mysql user management

mysql user management

First, view the current connection account information

1.1, view account information in the current database connection

Use the command: show processlist

MySQL [(none)]> show processlist;

+--------+-------------+---------------------+--------+---------+------+----------+------------------+

| Id | User | Host | db | Command | Time | State | Info |

+--------+-------------+---------------------+--------+---------+------+----------+------------------+

| 232091 | zabbix | 172.17.207.88:558 | zabbix | Sleep | 20 | | NULL |

1.2, view the current use of what account login

Use the command select user () command to view it

MySQL [(none)]> select user();

+--------------------+

| user() |

+--------------------+

| [email protected] |

+--------------------+

1 row in set (0.00 sec)

MySQL [(none)]>

Second, create a user

2.1, create a new user

Use creat user command to create the user and create a password

列子：create user 'zhang'@'localhost' identified by 'zhang';

Creating zhang users can use any address and password to access zhang

MySQL [(none)]> create user 'zhang'@'%' identified by 'zhang';

Query OK, 0 rows affected (0.01 sec)

MySQL [(none)]>

After setting to see if successfully created

MySQL [(none)]> select user,host from mysql.user;

+-------------+----------------+

| user | host |

+-------------+----------------+

| jumpserver | % |

| root | % |

| wordpress | % |

| zabbix | 39.106.3.162 |

| % | localhost |

| zhang | localhost |

+-------------+----------------+

9 rows in set (0.01 sec)

MySQL [(none)]>

Use the newly created user zhang log in and view the database

[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uzhang -h120.26.32.14 -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MySQL connection id is 1204

Server version: 5.6.35 Source distribution

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

View database

MySQL [(none)]> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| test |

+--------------------+

2 rows in set (0.02 sec)

MySQL [(none)]>

Third, delete the database account

Use the drop user command to delete user

MySQL [(none)]> drop user 'zhang'@'localhost';

Query OK, 0 rows affected (0.00 sec)

MySQL [(none)]>

Fourth, rename users

4.1, using the command rename user to modify rename users

MySQL [(none)]> rename user 'zhang'@'%c' to 'zhang'@'%' ;

Query OK, 0 rows affected (0.02 sec)

MySQL [(none)]> select user,host from mysql.user;

+-------------+-------------------+

| user | host |

+-------------+-------------------+

| root | % |

| user_name | % |

| Xuchangming |% |

| zhang | % |

| root | 127.0.0.1 |

| root | ::1 |

| | instance-jvfp1b6r |

| root | instance-jvfp1b6r |

| root | localhost |

| xuchangming | localhost |

+-------------+-------------------+

10 rows in set (0.01 sec)

MySQL [(none)]>

V. authorized account

5.1, use the grant command to authorize an account

The command format is:

. Grant permission privileges on the database table to 'account' @ 'ip' [identified by 'password'];

Library table privileges Description:

ON . : administrator privileges, any database can operate

on db_name *:. specified to operate on a library, a library privileges only

on db_name.tables_name: Specify a table in the library there is a certain operating authority

on db_name.routine_name: Specifies the stored procedure or stored function of a library

5.2, use the command show grants command to view permissions

SQL [(none)]> show grants;

+--------------------------------------------------------------------------------------------------------------------------------+

| Grants for root@% |

+--------------------------------------------------------------------------------------------------------------------------------+

| GRANT ALL PRIVILEGES ON . TO 'root'@'%' IDENTIFIED BY PASSWORD '*0FC3121124C80F34B383F5FCA33F0D68B6AFA1C0' WITH GRANT OPTION |

+--------------------------------------------------------------------------------------------------------------------------------+

1 row in set (0.01 sec)

MySQL [(none)]>

5.3 Liezi

5.3.1, all privileges authorized administrator privileges [] to one account

Creating boos users and set password is boss, authorize all operations for all libraries and tables and allow all addresses connected

MySQL [(none)]> grant all privileges on . to 'boos'@'%' identified by 'boss';

Query OK, 0 rows affected (0.02 sec)

MySQL [(none)]>

Sign in to see

[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uboos -h120.76.32.14 -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MySQL connection id is 1217

Server version: 5.6.35 Source distribution

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| Test |

| Ceshi |

| employees |

| mysql |

| performance_schema |

| test |

+--------------------+

7 rows in set (0.01 sec)

MySQL [(none)]>

MySQL [(none)]> select user();

+---------------------+

| user() |

+---------------------+

| [email protected] |

+---------------------+

1 row in set (0.02 sec)

MySQL [(none)]>

5.3.2, all rights licensed to account only for a certain database

Create an account and add a password zhang zhang, modify permissions for all operations on ceshi library

MySQL [(none)]> grant all privileges on ceshi.* to 'zhang'@'%' identified by 'zhang' ;

Query OK, 0 rows affected (0.02 sec)

