1. Create a user
Order:
CREATE USER 'username'@'host' IDENTIFIED BY 'password';
illustrate:
- username: the username you will create
- host: Specify the host on which the user can log in. If it is a local user, localhost can be used. If you want the user to log in from any remote host , you can use wildcards
%
- password: the user's login password, the password can be empty, if it is empty, the user does not need a password to log in to the server
example:
CREATE USER 'dog'@'localhost' IDENTIFIED BY '123456'; CREATE USER 'pig'@'192.168.1.101_' IDENDIFIED BY '123456'; CREATE USER 'pig'@'%' IDENTIFIED BY '123456'; CREATE USER 'pig'@'%' IDENTIFIED BY ''; CREATE USER 'pig'@'%';
Problems encountered: (in the environment of the Debian system, mysql 5.7)
Create a new user for testing:
mysql> create user 'fixdq'@'localhost' identfied by '123';
Error:ERROR 1819 (HY000): Your password does not satisfy the current policy requirements。
problem causes:
Because the plugin is installed by default in MySQL 5.7 validate_password
, and the password setting is simple, this error will be reported.
Above:
Order:
mysql>show plugins;
mysql> show variables like 'vali%';
After 5.7 initialization, this plugin will be installed by default. If it is not installed, it SHOW VARIABLES LIKE 'vali%'
will return empty.
The value of the corresponding parameter is also the default value, the following is the explanation of these values
validate_password_length 8 #The minimum length of the password, here is 8. validate_password_mixed_case_count 1 #At least the number of lowercase or uppercase letters must be included, here is 1. validate_password_number_count 1 #At least the number of numbers to include, here is 1. validate_password_policy MEDIUM # Strength level, where its value can be set to 0, 1, 2. Corresponding respectively: 【0/ LOW】: Only check the length. 【 1/ MEDIUM 】: On the basis of level 0, check more numbers, upper and lower case, and special characters. 【 2/ STRONG 】: Check the special character dictionary file on the basis of level 1, here is 1. validate_password_special_char_count 1 #At least the number of numeric characters to be included, here is 1.
solution:
To turn off this plugin, add the following configuration to the configuration file and restart mysqld:
The default mysql 5.7 configuration file path installed by apt-get /etc/mysql/my.cnf
Please modify the configuration file according to the path of your own installation
$ sudo vi /etc/mysql/my.cnf
[mysqld]
validate_password=off
Reboot:
$ sudo /etc/init.d/mysql restart
$ sudo mysql
mysql>show plugins;
mysql>show variables like 'vali%';
result:
mysql> create user 'fixdq'@'localhost' identfied by '123';
Create user successfully
2. Authorization
Order:
GRANT privileges ON databasename.tablename TO 'username'@'host'
illustrate:
- Privileges: the user's operation privileges, such as
SELECT
,INSERT
,UPDATE
etc., if you want to grant the privileges, useALL
- databasename: database name
- tablename: table name, if you want to grant the user the corresponding operation permissions on all databases and tables, it can be
*
expressed, such as*.*
example:
GRANT SELECT, INSERT ON test.user TO 'pig'@'%'; GRANT ALL ON *.* TO 'pig'@'%'; GRANT ALL ON maindataplus.* TO 'pig'@'%';
Notice:
A user authorized with the above command cannot authorize other users. If you want the user to be authorized, use the following command:
GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
3. Set and change user password
Order:
SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');
example:
SET PASSWORD FOR 'pig'@'%' = PASSWORD("123456");
Fourth, revoke user permissions
Order:
REVOKE privilege ON databasename.tablename FROM 'username'@'host';
PS: privilege, databasename, tablename: the same as the authorization part
example:
REVOKE SELECT ON *.* FROM 'pig'@'%';
Notice:
If you 'pig'@'%'
authorize the user like this (or similar): GRANT SELECT ON test.user TO 'pig'@'%'
, then using the REVOKE SELECT ON *.* FROM 'pig'@'%';
command does not undo the user's operations on the user table in the test database SELECT
. On the contrary, if the authorization is used, GRANT SELECT ON *.* TO 'pig'@'%';
the REVOKE SELECT ON test.user FROM 'pig'@'%';
command cannot revoke the user's authority to the user table in the test database Select
.
The specific information can be viewed with the command SHOW GRANTS FOR 'pig'@'%';
.
5. Delete users
Order:
DROP USER 'username'@'host';