MySQL权限受权认证详解
MySQL权限受权认证详解
vue
做者:尹正杰node
版权声明:原创做品,谢绝转载!不然将追究法律责任。 mysql
一.MySQL权限系统介绍
1>.权限系统的做用是授予来自某个主机的某个用户能够查询、插入、修改、删除等数据库操做的权限
2>.不能明确的指定拒绝某个用户的链接
3>.权限控制(受权与回收)的执行语句包括create user, grant, revoke
4>.受权后的权限都会存放在MySQL的内部数据库中(数据库名叫mysql),并在数据库启动以后把权限信息复制到内存中
5>.MySQL用户的认证信息不光包括用户名,还要包含链接发起的主机名(如下两个yinzhengjie被认为不是同一个用户,由于它们的主机名不一样)nginx
>>>SHOW GRANTS FOR ‘yinzhengjie’@‘node101.yinzhengjie.org.cn’; >>>SHOW GRANTS FOR 'yinzhengjie’@‘node102.yinzhengjie.org.cn’;
二.MySQL权限级别介绍sql
1>.MySQL权限级别数据库
全局性的管理权限,做用于整个MySQL实例级别;
数据库级别的权限,做用于某个指定的数据库上或者全部的数据库上;
数据库对象级别的权限,做用于指定的数据库对象上(表、视图等)或者全部的数据库对象上;
2>.权限存储在mysql库的user, db, tables_priv, columns_priv, and procs_priv这几个系统表中,待MySQL实例启动后就加载到内存中apache
3>.查看mysql实例默认root用户的权限(来自localhost)django
mysql> SHOW GRANTS FOR root@localhost\G *************************** 1. row *************************** Grants for root@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION *************************** 2. row *************************** Grants for root@localhost: GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION *************************** 3. row *************************** Grants for root@localhost: GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION 3 rows in set (0.01 sec) mysql>
4>.对比root用户在几个权限系统表中的数据 json
mysql> SELECT * FROM user WHERE user='root' AND host='localhost'\G *************************** 1. row *************************** Host: localhost User: root Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: Y Create_tablespace_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: caching_sha2_password authentication_string: $A$005$_DHTgn}dT9t%1>5eMM4wjrUWB.UY3A60WfUlqsZAVP0HhJ3Xxp1bFRs76g9B password_expired: N password_last_changed: 2019-01-22 05:42:22 password_lifetime: NULL account_locked: N Create_role_priv: Y Drop_role_priv: Y Password_reuse_history: NULL Password_reuse_time: NULL Password_require_current: NULL User_attributes: NULL 1 row in set (0.00 sec) mysql>
mysql> SELECT * FROM db WHERE user='root' AND host='localhost'\G Empty set (0.00 sec) mysql>
mysql> SELECT * FROM tables_priv WHERE host='localhost' AND user = 'root'\G Empty set (0.00 sec) mysql>
mysql> SELECT * FROM columns_priv WHERE host='localhost' AND user = 'root'\G Empty set (0.00 sec) mysql>
mysql> SELECT * FROM procs_priv WHERE host='localhost' AND user = 'root'\G Empty set (0.00 sec) mysql>
5>.查看mysql实例默认mysql.sys用户的权限(来自localhost) 服务器
mysql> SHOW GRANTS FOR 'mysql.sys'@localhost; +---------------------------------------------------------------+ | Grants for mysql.sys@localhost | +---------------------------------------------------------------+ | GRANT USAGE ON *.* TO `mysql.sys`@`localhost` | | GRANT TRIGGER ON `sys`.* TO `mysql.sys`@`localhost` | | GRANT SELECT ON `sys`.`sys_config` TO `mysql.sys`@`localhost` | +---------------------------------------------------------------+ 3 rows in set (0.00 sec) mysql> mysql> SHOW GRANTS FOR 'mysql.sys'@localhost\G *************************** 1. row *************************** Grants for mysql.sys@localhost: GRANT USAGE ON *.* TO `mysql.sys`@`localhost` *************************** 2. row *************************** Grants for mysql.sys@localhost: GRANT TRIGGER ON `sys`.* TO `mysql.sys`@`localhost` *************************** 3. row *************************** Grants for mysql.sys@localhost: GRANT SELECT ON `sys`.`sys_config` TO `mysql.sys`@`localhost` 3 rows in set (0.00 sec) mysql>
6>.对比mysql.sys用户在几个权限系统表中的数据
mysql> SELECT * FROM user WHERE user='mysql.sys' AND host='localhost'\G *************************** 1. row *************************** Host: localhost User: mysql.sys Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N Event_priv: N Trigger_priv: N Create_tablespace_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: caching_sha2_password authentication_string: $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED password_expired: N password_last_changed: 2019-01-22 05:41:42 password_lifetime: NULL account_locked: Y Create_role_priv: N Drop_role_priv: N Password_reuse_history: NULL Password_reuse_time: NULL Password_require_current: NULL User_attributes: NULL 1 row in set (0.00 sec) mysql>
mysql> SELECT * FROM db WHERE user='mysql.sys' AND host='localhost'\G *************************** 1. row *************************** Host: localhost Db: sys User: mysql.sys Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: Y 1 row in set (0.00 sec) mysql>
mysql> SELECT * FROM tables_priv WHERE user='mysql.sys' AND host='localhost'\G *************************** 1. row *************************** Host: localhost Db: sys User: mysql.sys Table_name: sys_config Grantor: root@localhost Timestamp: 2019-01-22 05:41:42 Table_priv: Select Column_priv: 1 row in set (0.00 sec) mysql> mysql>
mysql> SELECT * FROM columns_priv WHERE user='mysql.sys' AND host='localhost'\G Empty set (0.00 sec) mysql>
mysql> SELECT * FROM procs_priv WHERE user='mysql.sys' AND host='localhost'\G Empty set (0.00 sec) mysql> mysql>
三.MySQL权限详解
1>.ALL/ALL PRIVILEGES权限
表明全局或者全数据库对象级别的全部权限。
2>.ALTER权限
表明容许修改表结构的权限,但必需要求有CREATE和INSERT权限配合。若是是RENAME表名,则必需要求有ALTER和DROP原表,CREATE和INSERT新表的权限。
3>.ALTER ROUTINE权限
表明容许修改或者删除存储过程,函数的权限。
4>.CREATE权限
CREATE权限表明容许建立新的数据库和表的权限。
5>.CREATE ROUTINE权限
表明容许建立存储过程,函数的权限。
6>.CREATE TABLESPACE权限
表明容许建立,修改,删除表空间和日志组的权限。
7>.CRATE TEMPOARY TABLES权限
表明容许建立临时表的权限。
8>.CREATE USER权限
表明容许建立,修改,删除,重命名USRER的权限。
9>.CREATE VIEW权限
表明容许建立视图的权限。
10>.DELETE权限
表明容许删除行数据的权限。
11>.DROP权限
