zoukankan      html  css  js  c++  java

  • 10.创建 MySQL 用户及赋予用户权限

    10.1 使用语法:

    通过在 mysql 中输入 help grant 得到如下帮助信息

    CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;​

    10.2 第一种创建用户及授权方法:

    创建用户

    mysql> create user oldboy@'localhost' identified by 'oldboy';
Query OK, 0 rows affected (0.00 sec)​

    查看用户其权限

    mysql> show grants for oldboy@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for oldboy@localhost
|
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'oldboy'@'localhost' IDENTIFIED BY PASSWORD
'*7495041D24E489A0096DCFA036B166446FDDD992' |
+---------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)​
授权用户权限

mysql> grant all on oldboy_gbk.* to oldboy@'localhost';
Query OK, 0 rows affected (0.04 sec)
mysql> show grants for oldboy@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for oldboy@localhost
|
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'oldboy'@'localhost' IDENTIFIED BY PASSWORD
'*7495041D24E489A0096DCFA036B166446FDDD992' |
| GRANT ALL PRIVILEGES ON `oldboy_gbk`.* TO 'oldboy'@'localhost'
|
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)​

    10.3 第二种创建用户及授权方法:

    mysql> grant all on oldboy_gbk.* to oldgirl@'localhost' identified by 'oldgirl';
Query OK, 0 rows affected (0.00 sec)
列表说明:
grant all on dbname.* to username@’lcoalhost’ identified by ‘password’
授 权命令对应权限
目标:库和表 用户名和客户端主机 用户密码
mysql> show grants for oldgirl@'localhost';
+----------------------------------------------------------------------------------------------------------------+
| Grants for oldgirl@localhost
|
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'oldgirl'@'localhost' IDENTIFIED BY PASSWORD
'*4FD27385BB43242FE02158144D4C211F75A03F76' |
| GRANT ALL PRIVILEGES ON `oldboy_gbk`.* TO 'oldgirl'@'localhost'
|
+----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)​

    10.4 创建用户及授权哪个网段的主机可以连接 oldboy_gbk 库

    提示:如果是 web 连接数据库的用户,尽量不要授权 all,而是 select,insert,update,delete

    10.4.1 第一种方法:

    mysql> grant all on oldboy_gbk.* to oldgirl@'172.16.1.%' identified by 'oldgirl';
Query OK, 0 rows affected (0.00 sec)
%表示 172.16.1.1-255 网段​

    10.4.2 第二种方法:

    mysql> grant all on oldboy_gbk.* to oldgirl@'172.16.1.0/255.255.255.0' identified by 'oldgirl';
Query OK, 0 rows affected (0.00 sec)
提示:不能这样写 oldgirl@’172.16.1.0/24’​

    10.5 关于 mysql 回收某个用户权限

    语法格式:

    REVOKE
 priv_type [(column_list)]
 [, priv_type [(column_list)]] ...
 ON [object_type] priv_level
 FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...​


    实例:查看 oldboy 用户回收权限前的权限

    mysql> show grants for oldboy@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for oldboy@localhost
|
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'oldboy'@'localhost' IDENTIFIED BY PASSWORD
'*7495041D24E489A0096DCFA036B166446FDDD992' |
| GRANT ALL PRIVILEGES ON `oldboy_gbk`.* TO 'oldboy'@'localhost'
|
+---------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)​

    查看回收 oldboy 用户的 insert 权限之后的权限

    mysql> REVOKE INSERT ON oldboy_gbk.* FROM 'oldboy'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'oldboy'@'localhost';
+---------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------+
| Grants for oldboy@localhost
|
+---------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'oldboy'@'localhost' IDENTIFIED BY PASSWORD
'*7495041D24E489A0096DCFA036B166446FDDD992'
|
| GRANT SELECT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER,
CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW,
CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `oldboy_gbk`.* TO
'oldboy'@'localhost' |
+---------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)​

    10.6 企业生产环境如何授权用户权限(mysql 主库)

    博客,CMS 等产品的数据库授权:
    对于 web 连接用户授权尽量采用最小化原则,很多开源软件都是 web 界面安装,因此,在安装期间除了 select,insert,update,delete4 个权限外,还需要 create,drop 等比较危险的权限

    mysql> grant insert,delete,update,select on blog.* to blog@'172.16.1.%' identified by 'blog';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for blog@'172.16.1.%';
+--------------------------------------------------------------------------------------------------------------+
| Grants for blog@172.16.1.%
|
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'blog'@'172.16.1.%' IDENTIFIED BY PASSWORD
'*A5BA49C964C6DB89302E2EA293048E9224B33F34' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `blog`.* TO 'blog'@'172.16.1.%'
|
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)​

    常规情况下授权 select,insert,update,delete4 个权限即可,有的开源软件,例如 discuz bbs,
    还需要 create,drop 等比较危险的权限,生成数据库表后,要收回 create、drop 权限

    mysql> revoke drop,create on blog.* from blog@'172.16.1.%';
Query OK, 0 rows affected (0.00 sec)
to your MySQL server version for the right syntax to use near 'from blog@'172.16.1.%'' at line 1
mysql> show grants for blog@'172.16.1.%';
+--------------------------------------------------------------------------------------------------------------+
| Grants for blog@172.16.1.%
|
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'blog'@'172.16.1.%' IDENTIFIED BY PASSWORD
'*A5BA49C964C6DB89302E2EA293048E9224B33F34' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `blog`.* TO 'blog'@'172.16.1.%'
|
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)​
  • 相关阅读:
    绕过校园网认证实现免费上网【三端】
    Java多线程下载器FileDownloader(支持断点续传、代理等功能)
    Java实现命令行中的进度条功能
    记一次基于Cloudflare服务的爬虫
    如何修改npm包源码后,重新npm包的时候能是修改后的版本
    将html片段的文本内容取出来
    阿里云的oss的文件资源链接强制下载
    常用正则记录
    flvjs的unload(),detachMediaElement(),destroy()报错,undefined,not a function解决方案
    微信扫码登陆,qq登陆,微博登陆等第三方登陆成功后返回原来的页面并进行跳转
  • 原文地址:https://www.cnblogs.com/hackerlin/p/12539585.html
Copyright © 2011-2022 走看看