可能做开发的多半不太关注这方面,但是要说到做运维,那就不能不关注了。因为我们都知道,root的权限太大了,不是随便能用的,我们平时最好用一些比较低的权限的用户,这样会让我们的安全性大大提高,也能防止我们平常中因为误操作而造成不必要的损失。
首先我们需要查看mysql中的所有账户,我们在mysql数据库中的user表中查看信息即可,但是呢,由于我们直接select * from user的话会显示很多的和权限相关的信息,极大的影响我们的阅读,因此我们这里只查看三个比较重要的字段,下面是我的机器中的操作演示:
mysql> select host,user,password from mysql.user;
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| 127.0.0.1 | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| ::1 | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+-----------+------+-------------------------------------------+
3 rows in set (0.00 sec)
然后我们创建一个用户,这里我们需要制定用户名和连接的地址,也就是一样的用户名(user),不一样的host,也会被当做不一样的对象,我们可以使用通配符,其中%表示匹配任何多个字符,而-表示匹配一个字符。下面我创建一个用户test,并且制定密码为xin,而且可以从任何主机登录,看我操作:
mysql> create user 'test'@'%' identified by 'xin';
Query OK, 0 rows affected (0.23 sec)
这里我们用该用户登录的信息显示如下:
C:\Users\Administrator>mysql -u test -pxin
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 5.7.3-m13 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
比如我们此时想查看一下user信息都有什么,结果却发现:
mysql> select host,user,password from mysql.user;
ERROR 1142 (42000): SELECT command denied to user 'test'@'localhost' for table 'user'
mysql>
也就是我们这里并不用有select该user表的权限,那么就会涉及到权限管理了,我们这里可以用show grants来查看一下自己的权限:
mysql> show grants;
+-----------------------------------------------------------------------------------------------------+
| Grants for test@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*76995602B7611FA37648852F235D6ECB29D844E2' |
+-----------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
由于这里的test用户的权限还是很小的,我们还是使用root用户登录,然后此时我们看一下用户表,就发现多了一个新用户:
mysql> select host,user,password from mysql.user;
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| 127.0.0.1 | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| ::1 | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| % | test | *76995602B7611FA37648852F235D6ECB29D844E2 |
+-----------+------+-------------------------------------------+
4 rows in set (0.00 sec)
root用户具有至高无上的权限,因此他可以修改密码,第一种方式就是使用set password语句,比如我们给刚才的新用户设置一个密码,我们可以使用如下命令:
mysql> set password for 'test'@'%' = password('qian');
Query OK, 0 rows affected (0.00 sec)
此时我们就可以使用test这个用户登录了,下面看我代码:
C:\Users\Administrator>mysql -u test -pqian
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.7.3-m13 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
其实我们还可以直接使用update语句来修改user这个表,但是我们需要使用flush privileges;来让它立即生效:
mysql> update mysql.user set password = password('nan') where user = 'test';
Query OK, 1 row affected (0.05 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.03 sec)
然后我们就可以用'nan‘这个密码登录了,我这里就不给出演示代码了,毕竟很简单的操作,我是辛星,求支持。
81
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
