MySQL用戶和權限管理
用戶和權限管理
Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables
in the mysql database. The MySQL server reads the contents of these tables into memory when it
starts and reloads them under the circumstances. Access-control decisions are based on the
in-memory copies of the grant tables.
user: Contains user accounts, global privileges, and other non-privilege columns.
user: 用戶帳號、全局權限
db: Contains database-level privileges.
db: 庫級別權限
host: Obsolete.
host: 廢棄
tables_priv: Contains table-level privileges.
表級別權限
columns_priv: Contains column-level privileges.
列級別權限
procs_priv: Contains stored procedure and function privileges.
存儲過程和存儲函數相關的權限
proxies_priv: Contains proxy-user privileges.
代理用戶權限
用戶帳號:
用戶名@主機
用戶名:16字符以內
主機:
主機名:www.chen.com, mysql
IP: 192.168.0.99
網絡地址:
192.168.0.0/255.255.255.0
通配符:%,_
192.168.0.%
%.chen.com
--skip-name-resolve 略過名稱解析
權限級別:
全局級別: SUPER、
庫
表: DELETE, ALTER, TRIGGER
列: SELECT, INSERT, UPDATE
存儲過程和存儲函數
臨時表:內存表
heap: 16MB
觸發器:主動數據庫
INSERT, DELETE, UPDATE
user: log
創建用戶: CREATE USER username@host [IDENTIFIED BY 'password']
GRANT ALL PRIVILEGES ON [object_type] priv_level TO username@'%' [WITH with_option ...];
object_type:
TABLE | FUNCTION | PROCEDURE
priv_level:
* | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name
with_option:
GRANT OPTION 可以將自己的權限授予給別人
| MAX_QUERIES_PER_HOUR count 每小時最多允許發起多少次查詢請求
| MAX_UPDATES_PER_HOUR count 每小時最多允許發起多少次更新請求
| MAX_CONNECTIONS_PER_HOUR count 每小時最多允許發起多少次連接請求
| MAX_USER_CONNECTIONS count 每個用戶最多允許同時連接幾次
GRANT EXECUTE ON FUNCTION db.abc TO username@'%';
INSERT INTO mysql.user mysql> FLUSH PRIVILEGES;
查看用戶的授權信息: SHOW GRANTS FOR 'username@host';
刪除用戶: DROP USER 'username'@'host'
重命名用戶: RENAME USER old_name TO new_name
回收權限: REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ... revoke select on chendb.* from chen@'%';
啓動mysqld_safe時傳遞兩個參數:
--skip-grant-tables 跳過授權表
--skip-networking 跳過從網絡登錄
通過更新 授權表方式直接修改其密碼,而後移除此兩個選項重啓服務器。
mysql用戶都是保存在mysql.user中的(user表中有user,host,password等列)通過修改mysql.user可以實現用戶控制
修改root密碼 #mysqladmin -u root -hHOST -p password 'new password'
創建用戶 登錄: #mysql -u root -p 創建用戶: #create user 'your username'@'localhost' identified by 'your password';
授權: GRANT privileges ON databasename.tablename TO 'username'@'host' identified by 'password';
例:
#grant all on *.* to ‘your username’@'%'; *.*表示任意databasename.tablename
爲用戶設置密碼: 1.mysql>SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword'); FLUSH PRIVILEGES; 重讀授權表 例: mysql>set password for 'your username'@'%'=password("newpassword"); 2.mysql>UPDATE user SET password=PASSWORD('newpassword') WHERE user='USERNAME' AND host='HOST';