MySQL8.0 remote access and user authorization settings

Article Directory

1, open the MySQL remote connections
2, shut down the MySQL remote connections
3, modify firewall rules, open port
4, to create a user and user authorization
5, delete users and permissions

1, open the MySQL remote connections

mysql -u root -p # conduct some operations into the MySQL database.
MySQL> MySQL use;
MySQL> Update User SET user.Host = '%' WHERE user.user = 'the root';
MySQL> the flush privileges;

Note: The Host is set to '%' means any IP can connect MySQL, also '%' can be changed to specify ip
Here Insert Picture Description
If a remote connection encounter the following error:

Unable to load authentication plugin 'caching_sha2_password'.

The reason: because mysql8 using caching_sha2_password encryption rules.
Solution:

Modify the encryption rules for connecting remote users.

mysql> ALTER USER ‘test’@’%’ IDENTIFIED WITH mysql_native_password BY ‘12345’;

Modify the configuration file.

#vi /etc/my.cnf
added the following content: default_authentication_plugin = mysql_native_password

2, shut down the MySQL remote connections

If there is a remote connection needs to close, in fact, we only need to Host revert to the default settings (only local connection) can be as follows:

mysql -u root -p # conduct some operations into the MySQL database.
MySQL> MySQL use;
MySQL> Update User SET user.Host = 'localhost' WHERE user.user = 'the root';
MySQL> the flush privileges;

Here Insert Picture Description
The above operations can be used to verify whether to amend the successful host, user fields to see the MySQL user table:

mysql> select host,user from user;

Here Insert Picture Description

3, modify firewall rules, open port

If the server firewall is not closed, after turning on the MySQL remote connections also need to set up a firewall, open its ports (eg: 3306), here to centos7 for example, other versions of your own Baidu, as follows:

# centos7 open firewall ports
firewall-cmd --zone = public --add- port = 3306 / tcp --permanent

Here Insert Picture Description
Parameter Description:
--zone # scope
--add-port = 3306 / tcp # Add port, the format is: port / protocol
--permanent # permanent, this argument does not restart after failure

systemctl restart firewalld # reboot the firewall, or firewall-cmd --reload (updated firewall rules)
Firewall-cmd --list-# View the ports already open ports

Here Insert Picture Description

systemctl status firewalld # View firewall status, or firewall-cmd -state

This, basically you can connect the MySQL tools remotely.

4, to create a user and user authorization

Users have all the privileges granted to test all the catalogs in all tables

Before granting permission to talk about MySQL8.0 new syntax:
because MySQL8.0 enhance the level of security, more rigorous, and therefore create user authorization can not be the same as before with a complete SQL statement, and now you must create a user password, and then authorization.

# Previously can be used directly as an SQL:
MySQL> Grant All privileges ON . To the Test @ '%' IDENTIFIED by '12345';

If you execute this SQL MySQL8.0 the above SQL syntax error will be reported.

# You must create at MySQL8.0 user can access any host:
MySQL> the Create the User the Test @ '%' IDENTIFIED by '12345';
# then the user is authorized:
MySQL> Grant All ON . To the Test @ '% '; #privileges may be omitted!
mysql> flush privileges; # refresh permission

MySQL8.0 create user and authorization
Note: In MySQL8.0 in, if you create a user and grant all privileges, even though it may not delete these users with root user, will be reported

ERROR 1227 (42000): Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation

Figure:
Here Insert Picture Description
The reason : This is due to MySQL8.0 added a SYSTEM_USER authority, if creating users and granting all privileges will be given SYSTEM_USER authority, and root user does not have this permission, you can not delete other users.
Solution: