權限表的存取:
linux-mysql權限存取的兩個過程中,用到mysql數據庫中的user,host,db這三個權限表;最重要的是user表,其次是db表,host表在大多數情況下並不使用。
用戶進行連接時,權限表的存取過程:
1.先從user表中的host,user,password這個三個字段中判斷連接的ip,用戶名,密碼是否存在於表中,存在通過身份驗證,不然拒絕連接。
2.通過身份驗證,按照以下權限表的順序得到數據庫權限:user->db->tables_priv->columns_priv
賬號管理:
1.創建賬號(使用grant語法創建)
兩種方式創建MySQL賬戶:1)使用GRANT語句 2)直接操作MySQL授權表
grant的常用語法:
grant priv_type on [object_type]{tbl_name||.|db_name.}
to user [identified by [PASSWORD]‘password’]
[with grant option]
object_type=table|function|procedure
eg:1.創建mysql用戶luke,權限爲可以在所有的數據庫上執行所有的權限,只能從本地進行連接,設置登錄密碼爲‘123’。
mysql> grant all privileges on . to luke@localhost identified by ‘123’ with grant option;
Query OK, 0 rows affected (0.00 sec)
注:all privileges 的權限包括:insert ,select,update, delete ,create ,drop ,refernces ,index ,alter , create temp orary tables ,lock tables,execute ,create view
show view ,create routine ,alter routine ,event ,trigger on
eg: 2.創建用戶zwj,可以從任何IP進行連接,權限爲對test數據庫的所有表進行select,update,insert,delete。密碼爲‘123’/用grant實現:
mysql> grant select,insert,update,delete on test.* to ‘zwj’@’%’ identified by ‘123’;
Query OK, 0 rows affected (0.00 sec)
查看賬號權限
賬號創建好後,可以通過如下命令查看權限:
show grants for user@host;
eg:
mysql> show grants for luke@localhost;
注:host可以不寫,默認是‘%’
eg:mysql> show grants for root;
更改賬號權限
進行權限的新增和回收,和創建賬號一樣,權限變更也有兩種方法:
1.使用grant和revoke語句
2.更改權限表
注:着重第一種方法
和創建賬號的語法完全一樣,grant可以直接用來對賬號進行增加。其實grant語句在執行的時候,如果權限表中不存在目標賬號,則創建賬號;如果已經存在,則執行權限的新增。
eg:1.z2’@'localhost目前只有登陸權限
mysql> show grants for z2@localhost;
2.賦予z2’@'localhost所有數據庫上的所有表的select權限
mysql> grant select on . to ‘z2’@‘localhost’;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±----------------------------------------+
| Grants for z2@localhost |
±----------------------------------------+
| GRANT SELECT ON . TO ‘z2’@‘localhost’ |
±----------------------------------------+
1 row in set (0.00 sec)
3.繼續給z2’@'localhost賦予select和insert權限,和已有的select權限進行合併。
mysql> grant select,insert on . to ‘z2’@‘localhost’;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±------------------------------------------------+
| Grants for z2@localhost |
±------------------------------------------------+
| GRANT SELECT, INSERT ON . TO ‘z2’@‘localhost’ |
±------------------------------------------------+
1 row in set (0.00 sec)
revoke語句可以回收已經賦予的權限,語法如下;
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] …
ON [object_type] {tbl_name | * | . | db_name.*}
FROM user [, user] …
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] …
eg:收回z2’@'localhost的insert和select權限:
mysql> revoke select,insert on . from z2@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±---------------------------------------+
| Grants for z2@localhost |
±---------------------------------------+
| GRANT USAGE ON . TO ‘z2’@‘localhost’ |
±---------------------------------------+
1 row in set (0.00 sec)
注:usage(登陸權限)不能被回收,即revoke用戶不能刪除用戶。
修改賬號密碼
主要列舉兩種常用的:
1.直接更改數據庫的user表
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password = PASSWORD(‘luke2018’) where host=‘localhost’ and user = ‘luke’;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
2.使用mysqladmin命令在命令行指定密碼
shell>mysqladmin -u user_name -h host_name password “newpwd”
刪除賬號
徹底刪除賬號,有以下兩種方法:
1.使用drop user命令
2.修改權限表
語法:
drop user user[,user]
eg:將z2@localhos用戶刪除
mysql> drop user z2@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
ERROR 1141 (42000): There is no such grant defined for user ‘z2’ on host ‘localhost’