存储引擎,可以采用冷备份的方式,直接复制对应的数据库目录即可;恢复时重新复制回来就行。
2)只备份指定的某一个库
将userdb库备份为userdb.sql文件:
[root@dbsvr1 ~]# mysqldump -u root -p userdb > userdb.sql
Enter password: //验证口令
查看备份文件userdb.sql的部分内容:
[root@dbsvr1 ~]# grep -vE '^/|^-|^$' /root/userdb.sql
DROP TABLE IF EXISTS `stu_info`;
CREATE TABLE `stu_info` (
`name` varchar(12) NOT NULL,
`gender` enum('boy','girl') DEFAULT 'boy',
`age` int(3) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
LOCK TABLES `stu_info` WRITE;
.. ..
3)同时备份指定的多个库
同时备份mysql、userdb库,保存为mysql+userdb.sql文件:
[root@dbsvr1 ~]# mysqldump -u root -p -B mysql userdb > mysql+test+userdb.sql
Enter password: //验证口令
查看备份文件userdb.sql的部分内容:
[root@dbsvr1 ~]# grep '^CREATE DATA' /root/mysql+userdb.sql
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysql` /*!40100 DEFAULT CHARACTER SET latin1 */;
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `userdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
步骤二:使用mysql命令从备份中恢复数据库、表
以恢复userdb库为例,可参考下列操作。通常不建议直接覆盖旧库,而是采用建立新库并导入逻辑备份的方式执行恢复,待新库正常后即可废弃或删除旧库。
1)创建名为userdb2的新库
mysql> CREATE DATABASE userdb2;
Query OK, 1 row affected (0.00 sec)
2)导入备份文件,在新库中重建表及数据
[root@dbsvr1 ~]# mysql -u root -p userdb2 < /root/userdb.sql
Enter password: //验证口令
3)确认新库正常,启用新库
mysql> USE userdb2; //切换到新库
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SELECT sn,username,uid,gid,homedir //查询数据,确认可用
-> FROM userlist LIMIT 10;
+----+----------+-----+-----+-----------------+
| sn | username | uid | gid | homedir |
+----+----------+-----+-----+-----------------+
| 1 | root | 0 | 0 | /root |
| 2 | bin | 1 | 1 | /bin |
| 3 | daemon | 2 | 2 | /sbin |
| 4 | adm | 3 | 4 | /var/adm |
| 5 | lp | 4 | 7 | /var/spool/lpd |
| 6 | sync | 5 | 0 | /sbin |
| 7 | shutdown | 6 | 0 | /sbin |
| 8 | halt | 7 | 0 | /sbin |
| 9 | mail | 8 | 12 | /var/spool/mail |
| 10 | operator | 11 | 0 | /root |
+----+----------+-----+-----+-----------------+
10 rows in set (0.00 sec)
4)废弃或删除旧库
mysql> DROP DATABASE userdb;
Query OK, 2 rows affected (0.09 sec)
四、MySQL管理工具
目标:
本案例要求基于LAMP平台部署一套phpMyAdmin应用系统,实现对MySQL服务器的Web方式管理。
方案:
使用2台RHEL6虚拟机 + 1台Windows 7真机,如下图所示。其中192.168.4.10是MySQL服务器,授权操作在此服务器上执行;另一台Linux服务器192.168.4.6上部 署phpMyAdmin管理平台,实现从浏览器访问的Web管理方式。
步骤:
步骤一:在MySQL服务器上配置用户访问授权
为了实验方便起见,直接以root用户为例,允许其从192.168.4.0/24网段访问,密码设置为1234567。
mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY '1234567'; //授权本地root用户可以从4.0网段登录,为后面用4.0网段PC做客户端验证,提供权限
Query OK, 0 rows affected, 1 warning (0.00 sec)
步骤二:搭建phpMyAdmin管理平台(192.168.4.6)
phpMyAdmin是以PHP语言开发的一套用来管理MySQL数据库的网页程序,因此需要有支持PHP的网站服务器才能正常使用phpMyAdmin平台。
1)LAMP平台的简易部署
直接以yum方式安装httpd、mysql、php、php-mysql软件包,本例中只需要MySQl客户端程序,无需安装mysql-server:
[root@dbsvr ~]# yum -y install httpd mariadb php php-mysql //此处会安装httpd、php、php-mysql三个包,mariadb在前面实验已安装了
.. ..
由于RHEL 7未提供php-mbsring包,而phpMyAdmin套件需要相关库文件,因此需要额外下载适用的RPM包(由教员提供),安装时忽略依赖关系即可:
[root@dbsvr ~]# rpm -ivh php-mbstring-5.3.3-26.el6.x86_64.rpm -nodeps
.. ..
完成安装以后,对httpd服务配置稍作调整,启动httpd网站服务:
[root@dbsvr ~]# vim /etc/httpd/conf/httpd.conf
ServerName localhost.localdomain
.. ..
DirectoryIndex index.php index.html
.. ..