表明容许删除数据库,表,视图的权限,包括TRUNCATE TABLE命令。
12>.EVENT权限
代表容许查询,建立,修改,删除MySQL事件。
13>.Execute权限
表明容许执行存储过程和函数的权限。
14>.FILE权限
表明容许在MySQL能够访问的目录进行读写磁盘文件操做,可以使用的命令包括LOAD DATA INFILE,SELECT ... INTO OUTFILE,LOAD FILE()函数。
15>.GRANT OPTION权限
表明是否容许此用户受权或者收回其余用户你给予的权限。
16>.INDEX权限
表明是否容许建立和删除索引。
17>.INSERT权限
表明是否容许在表里插入数据,同时在执行ANALYZE TABLE,OPTIMIZE TABLE,REPAIR TABLE语句的时候也须要INSERT权限。
18>.LOCK权限
表明容许对拥有SELECT权限的表进行锁定,以防止其余连接对此表的读或写。
19>.PROCESS权限
表明容许查看MySQL中的进程信息,好比执行SHOW PROCESSLIST,mysqladmin processlist(命令行),SHOW ENGINES等命令。
mysql> SHOW PROCESSLIST\G *************************** 1. row *************************** Id: 4 User: event_scheduler Host: localhost db: NULL Command: Daemon Time: 4061 State: Waiting on empty queue Info: NULL *************************** 2. row *************************** Id: 8 User: root Host: localhost db: mysql Command: Query Time: 0 State: starting Info: SHOW PROCESSLIST 2 rows in set (0.00 sec) mysql>
mysql> SHOW ENGINES\G *************************** 1. row *************************** Engine: FEDERATED Support: NO Comment: Federated MySQL storage engine Transactions: NULL XA: NULL Savepoints: NULL *************************** 2. row *************************** Engine: InnoDB Support: DEFAULT Comment: Supports transactions, row-level locking, and foreign keys Transactions: YES XA: YES Savepoints: YES *************************** 3. row *************************** Engine: PERFORMANCE_SCHEMA Support: YES Comment: Performance Schema Transactions: NO XA: NO Savepoints: NO *************************** 4. row *************************** Engine: MyISAM Support: YES Comment: MyISAM storage engine Transactions: NO XA: NO Savepoints: NO *************************** 5. row *************************** Engine: MRG_MYISAM Support: YES Comment: Collection of identical MyISAM tables Transactions: NO XA: NO Savepoints: NO *************************** 6. row *************************** Engine: BLACKHOLE Support: YES Comment: /dev/null storage engine (anything you write to it disappears) Transactions: NO XA: NO Savepoints: NO *************************** 7. row *************************** Engine: MEMORY Support: YES Comment: Hash based, stored in memory, useful for temporary tables Transactions: NO XA: NO Savepoints: NO *************************** 8. row *************************** Engine: CSV Support: YES Comment: CSV storage engine Transactions: NO XA: NO Savepoints: NO *************************** 9. row *************************** Engine: ARCHIVE Support: YES Comment: Archive storage engine Transactions: NO XA: NO Savepoints: NO 9 rows in set (0.00 sec) mysql>
[root@node105 ~]# mysqladmin processlist -uroot -pyinzhengjie mysqladmin: [Warning] Using a password on the command line interface can be insecure. +----+-----------------+-----------+----+---------+------+------------------------+------------------+ | Id | User | Host | db | Command | Time | State | Info | +----+-----------------+-----------+----+---------+------+------------------------+------------------+ | 4 | event_scheduler | localhost | | Daemon | 4650 | Waiting on empty queue | | | 10 | root | localhost | | Query | 0 | starting | show processlist | +----+-----------------+-----------+----+---------+------+------------------------+------------------+ [root@node105 ~]# [root@node105 ~]#
20>.REFERENCE权限
是在5.7.6版本以后引入,表明是否容许建立外键。
21>.RELOAD权限
表明容许执行FLUSH命令,指明从新家在权限表到系统内存中,REFRESH命令表明关闭和从新开启日志文件并刷新全部到表。
22>.REPLICATION CLIENT权限
表明容许执行SHOW MASTER STATUS,SHOW SLAVE STATUS,SHOW BINARY LOGS命令。
mysql> SHOW MASTER STATUS; +---------------+----------+--------------+------------------+-------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set | +---------------+----------+--------------+------------------+-------------------+ | binlog.000003 | 155 | | | | +---------------+----------+--------------+------------------+-------------------+ 1 row in set (0.00 sec) mysql>
mysql> SHOW SLAVE STATUS; Empty set (0.00 sec) mysql>
mysql> mysql> SHOW BINARY LOGS; +---------------+-----------+-----------+ | Log_name | File_size | Encrypted | +---------------+-----------+-----------+ | binlog.000001 | 513 | No | | binlog.000002 | 178 | No | | binlog.000003 | 155 | No | +---------------+-----------+-----------+ 3 rows in set (0.00 sec) mysql> mysql>
23>.REPLICATION SLAVE权限
表明容许SLAVE主机经过此用户链接MASTER以便创建主从复制关系。
24>.SELECT权限
表明容许从表中查看数据,某些不查询表数据的SELECT执行则不须要此权限,如SELECT 1+1,SELECT PI() +5 等等;并且SELECT权限在执行UPDATA/DELETE语句中含有WHERE条件的状况下也是须要的。
mysql> SELECT PI()+5; +----------+ | PI()+5 | +----------+ | 8.141593 | +----------+ 1 row in set (0.00 sec) mysql>
25>.SHOW DATABASES权限
表明经过执行SHOW DATABASES名称查看全部的数据库名。
26>.SHOW VIEW权限
表明经过执行SHOW CREATE VIEW命令查看视图建立的语句。
27>.SHUTDOWN权限
表明容许关闭数据库实例,执行语句包括mysqladmin shutdown。
[root@node105 ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::3306 :::* LISTEN 0 128 :::22 :::* LISTEN 0 70 :::33060 :::* [root@node105 ~]# [root@node105 ~]# [root@node105 ~]# mysqladmin -uroot -pyinzhengjie shutdown mysqladmin: [Warning] Using a password on the command line interface can be insecure. [root@node105 ~]# [root@node105 ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@node105 ~]# [root@node105 ~]#
28>.SUPER权限
表明容许执行一系列数据库管理命令,包括kill强制关闭某个链接命令,CHANGE MASTER TO 建立复制关系命令,以及CRETE/ALTER/DROP SERVER等命令。
29>.TRIGGER权限
表明容许建立,删除,执行,现实触发器等权限。
30>.UPADTE权限
表明容许修改表中等数据等权限。
31>.USAGE权限
它是建立一个用户以后等默认权限,其自己表明链接登录权限。
