zoukankan      html  css  js  c++  java
  • MySQL用户管理

    1. MySQL用户管理

    'user'@'host';
     host:IP、主机名、NETWORK、%(任意长字符),_(任意单个字符)    
    skip_name_resolve={ON|OFF} 跳过主机名解析
     [root@node2 ~]# vim /etc/my.cnf
     skip_name_resolve=ON
    

    2.查看用户
    示例:

    MariaDB [mysql]> SELECT User,Host,Password FROM user;
    

    3.创建用户
    CREATE USER  'user'@'host' [IDENTIFIED BY [PASSWORD] 'password'] [,'user'@'host' [IDENTIFIED BY [PASSWORD] 'password']...]
    示例:

    MariaDB [(none)]> CREATE USER 'tom'@'127.0.0.1' IDENTIFIED BY 'liumanlin' , 'jerry'@'%' IDENTIFIED BY 'liumanlin';
    

    4.重命名:RENAME USER
    RENAME USER old_user TO new_user[, old_user TO new_user] ...
    示例:

    MariaDB [mysql]> RENAME USER 'tom'@'127.0.0.1' TO 'jerry'@'172.18.%.%';
    

    5.删除用户
    DROP USER 'user'@'host' [, 'user'@'host'] ...
    示例:

    MariaDB [mysql]> DROP USER 'jerry'@'%';
    MariaDB [mysql]> DROP USER ''@'localhost';
    

    6.让MySQL重新加载授权列表
    FLUSH PRIVILEGES;
    示例:

    MariaDB [mysql]> FLUSH PRIVILEGES;
    

    7.修改用户密码
    (1) SET PASSWORD [FOR 'user'@'host'] = PASSWORD('cleartext password'); PASSWORD是MySQL内建加密函数
    示例:

    MariaDB [mysql]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('liumanlin');
    MariaDB [mysql]> FLUSH PRIVILEGES;
    


    (2) UPDATE mysql.user SET Password=PASSWORD('cleartext password')  WHERE User='USERNAME' AND Host='HOST';
    示例:

    MariaDB [mysql]> UPDATE user SET Password=PASSWORD('liumanlin') WHERE User='root' AND Host='127.0.0.1';
    MariaDB [mysql]> FLUSH PRIVILEGES;
    


    (3) mysqladmin -uUSERNAME -hHOST -p  password 'NEW_PASS'
    示例:

    [root@node2 ~]# mysqladmin -h127.0.0.1 -uroot -p password 'liumanlin';
    

    8.忘记管理员密码的解决办法
    (1) 启动mysqld进程时,使用--skip-grant-tables和--skip-networking选项
    示例:
    CentOS 7:

    [root@node2 ~]# vim /usr/lib/systemd/system/mariadb.service
     ExecStart=/usr/bin/mysqld_safe --basedir=/usr --skip-grant-tables --skip-networking
    [root@node2 ~]# systemctl daemon-reload
    [root@node2 ~]# systemctl restart mariadb.service
    


    CentOS 6:

    [root@node2 ~]# vim /etc/init.d/mysqld 同理
    


    (2) 通过UPDATE命令修改管理员密码
    示例:

    MariaDB [mysql]> UPDATE user SET Password=PASSWORD('liumanlin') WHERE User='root' AND Host='127.0.0.1';
    [root@node2 ~]# vim /usr/lib/systemd/system/mariadb.service
    ExecStart=/usr/bin/mysqld_safe --basedir=/usr
    


    (3) 以正常方式启动mysqld进程;
    示例:

    [root@node2 ~]# systemctl daemon-reload
    [root@node2 ~]# systemctl restart mariadb.service
    

    9.授权:GRANT

    GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
    ON [object_type] priv_level 
    TO user_specification [, user_specification] ...
    [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
    [WITH with_option ...]
    