MySQL [(none)]>

[root@iZ2zegql6fupnhn8aei0bgZ ~]# mysql -uzhang -h120.76.32.14 -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MySQL connection id is 1458

Server version: 5.6.35 Source distribution

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| Ceshi |

| test |

+--------------------+

3 rows in set (0.02 sec)

MySQL [(none)]> show grants;

+-------------------------------------------------------------------+

| Grants for zhang@% |

+-------------------------------------------------------------------+

| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD <secret> |

| GRANT ALL PRIVILEGES ON ceshi.* TO 'zhang'@'%' |

+-------------------------------------------------------------------+

2 rows in set (0.01 sec)

MySQL [(none)]> use test;

Database changed

MySQL [test]> show tables;

Empty set (0.02 sec)

5.3.3 authorizing certain rights to a particular account, there is only operated against a database

Create an account zhang and run all the ip address to connect and create a password zhang, set permissions only ceshi database select query

MySQL [(none)]> grant select on ceshi.* to 'zhang'@'%' identified by 'zhang';

Query OK, 0 rows affected (0.02 sec)

MySQL [(none)]>

MySQL [(none)]> show grants;

+-------------------------------------------------------------------+

| Grants for zhang@% |

+-------------------------------------------------------------------+

| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD <secret> |

| GRANT SELECT ON ceshi.* TO 'zhang'@'%' |

+-------------------------------------------------------------------+

2 rows in set (0.02 sec)

MySQL [(none)]>

Use create table to create a test, whether there is permission to create, as the display is not created, that there is no authority

MySQL [ceshi]> create table t1;

ERROR 1142 (42000): CREATE command denied to user 'zhang'@'120.76.32.14' for table 't1'

MySQL [ceshi]>

Adding create permission to create the account in zhang

MySQL [(none)]> grant create on ceshi.* to 'zhang'@'%' identified by 'zhang';

Query OK, 0 rows affected (0.02 sec)

Permission to view this account

MySQL [(none)]> show grants for 'zhang'@'%';

+------------------------------------------------------------------------------------------------------+

| Grants for zhang@% |

+------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |

| GRANT SELECT, CREATE ON ceshi.* TO 'zhang'@'%' |

+------------------------------------------------------------------------------------------------------+

2 rows in set (0.01 sec)

MySQL [(none)]>

5.3.4, authorize a column

MySQL [ceshi]> grant select(table_name,engine) on test.t to 'zhang'@'localhost';

Sixth, revoke privileges

The format command: revoke privileges on the database table from 'user' @ 'host';

View zhang current user's permissions list

MySQL [ceshi]> show grants for 'zhang'@'%';

+------------------------------------------------------------------------------------------------------+

| Grants for zhang@% |

+------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |

| GRANT SELECT, CREATE ON ceshi.* TO 'zhang'@'%' |

+------------------------------------------------------------------------------------------------------+

2 rows in set (0.02 sec)

MySQL [ceshi]>

To create user permissions zhang deleted, it can not be used to create create

MySQL [ceshi]> revoke create on ceshi.* from 'zhang'@'%';

Query OK, 0 rows affected (0.02 sec)

MySQL [ceshi]> show grants for 'zhang'@'%';

+------------------------------------------------------------------------------------------------------+

| Grants for zhang@% |

+------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON . TO 'zhang'@'%' IDENTIFIED BY PASSWORD '*5D83A6402DF44A7D8EC2B8861B19F8A2F4F3EA2F' |

| GRANT SELECT ON ceshi.* TO 'zhang'@'%' |

+------------------------------------------------------------------------------------------------------+

2 rows in set (0.01 sec)

MySQL [ceshi]>

Seven, modify account password

Command Format: set password for 'user' @ 'host' = password ( 'NEW-password');

MySQL [ceshi]> set password for 'zhang'@'%' = password('boss');

Query OK, 0 rows affected (0.02 sec)

Eight, how to resource constraints on an account

Resources including:

resource_option: {

| MAX_QUERIES_PER_HOUR count

| MAX_UPDATES_PER_HOUR count

| MAX_CONNECTIONS_PER_HOUR count

| MAX_USER_CONNECTIONS count

Every hour the number of links

Each query account how many times each hour

Each account updated many times each hour

Each account every hour how many concurrent link

8.1, every hour can not exceed 2 queries

MySQL [ceshi]> grant all privileges on . to 'boss'@'%' with MAX_QUERIES_PER_HOUR 2;

Query OK, 0 rows affected (0.02 sec)

MySQL [ceshi]>

Nine, retrieve password

[root@iZ2ze2rrr9fg73mstmet9tZ ~]# /usr/local/mysql/bin/mysqld_safe --skip-grant-tables &

[root@iZ2ze2rrr9fg73mstmet9tZ ~]#mysql

Empty root password

MySQL [ceshi]> update user set password='' where user='root' and host='localhost'