溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要介紹了mysql如何實現用戶創建、修改、刪除及授權操作,具有一定借鑒價值,感興趣的朋友可以參考下,希望大家閱讀完這篇文章之后大有收獲,下面讓小編帶著大家一起了解一下。
1、mysql命令進行連接如果不帶-h,表示user@localhost連接本地localhost數據庫服務器,-h后面的ip是數據庫服務器的IP
2、要讓所有ip都能連,create user時用戶名后面加@'%',或不加@(不加@默認就是@'%')
3、mysql執行grant進行授權,權限是追加的,不用擔心會覆蓋之前的
4、grant可以同時創建用戶、授權、修改密碼
5、創建用戶建議使用create,因為create只能創建用戶,不能授權,mysql沒有類似oracle這樣的connect create session權限,mysql只要create了用戶就自動擁有了connect create session權限
6、修改密碼建議使用alter user比較好,因為alter不會涉及到權限,grant雖然可以修改密碼,但是grant命令要帶權限選項。
7、如果用戶名相同,host對應的網段有相同,哪個用戶先生成,就以哪個用戶為準
即以下兩條,誰先執行,誰先生效,就是說mysql -u test1 -p后面使用誰的密碼才能登陸
grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
8、grant執行的授權,不需要flush privileges就可以生效;update mysql.user表執行的授權,必須要flush privileges才能生效
創建用戶
mysql> help create user;
mysql> help grant;
mysql> create user 'user1'@'192.168.10.0/255.255.255.0' identified by '123456';
mysql> grant select,update on db1.* to 'user2'@'192.168.10.0/255.255.255.0' identified by '123456';--創建用戶的同時進行了授權
修改密碼
mysql> help alter user;
mysql> help grant;
mysql> help set password;
mysql> alter user 'user1'@'192.168.10.0/255.255.255.0' identified by '666666';
mysql> grant select on mysql.user to 'user1'@'192.168.10.0/255.255.255.0' identified by '777777';--修改密碼的同時進行了授權
mysql> set password for 'user1'@'192.168.10.0/255.255.255.0'=password('888888');
SET PASSWORD is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release. ALTER USER is now the preferred statement for assigning passwords.
從MySQL 5.7.6開始,不推薦使用SET PASSWORD,這個用法在未來的MySQL版本中會被拋棄。 ALTER USER現在是首選修改密碼的聲明。
授權
mysql> help grant;
mysql> grant select,insert,update on *.* to 'user1'@'192.168.10.0/255.255.255.0';--只授權,沒有涉及修改密碼
刪除用戶
mysql> help drop user;
mysql> drop user 'user1'@'192.168.10.0/255.255.255.0';
密碼相關的參數
mysql> SHOW VARIABLES LIKE '%password%';
mysql> CREATE USER 'mytest'@'192.168.20.0/255.255.255.0' identified by '123456';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> show variables like '%validate_password_policy%';
+--------------------------+--------+
| Variable_name | Value |
+--------------------------+--------+
| validate_password_policy | MEDIUM |
+--------------------------+--------+
1 row in set (0.01 sec)
mysql> set global validate_password_policy=0;
mysql> show variables like '%validate_password_length%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| validate_password_length | 8 |
+--------------------------+-------+
1 row in set (0.00 sec)
mysql> set global validate_password_length=1;
如下實驗,DB服務器ip是192.168.10.101,在服務器本地使用mysql登錄不加-h表示使用user@localhost登錄,-h后面的必須是DB服務器ip
允許所有ip登錄,則create user時后面的用戶名不加@或create user時后面的用戶名加@'%'
[root@mydb ~]# ifconfig |grep 'inet addr'
inet addr:192.168.10.101 Bcast:192.168.10.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
mysql> CREATE USER 'mytest01'@'192.168.20.0/255.255.255.0' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> CREATE USER 'mytest02'@'192.168.10.0/255.255.255.0' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'mytest03'@'*' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
[root@mydb ~]# mysql -u mytest01 -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest01'@'localhost' (using password: YES)
--無法登錄,因為沒有加-h表示使用user@localhost
[root@mydb ~]# mysql -u mytest02 -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest02'@'localhost' (using password: YES)
--無法登錄,因為沒有加-h表示使用user@localhost
[root@mydb ~]# mysql -u mytest03 -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest03'@'localhost' (using password: YES)
--無法登錄,因為沒有加-h表示使用user@localhost
--'mytest03'@'*',用戶名后面加@'*'不是表示所有ip可以登錄,應該加@'%'
