Host列指定了允许用户登录所使用的IP,比如user=root Host=192.168.1.1。这里的意思就是说root用户只能通过192.168.1.1的客户端去访问。 而%是个通配符,如果Host=192.168.1.%,那么就表示只要是IP地址前缀为“192.168.1.”的客户端都可以连接。如果Host=%,表示所有IP都有连接权限。、 这也就是为什么在开启远程连接的时候,大部分人都直接把Host改成%的缘故,为了省事。
1:新增用户:
注:MySQL数据库下user表中,Host和User为两个主键列(primary key),已经各版本下非空未设置默认字段。
登录后,切换db:
- mysql> use mysql;
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
- Database changed
新增用户:
注:限制kaka用户的登陆ip为10.155.123.55,ip为随手写入,如果正确配置为您有效登陆ip,所有ip登陆,则设置Host为 '%'
- mysql> INSERT INTO mysql.user(Host,User,Password) VALUES("10.155.123.55","kaka",PASSWORD("kaka123"));
在版本 5.6.27:
- mysql> INSERT INTO mysql.user(Host,User,Password,ssl_cipher,x509_issuer,x509_subject) VALUES("10.155.123.55","kaka",PASSWORD("kaka123"),"","","");
- Query OK, 1 row affected (0.03 sec)
新增用户(全sql):
- INSERT INTO `user`(`Host`,`User`,`Password`,`Select_priv`,`Insert_priv`,`Update_priv`,`Delete_priv`,`Create_priv`,`Drop_priv`,`Reload_priv`,`Shutdown_priv`,`Process_priv`,`File_priv`,`Grant_priv`,`References_priv`,`Index_priv`,`Alter_priv`,`Show_db_priv`,`Super_priv`,`Create_tmp_table_priv`,`Lock_tables_priv`,`Execute_priv`,`Repl_slave_priv`,`Repl_client_priv`,`Create_view_priv`,`Show_view_priv`,`Create_routine_priv`,`Alter_routine_priv`,`Create_user_priv`,`Event_priv`,`Trigger_priv`,`Create_tablespace_priv`,`ssl_type`,`ssl_cipher`,`x509_issuer`,`x509_subject`,`max_questions`,`max_updates`,`max_connections`,`max_user_connections`,`plugin`,`authentication_string`,`password_expired`) VALUES ('%','root','*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'mysql_native_password','','N');
新增用户完成,刷新mysql的系统权限相关表
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
设置遇到问题,请查看:MySQL配置和设置问题小结
重启生效:
- [root@Tony_ts_tian bin]# service mysqld restart
- Shutting down MySQL.... SUCCESS!
- Starting MySQL. SUCCESS!
- mysql> SELECT Host,User,Password FROM mysql.user;
- +----------------+------+-------------------------------------------+
- | Host | User | Password |
- +----------------+------+-------------------------------------------+
- | localhost | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | tony\_ts\_tian | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 127.0.0.1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | ::1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 10.155.123.55 | kaka | *90B3D884FB6092549F244125549B77C000A0F9C6 |
- | % | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- +----------------+------+-------------------------------------------+
- 6 rows in set (0.00 sec)
2:修改信息,密码,类似可修改其他字段。
- mysql> UPDATE `user` SET Password=PASSWORD("123456") WHERE Host='10.155.123.55' AND User='kaka';
- Query OK, 1 row affected (0.02 sec)
- Rows matched: 1 Changed: 1 Warnings: 0
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> SELECT Host,User,Password FROM `user`;
- 前:
- | 10.155.123.55 | kaka | *90B3D884FB6092549F244125549B77C000A0F9C6 |
- 后:
- | 10.155.123.55 | kaka | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
3:删除用户:
- mysql> DELETE FROM `user` WHERE Host='10.155.123.55' AND User='kaka';
- Query OK, 1 row affected (0.00 sec)
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> SELECT Host,User,Password FROM `user`;
- +----------------+------+-------------------------------------------+
- | Host | User | Password |
- +----------------+------+-------------------------------------------+
- | localhost | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | tony\_ts\_tian | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | 127.0.0.1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | ::1 | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- | % | root | *71ABCA8B06D46066CEF8062A75256E66243D0FC8 |
- +----------------+------+-------------------------------------------+
- 5 rows in set (0.00 sec)
4. 权限分配
- GRANT语法:
- GRANT 权限 ON 数据库.* TO 用户名@'登录主机' IDENTIFIED BY '密码'
- 权限: