grant 权限 on 数据库.表 to 用户名@'登录主机' identified by '密码'
权限包括:select/insert/update/delete,多个权限用逗号分割,all表示所有权限。
所有数据库的所有表可以用*.*表示。
登录主机可以说localhost、主机ip,多个ip用逗号隔开,%表示所有主机。
例如:grant all on *.* to root@"%" identified by "root";
=============================================================
Nowadays security is more and more important even in case of smaller websites. As a lot of site uses some database so this is one point where we can make some improvements.
In this article we will work with MySQL on our goal is to create a new user in the database.
There are more ways how you can do this.
- Using CREATE USER and/or GRANT commands
- Inserting a new record into the mysql.user table
First let's see how to use the CREATE USER command. Here I have to mention that thi s command is available only in MySQL 5 (5.0.2) and newer releases. The syntax is the following:
CREATE USER user [IDENTIFIED BY [PASSWORD] 'password']
Here is an example:
Code:
-
-
CREATE USER
'user1'@
'localhost' IDENTIFIED
BY
'pass1';
-
Now if you check the mysql.user table you can find a new record in it. Notice that all priviliges are set to No so this user can do nothing in the DB. To add some preiviliges we can use the GRANT command as follows:
Code:
-
-
GRANT
SELECT,
INSERT,
UPDATE,
DELETE ON *.* TO
'user1'@
'localhost';
-
Here we have added only the most important priviliges to the user. With the setting above this user is good to run a CMS or a blog, however with such settings this user is not able to install them as it can not create tables.
To add all priviliges to the user you don't have to list all of them but you can use the ALL shortcut as follows:
Code:
-
-
GRANT ALL ON *.* TO
'user1'@
'localhost';
-
You can create a new MySQL user in one step as well using again the GRANT command with a small extension as here:
Code:
-
-
GRANT ALL ON *.* TO
'user2'@
'localhost' IDENTIFIED
BY
'pass1';
-
The above examples used dedicated commands, but sumtimes you maybe want to add a new MySQL user via directly editing the mysql.user table. In this case you just inserts a new record into the table with a normal INSERT command:
Code:
-
-
INSERT
INTO user
(Host,User,Password
)
-
VALUES
(
'localhost',
'user3',PASSWORD
(
'pass3'
));
-
Or you can add some priviliges as well in a form like this:
Code:
-
-
INSERT
INTO user
(Host,User,Password,Select_priv,Insert_priv
)
-
VALUES
(
'localhost',
'user4',PASSWORD
(
'pass3'
),
'Y',
'Y'
);
-
That's it!