Mysql database management user
1. Manage users
1.1. User creation
CREATE USER '用户名'@'来源地址' [IDENTIFIED BY [PASSWORD] '密码'];
- Username: Specify the created username
- Source address: Specify which hosts the newly created user can log in to. You can use the IP address, network segment, and host name. Local users can use localhost. Allowing any host to log in can use the wildcard character %.
- password:
- Use plain text password, you can enter the password directly, and mysql will automatically encrypt it when inserting into the database.
- To use an encrypted password, you need to first use SELECTPASSWORD('password'); to obtain the ciphertext, and then add PASSWORD 'ciphertext'; to the statement.
- If the "IDENTIFIED BY" part is omitted, the user's password will be empty (not recommended)
Example: Create user in clear text
CREATE USER 'lilade'@'localhost' IDENTIFIED BY '123123';
Example: Create a user using secret text
select password('abc123');
create user 'james'@'localhost' identified by password '*6691484EA6B50DDDE1926A220DA01FA9E575C18A';
1.2. View user information
The created user is stored in the user table of the mysql database
use mysql;
select User,authentication_string,Host from user;
1.3. Rename user
rename user 'lilade'@'localhost' to 'DM'@'localhost';
1.4. Delete users
drop user 'james'@'localhost';
1.5. Modify the current login user password
set password = password('123456');
1.6. Change other users’ passwords
set password for 'DM'@'localhost' = password('abc123');
1.7. Solutions for forgotten passwords
Forgot mysql password
1. Modify the configuration file and add configuration so that the authorization table is not used when logging into mysql.
#进入配置文件
vim /etc/my.cnf
#添加此行
skip-grant-tables
2. Restart the service and log in to test
#重启服务
systemctl restart mysqld.service
#登录
mysql
3. Use update to change the root password and refresh the database.
#重设密码
update mysql.user set authentication_string = password('abc123') where user='root';
#刷新数据库
flush privileges;
4. Log out and log in again to test
mysql -uroot -pabc123
5. Modify the my.conf configuration file again and comment out or delete the previously added configuration commands.
2. Database user authorization
2.1. Grant of permissions
- GRANT statement: specially used to set the access permissions of database users. When the specified user name does not exist, the GRANT statement will create a new user; when the specified user name exists, the GRANT statement is used to modify user information.
GRANT 权限列表 ON 数据库名.表名 TO '用户名'@'来源地址' [IDENTIFIED BY '密码'];
-
Permission list: Used to list various database operations authorized for use, separated by commas, such as "select, insert, update". Use "all" to indicate all permissions, which authorize you to perform any operation.
-
Database name.Table name: used to specify the name of the database and table for authorization operations, in which the wildcard character "" can be used. For example, use "kgc." to indicate that the objects of the authorization operation are all tables in the kgc database.
-
'Username@source address': used to specify the user name and the client address allowed to access, that is, who can connect and from where. The source address can be a domain name, an IP address, or the "%" wildcard character can be used to represent all addresses in a certain area or network segment, such as "%.accp.com", "192.168.80.%", etc.
-
IDENTIFIED BY: used to set the password string used by users to connect to the database. When creating a new user, if the "IDENTIFIED BY" part is omitted, the user's password will be blank.
Example: User DM is allowed to locally query the data records of all tables in the ali database, but is prohibited from querying records of tables in other databases.
#切换mysql库
use mysql;
#查看用户
select User,authentication_string,Host from user;
#授权lilade用户
grant select on mysql.user to 'lilade'@'localhost' identified by 'abc123';
Log in and view the library
#登录创建的库
mysql -lilade -pabc123
#查看数据库,表,结构
show databases;
use mysql;
show tables;
select * from user;
2.2. View permissions
SHOW GRANTS FOR 用户名@来源地址;
show grants for 'lilade'@'localhost';
2.3. Revoke user permissions
#在root用户登录
mysql -uroot -pabc123
#查看lilade用户权限
show grants for 'lilade'@'localhost';
#撤销lilade用户查询权限
revoke select on mysql.* from 'lilade'@'localhost';