MySQL 对用户连接访问请求会对IP做最小匹配处理,如:
1、新建两个用户并赋予不同的访问权限
mysql> grant select on *.* to tuser@'10.%' identified by 'tuser';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT USAGE ON *.* TO 'tuser'@'10.1.%';
Query OK, 0 rows affected (0.00 sec)
2、在10网段对db进行连接请求
[root@Test1 ~]# mysql -h10.1.1.1 -utuser -p
Enter password:
ERROR 1045 (28000): Access denied for user 'tuser'@'10.1.1.1' (using password: YES)
[root@Test1 ~]# mysql -h10.1.1.1 -utuser
Welcome to the MySQL monitor. Commands end with ; or \g.
...
mysql> show grants;
+----------------------------------------+
| Grants for tuser@10.1.% |
+----------------------------------------+
| GRANT USAGE ON *.* TO 'tuser'@'10.1.%' |
+----------------------------------------+
1 row in set (0.00 sec)
从结果明显看到,连接的用户是较小IP段的。将10.% 网段的tuser设为空密码,出来的结果也是一样。