MySQL空密碼用戶清理

時間 2019-11-24

標籤 mysql 密碼用戶清理欄目 MySQL 简体版

原文原文鏈接

假設你想管理下用戶，只記得某個庫裏的某個表管理用戶的登陸，你須要這麼作：mysql

前提是有足夠權限的帳戶，沒有就skip刷root密碼吧

[root@ax-01 ~]# mysql -uroot -p
Enter password:

mysql> show databases;   //查全部庫的名字
+--------------------+
| Database           |
+--------------------+
| information_schema |
| cmsdb              |
| discuz             |
| mysql              |    //你看到mysql庫，想起來就這個庫裏，可是不知道該查那一個表
| performance_schema |
| test               |
| wpdb               |
+--------------------+

mysql> use mysql;    //選擇mysql庫
mysql> show tables;    //查mysql裏面的全部表
| time_zone_name            |
| time_zone_transition      |
| time_zone_transition_type |
| user                      |    //你看到user表，想起來應該在這裏，可是不知道查那個字段
+---------------------------+

mysql> desc user;    //查看全部user下的字段名（表頭）
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Field                  | Type                              | Null | Key | Default               | Extra |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Host                   | char(60)                          | NO   | PRI |                       |       |
| User                   | char(16)                          | NO   | PRI |                       |       |
| Password               | char(41)                          | NO   |     |                       |       |
看到這裏你感受須要瞭解user,host,password這三個字段，由於登錄的時候要用到

mysql> select user,host,password from mysql.user;    //查看這三個字段的內容
+------------+-----------+-------------------------------------------+
| user       | host      | password                                  |
+------------+-----------+-------------------------------------------+
| root       | localhost | *8E1A3402D66F8DDD8D9D19596B706C6D238C0F34 |
| root       | ax-01     |                                           |
| root       | 127.0.0.1 |                                           |
| root       | ::1       |                                           |
|            | localhost |                                           |
|            | ax-01     |                                           |
| wpuser     | 127.0.0.1 | *E4D18EEE7AEB0071BDB1D931CD44AA9AE0D05293 |
| discuzuser | 127.0.0.1 | *F47A72DB156C9E3F76410F41AC68CE966ACD6BDA |
| cmsuser    | 127.0.0.1 | *A9A4F564B109C6ECCF5EC6E2EB11DBD8925FEEDF |
+------------+-----------+-------------------------------------------+
看到這裏，你發任意用戶（空用戶名）不須要密碼就能夠登陸。顯然不行，須要刪掉。

刪東西前要養成備份的好習慣
[root@ax-01 ~]# mysqldump -uroot -paxianglinux mysql user > /tmp/user.sql

mysql> delete from mysql.user where password='';    //刪掉
mysql> select user,host,password from mysql.user;    //再看
+------------+-----------+-------------------------------------------+
| user       | host      | password                                  |
+------------+-----------+-------------------------------------------+
| root       | localhost | *8E1A3402D66F8DDD8D9D19596B706C6D238C0F34 |
| wpuser     | 127.0.0.1 | *E4D18EEE7AEB0071BDB1D931CD44AA9AE0D05293 |
| discuzuser | 127.0.0.1 | *F47A72DB156C9E3F76410F41AC68CE966ACD6BDA |
| cmsuser    | 127.0.0.1 | *A9A4F564B109C6ECCF5EC6E2EB11DBD8925FEEDF |
+------------+-----------+-------------------------------------------+
mysql> flush privileges; 
mysql> quit;

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。