mysql user management
First, view the current connection account information
1.1, view account information in the current database connection
Use the command: show processlist
MySQL [(none)]> show processlist;
+--------+-------------+---------------------+--------+---------+------+----------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+--------+-------------+---------------------+--------+---------+------+----------+------------------+
| 232091 | zabbix | 172.17.207.88:558 | zabbix | Sleep | 20 | | NULL |
1.2, view the current use of what account login
Use the command select user () command to view it
MySQL [(none)]> select user();
+--------------------+
| user() |
+--------------------+
+--------------------+
1 row in set (0.00 sec)
MySQL [(none)]>
Second, create a user
2.1, create a new user
Use creat user command to create the user and create a password
列子:create user 'zhang'@'localhost' identified by 'zhang';
Creating zhang users can use any address and password to access zhang
MySQL [(none)]> create user 'zhang'@'%' identified by 'zhang';
Query OK, 0 rows affected (0.01 sec)
MySQL [(none)]>
After setting to see if successfully created
MySQL [(none)]> select user,host from mysql.user;
+-------------+----------------+
| user | host |
+-------------+----------------+
| jumpserver | % |
| root | % |
| wordpress | % |
| zabbix | 39.106.3.162 |
| % | localhost |
| zhang | localhost |
+-------------+----------------+
9 rows in set (0.01 sec)
MySQL [(none)]>
Use the newly created user zhang log in and view the database
[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uzhang -h120.26.32.14 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 1204
Server version: 5.6.35 Source distribution
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
View database
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.02 sec)
MySQL [(none)]>
Third, delete the database account
Use the drop user command to delete user
MySQL [(none)]> drop user 'zhang'@'localhost';
Query OK, 0 rows affected (0.00 sec)
MySQL [(none)]>
Fourth, rename users
4.1, using the command rename user to modify rename users
MySQL [(none)]> rename user 'zhang'@'%c' to 'zhang'@'%' ;
Query OK, 0 rows affected (0.02 sec)
MySQL [(none)]> select user,host from mysql.user;
+-------------+-------------------+
| user | host |
+-------------+-------------------+
| root | % |
| user_name | % |
| Xuchangming |% |
| zhang | % |
| root | 127.0.0.1 |
| root | ::1 |
| | instance-jvfp1b6r |
| root | instance-jvfp1b6r |
| root | localhost |
| xuchangming | localhost |
+-------------+-------------------+
10 rows in set (0.01 sec)
MySQL [(none)]>
V. authorized account
5.1, use the grant command to authorize an account
The command format is:
. Grant permission privileges on the database table to 'account' @ 'ip' [identified by 'password'];
Library table privileges Description:
ON . : administrator privileges, any database can operate
on db_name *:. specified to operate on a library, a library privileges only
on db_name.tables_name: Specify a table in the library there is a certain operating authority
on db_name.routine_name: Specifies the stored procedure or stored function of a library
5.2, use the command show grants command to view permissions
SQL [(none)]> show grants;
+--------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@% |
+--------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON . TO 'root'@'%' IDENTIFIED BY PASSWORD '*0FC3121124C80F34B383F5FCA33F0D68B6AFA1C0' WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
MySQL [(none)]>
5.3 Liezi
5.3.1, all privileges authorized administrator privileges [] to one account
Creating boos users and set password is boss, authorize all operations for all libraries and tables and allow all addresses connected
MySQL [(none)]> grant all privileges on . to 'boos'@'%' identified by 'boss';
Query OK, 0 rows affected (0.02 sec)
MySQL [(none)]>
Sign in to see
[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uboos -h120.76.32.14 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 1217
Server version: 5.6.35 Source distribution
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Test |
| Ceshi |
| employees |
| mysql |
| performance_schema |
| test |
+--------------------+
7 rows in set (0.01 sec)
MySQL [(none)]>
MySQL [(none)]> select user();
+---------------------+
| user() |
+---------------------+
+---------------------+
1 row in set (0.02 sec)
MySQL [(none)]>
5.3.2, all rights licensed to account only for a certain database
