本站以分享各种运维经验和运维所需要的技能为主
《python零基础入门》:python零基础入门学习
《python运维脚本》: python运维脚本实践
《shell》:shell学习
《terraform》持续更新中:terraform_Aws学习零基础入门到最佳实战
《k8》从问题中去学习k8s
《docker学习》暂未更新
《ceph学习》ceph日常问题解决分享
《日志收集》ELK+各种中间件
《运维日常》运维日常
《linux》运维面试100问
DCL: 数据控制语言 (grant、revoke)
1.grant授权
#0.授权语句 grant all on *.* to root@'172.16.1.%' identified by '123'; #1.查看用户权限 mysql> show grants for root@'localhost'; | Grants for root@localhost | | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | #2.全库全表授权 mysql> grant all on *.* to root@'172.16.1.%' identified by '123'; Query OK, 0 rows affected (0.00 sec) #3.单库授权 mysql> grant all on mysql.* to root@'172.16.1.%' identified by '123'; Query OK, 0 rows affected (0.00 sec) #4.单表授权 mysql> grant all on mysql.user to root@'172.16.1.%' identified by '123'; Query OK, 0 rows affected (0.00 sec) #5.单列授权(脱敏) mysql> grant select(user,host) on mysql.user to root@'172.16.1.%' identified by '123'; Query OK, 0 rows affected (0.00 sec) #6.扩展参数 max_queries_per_hour:一个用户每小时可发出的查询数量 mysql> grant all on *.* to root@'172.16.1.%' identified by '123' with max_queries_per_hour 2; Query OK, 0 rows affected (0.00 sec) max_updates_per_hour:一个用户每小时可发出的更新数量 mysql> grant all on *.* to root@'172.16.1.%' identified by '123' with max_updates_per_hour 2; Query OK, 0 rows affected (0.00 sec) max_connetions_per_hour:一个用户每小时可连接到服务器的次数 mysql> grant all on *.* to lhd@'172.16.1.%' identified by '123' with max_connections_per_hour 2; Query OK, 0 rows affected (0.00 sec) max_user_connetions:允许同时连接数量 mysql> grant all on *.* to lhd@'172.16.1.%' identified by '123' with max_user_connections 1; Query OK, 0 rows affected (0.00 sec)
2.revoke回收权限
mysql> revoke drop on *.* from lhd@'172.16.1.%'; Query OK, 0 rows affected (0.00 sec) mysql> show grants for lhd@'172.16.1.%'; | Grants for lhd@172.16.1.% | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'lhd'@'172.16.1.%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' WITH MAX_CONNECTIONS_PER_HOUR 2 MAX_USER_CONNECTIONS 1 #所有权限 SELECT, INSERT, UPDATE, DELETE, CREATE, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DROP, GRANT
3.授权超级管理员
grant all on *.* to root@'172.16.1.%' identified by '123' with grant option;