注:html
Host列指定了容許用戶登陸所使用的IP,好比user=root Host=192.168.1.1。這裏的意思就是說root用戶只能經過192.168.1.1的客戶端去訪問。
而%是個通配符,若是Host=192.168.1.%,那麼就表示只要是IP地址前綴爲「192.168.1.」的客戶端均可以鏈接。若是Host=%,表示全部IP都有鏈接權限。、
這也就是爲何在開啓遠程鏈接的時候,大部分人都直接把Host改爲%的緣故,爲了省事。
1:新增用戶:mysql
注:MySQL數據庫下user表中,Host和User爲兩個主鍵列(primary key),已經各版本下非空未設置默認字段。sql
登陸後,切換db:數據庫
- mysql> use mysql;
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
-
- Database changed
新增用戶:緩存
注:限制kaka用戶的登錄ip爲10.155.123.55,ip爲隨手寫入,若是正確配置爲您有效登錄ip,全部ip登錄,則設置Host爲 '%'安全
- mysql> INSERT INTO mysql.user(Host,User,Password) VALUES("10.155.123.55","kaka",PASSWORD("kaka123"));
在版本 5.6.27:服務器
- mysql> INSERT INTO mysql.user(Host,User,Password,ssl_cipher,x509_issuer,x509_subject) VALUES("10.155.123.55","kaka",PASSWORD("kaka123"),"","","");
- Query OK, 1 row affected (0.03 sec)
新增用戶(全sql):app
- INSERT INTO `user`(`Host`,`User`,`Password`,`Select_priv`,`Insert_priv`,`Update_priv`,`Delete_priv`,`Create_priv`,`Drop_priv`,`Reload_priv`,`Shutdown_priv`,`Process_priv`,`File_priv`,`Grant_priv`,`References_priv`,`Index_priv`,`Alter_priv`,`Show_db_priv`,`Super_priv`,`Create_tmp_table_priv`,`Lock_tables_priv`,`Execute_priv`,`Repl_slave_priv`,`Repl_client_priv`,`Create_view_priv`,`Show_view_priv`,`Create_routine_priv`,`Alter_routine_priv`,`Create_user_priv`,`Event_priv`,`Trigger_priv`,`Create_tablespace_priv`,`ssl_type`,`ssl_cipher`,`x509_issuer`,`x509_subject`,`max_questions`,`max_updates`,`max_connections`,`max_user_connections`,`plugin`,`authentication_string`,`password_expired`) VALUES ('%','root','*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'mysql_native_password','','N');
新增用戶完成,刷新mysql的系統權限相關表ide
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
設置遇到問題,請查看:MySQL配置和設置問題小結
函數
重啓生效:
- [root@Tony_ts_tian bin]# service mysqld restart
- Shutting down MySQL.... SUCCESS!
- Starting MySQL. SUCCESS!
