mysql database DCL
DCL (Authorization Control), part of the authority to some users, some users then manage the library, table, field.
Permission level
The level of authority represents which authority can be granted to users.
The permissions have the following levels:
global level permissions for all libraries, all tables
database level permissions for all tables in a database.
table level permissions for a table in the library
column level permissions for a field in the table
Usually the database level is used.
mysql user management
The default is the root user when mysql permissions are granted.
You can view the location of the user in the user table in the mysql library.
You can view the structure of the user table
desc mysql.user\G;
Create user
# localhost代表本地登陆
# create user 用户@"登陆点" 确认方式 密码;
create user user1@"localhost" identified by "Yue@123456";
create user user1@"192.168.1.%";
Can use select query to create users
select host,user from mysql.user;
You can use user1 to log in to Mysql.
mysql -uuser1 -p"Yue@123456"
delete users
drop user "user1"@"localhost";
change Password
The user changes his password
set password=password("Ui@12367");# 设置密码
flush privileges;# 刷新
You can modify the mysql password in the shell:
mysqladmin -uroot -p"Mysql@Password123" password "Yue@12345"
How to crack mysql password
1. Modify the mysql configuration file to affect the startup mode.
/etc/my.cnf is the main configuration file of mysql.
vi /etc/my.cnf
Write on a new line in the file
skip-grant-tables
2. Restart
systemctl restart mysqld
3. Login without password
mysql -uroot
4. Change the password
Use the root account to log in to mysql, and change the mysql password:
update mysql.user set authentication_string=password("Mysql@Password123") where user="root" and host="local host";
flush privileges;
5. Modify the configuration file
Exit mysql, return to the shell, and comment out the skip password of the modified main configuration file:
# skip-grant-tables
6. Restart and log in with the new password.
systemctl restart mysqld
mysql -uroot -p"Mysql@Password123"
User login
# mysql -u用户 -p密码 -P Mysql服务器的端口 数据库名称 -e执行 "命令" -h 远程服务器
mysql -uroot -p"Mysql@Password123" -P 3306 mysql -e "show tables"
mysql supports remote login to the
mysql server, you can use commands to log in to another client's mysql
Principle of mysql permissions
The syntax of mysql authorization:
grant 权限列表 on 库名.表名 to "用户名"@"客户机" [identified by "密码" with option参数];
The permission list has all permissions (not including authorization permissions) and select and update query and update the
database. The table name has “*”(all tables under all libraries), for example, web.*means all tables under the web library. The
client host has: 192.168.1.*under this network segment All hosts
with option parameters: grant option authorization options
mysql permission example
Grant admin3 to all tables in the bbs library, with all permissions but not including authorization permissions
grant all on bbs.* to "admin3"@"localhost" identified by "Mysql@Password123";
Reclaim permissions:
view your own permissions
show grants\G
As root, you can also view the permissions of others:
show grants for admin3@"localhost"\G
Reclaim the permissions of a user:
# revoke 权限列表 on 数据库名from 用户名@"客户端主机";
revoke all privileges on bbs.* from admin3@"localhost";