Linux MySQL-账号权限

账号权限

1.是否能连接数据库 合法用户都可以连接

2.是否能够操作数据 需要授权

创建用户并设置密码

create user tong identified by '123';

create user tong@localhost identified by '123'; 只能本地登录

mysql> create user tong@'192.168.206.0/255.255.255.0' identfied by '123'; 192.168.206.0/24 #网段

mysql> create user tong@'192.168.206.10' identfied by '123'; 只允许192.168.206.10该ip登录

create user tom@'%' identified by '123'; 所有能连接主机

查询

select user from mysql.user;

修改用户名

rename user tom to jerry;

select user from mysql.user;

删除

drop user tong;

drop user tong@'192.168.206.10';

修改用户密码

mysql> create user tong identified by '123';
Query OK, 0 rows affected (0.00 sec)

mysql> set password for 'tong'@'%' = password('456');
Query OK, 0 rows affected, 1 warning (0.00 sec)

重置root口令

跳过授权表

方式1

shell> /usr/local/mysql/bin/mysqld_safe --skip-grant-tables --skip-networking &

方式2

shell>vim /etc/my.cnf

[mysqld]

skip-grant-tables=1



shell>systemctl restart mysqldd



登录修改密码

mysql>update mysql.user set authentication_string=password('123') where User='root' and Host='localhost';

查询用户权限

mysql> show grants for tong \G
*************************** 1. row ***************************
Grants for tong@%: GRANT USAGE ON *.* TO 'tong'@'%'
1 row in set (0.00 sec)

USAGE表示没有任何权限

连接测试

mysql -u tong -p123 -h ip

权限

MySQL存取控制包含2个阶段：

阶段1：服务器检查是否允许你连接。

阶段2：假定你能连接，服务器检查你发出的每个请求。看你是否有足够的权限实施它。例如，如果你从数据库表中选择(select)行或从数据库删除表，服务器确定你对表有SELECT权限或对数据库有DROP权限。

授权grant

命令格式

grant 权限 on 库.表 to 用户@主机 [密码]

grant select on mydb.* to tong@'localhost'; #授权查看的权限

show grants for tong\G

*************************** 1. row ***************************

Grants for tong@%: GRANT USAGE ON *.* TO 'tong'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257'

*************************** 2. row ***************************

Grants for tong@%: GRANT SELECT ON `mydb`.* TO 'tong'@'%'

移除权限revoke

命令格式

revoke 权限 on 库.表 from 用户@主机;

revoke select on mydb.* from tong'localhost';

远程主机授权

grant all on mydb.* to tom@'192.168.206.10' identified by '123';

grant all on mydb.* to tom@'%' identified by '123';

grant和revoke可在几个层次上控制访问权限

整个服务器 grant all 和 revoke all

整个数据库 on databases.*

grant select,insert on mydb.* to jerry@'localhost' identified by '123';

特定的表 on database.table;

grant select,insert on mydb.test to tom@'localhost' identified by '123';

其他方法：

mysql> INSERT INTO user (Host,User,Password) VALUES('localhost','dummy',password());

mysql> FLUSH PRIVILEGES;

用户信息mysql.user存储所有用户信息,权限信息分布不同的表中

user1 user2 user3

grant all on *.* to user1@localhost identified by '123';

user1 权限保存在 mysql.user

grant all on db.* to user2@localhost identified by '123';

user2 权限保存在 mysql.db

grant all on db.dpt to userc3@localhost identified by '123';

user3 权限保存在 mysql.tables_priv

grant select(dpt_name) on db.dpt to user4@localhost identified by '123';

user4 权限保存在 mysql.columns_priv

刷新授权表

mysql> flush privileges;