mysql> CREATE USER yinzhengjie@node105.yinzhengjie.org.cn; Query OK, 0 rows affected (0.01 sec) mysql> SHOW GRANTS FOR yinzhengjie@node105.yinzhengjie.org.cn; +------------------------------------------------------------------+ | Grants for yinzhengjie@node105.yinzhengjie.org.cn | +------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `yinzhengjie`@`node105.yinzhengjie.org.cn` | +------------------------------------------------------------------+ 1 row in set (0.00 sec) mysql>
四.系统权限表
1>.权限存储在mysql库的user,db,tables_priv,columns_priv和procs_priv这5个系统表中。待MySQL实力启动成功后就家在到内存中。
• User表:
存放用户帐户信息以及全局级别(全部数据库)权限,决定了 来自哪些主机的哪些用户能够访问数据库实例,若是有全局权限则意味着对全部数据库都有此权限。
• Db表:
存放数据库级别的权限,决定了来自哪些主机的哪些用户能够访 问此数据库。
• Tables_priv表:
存放表级别的权限,决定了来自哪些主机的哪些用户能够 访问数据库的这个表。
• Columns_priv表:
存放列(字段)级别的权限,决定了来自哪些主机的哪些用户可 以访问数据库表的这个字段。
• Procs_priv表:
存放存储过程和函数级别的权限。
2>.user和db权限表结构
mysql> desc mysql.user\G *************************** 1. row *************************** Field: Host Type: char(60) Null: NO Key: PRI Default: Extra: *************************** 2. row *************************** Field: User Type: char(32) Null: NO Key: PRI Default: Extra: *************************** 3. row *************************** Field: Select_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 4. row *************************** Field: Insert_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 5. row *************************** Field: Update_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 6. row *************************** Field: Delete_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 7. row *************************** Field: Create_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 8. row *************************** Field: Drop_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 9. row *************************** Field: Reload_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 10. row *************************** Field: Shutdown_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 11. row *************************** Field: Process_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 12. row *************************** Field: File_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 13. row *************************** Field: Grant_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 14. row *************************** Field: References_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 15. row *************************** Field: Index_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 16. row *************************** Field: Alter_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 17. row *************************** Field: Show_db_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 18. row *************************** Field: Super_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 19. row *************************** Field: Create_tmp_table_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 20. row *************************** Field: Lock_tables_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 21. row *************************** Field: Execute_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 22. row *************************** Field: Repl_slave_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 23. row *************************** Field: Repl_client_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 24. row *************************** Field: Create_view_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 25. row *************************** Field: Show_view_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 26. row *************************** Field: Create_routine_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 27. row *************************** Field: Alter_routine_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 28. row *************************** Field: Create_user_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 29. row *************************** Field: Event_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 30. row *************************** Field: Trigger_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 31. row *************************** Field: Create_tablespace_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 32. row *************************** Field: ssl_type Type: enum('','ANY','X509','SPECIFIED') Null: NO Key: Default: Extra: *************************** 33. row *************************** Field: ssl_cipher Type: blob Null: NO Key: Default: NULL Extra: *************************** 34. row *************************** Field: x509_issuer Type: blob Null: NO Key: Default: NULL Extra: *************************** 35. row *************************** Field: x509_subject Type: blob Null: NO Key: Default: NULL Extra: *************************** 36. row *************************** Field: max_questions Type: int(11) unsigned Null: NO Key: Default: 0 Extra: *************************** 37. row *************************** Field: max_updates Type: int(11) unsigned Null: NO Key: Default: 0 Extra: *************************** 38. row *************************** Field: max_connections Type: int(11) unsigned Null: NO Key: Default: 0 Extra: *************************** 39. row *************************** Field: max_user_connections Type: int(11) unsigned Null: NO Key: Default: 0 Extra: *************************** 40. row *************************** Field: plugin Type: char(64) Null: NO Key: Default: caching_sha2_password Extra: *************************** 41. row *************************** Field: authentication_string Type: text Null: YES Key: Default: NULL Extra: *************************** 42. row *************************** Field: password_expired Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 43. row *************************** Field: password_last_changed Type: timestamp Null: YES Key: Default: NULL Extra: *************************** 44. row *************************** Field: password_lifetime Type: smallint(5) unsigned Null: YES Key: Default: NULL Extra: *************************** 45. row *************************** Field: account_locked Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 46. row *************************** Field: Create_role_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 47. row *************************** Field: Drop_role_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 48. row *************************** Field: Password_reuse_history Type: smallint(5) unsigned Null: YES Key: Default: NULL Extra: *************************** 49. row *************************** Field: Password_reuse_time Type: smallint(5) unsigned Null: YES Key: Default: NULL Extra: *************************** 50. row *************************** Field: Password_require_current Type: enum('N','Y') Null: YES Key: Default: NULL Extra: *************************** 51. row *************************** Field: User_attributes Type: json Null: YES Key: Default: NULL Extra: 51 rows in set (0.00 sec) mysql>
mysql> desc mysql.db\G *************************** 1. row *************************** Field: Host Type: char(60) Null: NO Key: PRI Default: Extra: *************************** 2. row *************************** Field: Db Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 3. row *************************** Field: User Type: char(32) Null: NO Key: PRI Default: Extra: *************************** 4. row *************************** Field: Select_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 5. row *************************** Field: Insert_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 6. row *************************** Field: Update_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 7. row *************************** Field: Delete_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 8. row *************************** Field: Create_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 9. row *************************** Field: Drop_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 10. row *************************** Field: Grant_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 11. row *************************** Field: References_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 12. row *************************** Field: Index_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 13. row *************************** Field: Alter_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 14. row *************************** Field: Create_tmp_table_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 15. row *************************** Field: Lock_tables_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 16. row *************************** Field: Create_view_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 17. row *************************** Field: Show_view_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 18. row *************************** Field: Create_routine_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 19. row *************************** Field: Alter_routine_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 20. row *************************** Field: Execute_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 21. row *************************** Field: Event_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: *************************** 22. row *************************** Field: Trigger_priv Type: enum('N','Y') Null: NO Key: Default: N Extra: 22 rows in set (0.00 sec) mysql>
User权限表结构中的特殊字段 • Plugin,password,authentication_string三个字段存放用户认证信息 • Password_expired设置成’Y’则代表容许DBA将此用户的密码设置成过时而 且过时后要求用户的使用者重置密码(alter user/set password重置密码) • Password_last_changed做为一个时间戳字段表明密码上次修改时间,执 行create user/alter user/set password/grant等命令建立用户或修改用户密 码时此数值自动更新 • Password_lifetime表明从password_last_changed时间开始此密码过时的天 数 • Account_locked表明此用户被锁住,没法使用
3>.tables_priv和columns_priv权限表结构
mysql> desc mysql.tables_priv\G *************************** 1. row *************************** Field: Host Type: char(60) Null: NO Key: PRI Default: Extra: *************************** 2. row *************************** Field: Db Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 3. row *************************** Field: User Type: char(32) Null: NO Key: PRI Default: Extra: *************************** 4. row *************************** Field: Table_name Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 5. row *************************** Field: Grantor Type: char(93) Null: NO Key: MUL Default: Extra: *************************** 6. row *************************** Field: Timestamp Type: timestamp Null: NO Key: Default: CURRENT_TIMESTAMP Extra: DEFAULT_GENERATED on update CURRENT_TIMESTAMP *************************** 7. row *************************** Field: Table_priv Type: set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger') Null: NO Key: Default: Extra: *************************** 8. row *************************** Field: Column_priv Type: set('Select','Insert','Update','References') Null: NO Key: Default: Extra: 8 rows in set (0.00 sec) mysql>
