MySQL数据库的用户与授权

MySQL数据库通常是由总管理员创建不同的管理账户，然后分配不同的权限，把这些账户交给相应的管理人员使用

接下来我将对用户与授权做一些基本的操作

#新建一个名为‘user01’的用户，密码为‘123456',主机名为localhost

mysql> create user 'user01'@'localhost' identified by '123456';

#查看系统用户，创建后的用户是保存在mysql数据库的user表中的，所以在查看用户时要先进mysql这个库

mysql> use mysql;

Database changed

mysql> select user, authentication_string, host from user;

+-----------+-------------------------------------------+-----------+

| user      | authentication_string                     | host      |

+-----------+-------------------------------------------+-----------+

| root      | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | localhost |

| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |

| root      | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | %         |

| user01    | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | localhost |                  #可以看到user表中有我刚刚创建的user01用户，且主机名为localhost

+-----------+-------------------------------------------+-----------+

4 rows in set (0.00 sec)

#对用户进行重命名

mysql> rename user 'user01'@'localhost' to 'server01'@'localhost';        #这里我将用户名‘user01’改为‘server01’

Query OK, 0 rows affected (0.00 sec)

mysql> select user, authentication_string, host from user;

+-----------+-------------------------------------------+-----------+

| user      | authentication_string                     | host      |

+-----------+-------------------------------------------+-----------+

| root      | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | localhost |

| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |

| root      | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | %         |

| server01   | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | host      |                   #再次进行查看，可以看到用户名已经改变

+-----------+-------------------------------------------+-----------+

4 rows in set (0.00 sec)

#修改用户密码

   （1）修改当前用户的密码

mysql> set password = password('123123');            #使用该命令将密码改为‘123123’

Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> quit;

Bye

[root@localhost ~]# mysql -uroot -p

Enter password: 

Welcome to the MySQL monitor.  Commands end with ; or \g.        #登入成功

  （2）修改其他用户的密码

mysql> set password for 'server01'@'localhost' = password('123123');       #将server01用户密码改为123123

Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> quit;

Bye

[root@localhost ~]# mysql -u server01 -p                                            #用新密码进行登录

Enter password: 

Welcome to the MySQL monitor.  Commands end with ; or \g.        

#忘记root密码的解决办法

    （1）关闭数据库，进主配置文件

[root@localhost ~]# systemctl stop mysqld.service 

[root@localhost ~]# vim /etc/my.cnf

    （2）对主配置文件进行更改

[mysqld]

user = mysql

basedir = /usr/local/mysql

datadir = /usr/local/mysql/data

port = 3306

character_set_server=utf8

pid-file = /usr/local/mysql/mysqld.pid

socket = /usr/local/mysql/mysql.sock

server-id = 1

skip-grant-tables                    #加入这条语句，作用是登录数据库不需要密码

   （3）重启数据库，直接登录

[root@localhost ~]# systemctl restart mysqld.service 

[root@localhost ~]# mysql -uroot

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.7.17 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 

    （4）使用update修改root密码

mysql> update mysql.user set authentication_string=password('abc123') where user='root';           #将密码修改为‘abc123’

Query OK, 2 rows affected, 1 warning (0.00 sec)

Rows matched: 2  Changed: 2  Warnings: 1

mysql> quit;

Bye

[root@localhost ~]# vim /etc/my.cnf                                      #进入主配置文件

#skip-grant-tables                                                                  #注释掉前面加的这条语句，一定要注释掉这条命令

[root@localhost ~]# systemctl restart mysqld.service             #重启mysql服务

[root@localhost ~]# mysql -uroot -p                                     #使用新密码登录

Enter password: 

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.7.17 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>                                                                                                         #登录成功

#删除用户

mysql> drop user 'server01'@'localhost';   

#给用户授权      grant 权限列表 on 库名.表名 to 用户名@主机名 [identified by '密码']

mysql> grant all on mysql.user to 'tom'@'localhost' identified by '123456';        #all表示所有的权限都给tom这个用户，这里也可以更某一个权限，这条命令的用法有很多，如果用户列表中没有tom这个用户，便会自动创建，带有创建用户的功能，如果有这个用户，那指定的密码会覆盖原有的密码，带有更改用户密码的功能

Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select user, authentication_string, host from user;

+-----------+-------------------------------------------+-----------+

| user      | authentication_string                     | host      |

+-----------+-------------------------------------------+-----------+

| root      | *6691484EA6B50DDDE1926A220DA01FA9E575C18A | localhost |

| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |

| root      | *6691484EA6B50DDDE1926A220DA01FA9E575C18A | %         |

| tom       | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | localhost |

+-----------+-------------------------------------------+-----------+

4 rows in set (0.00 sec)

    

#查看权限     show grants for 'username'@'主机名';

mysql> show grants for tom@localhost;           #查看tom的权限

+-------------------------------------------------------------+

| Grants for tom@localhost                                    |

+-------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'tom'@'localhost'                     |

| GRANT ALL PRIVILEGES ON "mysql"."user" TO 'tom'@'localhost' |

+-------------------------------------------------------------+

2 rows in set (0.00 sec)

#撤销用户权限        revoke 权限列表 on 数据库名.表名 from '用户名'@'主机名';

mysql> revoke drop on mysql.user from 'tom'@'localhost';               #撤销tom的drop权限

Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'tom'@'localhost';                                   #查看tom权限

+------------------------------------------------------------------------------------------------------------------------------------------------+

| Grants for tom@localhost                                                                                                                       |

+------------------------------------------------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'tom'@'localhost'                                                                                                        |

| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER, CREATE VIEW, SHOW VIEW, TRIGGER ON "mysql"."user" TO 'tom'@'localhost' |         #可以看到这里已经没有drop权限了

+------------------------------------------------------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)