select user,host from mysql.user;
select db,user,host from mysql.db;
show grants for {user}@{IP};
- 向指定用戶(及IP)授權:
grant all privileges on {db}.* to {user}@{IP} identified by '{password}';
grant select on {db}.* to {user}@{IP} identified by '{password}';
grant select,insert,update,delete on ...
flush privileges;
用戶不存在時,包含創建用戶(GRANT USAGE...)
- 向指定用戶撤銷權限:
revoke all privileges on {db}.* from {user}@{IP} identified by '{password}';
revoke select on {db}.* from {user}@{IP};
flush privileges;
撤銷DB訪問權限,不能禁止IP訪問, 因爲並未收回USAGE權限,也未刪除用戶。
- 禁止IP訪問(刪除用戶@IP):
delete from mysql.user where Host='{IP}' and User='{user}';
flush privileges;
Q: root@localhost無法連接mysql服務
# mysql -uroot -ppassword
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
1. 使用有grant權限用戶登錄,併爲root從本機授權
# mysql -h127.0.0.1 -uroot -ppassword
> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' identified by 'password' WITH GRANT OPTION;
Q: root@localhost無法爲其他DB用戶授權
mysql> grant all privileges on db.* to user@ip identified by 'password';
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
1. 查看root@localhost:無grant權限
mysql> show grants for root@localhost;
+----------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*96184BCCD3CEA5648C9A26E4753DD258B207478F' |
2. 刪除root用戶並重新加載權限
mysql> delete from mysql.user where Host='localhost' and User='root';
mysql> flush privileges;
3. 使用有grant權限用戶登錄,重新創建root@localhost並授grant權
# mysql -h127.0.0.1 -uroot -ppassword
> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' identified by 'password' WITH GRANT OPTION;