同樣是MySQL的all privileges有啥不同?

原創 全棧運維 2019-02-16 14:13

db.* 和 . 上面的all privileges 有啥不一樣。
咱當兵的人,有啥不一樣...(一起唱)

首先安裝MySQL啓動

root@pts/0 $ wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
--2018-08-02 18:13:58--  http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
Resolving repo.mysql.com (repo.mysql.com)... 23.36.193.224
Connecting to repo.mysql.com (repo.mysql.com)|23.36.193.224|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6140 (6.0K) [application/x-redhat-package-manager]
Saving to: ‘mysql-community-release-el7-5.noarch.rpm’

100%[====================================================================================================================================================================================================================================>] 6,140       16.6KB/s   in 0.4s   r

2018-08-02 18:13:59 (16.6 KB/s) - ‘mysql-community-release-el7-5.noarch.rpm’ saved [6140/6140]

vpc-devops-ossimport [~] 2018-08-02 18:13:59
root@pts/0 $ rpm -ivh mysql-community-release-el7-5.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:mysql-community-release-el7-5    ################################# [100%]
vpc-devops-ossimport [~] 2018-08-02 18:14:04
root@pts/0 $ yum install mysql-community-server mysql-community-client mysql-community-devel
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
mysql-connectors-community                                                                                                                                                                                                                             | 2.5 kB  00:00:00
mysql-tools-community                                                                                                                                                                                                                                  | 2.5 kB  00:00:00
mysql56-community

root@pts/0 $ systemctl enable mysqld
vpc-devops-ossimport [~] 2018-08-02 18:15:18
root@pts/0 $ systemctl start mysqld
vpc-devops-ossimport [~] 2018-08-02 18:15:30
root@pts/0 $ ps -ef|grep msyql
root      1112   630  0 18:15 pts/0    00:00:00 grep --color msyql
vpc-devops-ossimport [~] 2018-08-02 18:15:44
root@pts/0 $ ps -ef|grep mysql
mysql      898     1  0 18:15 ?        00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql     1079   898  1 18:15 ?        00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root      1120   630  0 18:15 pts/0    00:00:00 grep --color mysql

初始化數據庫登錄。看到三個系統默認的數據庫 和 初始的賬號情況

mysql> show databases ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)


mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user,host from mysql.user ;
+------+----------------------+
| user | host                 |
+------+----------------------+
| root | 127.0.0.1            |
| root | ::1                  |
|      | localhost            |
| root | localhost            |
|      | vpc-devops-ossimport |
| root | vpc-devops-ossimport |
+------+----------------------+
6 rows in set (0.00 sec)

驗證過程

平時創建賬號的時候,可以分爲兩大類,一類是業務系統的賬號,基於具體的數據庫上面做的操作。一類是管理員賬號,會涉及到 像 mysql、information_schema、performance_schema 用戶做統計、分析等

所以創建一個新的數據庫。模擬業務數據庫。

mysql> create database devops ;
Query OK, 1 row affected (0.00 sec)

分別創建基於“業務”和基於“管理員”的所有權限“all privileges

grant all privileges

mysql> grant all privileges on devops.* to ops1@'%' identified by 'devops1';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on devops.* to ops2@'%' identified by 'devops2' with grant  option;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on *.* to ops3@'%' identified by 'devops3';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on *.* to ops4@'%' identified by 'devops4' with grant option ;
Query OK, 0 rows affected (0.00 sec)

check all privileges

mysql> show grants for ops1;
+-----------------------------------------------------------------------------------------------------+
| Grants for ops1@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913' |
| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops1'@'%'                                                    |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ops2;
+-----------------------------------------------------------------------------------------------------+
| Grants for ops2@%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4' |
| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops2'@'%' WITH GRANT OPTION                                  |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ops3;
+--------------------------------------------------------------------------------------------------------------+
| Grants for ops3@%                                                                                            |
+--------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> show grants for ops4;
+--------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops4@%                                                                                                              |
+--------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

分析

從上面看到大家顯示的都會all privilges,實際看不出來什麼,所以我們可以反向考慮。我回收一個基本的select 權限。看看剩餘的權限都有哪些。

爲啥這樣呢。可以把all privileges 看成一個整體,拿走一個就不是整體了那就會把其餘的全部列出來展現。

revoke select

mysql> revoke select on devops.* from 'ops1'@'%' ;
Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on devops.* from 'ops2'@'%' ;
Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on *.* from 'ops3'@'%' ;
Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on *.* from 'ops4'@'%' ;
Query OK, 0 rows affected (0.00 sec)

check all privileges again

mysql> show grants for ops1;
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops1@%                                                                                                                                                                                                      |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913'                                                                                                                    |
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `devops`.* TO 'ops1'@'%' |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ops2;
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops2@%                                                                                                                                                                                                                        |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4'                                                                                                                                      |
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `devops`.* TO 'ops2'@'%' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for ops3;
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops3@%                                                                                                                                                                                                                                                                                                                                                                                                 |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> show grants for ops4;
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops4@%                                                                                                                                                                                                                                                                                                                                                                                                                   |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

整理對比

因爲上面四種情況最終的顯示不是很對應。這裏認爲整理下如下

## 基於業務的 all privileges
    SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER 
## 基於管理員的all privileges 
    SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE

結論

對比之後發現,基於管理員(.) 的所有權限比基於業務庫(somedb.*) 上的所有權限多出了一下權限

RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

sql語法、關係建模

死瘦宅 2019-02-24 22:35:22

mongoDB數據庫基本操作

123654zf 2019-02-22 17:47:17

MYSQL數據庫的事務(Transaction)

玉寒珏 2019-02-22 17:43:56

INNODB整體講解

玉寒珏 2019-02-22 17:43:51

MYSQL數據庫的索引(index)

玉寒珏 2019-02-22 17:43:51

MYSQL數據庫的觸發器(trigger)

玉寒珏 2019-02-22 17:43:50

MYSQL數據庫的視圖(view)

玉寒珏 2019-02-22 17:43:50

MYSQL數據庫的存儲過程(Stored Procedure)

玉寒珏 2019-02-22 17:43:50

MYSQL數據庫的遊標(cursor)

玉寒珏 2019-02-22 17:43:50

MongoDB

5431039 2019-02-22 17:33:56

Drools

tms6688 2019-02-22 17:21:37

centos6.6安裝配置MongoDB(2.6.0)數據庫

蝸牛遠途 2019-02-22 16:21:48

MongoDB中修改器的使用

zhangyahui7116 2019-02-22 15:42:50

MongoDB操作

黑白運營 2019-02-22 13:18:54

linux學習網站

dreamlook 2019-02-22 13:03:27