mysql用户创建,及授权
1、首先查看系統(tǒng)中所有的用戶:
?? select host,user from mysql.user;
2、刪除系統(tǒng)的多余帳號語法drop user"user"@"主機域" 注意引號,可以是單或雙引號;
?? 范例: drop user ''@'moban2'
?? #如果為空直接為空即可;
?? #如果drop刪除不了(一般是特殊字符或大寫),可以用下面的方式刪除:
?? 范例:delete from mysql.user where user='root' and host='127.0.0.0.1';
3、創(chuàng)建用戶的時候最好首先通過help查看grant命令幫助:
????CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
????GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
????GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
????GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;
4、運維人員常用的創(chuàng)建方法,使用grant命令創(chuàng)建用戶的時,進行權(quán)限授權(quán):
????范例:grant all privileges? on db1.* to user_name@localhost identified by "password";
????# grant??? all privileges on db1.*? to username@localhost? identified ????by'passwd'?? ??? 授權(quán)命令? 對應權(quán)限(all所有權(quán)限)?? ?? 目標:庫和表用戶名和客戶端主機?? ?用戶密碼?? ?
5、授權(quán)完畢后要刷新權(quán)限:
????flush privileges;
6、查看創(chuàng)建的用戶:
????select host,user from mysql.user;
7、查看創(chuàng)建用戶的權(quán)限: show grants for user_name@localhost;
?? #USAGE 表示用戶只可以登錄,沒有其它權(quán)限,操作的時候顯示Access denied;?
???? 或者:
???? 查看幫助:help create user
????????? ???? CREATE USER 'jeffrey'@'localhost'
????????? ???? IDENTIFIED WITH my_auth_plugin;
???? 先創(chuàng)建用戶:
???? ????????? create user? username@localhost identified by "password";
????? 查看用戶權(quán)限:
????? ???????? show grants for username@localhost;
???? 在授權(quán):
?????????????? grant all on dbname.* to username@localhost;
????? 查看權(quán)限:
?????????????? show grants for username@localhost;
8、授權(quán)局域網(wǎng)內(nèi)主機遠程連接數(shù)據(jù)庫,常見的使用%匹配方法:
?? 范例: grant all on?? *.* to? username_2@'10.10.36.%' identified by "123456";
?? 刷新權(quán)限:flush privileges;
?? 登錄使用-h指定主機,-P指定端口
?? 范例:mysql -u? username_2 -p -h 10.10.36.170
確定mysql 可以授權(quán)的權(quán)限,如果不知道可以這樣:
⑴幫助查看:help revoke (權(quán)限收回)
????REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
⑵權(quán)限查看:show grants for username@localhost;
⑶收回插入權(quán)限:revoke insert? on? *.* from 'user_name'@'localhost';
? #注意此處指定數(shù)據(jù)庫
⑷登錄數(shù)據(jù)庫后權(quán)限查看:show grants for username@localhost;
⑸退出數(shù)據(jù)庫后: mysql -uroot -p123456 -e "show grants for "username"@"localhost";" | grep -i grant? | tail -1|tr ',' '\n' >all.privileges
以下為數(shù)據(jù)庫中的權(quán)限:
SELECT 查詢\INSERT 插入 \UPDATE 更新\DELETE 刪除 \CREATE 創(chuàng)建庫和表\DROP?? ?刪除庫和表\INDEX?? ?索引\ALTER?? ?修改 \CREATE TEMPORARY TABLES 創(chuàng)建臨時表\ LOCK TABLES?? ?鎖表\ EXECUTE?? ?執(zhí)行\(zhòng) CREATE VIEW?? ?創(chuàng)建視圖\ SHOW VIEW?? ?顯示視圖\ CREATE ROUTINE 創(chuàng)建存儲過程\ALTER ROUTINE?? ?修改存儲過程\ EVENT ?? ??? ?事件\ TRIGGER ?? ?觸發(fā)器
或者:select * from mysql.user\G;
9、針對博客、cms 等產(chǎn)品安裝期間要采用最下話原則 :除了select,insert,update,delete4個權(quán)
?? 限外,還需要create,drop等危險權(quán)限
?? 范例:grant select,insert,update,delete,create,drop on blog.* to blog@'10.10.36.%'
????identified by "password";
10、生產(chǎn)數(shù)據(jù)庫后收回權(quán)限(最好評估):
????范例:revoke create,drop on blog.*? from blog@'10.10.36.%';
主從數(shù)據(jù)庫權(quán)限設(shè)定慢慢在補。
轉(zhuǎn)載于:https://blog.51cto.com/linuxboys/1577115
創(chuàng)作挑戰(zhàn)賽新人創(chuàng)作獎勵來咯,堅持創(chuàng)作打卡瓜分現(xiàn)金大獎總結(jié)
以上是生活随笔為你收集整理的mysql用户创建,及授权的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: zabbix 搭建笔记
- 下一篇: 阿里云服务器win2003系统配置IIS