mysql> desc mysql.columns_priv\G *************************** 1. row *************************** Field: Host Type: char(60) Null: NO Key: PRI Default: Extra: *************************** 2. row *************************** Field: Db Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 3. row *************************** Field: User Type: char(32) Null: NO Key: PRI Default: Extra: *************************** 4. row *************************** Field: Table_name Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 5. row *************************** Field: Column_name Type: char(64) Null: NO Key: PRI Default: Extra: *************************** 6. row *************************** Field: Timestamp Type: timestamp Null: NO Key: Default: CURRENT_TIMESTAMP Extra: DEFAULT_GENERATED on update CURRENT_TIMESTAMP *************************** 7. row *************************** Field: Column_priv Type: set('Select','Insert','Update','References') Null: NO Key: Default: Extra: 7 rows in set (0.00 sec) mysql>
procs_priv权限表结构
• Routine_type是枚举类型,表明是存储过程仍是函数
• Timestamp和grantor两个字段暂时没用
4>.系统权限表字段长度限制表
5>.权限认证中的大小写铭感问题
• 字段user,password,authencation_string,db,table_name大小写敏感
• 字段host,column_name,routine_name大小写不敏感
mysql> CREATE USER yinzhengjie@node110.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> CREATE USER Yinzhengjie@node110.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> select User,Host from mysql.user where Host='node110.yinzhengjie.org.cn'; +-------------+----------------------------+ | User | Host | +-------------+----------------------------+ | Yinzhengjie | node110.yinzhengjie.org.cn | | yinzhengjie | node110.yinzhengjie.org.cn | +-------------+----------------------------+ 2 rows in set (0.00 sec) mysql> mysql>
mysql> CREATE USER jason@node110.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> CREATE USER jason@NODE110.yinzhengjie.org.cn; #这里报错了,说明MySQL的主机名是不区分大小写的!若是你写成大写他会默认给你转换成小写在user表中进行对比! ERROR 1396 (HY000): Operation CREATE USER failed for 'jason'@'node110.yinzhengjie.org.cn' mysql> mysql> mysql> select User,Host from mysql.user where Host='node110.yinzhengjie.org.cn'; +-------------+----------------------------+ | User | Host | +-------------+----------------------------+ | Yinzhengjie | node110.yinzhengjie.org.cn | | jason | node110.yinzhengjie.org.cn | | yinzhengjie | node110.yinzhengjie.org.cn | +-------------+----------------------------+ 3 rows in set (0.00 sec) mysql> mysql>
6>.查看用户权限信息
mysql> SHOW GRANTS FOR 'root'@'localhost'\G *************************** 1. row *************************** Grants for root@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION *************************** 2. row *************************** Grants for root@localhost: GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION *************************** 3. row *************************** Grants for root@localhost: GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION 3 rows in set (0.00 sec) mysql>
mysql> SHOW CREATE USER root@localhost\G *************************** 1. row *************************** CREATE USER for root@localhost: CREATE USER 'root'@'localhost' IDENTIFIED WITH 'caching_sha2_password' AS '$A$005$_DHTgn}dT9t%1>5eMM4wjrUWB.UY3A60WfUlqsZAVP0HhJ3Xxp1bFRs76g9B' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT PASSWORD REQUIRE CURRENT DEFAULT 1 row in set (0.00 sec) mysql> mysql>
五.MySQL受权用户
1>.MySQL受权用户的组成部分
MySQL的受权用户由两部分组成,即用户名和登录主机名。关于用户名和主机名须要遵循如下几点规则:
• 表达用户的语法为‘user_name’@‘host_name’
• 单引号不是必须,但若是其中包含特殊字符则是必须的
• ‘’@‘localhost’表明匿名登陆的用户
• Host_name可使主机名或者ipv4/ipv6的地址。Localhost表明本机,127.0.0.1表明ipv4的 本机地址,::1表明ipv6的本机地址
• Host_name字段容许使用%和_两个匹配字符,好比’%’表明全部主机,’%.mysql.com’表明 来自mysql.com这个域名下的全部主机,‘192.168.1.%’表明全部来自192.168.1网段的主机
2>.MySQL修改权限的生效周期
• 执行Grant,revoke,setpassword,renameuser命令修改权限以后,MySQL会自动将修改后的权限信息同步加载到系统内存中
• 若是执行insert/update/delete操做上述的系统权限表以后,则必须再执行刷 新权限命令才能同步到系统内存中,刷新权限命令包括:flush privileges/mysqladmin flush-privileges/mysqladmin reload
• 若是是修改tables和columns级别的权限,则客户端的下次操做新权限就会生效
• 若是是修改database级别的权限,则新权限在客户端执行use database命令后生效
• 若是是修改global级别的权限,则须要从新建立链接新权限才能生效
• --skip-grant-tables能够跳过全部系统权限表而容许全部用户登陆,只在特殊 状况下暂时使用
3>.MySQL用户链接各类姿式
[root@node105 ~]# mysql --user=root --password mysql Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 14 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select database(); +------------+ | database() | +------------+ | mysql | +------------+ 1 row in set (0.00 sec) mysql> mysql> quit Bye [root@node105 ~]# [root@node105 ~]#
[root@node105 ~]# mysql --user=root -p mysql Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 15 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select database(); +------------+ | database() | +------------+ | mysql | +------------+ 1 row in set (0.00 sec) mysql> quit Bye [root@node105 ~]#
[root@node105 ~]# mysql --user=root --password=yinzhengjie mysql mysql: [Warning] Using a password on the command line interface can be insecure. Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 16 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select database(); +------------+ | database() | +------------+ | mysql | +------------+ 1 row in set (0.00 sec) mysql> quit Bye [root@node105 ~]# [root@node105 ~]# history | tail -5 282 mysql --user=yinzhengjie@node105.yinzhengjie.org.cn --password mysql 283 mysql --user=root --password mysql 284 mysql --user=root -p mysql 285 mysql --user=root --password=yinzhengjie mysql #密码被history记录住了 286 history | tail -5 [root@node105 ~]#
