Article Directory
1, open the MySQL remote connections
mysql -u root -p # conduct some operations into the MySQL database.
MySQL> MySQL use;
MySQL> Update User SET user.Host = '%' WHERE user.user = 'the root';
MySQL> the flush privileges;
Note: The Host is set to '%' means any IP can connect MySQL, also '%' can be changed to specify ip
If a remote connection encounter the following error:
Unable to load authentication plugin 'caching_sha2_password'.
The reason: because mysql8 using caching_sha2_password encryption rules.
Solution:
- Modify the encryption rules for connecting remote users.
mysql> ALTER USER ‘test’@’%’ IDENTIFIED WITH mysql_native_password BY ‘12345’;
- Modify the configuration file.
#vi /etc/my.cnf
added the following content: default_authentication_plugin = mysql_native_password
2, shut down the MySQL remote connections
If there is a remote connection needs to close, in fact, we only need to Host revert to the default settings (only local connection) can be as follows:
mysql -u root -p # conduct some operations into the MySQL database.
MySQL> MySQL use;
MySQL> Update User SET user.Host = 'localhost' WHERE user.user = 'the root';
MySQL> the flush privileges;
The above operations can be used to verify whether to amend the successful host, user fields to see the MySQL user table:
mysql> select host,user from user;
3, modify firewall rules, open port
If the server firewall is not closed, after turning on the MySQL remote connections also need to set up a firewall, open its ports (eg: 3306), here to centos7 for example, other versions of your own Baidu, as follows:
# centos7 open firewall ports
firewall-cmd --zone = public --add- port = 3306 / tcp --permanent
Parameter Description:
--zone # scope
--add-port = 3306 / tcp # Add port, the format is: port / protocol
--permanent # permanent, this argument does not restart after failure
systemctl restart firewalld # reboot the firewall, or firewall-cmd --reload (updated firewall rules)
Firewall-cmd --list-# View the ports already open ports
systemctl status firewalld # View firewall status, or firewall-cmd -state
This, basically you can connect the MySQL tools remotely.
4, to create a user and user authorization
- Users have all the privileges granted to test all the catalogs in all tables
Before granting permission to talk about MySQL8.0 new syntax:
because MySQL8.0 enhance the level of security, more rigorous, and therefore create user authorization can not be the same as before with a complete SQL statement, and now you must create a user password, and then authorization.
# Previously can be used directly as an SQL:
MySQL> Grant All privileges ON . To the Test @ '%' IDENTIFIED by '12345';
If you execute this SQL MySQL8.0 the above SQL syntax error will be reported.
# You must create at MySQL8.0 user can access any host:
MySQL> the Create the User the Test @ '%' IDENTIFIED by '12345';
# then the user is authorized:
MySQL> Grant All ON . To the Test @ '% '; #privileges may be omitted!
mysql> flush privileges; # refresh permission
Note: In MySQL8.0 in, if you create a user and grant all privileges, even though it may not delete these users with root user, will be reported
ERROR 1227 (42000): Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation
Figure:
The reason : This is due to MySQL8.0 added a SYSTEM_USER authority, if creating users and granting all privileges will be given SYSTEM_USER authority, and root user does not have this permission, you can not delete other users.
Solution:
- 不授予用户all权限。(一般为了安全是不可能给一个用户授予all权限的,即便root也没有all权限)
mysql> show grants for root@’%’;
- 授予root用户SYSTEM_USER,然后删除其他用户。
mysql> grant SYSTEM_USER on . to root@’%’;
mysql> flush privileges;
mysql> drop user test@’%’;
- 授予 test 用户拥有所有库所有表部分权限
mysql> grant select,insert,update on . to test@’%’;
mysql> flush privileges;
3. 授予 test 用户拥有testdb库所有表部分权限
mysql> grant select,insert,update on testdb.* to test@’%’;
mysql> flush privileges;
4. 授予 test 用户拥有testdb库test表的部分权限
mysql> grant select,insert,update on testdb.test to test@’%’;
mysql> flush privileges;
更多的权限请自行琢磨,或者一起来琢磨(滑稽.jpg)
5、删除用户及权限
mysql> drop user test@’%’;
mysql> drop user test1@localhost;
欢迎进群:747509472 交流学习!感谢指正!