查詢用戶,Host,User,Password:
- mysql> SELECT Host,User,Password FROM mysql.user;
- +
- | Host | User | Password |
- +
- | localhost | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | tony\_ts\_tian | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 127.0.0.1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | ::1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 10.155.123.55 | kaka | *90B3D884FB6092549F244125549B77C000A0F9C6 |
- | % | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- +
- 6 rows in set (0.00 sec)
2:修改信息,密碼,相似可修改其餘字段。
- mysql> UPDATE `user` SET Password=PASSWORD("123456") WHERE Host='10.155.123.55' AND User='kaka';
- Query OK, 1 row affected (0.02 sec)
- Rows matched: 1 Changed: 1 Warnings: 0
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> SELECT Host,User,Password FROM `user`;
- 前:
- | 10.155.123.55 | kaka | *90B3D884FB6092549F244125549B77C000A0F9C6 |
- 後:
- | 10.155.123.55 | kaka | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
3:刪除用戶:
- mysql> DELETE FROM `user` WHERE Host='10.155.123.55' AND User='kaka';
- Query OK, 1 row affected (0.00 sec)
-
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
-
- mysql> SELECT Host,User,Password FROM `user`;
- +
- | Host | User | Password |
- +
- | localhost | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | tony\_ts\_tian | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 127.0.0.1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | ::1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | % | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- +
- 5 rows in set (0.00 sec)
4. 權限分配
- GRANT語法:
- GRANT 權限 ON 數據庫.* TO 用戶名@'登陸主機' IDENTIFIED BY '密碼'
- 權限:
- ALL,ALTER,CREATE,DROP,SELECT,UPDATE,DELETE
- 新增用戶:權限爲USAGE,即爲:"無權限",想要建立一個沒有權限的用戶時,能夠指定USAGE
- 數據庫:
- *.* 表示全部庫的全部表
- mylove.* 表示mylove庫的全部表
- mylove.loves 表示mylove庫的loves表
- 用戶名:
- MySQL的帳戶名
- 登錄主機:
- 容許登錄到MySQL Server的客戶端ip
- '%'表示全部ip
- 'localhost' 表示本機
- '10.155.123.55' 特定IP
- 密碼:
- MySQL的帳戶名對應的登錄密碼
注: IDENTIFIED BY '密碼',可選。
GRANT會覆蓋用戶的部分信息,跟insert 、update執行功能同樣。
給用戶kaka分配test數據庫下user表的查詢select權限:
- mysql> GRANT SELECT ON test.user TO kaka@'10.155.123.55' IDENTIFIED BY '123456';
- Query OK, 0 rows affected (0.00 sec)
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> show Grants for 'kaka'@'10.155.123.55';
- +
- | Grants for kaka@10.155.123.55 |
- +
- | GRANT USAGE ON *.* TO 'kaka'@'10.155.123.55' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
- | GRANT SELECT ON `test`.`user` TO 'kaka'@'10.155.123.55' |
- +
- 2 rows in set (0.00 sec)
爲了快速測試,我要把ip切回%,ip全訪問:
使用和測試:
數據庫和數據表請看: MySQL數據定義語句:CREATE(建立)命令、ALTER(修改)命令、DROP(刪除)
- mysql> use mysql
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
- Database changed
- 修改權限Host爲全部ip登錄:
- mysql> UPDATE `user` SET Host='%' WHERE Host='10.155.123.55' AND User='kaka';
- Query OK, 1 row affected (0.00 sec)
- Rows matched: 1 Changed: 1 Warnings: 0
- 查看kaka的權限:
- mysql> show grants for 'kaka'@'10.155.123.55';
- +
- | Grants for kaka@10.155.123.55 |
- +
- | GRANT USAGE ON *.* TO 'kaka'@'10.155.123.55' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
- | GRANT SELECT ON `test`.`user` TO 'kaka'@'10.155.123.55' |
- +
- 2 rows in set (0.00 sec)
- 刷新MySQL的系統權限相關表
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- 查看kaka的權限:
- mysql> show grants for 'kaka'@'%';
- +
- | Grants for kaka@% |
- +
- | GRANT USAGE ON *.* TO 'kaka'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
- +
- 1 row in set (0.00 sec)
- 給用戶kaka分配weloveshare數據庫下user表的查詢select權限:
- mysql> GRANT SELECT ON `weloveshare`.`user` TO kaka@'%';
- Query OK, 0 rows affected (0.00 sec)
- 查看kaka的權限:
- mysql> show grants for 'kaka'@'%';
- +
- | Grants for kaka@% |
- +
- | GRANT USAGE ON *.* TO 'kaka'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
- | GRANT SELECT ON `weloveshare`.`user` TO 'kaka'@'%' |
- +
- 2 rows in set (0.00 sec)
- 查看weloveshare數據庫下user表的數據:
- mysql> use weloveshare
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
- Database changed
- mysql> select * from user;
- Empty set (0.00 sec)
- 退出當前用戶:
- mysql> exit;
- Bye
- 切換用戶kaka:
- [root@Tony_ts_tian ~]# mysql -u kaka -p
- Enter password:
- 登陸成功。
- 切換數據庫,查看user表數據:
- mysql> use weloveshare
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
-
- Database changed
- mysql> select * from user;
- Empty set (0.00 sec)
- 插入數據:
- mysql> INSERT INTO `weloveshare`.`user`(uname,upass,ustatus) VALUES('kaka','kaka123','0');
- ERROR 1142 (42000): INSERT command denied to user 'kaka'@'localhost' for table 'user'
- 提示:INSERT被拒絕。配置成功。
- 注:`weloveshare`.`user`數據庫名.數據表名,kaka用戶名,%爲Host,ip可限制或不 localhost,%,192.168.10.%
- grant建立、修改、刪除、更新、查詢MySQL數據表結構權限:
- GRANT CREATE ON `weloveshare`.`user` TO kaka@'%';
- GRANT ALTER ON `weloveshare`.`user` TO kaka@'%';
- GRANT DROP ON `weloveshare`.`user` TO kaka@'%';
- GRANT UPDATE ON `weloveshare`.`user` TO kaka@'%';
- GRANT SELECT ON `weloveshare`.`user` TO kaka@'%';
- grant操做MySQL外鍵權限:
- GRANT REFERENCES ON `weloveshare`.`user` TO kaka@'%';
- grant操做MySQL 臨時表權限:
- GRANT CREATE TEMPORARY TABLES ON `weloveshare`.`user` TO kaka@'%';
- grant操做MySQL索引權限
- GRANT INDEX ON `weloveshare`.`user` TO kaka@'%';
- grant操做MySQL視圖、查看視圖源代碼權限:
- GRANT CREATE VIEW ON `weloveshare`.`user` TO kaka@'%';
- GRANT SHOW VIEW ON `weloveshare`.`user` TO kaka@'%';
- grant操做MySQL存儲過程(查看狀態,刪除修改)、函數權限。
- GRANT CREATE ROUTINE ON `weloveshare`.`user` TO kaka@'%';
- GRANT CREATE ROUTINE ON `weloveshare`.`user` TO kaka@'%';
- GRANT EXECUTE ON `weloveshare`.`user` TO kaka@'%';
注:其餘的詳細權限,請查看,備註附件(最後)。
5:查看數據庫登錄全部用戶:
- mysql> SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS QUERY FROM mysql.user;