[root@node105 ~]# mysql -uroot -pyinzhengjie mysql mysql: [Warning] Using a password on the command line interface can be insecure. Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 17 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select database(); +------------+ | database() | +------------+ | mysql | +------------+ 1 row in set (0.00 sec) mysql> quit; Bye [root@node105 ~]# history | tail -2 289 mysql -uroot -pyinzhengjie mysql 290 history | tail -2 [root@node105 ~]#
4>.建立MySQL用户案例展现
有两种建立MySQL受权用户:
姿式一 :执行CREATE USER/GRANT命令(博主推荐)
姿式二 :经过INSERT语句直接操做MySQL系统权限表(不推荐使用)
mysql> SELECT User,Host from mysql.user; +------------------+-----------+ | User | Host | +------------------+-----------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +------------------+-----------+ 4 rows in set (0.00 sec) mysql> mysql> mysql> CREATE USER 'jason'@'node110.yinzhengjie.org.cn' IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 5 rows in set (0.00 sec) mysql>
mysql> SHOW GRANTS FOR 'jason'@'node110.yinzhengjie.org.cn'; +------------------------------------------------------------+ | Grants for jason@node110.yinzhengjie.org.cn | +------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jason`@`node110.yinzhengjie.org.cn` | +------------------------------------------------------------+ 1 row in set (0.00 sec) mysql>
mysql> SHOW GRANTS FOR 'jason'@'node110.yinzhengjie.org.cn'; +------------------------------------------------------------+ | Grants for jason@node110.yinzhengjie.org.cn | +------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jason`@`node110.yinzhengjie.org.cn` | +------------------------------------------------------------+ row in set (0.00 sec) mysql> mysql> CREATE DATABASE yinzhengjie; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | | yinzhengjie | +--------------------+ rows in set (0.00 sec) mysql> mysql> GRANT ALL PRIVILEGES ON yinzhengjie.* TO `jason`@`node110.yinzhengjie.org.cn` WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SHOW GRANTS FOR 'jason'@'node110.yinzhengjie.org.cn'; +--------------------------------------------------------------------------------------------------+ | Grants for jason@node110.yinzhengjie.org.cn | +--------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jason`@`node110.yinzhengjie.org.cn` | | GRANT ALL PRIVILEGES ON `yinzhengjie`.* TO `jason`@`node110.yinzhengjie.org.cn` WITH GRANT OPTION | +--------------------------------------------------------------------------------------------------+ rows in set (0.00 sec) mysql>
[root@node110 ~]# hostname node110.yinzhengjie.org.cn [root@node110 ~]# [root@node110 ~]# hostname -i 172.30.1.110 [root@node110 ~]# [root@node110 ~]# cat /etc/hosts | grep yinzhengjie 172.30.1.101 node101.yinzhengjie.org.cn 172.30.1.102 node102.yinzhengjie.org.cn 172.30.1.103 node103.yinzhengjie.org.cn 172.30.1.105 node105.yinzhengjie.org.cn 172.30.1.110 node110.yinzhengjie.org.cn [root@node110 ~]# [root@node110 ~]# [root@node110 ~]# mysql -h node105.yinzhengjie.org.cn -ujason -pyinzhengjie mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 21 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | yinzhengjie | +--------------------+ 2 rows in set (0.00 sec) mysql> use yinzhengjie; Database changed mysql> mysql> SELECT database(); +-------------+ | database() | +-------------+ | yinzhengjie | +-------------+ 1 row in set (0.00 sec) mysql> show tables; Empty set (0.00 sec) mysql> quit Bye [root@node110 ~]# [root@node110 ~]#
5>.回收MySQL用户权限
mysql> SHOW GRANTS FOR 'jason'@'node110.yinzhengjie.org.cn'; +---------------------------------------------------------------------------------------------------+ | Grants for jason@node110.yinzhengjie.org.cn | +---------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jason`@`node110.yinzhengjie.org.cn` | | GRANT ALL PRIVILEGES ON `yinzhengjie`.* TO `jason`@`node110.yinzhengjie.org.cn` WITH GRANT OPTION | +---------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> mysql> REVOKE SELECT,UPDATE,DELETE ON yinzhengjie.* FROM 'jason'@'node110.yinzhengjie.org.cn'; Query OK, 0 rows affected (0.00 sec) mysql> SHOW GRANTS FOR 'jason'@'node110.yinzhengjie.org.cn'; +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for jason@node110.yinzhengjie.org.cn | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jason`@`node110.yinzhengjie.org.cn` | | GRANT INSERT, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `yinzhengjie`.* TO `jason`@`node110.yinzhengjie.org.cn` WITH GRANT OPTION | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql>
6>.删除MySQL用户
mysql> mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 5 rows in set (0.00 sec) mysql> mysql> DROP USER jason@node110.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SELECT User,Host from mysql.user; +------------------+-----------+ | User | Host | +------------------+-----------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +------------------+-----------+ 4 rows in set (0.00 sec) mysql>
7>.设置MySQL用户资源
• 经过设置全局变量max_user_connections能够限制全部用户在同一时间链接MySQL实例的数量,但此参数没法对每一个用户区别对待,因此MySQL提供了对每一个用户的资源限制管理
• MAX_QUERIES_PER_HOUR:一个用户在一个小时内能够执行查询的次数(基本包含全部语句)
• MAX_UPDATES_PER_HOUR:一个用户在一个小时内能够执行修改的次数(仅包含修改数据库或表的语句)
• MAX_CONNECTIONS_PER_HOUR:一个用户在一个小时内能够链接MySQL的时间
• MAX_USER_CONNECTIONS:一个用户能够在同一时间链接MySQL实例的数量,注意,当针对某个用户当MAX_USER_CONNECTIONS非0时,则忽略全局系统参数MAX_USER_CONNECTIONS,反之则全局系统参数生效!
