mysql用户和权限管理

mysqld进程在启动的时候,将table,host,db,table_privs,clumn_privs,procs_privs,proxies_privs载入内存.


用户账号:

用户名+主机

用户名:16字符以内.

主机:

主机名: mytest

IP地址:172.168.1.20

网络地址:172.168.1.0/255.255.0.0

通配符:

172.168.%.%

172.168.1.2__

%.qq.com,注如果是域名,则mysql需要进行解析,如果取消解析,可以在启动mysqld服务时,增加参数--skip-name-resolve.

权限分以下几种:

1.全局级别.

2.库级别.

3.表级别

4.列级别.

5.存储过程和存储函数.

创建用户:

1.create user mytest@'%' identified by 'mytest';  //方式自动通知mysql读取授权表.

2.grant all on mysql.* to mytest@'%' identified by "mytest";

3.insert into mysql.user,该方式需要执行flush privlieges,触发mysql重新读取用户权限信息.

mysql> create database mytest;

ERROR 1044 (42000): Access denied for user 'mytest'@'localhost' to database 'mytest'(未授权前)

---------------------------------------------------------

在另外一个窗口给用户授权.

mysql> grant create on mytest.* to mytest@localhost;

Query OK, 0 rows affected (0.00 sec)

---------------------------------------------------------

mysql> create database mytest;

Query OK, 1 row affected (0.01 sec)


mysql> use mytest;

Database changed

mysql> create table mytab1(id int not null auto_increment  primary key,name char(20));

Query OK, 0 rows affected (0.03 sec)

---------------------------------------------------------

在另外一个窗口给用户授权.

mysql> grant select,insert on mytest.* to mytest@localhost;

Query OK, 0 rows affected (0.00 sec)

mysql> grant alter on mytest.* to mytest@localhost;

Query OK, 0 rows affected (0.00 sec)

---------------------------------------------------------

重新登录后,即可对表执行insert与update.

mysql> alter table mytab1 add age tinyint;

ERROR 1142 (42000): ALTER command denied to user 'mytest'@'localhost' for table 'mytab1'

mysql> \r

Connection id:    22

Current database: mytest


mysql> alter table mytab1 add age tinyint;

Query OK, 3 rows affected (0.02 sec)

Records: 3  Duplicates: 0  Warnings: 0

查看授权信息:

mysql> grant all on mysql.* to mytest@'%' identified by "mytest";

Query OK, 0 rows affected (0.07 sec)


mysql> show grants for mytest@'%';

+-------------------------------------------------------------------------------------------------------+

| Grants for mytest@%                                                                                   |

+-------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'mytest'@'%' IDENTIFIED BY PASSWORD '*58F4612C3598D20A3C51A37D7B2643BF15806832' |

| GRANT ALL PRIVILEGES ON `mysql`.* TO 'mytest'@'%'                                                     |

+-------------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)

grant all on table db.mytest to mytest@'%';

grant all on function db.mytest to mytest@'%';

with_option:

GRANT OPTION

 | MAX_QUERIES_PER_HOUR count  //每小时最多查询次数,0表示无限制.

 | MAX_UPDATES_PER_HOUR count //每小时最多更新次数,0表示无限制.

 | MAX_CONNECTIONS_PER_HOUR count //每小时最多连接次数,0表示无限制.

 | MAX_USER_CONNECTIONS count //最大用户同时连接数,0表示无限制.

给字段授权:

mysql> grant update(age) on mytest.mytab1 to mytest@localhost;

Query OK, 0 rows affected (0.00 sec)


授权超级用户权限:

mysql> grant super on *.* to mytest@localhost;

Query OK, 0 rows affected (0.00 sec)


收回权限:

mysql> show grants for mytest@127.0.0.1;

+---------------------------------------------------------------------------------------------------------------+

| Grants for mytest@127.0.0.1                                                                                   |

+---------------------------------------------------------------------------------------------------------------+

| GRANT SUPER ON *.* TO 'mytest'@'127.0.0.1' IDENTIFIED BY PASSWORD '*58F4612C3598D20A3C51A37D7B2643BF15806832' |

| GRANT SELECT, INSERT, CREATE, ALTER ON `mytest`.* TO 'mytest'@'127.0.0.1'                                     |

| GRANT UPDATE (age) ON `mytest`.`mytab1` TO 'mytest'@'127.0.0.1'                                               |

+---------------------------------------------------------------------------------------------------------------+

3 rows in set (0.00 sec)


mysql> revoke select on mytest.* from mytest@127.0.0.1;

Query OK, 0 rows affected (0.00 sec)

删除用户:

drop user 用户名@主机.

重命名用户:

rename user new@主机名 to old_name@主机名;

mysql> rename user mytest@localhost to mytest@127.0.0.1;

Query OK, 0 rows affected (0.00 sec)


初始化mysql密码:

通过设置--skip-grant-tables和--skip-networking,重启mysqld服务:

[root@idc131 ~]# service mysqld stop

Shutting down MySQL... SUCCESS! 

[root@idc131 ~]# mysqld_safe  --skip-grant-tables --skip-networking --user=mysql &


修改所有用户密码:

mysql> update mysql.user set password=password('mysql');

Query OK, 4 rows affected (0.00 sec)

Rows matched: 4  Changed: 4  Warnings: 0

重启mysql服务:

[root@idc131 ~]# service mysqld restart

Shutting down MySQL.140803 23:09:12 mysqld_safe mysqld from pid file /usr/local/mysql/data/idc131.pid ended

SUCCESS! 

Starting MySQL.. SUCCESS! 

[1]+  Done                    mysqld_safe --skip-grant-tables --skip-networking --user=mysql

[root@idc131 ~]# 

[root@idc131 ~]# 

[root@idc131 ~]# mysql -uroot -p 

Enter password: 

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.5.38-log MySQL Community Server (GPL)


Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.


Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


mysql> 

注意:此次因服务启动时,未读取授权表,故无法通过以下方式修改密码:

mysql> set password root@'localhost'=password('123');

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'root@'localhost'=password('123')' at line 1