MySQL

5.6.40 MySQL Community Server (GPL)

MySQL账户是由用户名和主机名构成的。('root'@'localhost')

用户名长度限制为16个字符。

(经测试 MySQL 8.0 基本类似,除设置账户密码时 PASSWORD() 函数不能再使用)


一、查看账户信息

mysql 用户信息存储在数据库【mysql】的表【user】中。

mysql> use mysql;
Database changed
mysql> select * from user;

二、账户设置

1. 新增账户

创建账户'dogs'@'localhost',只允许本机访问。明文密码‘123456’;

mysql> create user 'dogs'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)

创建账户'cats'@'%',允许所有网络访问。密文密码'*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' (123456);

mysql> create user 'cats'@'%' identified by password '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9';
Query OK, 0 rows affected (0.00 sec)

创建账户不指定主机和密码;

mysql> create user 'other';
Query OK, 0 rows affected (0.00 sec)

在所有账户信息操作时,不声明主机默认为‘%’,允许所有主机访问。 

不设置密码,则登录时不需要输入密码。


默认权限

mysql> show grants for 'dogs'@'localhost';
+--------------------------------------------------------------------------+
| Grants for dogs@localhost                                                |
+--------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'dogs'@'localhost' IDENTIFIED BY PASSWORD <secret> |
+--------------------------------------------------------------------------+
1 row in set (0.00 sec)

2.重命名账户

mysql> rename user 'other' to 'other'@'miselehe.com';
Query OK, 0 rows affected (0.00 sec)
mysql> rename user 'other'@'miselehe.com' to 'other'@'localhost';
Query OK, 0 rows affected (0.00 sec)

3.修改密码

在不指定主机时,默认是’%‘,一下两句效果相同;

mysql> set password for 'other' = password('123456');
Query OK, 0 rows affected (0.00 sec)
mysql> set password for 'other'@'%' = password('123456');
Query OK, 0 rows affected (0.00 sec)

账户不存在时 报错:

mysql> set password for 'other'@'localhost' = password('123456');
ERROR 1133 (42000): Can't find any matching row in the user table

注意:

1. 在修改密码时不使用password('')时,等号后边应该跟密文密码。

2. 在不指定账户时,默认修改当前账户密码(set password = password('123456'));


通过命令行修改密码:

mysqladmin -u user_name -h host_name password "password"

密码过期问题:https://dev.mysql.com/doc/refman/5.6/en/expired-password-handling.html

三、权限设置

查看权限列表

SHOW PRIVILEGES;


1. 设置权限

GRANT priv1,priv2... ON db_name.table_name TO 'username'@'host' [IDENTIFIED BY 'password'];

如果账户不存在将会创建该账户!!!


设置数据库 ’dogs‘ 下的所有权限给 'dogs'@'%';

mysql> grant all on dogs.* to 'dogs'@'%';
Query OK, 0 rows affected (0.00 sec)

设置数据库‘cats’下表‘t_cats’的select和insert权限给账户'cats'@'%';

mysql> grant select,insert on cats.t_cats to 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

设置other@'%'所有权限;

mysql> grant all on *.* to 'other'@'%';
Query OK, 0 rows affected (0.00 sec)

2. 查看权限

SHOW GRANTS FOR 'username'@'host';


mysql> show grants for 'cats'@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for cats@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cats'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT ON `cats`.`t_cats` TO 'cats'@'%'                                               |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

3. 撤销权限

REVOKE priv1,priv2... ON db_name.table_name FROM 'username'@'host';


为了更好表达,在撤销权限前,将数据库‘dogs’的所有权限给与'cats'@'%'。

mysql> grant all on dogs.* to 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

查看'cats'@'%'权限:

mysql> show grants for 'cats'@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for cats@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cats'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT ALL PRIVILEGES ON `dogs`.* TO 'cats'@'%'                                                      |
| GRANT SELECT, INSERT ON `cats`.`t_cats` TO 'cats'@'%'                                               |
+-----------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

可以看出每次授权都有新的信息。

想要删除'cats'@'%'的所有权限 如下是不可以的

mysql> revoke all on *.* from 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

我们查看后,'cats'@'%'的权限没有任何变化。

所以在撤销授权的时候需要参考授权信息。

去除'cats'@'%'账户对数据库'dogs'的权限:

mysql> revoke all on dogs.* from 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

再次查看:

mysql> show grants for 'cats'@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for cats@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cats'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT ON `cats`.`t_cats` TO 'cats'@'%'                                               |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

操作成功。

所以去除'cats'@'%'账户对数据库'cats'的权限,会出下如下情况:

mysql> revoke all on cats.* from 'cats'@'%';
ERROR 1141 (42000): There is no such grant defined for user 'cats' on host '%'
mysql> revoke select,insert on cats.* from 'cats'@'%';
ERROR 1141 (42000): There is no such grant defined for user 'cats' on host '%'
mysql> revoke select,insert on cats.t_cats from 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

权限设置官方手册:https://dev.mysql.com/doc/refman/5.6/en/grant.html


4. 刷新权限:

flush privileges;

在直接通过修改数据表,而不是通过指令进行操作时,需要执行。


四、删除账户

mysql> drop user 'cats'@'localhost';
ERROR 1396 (HY000): Operation DROP USER failed for 'cats'@'localhost'
mysql> drop user 'cats'@'%';
Query OK, 0 rows affected (0.00 sec)

删除账户时用户名和主机需要一致。

而且,在账户登录服务器时,删除账户信息。该账户的会话不会被中断,且所有操作均有效,但退出再登录则被拒绝访问。


转载请指明出处!http://www.miselehe.com/article/view/73