Create an account and add a password zhang zhang, modify permissions for all operations on ceshi library
MySQL [(none)]> grant all privileges on ceshi.* to 'zhang'@'%' identified by 'zhang' ;
Query OK, 0 rows affected (0.02 sec)
MySQL [(none)]>
[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uzhang -h120.76.32.14 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 1458
Server version: 5.6.35 Source distribution
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Ceshi |
| test |
+--------------------+
3 rows in set (0.02 sec)
MySQL [(none)]> show grants;
+-------------------------------------------------------------------+
| Grants for zhang@% |
+-------------------------------------------------------------------+
| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD <secret> |
| GRANT ALL PRIVILEGES ON ceshi
.* TO 'zhang'@'%' |
+-------------------------------------------------------------------+
2 rows in set (0.01 sec)
MySQL [(none)]> use test;
Database changed
MySQL [test]> show tables;
Empty set (0.02 sec)
5.3.3 authorizing certain rights to a particular account, there is only operated against a database
Create an account zhang and run all the ip address to connect and create a password zhang, set permissions only ceshi database select query
MySQL [(none)]> grant select on ceshi.* to 'zhang'@'%' identified by 'zhang';
Query OK, 0 rows affected (0.02 sec)
MySQL [(none)]>
MySQL [(none)]> show grants;
+-------------------------------------------------------------------+
| Grants for zhang@% |
+-------------------------------------------------------------------+
| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD <secret> |
| GRANT SELECT ON ceshi
.* TO 'zhang'@'%' |
+-------------------------------------------------------------------+
2 rows in set (0.02 sec)
MySQL [(none)]>
Use create table to create a test, whether there is permission to create, as the display is not created, that there is no authority
MySQL [ceshi]> create table t1;
ERROR 1142 (42000): CREATE command denied to user 'zhang'@'120.76.32.14' for table 't1'
MySQL [ceshi]>
Adding create permission to create the account in zhang
MySQL [(none)]> grant create on ceshi.* to 'zhang'@'%' identified by 'zhang';
Query OK, 0 rows affected (0.02 sec)
Permission to view this account
MySQL [(none)]> show grants for 'zhang'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for zhang@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |
| GRANT SELECT, CREATE ON ceshi
.* TO 'zhang'@'%' |
+------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
MySQL [(none)]>
5.3.4, authorize a column
MySQL [ceshi]> grant select(table_name,engine) on test.t to 'zhang'@'localhost';
Sixth, revoke privileges
The format command: revoke privileges on the database table from 'user' @ 'host';
View zhang current user's permissions list
MySQL [ceshi]> show grants for 'zhang'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for zhang@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |
| GRANT SELECT, CREATE ON ceshi
.* TO 'zhang'@'%' |
+------------------------------------------------------------------------------------------------------+
2 rows in set (0.02 sec)
MySQL [ceshi]>
To create user permissions zhang deleted, it can not be used to create create
MySQL [ceshi]> revoke create on ceshi.* from 'zhang'@'%';
Query OK, 0 rows affected (0.02 sec)
MySQL [ceshi]> show grants for 'zhang'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for zhang@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |
| GRANT SELECT ON ceshi
.* TO 'zhang'@'%' |
+------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
MySQL [ceshi]>
Seven, modify account password
Command Format: set password for 'user' @ 'host' = password ( 'NEW-password');
MySQL [ceshi]> set password for 'zhang'@'%' = password('boss');
Query OK, 0 rows affected (0.02 sec)
Eight, how to resource constraints on an account
Resources including:
resource_option: {
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
Every hour the number of links
Each query account how many times each hour
Each account updated many times each hour
Each account every hour how many concurrent link
8.1, every hour can not exceed 2 queries
MySQL [ceshi]> grant all privileges on . to 'boss'@'%' with MAX_QUERIES_PER_HOUR 2;
Query OK, 0 rows affected (0.02 sec)
MySQL [ceshi]>
Nine, retrieve password
[root@iZ2ze2rrr9fg73mstmet9tZ ~]# /usr/local/mysql/bin/mysqld_safe --skip-grant-tables &
[root@iZ2ze2rrr9fg73mstmet9tZ ~]#mysql
Empty root password
MySQL [ceshi]> update user set password='' where user='root' and host='localhost'