- +
- | QUERY |
- +
- | User: 'kaka'@'%'; |
- | User: 'root'@'%'; |
- | User: 'root'@'127.0.0.1'; |
- | User: 'root'@'::1'; |
- | User: 'root'@'localhost'; |
- | User: 'root'@'tony\_ts\_tian'; |
- +
- 6 rows in set (0.00 sec)
查看某個用戶的具體權限,好比root:
- mysql> show grants for 'root'@'%';
- +
- | Grants for root@% |
- +
- | GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*71ABCA8B06D46066CEF8062A75256E66243D0FC8' WITH GRANT OPTION |
- +
- 1 row in set (0.00 sec)
或
- mysql> select * from mysql.user where user='root' \G
注:\G爲按列顯示數據。
備註附件:
查看MySQL數據中user表的表結構:
- mysql> DESC mysql.user;
- +
- | Field | Type | Null | Key | Default | Extra |
- +
- | Host | char(60) | NO | PRI | | |
- | User | char(16) | NO | PRI | | |
- | Password | char(41) | NO | | | |
- | Select_priv | enum('N','Y') | NO | | N | |
- | Insert_priv | enum('N','Y') | NO | | N | |
- | Update_priv | enum('N','Y') | NO | | N | |
- | Delete_priv | enum('N','Y') | NO | | N | |
- | Create_priv | enum('N','Y') | NO | | N | |
- | Drop_priv | enum('N','Y') | NO | | N | |
- | Reload_priv | enum('N','Y') | NO | | N | |
- | Shutdown_priv | enum('N','Y') | NO | | N | |
- | Process_priv | enum('N','Y') | NO | | N | |
- | File_priv | enum('N','Y') | NO | | N | |
- | Grant_priv | enum('N','Y') | NO | | N | |
- | References_priv | enum('N','Y') | NO | | N | |
- | Index_priv | enum('N','Y') | NO | | N | |
- | Alter_priv | enum('N','Y') | NO | | N | |
- | Show_db_priv | enum('N','Y') | NO | | N | |
- | Super_priv | enum('N','Y') | NO | | N | |
- | Create_tmp_table_priv | enum('N','Y') | NO | | N | |
- | Lock_tables_priv | enum('N','Y') | NO | | N | |
- | Execute_priv | enum('N','Y') | NO | | N | |
- | Repl_slave_priv | enum('N','Y') | NO | | N | |
- | Repl_client_priv | enum('N','Y') | NO | | N | |
- | Create_view_priv | enum('N','Y') | NO | | N | |
- | Show_view_priv | enum('N','Y') | NO | | N | |
- | Create_routine_priv | enum('N','Y') | NO | | N | |
- | Alter_routine_priv | enum('N','Y') | NO | | N | |
- | Create_user_priv | enum('N','Y') | NO | | N | |
- | Event_priv | enum('N','Y') | NO | | N | |
- | Trigger_priv | enum('N','Y') | NO | | N | |
- | Create_tablespace_priv | enum('N','Y') | NO | | N | |
- | ssl_type | enum('','ANY','X509','SPECIFIED') | NO || | |
- | ssl_cipher | blob | NO | | NULL | |
- | x509_issuer | blob | NO | | NULL | |
- | x509_subject | blob | NO | | NULL | |
- | max_questions | int(11) unsigned | NO | | 0 | |
- | max_updates | int(11) unsigned | NO | | 0 | |
- | max_connections | int(11) unsigned | NO | | 0 | |
- | max_user_connections | int(11) unsigned | NO | | 0 | |
- | plugin | char(64) | YES || mysql_native_password ||
- | authentication_string | text | YES | | NULL | |
- | password_expired | enum('N','Y') | NO | | N | |
- +
- 43 rows in set (0.00 sec)
