Preface
When you create a new MySQL, a mysql database will be automatically installed. The tables under the database are all permission tables.
Among them: the user table is the most important permission table. Account information allowed to connect to the server and some global permission information are recorded.
The user table has 42 fields, which are roughly divided into 4 categories: user columns, permission columns, security columns and resource control columns.
In the host field in the mysql user table, if the host setting is incorrect, it may result in the inability to connect to the mysql database.
user_name@host_name, where host_name is the host IP address or host name.
1) In order to access MySQL locally, use localhost or loopback address 127.0.0.1.
2) If the wildcard character % is used as the host, the client is allowed to specify users to connect from any host.
3) When the host is specified as 127.0.0.1, it will be connected through the TCP/IP protocol and can only be accessed locally;
4) When the host is specified as localhost, localhost will not be parsed into an IP address and will be connected directly through UNIXsocket, and can only be accessed locally. Can be accessed locally.
From the above, we can know that when the host has different values, the server that drives the string must use different content. Even the root user must comply with the host settings.
Here are two command line methods for adding mysql users:
Method 1: CREATE USER statement
CREATE USER <用户> [ IDENTIFIED BY [ PASSWORD ] 'password' ] [ ,用户 [ IDENTIFIED BY [ PASSWORD ] 'password' ]]
1、<用户>:格式为 'user_name'@'host_name',这里的user_name是用户名,host_name为主机名,即用户连接 MySQL 时所用主机的名字。
如果在创建的过程中,只给出了用户名,而没指定主机名,那么主机名默认为"%",表示一组主机,即对所有主机开放权限。
2、IDENTIFIED BY子句:用于指定用户密码。新用户可以没有初始密码,若该用户不设密码,可省略此子句。
3、PASSWORD 'password':PASSWORD 表示使用哈希值设置密码,该参数可选。如果密码是一个普通的字符串,则不需要使用 PASSWORD 关键字。
'password' 表示用户登录时使用的密码,需要用单引号括起来。
这种方式不便授予用户权限,新创建的用户拥有的权限很少,它们只能执行不需要权限的操作。如登录 MySQL、使用 SHOW 语句查询所有存储引擎和字符集的列表等。
如果两个用户的用户名相同,但主机名不同,MySQL 会将它们视为两个用户,并允许为这两个用户分配不同的权限集合。
Example:
mysql> CREATE USER 'test1'@'localhost' IDENTIFIED BY 'test1'; # localhost表示只有本机可以登录
mysql> CREATE USER 'test1'@'%' IDENTIFIED BY 'test1'; # %表示任何主机都可以登陆
In practical applications, we should avoid specifying passwords in clear text. We can use the PASSWORD keyword to set the password using the hash value of the password.
In MySQL, you can use the password() function to obtain the hash value of a password.
mysql> SELECT password('test1');
+-------------------------------------------+
| password('test1') |
+-------------------------------------------+
| *06C0BF5B64ECE2F648B5F048A71903906BA08E5C |
+-------------------------------------------+
1 row in set, 1 warning (0.00 sec)
mysql> CREATE USER 'test1'@'localhost' IDENTIFIED BY PASSWORD '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C';
Query OK, 0 rows affected, 1 warning (0.00 sec)
# 执行成功后就可以使用密码"test1"登录了。
Method 2: GRANT statement (commonly used)
The GRANT statement is a very important statement in MySQL. It can be used to create users, modify user passwords and set user permissions.
GRANT priv_type ON database.table TO <用户> [IDENTIFIED BY [PASSWORD] 'password']
1、priv_type 参数表示新用户的权限。
2、database.table 参数表示新用户的权限范围,即只能在指定的数据库和表上使用自己的权限。
3、<用户> 参数指定新用户的账号,由用户名和主机名构成。
4、IDENTIFIED BY 关键字用来设置密码。
5、PASSWORD 表示使用哈希值设置密码,该参数可选。
6、password 参数表示新用户的密码。
GRANT语句不仅可以创建新用户,还可以对用户进行授权。
该语句会自动加载权限表,不需要手动刷新。
而且安全、准确、错误少。
使用GRANT语句创建用户是最常用的方法。
创建用户时,MySQL会对用户的密码自动加密,以提高安全性。
Example:
# 创建新用户:用户名user01,密码123,所有主机,授予对test数据库的student表有查询权限。
mysql> GRANT SELECT ON test.student TO `user01`@`%` IDENTIFIED BY `123`
mysql> GRANT SELECT ON *.* TO 'test3'@localhost IDENTIFIED BY 'test3';
# 其中,*.*表示所有数据库下的所有表。结果显示创建用户成功,且test3用户在本机对所有表都有查询(SELECT)权限。
# 授权'user'用户可以操作'db_test'库的所有权限
mysql> GRANT ALL PRIVILEGES on db_test.* TO user@'%';
# 授权用户'user'可以操作'db_test'库的所有权限,密码为'passwd'
mysql> GRANT ALL PRIVILEGES ON db_test.* TO user@'%' IDENTIFIED BY 'passwd';
# 授权user可以操作db_test库的指定的权限,密码为'passwd'
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER ON db_test.* TO user@'%' IDENTIFIED BY 'passwd';
# 刷新权限,执行grant语句后要刷新一下权限
mysql> FLUSH PRIVILEGES;
Some other statements for operating user tables
# 删除授权 REVOKE语句
mysql> revoke privileges (columns) on what from user;
mysql> revoke all PRIVILEGES ON `db_test`.* from 'user'@'%'; # 收回db_test全部权限
mysql> REVOKE INSERT ON *.* FROM 'user04'@'localhost'; # 收回Insert权限
# 删除用户 方法一
mysql> delete from mysql.user where user='user' and host='%';
# 删除用户 方法二
mysql> DROP USER 'username'@'host';
# 修改用户密码
# 以下方法适用于mysql5.6及以下版本,5.7以上版本会报错,因为5.7以上版本没有password字段,而是改成了authentication_string字段
mysql> UPDATE mysql.user SET password=PASSWORD('新密码') WHERE User='root' AND Host = 'localhot';
# 以下方法适用于5.7以上版本
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('新密码') WHERE User='root' AND Host = 'localhot';
# 查看用户权限
mysql> show grants for 'username'@'host';