MySQL用户和权限管理
用户和权限管理
Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables
in the mysql database. The MySQL server reads the contents of these tables into memory when it
starts and reloads them under the circumstances. Access-control decisions are based on the
in-memory copies of the grant tables.
user: Contains user accounts, global privileges, and other non-privilege columns.
user: 用户帐号、全局权限
db: Contains database-level privileges.
db: 库级别权限
host: Obsolete.
host: 废弃
tables_priv: Contains table-level privileges.
表级别权限
columns_priv: Contains column-level privileges.
列级别权限
procs_priv: Contains stored procedure and function privileges.
存储过程和存储函数相关的权限
proxies_priv: Contains proxy-user privileges.
代理用户权限
用户帐号:
用户名@主机
用户名:16字符以内
主机:
主机名:www.chen.com, mysql
IP: 192.168.0.99
网络地址:
192.168.0.0/255.255.255.0
通配符:%,_
192.168.0.%
%.chen.com
--skip-name-resolve 略过名称解析
权限级别:
全局级别: SUPER、
库
表: DELETE, ALTER, TRIGGER
列: SELECT, INSERT, UPDATE
存储过程和存储函数
临时表:内存表
heap: 16MB
触发器:主动数据库
INSERT, DELETE, UPDATE
user: log
创建用户: CREATE USER username@host [IDENTIFIED BY 'password']
GRANT ALL PRIVILEGES ON [object_type] priv_level TO username@'%' [WITH with_option ...];
object_type:
TABLE | FUNCTION | PROCEDURE
priv_level:
* | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name
with_option:
GRANT OPTION 可以将自己的权限授予给别人
| MAX_QUERIES_PER_HOUR count 每小时最多允许发起多少次查询请求
| MAX_UPDATES_PER_HOUR count 每小时最多允许发起多少次更新请求
| MAX_CONNECTIONS_PER_HOUR count 每小时最多允许发起多少次连接请求
| MAX_USER_CONNECTIONS count 每个用户最多允许同时连接几次
GRANT EXECUTE ON FUNCTION db.abc TO username@'%';
INSERT INTO mysql.user mysql> FLUSH PRIVILEGES;
查看用户的授权信息: SHOW GRANTS FOR 'username@host';
删除用户: DROP USER 'username'@'host'
重命名用户: RENAME USER old_name TO new_name
回收权限: REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ... revoke select on chendb.* from chen@'%';
启动mysqld_safe时传递两个参数:
--skip-grant-tables 跳过授权表
--skip-networking 跳过从网络登录
通过更新 授权表方式直接修改其密码,而后移除此两个选项重启服务器。
mysql用户都是保存在mysql.user中的(user表中有user,host,password等列)通过修改mysql.user可以实现用户控制
修改root密码 #mysqladmin -u root -hHOST -p password 'new password'
创建用户 登录: #mysql -u root -p 创建用户: #create user 'your username'@'localhost' identified by 'your password';
授权: GRANT privileges ON databasename.tablename TO 'username'@'host' identified by 'password';
例:
#grant all on *.* to ‘your username’@'%'; *.*表示任意databasename.tablename
为用户设置密码:
1.mysql>SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');
FLUSH PRIVILEGES; 重读授权表
例:
mysql>set password for 'your username'@'%'=password("newpassword");
2.mysql>UPDATE user SET password=PASSWORD('newpassword') WHERE user='USERNAME' AND host='HOST';