• 从5.0.3版本开始,对用户‘user’@‘%.example.com’的资源限制是指全部 经过example.com域名主机链接user用户的链接,而不是分别指从 host1.example.com和host2.example.com主机过来的链接
mysql> SELECT User,Host from mysql.user; +------------------+-----------+ | User | Host | +------------------+-----------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +------------------+-----------+ 4 rows in set (0.00 sec) mysql> mysql> CREATE USER 'jason'@'node110.yinzhengjie.org.cn' IDENTIFIED BY 'yinzhengjie' -> WITH MAX_QUERIES_PER_HOUR 20 -> MAX_UPDATES_PER_HOUR 5 -> MAX_CONNECTIONS_PER_HOUR 3 -> MAX_USER_CONNECTIONS 2; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 5 rows in set (0.00 sec) mysql>
mysql> ALTER USER jason@node110.yinzhengjie.org.cn WITH MAX_USER_CONNECTIONS 5; Query OK, 0 rows affected (0.01 sec) mysql>
mysql> ALTER USER jason@node110.yinzhengjie.org.cn WITH MAX_USER_CONNECTIONS 0; Query OK, 0 rows affected (0.01 sec) mysql>
8>.设置MySQL用户当密码
mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 5 rows in set (0.00 sec) mysql> mysql> CREATE USER 'yinzhengjie'@'node110.yinzhengjie.org.cn' IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | | yinzhengjie | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 6 rows in set (0.00 sec) mysql>
mysql> ALTER USER jason@node110.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie2019'; Query OK, 0 rows affected (0.01 sec) mysql>
mysql> SELECT USER(); +----------------+ | USER() | +----------------+ | root@localhost | +----------------+ 1 row in set (0.00 sec) mysql> mysql> ALTER USER USER() IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.01 sec) mysql>
注意,MySQL8.0之后的版本,不支持使用 SET PASSWORD FOR jason@node110.yinzhengjie.org.cn = PASSWORD('yinzhengjie'); 这样的语句修改代码了,使用MySQL5.7的小伙伴们得注意一下了哟~固然,若是你经过mysqladmin的方式修改MySQL密码也是一种方式,可是博主不推荐哟~别忘记Linux中又一个history功能哟!
9>.设置MySQL用户密码过时策略
设置系统参数default_password_lifetime做用于全部的用户帐户
• default_password_lifetime=180 设置180天过时 • default_password_lifetime=0 设置密码不过时
若是为每一个用户设置了密码过时策略,则会覆盖上述系统参数
• ALTER USER 'jason'@'node101.yinzhengjie.org.cn' PASSWORD EXPIRE INTERVAL 90 DAY;
• ALTER USER ‘jason’@‘node102.yinzhengjie.org.cn’ PASSWORD EXPIRE NEVER; 密码不过时
• ALTER USER ‘jason’@‘node103.yinzhengjie.org.cn’ PASSWORD EXPIRE DEFAULT; 默认过时策略
手动强制某个用户密码过时
• ALTER USER 'jason'@'node105.yinzhengjie.org.cn' PASSWORD EXPIRE;
10>.MySQL用户lock
mysql> CREATE USER yzj@node110.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie' ACCOUNT LOCK; Query OK, 0 rows affected (0.01 sec) mysql>
mysql> SELECT User,Host from mysql.user; +------------------+----------------------------+ | User | Host | +------------------+----------------------------+ | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | | jason | node110.yinzhengjie.org.cn | | yinzhengjie | node110.yinzhengjie.org.cn | | yzj | node110.yinzhengjie.org.cn | +------------------+----------------------------+ 7 rows in set (0.00 sec) mysql> mysql> ALTER USER yinzhengjie@node110.yinzhengjie.org.cn ACCOUNT LOCK; Query OK, 0 rows affected (0.01 sec) mysql>
咱们建立时就将用户锁住,那么其时没法登录MySQL服务器的哟!链接时会提示该用户已经被锁入住,以下所示:
[root@node110 ~]# mysql -h node105.yinzhengjie.org.cn -uyzj -pyinzhengjie mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 3118 (HY000): Access denied for user 'yzj'@'node110.yinzhengjie.org.cn'. Account is locked. [root@node110 ~]# [root@node110 ~]#
若是MySQL用户被锁住后,有人申请要解锁的话,其实也很简单,具体操做以下:
mysql> ALTER USER yinzhengjie@node110.yinzhengjie.org.cn ACCOUNT UNLOCK; Query OK, 0 rows affected (0.00 sec) mysql>
11>.企业应用中的常规MySQL用户
MySQL用户的建立一般由DBA统一协调建立,并且按需建立;
DBA一般直接使用root用户来管理数据库;
一般会建立指定业务数据库上的增删改查、临时表、执行存储过程的权限给应 用程序来链接数据库;
一般也会建立指定业务数据库上的只读权限给特定应用程序或某些高级别人员 来查询数据,防止数据被修改;
在MySQL8.0引入了一个角色的概念,具体的SQL操做以下:
