zoukankan      html  css  js  c++  java
  • mysql 从库设置read-only 对super权限的用户无效的问题

    由于在测试mysql主从读写分离的时候,用root用户设置从库为read-only ,但是重启生效后发现,root用户照样可以进行update insert ,此时root用有all privilege权限,包括super(管理)权限
     
    测试单独回收revoke root的super权限后再试,发现root此时 已经不能写操作了
     
    因此在给普通用户,或区分读写分离用户时,注意要回收super权限,否则对read-only无效。
     
    另外为了防止普通用户对从库进行插入,在给用户分配权限时要回收super权限
     
    下面是引用网上一篇文章做例子:

    配置:

    [root@Slave-Mysql data]# grep read-only /etc/my.cnf
    read-only

    试验过程:

    主库授权ALL

    mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';

    从库测试:

    [root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'
    mysql> use hitest;
    mysql> insert into test(id,name) values(14,'fo');
    Query OK, 1 row affected (0.14 sec)

    主库授权select,insert,update,delete

    mysql> REVOKE all ON *.* FROM 'imbyrd'@'localhost';
    mysql> grant select,insert,update,delete on  *.* to 'imbyrd'@'localhost' identified by 'admin';
    mysql> show grants for imbyrd@'localhost';
    +----------------------------------------------------------------------------------------------------------------------------------------+
    | Grants for imbyrd@localhost                                                                                                            |
    +----------------------------------------------------------------------------------------------------------------------------------------+
    | GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' |
    +----------------------------------------------------------------------------------------------------------------------------------------+
    1 row in set (0.00 sec)

    从库测试:

    mysql> use hitest;
    mysql> insert into test(id,name) values(16,'dddd');
    ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

    主库配置:

    mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';
    mysql> show grants for imbyrd@'localhost'\G
    *************************** 1. row ***************************
    Grants for imbyrd@localhost: GRANT ALL PRIVILEGES ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
    1 row in set (0.00 sec)
    mysql> REVOKE SUPER ON *.* FROM 'imbyrd'@'localhost'; 
    mysql> show grants for imbyrd@'localhost'\G
    *************************** 1. row ***************************
    Grants for imbyrd@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
    1 row in set (0.00 sec)

    从库测试:

    [root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'
    mysql> use hitest;
    mysql> insert into test(id,name) values(23,'fddf');
    ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement


    结论:当用户权限中没有SUPER权限(ALL权限是包括SUPER的)时,从库的read-only生效!

  • 相关阅读:
    React-Native 基本环境的搭建
    initWithFrame 与 initWithCoder 、awakeFromNib 的方法理解笔记
    关于 jwTextFiled 的使用说明
    使用 SourceTree 遇到冲突的解决方法
    如何使用最简单的方法将一个已经存在的工程中使用 cocaPodfile
    使用 NSData 分类实现,对 NSData 数据类型进行 AES 加密
    相机检测
    纯代码适配优化方案之一(内联函数的使用)
    页面跳转问题,多次 push 到新的页面的问题的解决方法
    判断银行卡卡号输入的合法性接口
  • 原文地址:https://www.cnblogs.com/mysqlplus/p/4886593.html
Copyright © 2011-2022 走看看