[root@dbsvr ~]# systemctl restart httpd //安装了httpd服务后需要启动该服务才能生效,客户端才能通过http访问服务器数据库验证
2)下载、部署phpMyAdmin套件
访问http://www.phpmyadmin.net/,下载支持多语言的源码程序包phpMyAdmin-4.1.2-all-languages.zip。
将下载回来的源码包解压,并部署到网站目录:
[root@dbsvr ~]# unzip phpMyAdmin-4.1.2-all-languages.zip
[root@dbsvr ~]# mv phpMyAdmin-4.1.2-all-languages /var/www/html/pma
切换到部署后的pma程序目录,拷贝配置文件,并修改配置以正确指定MySQL服务器的IP地址。
[root@dbsvr ~]# cd /var/www/html/pma/
[root@dbsvr pma]# cp config.sample.inc.php config.inc.php
[root@dbsvr pma]# vim config.inc.php
<?php
.. ..
$cfg[‘blowfish_secret’]=’tarena’; //在单引号里随意添加字符,如果不修改这项,会报错【配置文件现在需要绝密的短语密码(blowfish_secret)】。
.. ..
$cfg['Servers'][$i]['host'] = '192.168.4.10';
.. ..
?>
3)从浏览器访问phpMyAdmin系统
在Windows 7客户机中,打开IE网页浏览器,访问部署了phpMyAdmin系统的网站http://192.168.4.6/pma/index.php,即可打 开phpMyAdmin管理平台。如下图所示,输入正确的数据库用户名(如root)及密码登入即可。 //如果前面只是启动http服务,没有默认页面,可以访问http://192.168.4.6/pma/网址,不用加默认网页,输入登录数据库的账户密码,root & 123456
登入成功后,如下图所示,即可在授权范围内对MySQL数据库进行管理。
附加:
一、管理root用户密码(知道root用户密码的情况)
1> 直接在shell环境下直接更改
# mysqladmin -hlocalhost -uroot -p password"新密码" //知道用户密码,需要更改成新密码时操作命令
Enter password: //会进入交互界面,需要旧的密码才可以更改,未报错即成功
2> 可以在mysql命令行用set password命令
mysql> set password for 'root'@'localhost' = password('123456'); //注意格式正确,否则报错
二、管理root用户密码(不知道root用户密码的情况)
1> 修改配置文件
# vim /etc/my.cnf
[mysqld]
skip-grant-tables //加这条后需要将下面的密码验证策略注释掉才可以成功,不然会报错无法识别该命令
secure_file_priv="/mydatadir"
#validate_password_policy=0 //密码验证策略
#validate_password_length=6 //密码长度
default_storage_engine=myisam
...
:wq //保存并退出
2> 无密码登录mysql数据库
# mysql -uroot //后面不用加-p‘密码’,上面有策略跳过密码验证
3> 查看root用户密码字段
mysql> desc mysql.user; //查看表结构,查找密码字段的字段名
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Host | char(60) | NO | PRI | | |
| User | char(32) | NO | PRI | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
| Create_tablespace_priv | enum('N','Y') | NO | | N | |
| ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | |
| ssl_cipher | blob | NO | | NULL | |
| x509_issuer | blob | NO | | NULL | |
| x509_subject | blob | NO | | NULL | |
| max_questions | int(11) unsigned | NO | | 0 | |
| max_updates | int(11) unsigned | NO | | 0 | |
| max_connections | int(11) unsigned | NO | | 0 | |
| max_user_connections | int(11) unsigned | NO | | 0 | |
| plugin | char(64) | NO | | mysql_native_password | |
| authentication_string | text | YES | | NULL | |
| password_expired | enum('N','Y') | NO | | N | |
| password_last_changed | timestamp | YES | | NULL | |
| password_lifetime | smallint(5) unsigned | YES | | NULL | |
| account_locked | enum('N','Y') | NO | | N | |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
45 rows in set (0.00 sec)
mysql> select host,user,authentication_string from mysql.user; //查找主机名、用户名、密码对应关系
+-----------+-----------+-------------------------------------------+
| host | user | authentication_string |
+-----------+-----------+-------------------------------------------+
| localhost | root | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+-----------+-------------------------------------------+
2 rows in set (0.00 sec)
4> 更改root用户对应密码、刷新、退出
mysql> update mysql.user set authentication_string=password("123456") where host="localhost" and user="root"; //更改数据库密码
mysql> flush privileges; //刷新MySQL的系统权限相关表,否则会出现拒绝访问,还有一种方法,就是重新启动mysql服务器,来使新设置生效。未报错即生效
mysql> quit
5> 改回密码验证策略
# vim /etc/my.cnf
[mysqld]
#skip-grant-tables //将这条跳过密码验证策略关闭,保证数据库需要密码登录登录
secure_file_priv="/mydatadir"
validate_password_policy=0 //打开密码验证策略
validate_password_length=6 //打开密码长度策略验证
default_storage_engine=myisam
...
:wq //保存并退出
# systemctl restart mysqld //重启服务使得更改配置生效
6> 重新登录测试
# mysql -uroot -p123456; //需要加-p‘密码’验证登录
......
mysql> quit
三、Grant配置授权
基本用法:grant 权限列表.. on 库名.表名 to 用户名@‘客户端地址’ identified by '密码' [with grant option]
//密码是设置密码,with grant option是否有授权权限(一般root用户有授权权限)
高级版本破解“初始”密码
mysql_install_db --user=mysql --datadir=/var/lib/mysql
validate_password_policy=0
validate_password_length=6
plugin-load=validate_password.so
validate-password=FORCE_PLUS_PERMANENT