mysql> CREATE ROLE app_readonly; #建立一个app_readonly角色(组) Query OK, 0 rows affected (0.03 sec) mysql> mysql> GRANT SELECT ON *.* TO app_readonly; #咱们为建立的角色授予只读权限 Query OK, 0 rows affected (0.00 sec) mysql> mysql> CREATE USER apache@node105.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie'; #咱们建立一个用户 Query OK, 0 rows affected (0.00 sec) mysql> mysql> CREATE USER nginx@node105.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.00 sec) mysql> mysql> GRANT app_readonly TO apache@node105.yinzhengjie.org.cn ; #咱们将角色的权限授予指定的用户 Query OK, 0 rows affected (0.00 sec) mysql> mysql> GRANT app_readonly TO nginx@node105.yinzhengjie.org.cn ; Query OK, 0 rows affected (0.00 sec) mysql> mysql> mysql> CREATE ROLE app_readwrite; Query OK, 0 rows affected (0.00 sec) mysql> mysql> GRANT SELECT,INSERT,DELETE,UPDATE ON *.* TO app_readwrite; Query OK, 0 rows affected (0.00 sec) mysql> mysql> mysql> CREATE USER django@node105.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.01 sec) mysql> mysql> CREATE USER vue@node105.yinzhengjie.org.cn IDENTIFIED BY 'yinzhengjie'; Query OK, 0 rows affected (0.01 sec) mysql> mysql> GRANT app_readwrite TO django@node105.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> GRANT app_readwrite TO vue@node105.yinzhengjie.org.cn; Query OK, 0 rows affected (0.00 sec) mysql> mysql> SHOW GRANTS FOR django@node105.yinzhengjie.org.cn; +--------------------------------------------------------------------+ | Grants for django@node105.yinzhengjie.org.cn | +--------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `django`@`node105.yinzhengjie.org.cn` | | GRANT `app_readwrite`@`%` TO `django`@`node105.yinzhengjie.org.cn` | +--------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> mysql> SHOW GRANTS FOR django@node105.yinzhengjie.org.cn USING app_readwrite; #使用USING + 角色名称 就能够看到详细的权限信息了,和上面的查看权限的造成了鲜明的对比~ +--------------------------------------------------------------------------------------+ | Grants for django@node105.yinzhengjie.org.cn | +--------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO `django`@`node105.yinzhengjie.org.cn` | | GRANT `app_readwrite`@`%` TO `django`@`node105.yinzhengjie.org.cn` | +--------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> mysql> REVOKE app_readwrite FROM django@node105.yinzhengjie.org.cn; #咱们能够收回权限 Query OK, 0 rows affected (0.00 sec) mysql> mysql> SHOW GRANTS FOR django@node105.yinzhengjie.org.cn; #固然咱们也能够把多个角色赋值给同一个用户哟~ +-------------------------------------------------------------+ | Grants for django@node105.yinzhengjie.org.cn | +-------------------------------------------------------------+ | GRANT USAGE ON *.* TO `django`@`node105.yinzhengjie.org.cn` | +-------------------------------------------------------------+ 1 row in set (0.00 sec) mysql>
12>.企业应用中的MySQL用户密码设定
• 企业生产系统中MySQL用户的密码设定有严格的规范,一般要有密码复杂度、密码长度等要求
• 搜索网上的密码生成器,能按要求生成随机密码
• http://suijimimashengcheng.51240.com/
相关文章
- 1. Java权限管理(受权与认证)
- 2. Shiro-权限认证(受权)-编程式受权
- 3. OAuth 2.0 受权认证详解
- 4. ETCD受权认证
- 5. 认证受权:IdentityServer4
- 6. 028.[转] 认证、受权、鉴权和权限控制
- 7. Oracle权限管理详解、受权
- 8. MySQL权限详解
- 9. Mysql权限详解
- 10. MongoDB 权限认证
- 更多相关文章...
- • MySQL删除用户权限(REVOKE) - MySQL教程
- • Rust 所有权 - RUST 教程
- • Flink 数据传输及反压详解
- • 漫谈MySQL的锁机制
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. js中 charCodeAt
- 2. Android中通过ViewHelper.setTranslationY实现View移动控制(NineOldAndroids开源项目)
- 3. 【Android】日常记录:BottomNavigationView自定义样式,修改点击后图片
- 4. maya 文件检查 ui和数据分离 (一)
- 5. eclipse 修改项目的jdk版本
- 6. Android InputMethod设置
- 7. Simulink中Bus Selector出现很多? ? ?
- 8. 【Openfire笔记】启动Mac版Openfire时提示“系统偏好设置错误”
- 9. AutoPLP在偏好标签中的生产与应用
- 10. 数据库关闭的四种方式
欢迎关注本站公众号,获取更多信息
相关文章
- 1. Java权限管理(受权与认证)
- 2. Shiro-权限认证(受权)-编程式受权
- 3. OAuth 2.0 受权认证详解
- 4. ETCD受权认证
- 5. 认证受权:IdentityServer4
- 6. 028.[转] 认证、受权、鉴权和权限控制
- 7. Oracle权限管理详解、受权
- 8. MySQL权限详解
- 9. Mysql权限详解
- 10. MongoDB 权限认证