查看root用戶的全部具體權限:
- Host: %
- User: root
- Password: *71ABCA8B06D46066CEF8062A75256E66243D0FC8
- Select_priv: Y
- Insert_priv: Y
- Update_priv: Y
- Delete_priv: Y
- Create_priv: Y
- Drop_priv: Y
- Reload_priv: Y
- Shutdown_priv: Y
- Process_priv: Y
- File_priv: Y
- Grant_priv: Y
- References_priv: Y
- Index_priv: Y
- Alter_priv: Y
- Show_db_priv: Y
- Super_priv: Y
- eate_tmp_table_priv: Y
- Lock_tables_priv: Y
- Execute_priv: Y
- Repl_slave_priv: Y
- Repl_client_priv: Y
- Create_view_priv: Y
- Show_view_priv: Y
- Create_routine_priv: Y
- Alter_routine_priv: Y
- Create_user_priv: Y
- Event_priv: Y
- Trigger_priv: Y
- ate_tablespace_priv: Y
- ssl_type:
- ssl_cipher:
- x509_issuer:
- x509_subject:
- max_questions: 0
- max_updates: 0
- max_connections: 0
- ax_user_connections: 0
- plugin: mysql_native_password
- thentication_string:
- password_expired: N
參數說明:
- Select_priv:用戶能夠經過SELECT命令選擇數據。
- Insert_priv:用戶能夠經過INSERT命令插入數據;
- Update_priv:用戶能夠經過UPDATE命令修改現有數據;
- Delete_priv:用戶能夠經過DELETE命令刪除現有數據;
- Create_priv:用戶能夠建立新的數據庫和表;
- Drop_priv:用戶能夠刪除現有數據庫和表;
- Reload_priv:用戶能夠執行刷新和從新加載MySQL所用各類內部緩存的特定命令,包括日誌、權限、主機、查詢和表;從新加載權限表;
- Shutdown_priv:用戶能夠關閉MySQL服務器;在將此權限提供給root帳戶以外的任何用戶時,都應當很是謹慎;
- Process_priv:用戶能夠經過SHOW PROCESSLIST命令查看其餘用戶的進程;服務器管理;
- File_priv:用戶能夠執行SELECT INTO OUTFILE和LOAD DATA INFILE命令;加載服務器上的文件;
- Grant_priv:用戶能夠將已經授予給該用戶本身的權限再授予其餘用戶(任何用戶賦予所有已有權限);
- References_priv;目前只是某些將來功能的佔位符;如今沒有做用;
- Index_priv:用戶能夠建立和刪除表索引;用索引查詢表;
- Alter_priv:用戶能夠重命名和修改表結構;
- Show_db_priv:用戶能夠查看服務器上全部數據庫的名字,包括用戶擁有足夠訪問權限的數據庫;能夠考慮對全部用戶禁用這個權限,除非有特別不可抗拒的緣由;
- Super_priv:用戶能夠執行某些強大的管理功能,例如經過KILL命令刪除用戶進程,使用SET GLOBAL修改全局MySQL變量,執行關於複製和日誌的各類命令;超級權限;
- Create_tmp_table_priv:用戶能夠建立臨時表;
- Lock_tables_priv:用戶可使用LOCK TABLES命令阻止對錶的訪問/修改;
- Execute_priv:用戶能夠執行存儲過程;此權限只在MySQL 5.0及更高版本中有意義;
- Repl_slave_priv:用戶能夠讀取用於維護複製數據庫環境的二進制日誌文件;此用戶位於主系統中,有利於主機和客戶機之間的通訊;主服務器管理;
- Repl_client_priv:用戶能夠肯定複製從服務器和主服務器的位置;從服務器管理;
- Create_view_priv:用戶能夠建立視圖;此權限只在MySQL 5.0及更高版本中有意義;
- Show_view_priv:用戶能夠查看視圖或瞭解視圖如何執行;此權限只在MySQL 5.0及更高版本中有意義;
- Create_routine_priv:用戶能夠更改或放棄存儲過程和函數;此權限是在MySQL 5.0中引入的;
- Alter_routine_priv:用戶能夠修改或刪除存儲函數及函數;此權限是在MySQL 5.0中引入的;
- Create_user_priv:用戶能夠執行CREATE USER命令,這個命令用於建立新的MySQL帳戶;
- Event_priv:用戶可否建立、修改和刪除事件;這個權限是MySQL 5.1.6新增的;
- Trigger_priv:用戶可否建立和刪除觸發器,這個權限是MySQL 5.1.6新增的;
- Create_tablespace_priv:建立表空間
- ssl_type:支持ssl標準加密安全字段
- ssl_cipher:支持ssl標準加密安全字段
- x509_issuer:支持x509標準字段
- x509_subject:支持x509標準字段
- max_questions:0 每小時容許執行多少次查詢
- max_updates:0 每小時能夠執行多少次更新 :0表示無限制
- max_connections:0 每小時能夠創建的多少次鏈接:0表示無限制
- max_user_connections:0 單用戶能夠同時具備的鏈接數:0表示無限制
- plugin:5.5.7開始,mysql引入plugins以進行用戶鏈接時的密碼驗證,plugin建立外部/代理用戶
- authentication_string:經過authentication_string能夠控制二者的映射關係,(PAM plugin等,PAM能夠支持多個服務名)尤爲是在使用代理用戶時,並須聲明這一點
- password_expired:密碼過時 Y,說明該用戶密碼已過時 N相反
