Mysql用户管理

最新推荐文章于 2024-05-11 11:28:27 发布

情勤坊

最新推荐文章于 2024-05-11 11:28:27 发布

阅读量150

点赞数

文章标签： mysql 数据库 java

原文链接：https://www.cnblogs.com/diantong/p/11024294.html

版权

本文转载自：博客园 https://www.cnblogs.com/diantong/p/11024294.html
(1).查看用户及用户权限

mysql中的用户信息和权限等都存储在一个名为mysql的数据库中。其中主要用到的是user、db、tables_priv、columns_priv、procs_priv这五张表，最重要的是user表。

user表存储全局权限，适用于一个给定服务器中的所有数据库，在命令中展现形式为*.*；

db表存储数据库权限，适用于一个给定数据库中的所有表，在命令中展现形式为[数据库名].*；

tables_priv表存储表权限，适用于一个给定表中的所有列，在命令中展现形式为[数据库名].[表名]；

columns_priv表存储列权限，适用于一个给定表中的单一列，在命令中展现形式为；

CREATE ROUTINE, ALTER ROUTINE, EXECUTE和GRANT权限，适用于已存储的子程序。这些权限可以被授予为全局层级和数据库层级，而且除了CREATE ROUTINE外，这些权限可以被授予为子程序层级，并存储在procs_priv表中。

mysql> show grants for ‘root’@‘localhost’;　　//会以授权命令显示用户的权限
±--------------------------------------------------------------------+
| Grants for root@localhost |
±--------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON . TO ‘root’@‘localhost’ WITH GRANT OPTION |
| GRANT PROXY ON ‘’@‘’ TO ‘root’@‘localhost’ WITH GRANT OPTION |
±--------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ‘test’@‘localhost’;
±--------------------------------------------------+
| Grants for test@localhost |
±--------------------------------------------------+
| GRANT USAGE ON . TO ‘test’@‘localhost’ |　　//USAGE，无权限，只能连接数据库和查询infomation_schema
| GRANT SELECT ON test_db.* TO ‘test’@‘localhost’ |
±--------------------------------------------------+
2 rows in set (0.00 sec)
(2).创建用户

查看validate_password_policy（密码复杂度）、validate_password_length（密码长度）、validate_password_number_count（密码中数字字符长度）、validate_password_special_char_count（密码中特殊符号字符长度）、validate_password_mixed_case_count（密码中大小写字母长度）这五个参数。注意，密码长度>=[密码中数字字符长度+密码中特殊符号字符长度+(2*密码中大小写字母长度)]

首先查看的是validate_password_policy，如果报错或显示LOW只需要再查看validate_password_length，密码长度符合这个参数即可。显示其他的都需要查看所有参数，满足密码中字符的长度要求。

当然可以为了简便，关闭密码复杂度这个参数，或者调整到LOW强度，只要自己设置的适合注意密码强度问题。可以在/etc/my.cnf配置文件的[mysqld]模块添加或修改validate-password=OFF，然后重启mysqld服务；也可以在mysql内部执行set global validate_password_policy=0;调整到LOW强度，然后flush privileges;刷新权限表即可。

五个参数的相关命令：
select @@[参数名];　　//查看全局参数的值
set global [参数名];　　//设置全局参数的值
flush privileges;　　//刷新权限表
　　创建用户命令：
create user ‘[新用户名]’@‘[作用域]’ identified by ‘[密码]’;
flush privileges;　　//创建完要记得刷新权限表
　　作用域上面也说过，可以是localhost本地，也可以是192.168.2.%类似的网段，还可以是%外网所有地址。

实例：
mysql> create user ‘t1’@‘localhost’ identified by ‘12345678’;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t1’@‘localhost’;　　//可以看到目前是没有权限的
±---------------------------------------+
| Grants for t1@localhost |
±---------------------------------------+
| GRANT USAGE ON . TO ‘t1’@‘localhost’ |
±---------------------------------------+
1 row in set (0.00 sec)
(3).创建用户并授权、给已有用户授权、给已有用户授权并修改密码

其实用的是同一个命令
grant [权限] on [数据库名].[表名] to ‘[用户名]’@‘[作用域]’ identified by ‘[密码]’;
flush privileges;　　//记得刷新权限表
　　权限为ALL PRIVILEGES或ALL是所有权限，还有单个权限select、update、insert、delete等，单个权限之间用逗号隔开，详细可以查看下mysql.user表的表结构。

[数据库名].[表名]为*.*时表示所有数据库。

如果不存在identified by '[密码]'时，密码维持原样。

给已有用户授权实例：
mysql> grant all privileges on test.* to ‘t1’@‘localhost’;　　//密码维持原样
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t1’@‘localhost’;
±-----------------------------------------------------+
| Grants for t1@localhost |
±-----------------------------------------------------+
| GRANT USAGE ON . TO ‘t1’@‘localhost’ |
| GRANT ALL PRIVILEGES ON test.* TO ‘t1’@‘localhost’ |
±-----------------------------------------------------+
2 rows in set (0.00 sec)

mysql> exit
Bye
[root@youxi1 ~]# mysql -ut1 -p12345678　　//原密码成功登陆
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.26 MySQL Community Server (GPL)