    object_type(对象类型):
     TABLE
     | FUNCTION
     | PROCEDURE
    priv_level:
     *
     | *.*(所有库的所有表)
     | db_name.*(指定库的所有表)
     | db_name.tbl_name(指定库的指定表)
     | tbl_name(指定表)
     | db_name.routine_name(指定库的指定函数)
    ssl_option:
     SSL
     | X509
     | CIPHER 'cipher'
     | ISSUER 'issuer'
     | SUBJECT 'subject'    
    with_option:
     GRANT OPTION
     | MAX_QUERIES_PER_HOUR count
     | MAX_UPDATES_PER_HOUR count
     | MAX_CONNECTIONS_PER_HOUR count
     | MAX_USER_CONNECTIONS count
    示例1:

    MariaDB [mysql]> GRANT CREATE ON hidb.* TO 'jerry'@'172.18.%.%';
    [root@node2 ~]# mysql -ujerry -h172.18.67.12 -p
    MariaDB [(none)]> CREATE DATABASE hidb;
    MariaDB [(none)]> use hidb;
    MariaDB [hidb]> CREATE TABLE tbl1 (name CHAR(20));
    MariaDB [hidb]> CREATE INDEX test ON tbl1(name);
    ERROR 1142 (42000): INDEX command denied to user 'jerry'@'172.18.67.12' for table 'tbl1' (无权创建索引,用以下方法)
    MariaDB [mysql]> GRANT INDEX ON hidb.* TO 'jerry'@'172.18.%.%';
    MariaDB [mysql]> SHOW GRANTS  FOR 'jerry'@'172.18.%.%';
    MariaDB [hidb]> CREATE INDEX test ON tbl1(name); (授权成功)
    


    示例2:

    MariaDB [mysql]> CREATE USER 'tom'@'172.18.%.%' IDENTIFIED BY 'liumanlin';
    [root@node2 ~]# mysql -utom -h172.18.67.12 -p (可正常登录)
    MariaDB [mysql]> GRANT ALL ON hidb.* TO 'tom'@'172.18.%.%' REQUIRE SSL; (使用ssl授权登录)
    MariaDB [mysql]> SHOW GRANTS FOR 'tom'@'172.18.%.%';
    MariaDB [mysql]> FLUSH PRIVILEGES;
    [root@node2 ~]# mysql -utom -h172.18.67.12 -p
    Enter password: 
    ERROR 1045 (28000): Access denied for user 'tom'@'172.18.67.12' (using password: YES) (无法连接,需指明ssl证书)
    


    示例3:

    MariaDB [mysql]> SHOW GLOBAL VARIABLES LIKE '%ssl%';
    +---------------+----------+
    | Variable_name | Value    |
    +---------------+----------+
    | have_openssl  | DISABLED |
    | have_ssl      | DISABLED |
    | ssl_ca        |          |
    | ssl_capath    |          |
    | ssl_cert      |          |
    | ssl_cipher    |          |
    | ssl_key       |          |
    +---------------+----------+
    

    10.查看授权:SHOW GRANTS
    SHOW GRANTS [FOR 'user'@'host']
    示例:

    MariaDB [mysql]> SHOW GRANTS FOR 'tom'@'172.18.%.%';
    

    11.取消授权:REVOKE

    REVOKE  priv_type [(column_list)][, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    FROM  'user'@'host' [,  'user'@'host'] ...
    REVOKE ALL PRIVILEGES, GRANT OPTION
    FROM user [, user] ...
    


    示例:

    MariaDB [mysql]> REVOKE CREATE VIEW ON hidb.* FROM 'tom'@'172.18.%.%';
    MariaDB [mysql]> SHOW GRANTS FOR 'tom'@'172.18.%.%';
    MariaDB [mysql]> FLUSH PRIVILEGES;
    
  • 相关阅读:
    浅谈P2P
    一串字符的解密
    下载地址解密
    初探DirectX
    本文介绍在VC 6.0中编译和使用OpenSSL的过程
    鱼钩绑线视频
    PKCS cer 证书
    02、创建顶点缓冲
    [原]SSL 开发简述(Delphi)
    [转]Delphi和C++数据类型对照表
  • 原文地址:https://www.cnblogs.com/iuskye/p/6940732.html
Copyright © 2011-2022 走看看