权限表的存取:
linux-mysql权限存取的两个过程中,用到mysql数据库中的user,host,db这三个权限表;最重要的是user表,其次是db表,host表在大多数情况下并不使用。
用户进行连接时,权限表的存取过程:
1.先从user表中的host,user,password这个三个字段中判断连接的ip,用户名,密码是否存在于表中,存在通过身份验证,不然拒绝连接。
2.通过身份验证,按照以下权限表的顺序得到数据库权限:user->db->tables_priv->columns_priv
账号管理:
1.创建账号(使用grant语法创建)
两种方式创建MySQL账户:1)使用GRANT语句 2)直接操作MySQL授权表
grant的常用语法:
grant priv_type on [object_type]{tbl_name||.|db_name.}
to user [identified by [PASSWORD]‘password’]
[with grant option]
object_type=table|function|procedure
eg:1.创建mysql用户luke,权限为可以在所有的数据库上执行所有的权限,只能从本地进行连接,设置登录密码为‘123’。
mysql> grant all privileges on . to luke@localhost identified by ‘123’ with grant option;
Query OK, 0 rows affected (0.00 sec)
注:all privileges 的权限包括:insert ,select,update, delete ,create ,drop ,refernces ,index ,alter , create temp orary tables ,lock tables,execute ,create view
show view ,create routine ,alter routine ,event ,trigger on
eg: 2.创建用户zwj,可以从任何IP进行连接,权限为对test数据库的所有表进行select,update,insert,delete。密码为‘123’/用grant实现:
mysql> grant select,insert,update,delete on test.* to ‘zwj’@’%’ identified by ‘123’;
Query OK, 0 rows affected (0.00 sec)
查看账号权限
账号创建好后,可以通过如下命令查看权限:
show grants for user@host;
eg:
mysql> show grants for luke@localhost;
注:host可以不写,默认是‘%’
eg:mysql> show grants for root;
更改账号权限
进行权限的新增和回收,和创建账号一样,权限变更也有两种方法:
1.使用grant和revoke语句
2.更改权限表
注:着重第一种方法
和创建账号的语法完全一样,grant可以直接用来对账号进行增加。其实grant语句在执行的时候,如果权限表中不存在目标账号,则创建账号;如果已经存在,则执行权限的新增。
eg:1.z2’@'localhost目前只有登陆权限
mysql> show grants for z2@localhost;
2.赋予z2’@'localhost所有数据库上的所有表的select权限
mysql> grant select on . to ‘z2’@‘localhost’;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±----------------------------------------+
| Grants for z2@localhost |
±----------------------------------------+
| GRANT SELECT ON . TO ‘z2’@‘localhost’ |
±----------------------------------------+
1 row in set (0.00 sec)
3.继续给z2’@'localhost赋予select和insert权限,和已有的select权限进行合并。
mysql> grant select,insert on . to ‘z2’@‘localhost’;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±------------------------------------------------+
| Grants for z2@localhost |
±------------------------------------------------+
| GRANT SELECT, INSERT ON . TO ‘z2’@‘localhost’ |
±------------------------------------------------+
1 row in set (0.00 sec)
revoke语句可以回收已经赋予的权限,语法如下;
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] …
ON [object_type] {tbl_name | * | . | db_name.*}
FROM user [, user] …
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] …
eg:收回z2’@'localhost的insert和select权限:
mysql> revoke select,insert on . from z2@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
±---------------------------------------+
| Grants for z2@localhost |
±---------------------------------------+
| GRANT USAGE ON . TO ‘z2’@‘localhost’ |
±---------------------------------------+
1 row in set (0.00 sec)
注:usage(登陆权限)不能被回收,即revoke用户不能删除用户。
修改账号密码
主要列举两种常用的:
1.直接更改数据库的user表
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password = PASSWORD(‘luke2018’) where host=‘localhost’ and user = ‘luke’;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
2.使用mysqladmin命令在命令行指定密码
shell>mysqladmin -u user_name -h host_name password “newpwd”
删除账号
彻底删除账号,有以下两种方法:
1.使用drop user命令
2.修改权限表
语法:
drop user user[,user]
eg:将z2@localhos用户删除
mysql> drop user z2@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for z2@localhost;
ERROR 1141 (42000): There is no such grant defined for user ‘z2’ on host ‘localhost’