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>
　　给已有用户授权并修改密码实例：
mysql> grant select on mysql.* to ‘t1’@‘localhost’ identified by ‘abcdefgh’;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t1’@‘localhost’;
±-----------------------------------------------------+
| Grants for t1@localhost |
±-----------------------------------------------------+
| GRANT USAGE ON . TO ‘t1’@‘localhost’ |
| GRANT ALL PRIVILEGES ON test.* TO ‘t1’@‘localhost’ |
| GRANT SELECT ON mysql.* TO ‘t1’@‘localhost’ |
±-----------------------------------------------------+
3 rows in set (0.01 sec)

mysql> exit
Bye
[root@youxi1 ~]# mysql -ut1 -p12345678　　//原密码报错了
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user ‘t1’@‘localhost’ (using password: YES)
[root@youxi1 ~]# mysql -ut1 -pabcdefgh;　　//新密码成功登陆
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.26 MySQL Community Server (GPL)

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>
　　创建用户并授权实例：
mysql> grant all on test_db.* to ‘t2’@‘localhost’ identified by ‘12345678’;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t2’@‘localhost’;　　//权限正确
±--------------------------------------------------------+
| Grants for t2@localhost |
±--------------------------------------------------------+
| GRANT USAGE ON . TO ‘t2’@‘localhost’ |
| GRANT ALL PRIVILEGES ON test_db.* TO ‘t2’@‘localhost’ |
±--------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> exit
Bye
[root@youxi1 ~]# mysql -ut2 -p12345678;　　//可以登录
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.7.26 MySQL Community Server (GPL)

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>
(4).进入mysql后修改用户密码

密码相关参数，该看的还是要看。进入mysql后修改密码命令如下：
alter user ‘[用户名]’@‘[作用域]’ identified by ‘[新密码]’;　　//两个都是修改密码的命令，使用其中一个就好
set password for [用户名]@[作用域]=password(‘[新密码]’);
flush privileges;　　//刷新权限表，
　　只展示上面一个实例：
mysql> alter user ‘t1’@‘localhost’ identified by ‘12345678’;
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
[root@youxi1 ~]# mysql -ut1 -p12345678;
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.26 MySQL Community Server (GPL)

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>
(5).撤销用户权限

撤销命令和授权命令格式类似，如下：
revoke [权限] on [数据库名].[表名] from ‘[用户名]’@‘[作用域]’;
flush privileges;　　//属性权限表
　　实例：
mysql> show grants for ‘t1’@‘localhost’;　　//查看权限
±-----------------------------------------------------+
| Grants for t1@localhost |
±-----------------------------------------------------+
| GRANT USAGE ON . TO ‘t1’@‘localhost’ |
| GRANT ALL PRIVILEGES ON test.* TO ‘t1’@‘localhost’ |
| GRANT SELECT ON mysql.* TO ‘t1’@‘localhost’ |
±-----------------------------------------------------+
3 rows in set (0.00 sec)

mysql> revoke select on mysql.* from ‘t1’@‘localhost’;　　//去除权限
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t1’@‘localhost’;　　//权限去除成功
±-----------------------------------------------------+
| Grants for t1@localhost |
±-----------------------------------------------------+
| GRANT USAGE ON . TO ‘t1’@‘localhost’ |
| GRANT ALL PRIVILEGES ON test.* TO ‘t1’@‘localhost’ |
±-----------------------------------------------------+
2 rows in set (0.01 sec)
(6).删除用户

删除用户其实就是删除mysql.user表里的对应记录，命令如下：
drop user ‘[用户名]’@‘[作用域]’;　　//建议使用这个
delete from mysql.user where user=‘[用户名]’ and host=‘[作用域]’;
flush privileges;　　//刷新权限表
　　建议使用第一个删除用户的命令，因为第二个命令会有数据残留。

实例：
mysql> delete from mysql.user where user=‘t1’ and host=‘localhost’;　　//使用第二个命令删除用户
Query OK, 1 row affected (0.00 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘t1’@‘localhost’;　　//这个命令是查不到了
ERROR 1141 (42000): There is no such grant defined for user ‘t1’ on host ‘localhost’

mysql> select * from mysql.db where user=‘t1’ and host=‘localhost’\G　　//但是到实际存储权限的表中查看时，还是存在的
*************************** 1. row ***************************
Host: localhost
Db: test
User: t1
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Execute_priv: Y
Event_priv: Y
Trigger_priv: Y
1 row in set (0.00 sec)

mysql> drop user ‘t2’@‘localhost’;　　//使用第一个删除用户命令
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;　　//刷新权限表
Query OK, 0 rows affected (0.00 sec)

mysql> select * from mysql.db where user=‘t2’ and host=‘localhost’\G　　//没有残留
Empty set (0.00 sec)
(7).忘记密码的修改方法

修改配置文件，注意：如果有validate-password=off 请注释掉或删除掉，否则重启报错
[root@youxi1 ~]# vim /etc/my.cnf
skip-grant-tables　　//添加
[root@youxi1 ~]# systemctl restart mysqld
　　然后进入mysql修改
[root@youxi1 ~]# mysql
mysql> update user set authentication_string=password(‘654321’) where user=‘root’;
mysql> flush privileges;　　//刷新权限表
　　最后还原配置文件中的参数，重启启动mysqld。测试即可。