[root@mydb ~]# mysql -u mytest01 -p123456 -h 192.168.10.101
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest01'@'192.168.10.101' (using password: YES)
[root@mydb ~]# mysql -u mytest02 -p123456 -h 192.168.10.101
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
mysql> exit
[root@mydb ~]# mysql -u mytest03 -p123456 -h 192.168.10.101
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest03'@'192.168.10.101' (using password: YES)
[root@mydb ~]# mysql -u mytest02 -p123456 -h 192.168.10.102
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
--無法登錄,-h后面必須是DB服務器ip
mysql> CREATE USER 'mytest04' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
[root@mydb ~]# mysql -u mytest04 -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
mysql> exit
[root@mydb ~]# mysql -u mytest04 -p123456 -h 192.168.10.101
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
mysql>
[root@mydb ~]# mysql -u mytest04 -p123456 -h 192.168.10.102
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
mysql> create user mytest06@'%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
[root@mydb ~]# mysql -u mytest06 -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
mysql>
[root@mydb ~]# mysql -u mytest06 -p123456 -h 192.168.10.101
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
mysql>
[root@mydb ~]# mysql -u mytest06 -p123456 -h 192.168.10.102
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
如下實驗,用戶存在的情況下,grant后面可以不加密碼,用戶不存在的情況下,grant后面必須加密碼
多次執行grant,權限都是追加的。
mytest02@'192.168.10.0/255.255.255.0'已經存在的情況下
mysql> grant select on test1.* to mytest02@'192.168.10.0/255.255.255.0';
Query OK, 0 rows affected (0.03 sec)
mytest03@'192.168.10.0/255.255.255.0'還不存在的情況下
1、第一步報錯了,因為沒有這個用戶
2、第二步,創建了用戶密碼并授了test1數據庫的select權限,見表mysql.user和mysql.db
3、第三步,用戶存在的情況下,追加了全局權限并修改了密碼,見mysql.user
4、第四步,用戶存在的情況下,追加了全局權限并修改了密碼,見mysql.user
5、第五步,用戶存在的情況下,追加了test1數據庫的select權限并修改了密碼,見mysql.db
mysql> grant select on test1.* to mytest03@'192.168.10.0/255.255.255.0';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> grant select on test1.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tn_123";
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> grant select,update on *.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tn123";
Query OK, 0 rows affected, 1 warning (0.02 sec)
mysql> grant select,insert on *.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tr99";
Query OK, 0 rows affected, 1 warning (0.02 sec)
mysql> grant select,update on test1.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_TR00";
Query OK, 0 rows affected, 1 warning (0.00 sec)
如下實驗:如果用戶名相同,host對應的網段有相同,哪個用戶先生成,就以哪個用戶為準
數據庫服務器的IP是192.168.10.101
客戶端的IP是192.168.10.1
mysql> grant select on test1.* to test123 identified by "123456";
mysql> grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
mysql> grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
mysql> grant select on test1.* to test123@'192.168.10.1' identified by "123456789";
mysql> grant select on test1.* to test123@'192.168.10.101' identified by "12345678910";
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+----------------------------+---------+-----------------------+
| host | user | password_last_changed |
+----------------------------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
| 192.168.10.0/255.255.255.0 | test123 | 2018-09-26 19:24:08 |
| 192.168.0.0/255.255.0.0 | test123 | 2018-09-26 19:24:30 |
| 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+----------------------------+---------+-----------------------+
不管在192.168.10.1還是192.168.10.101上執行mysql命令連接,居然發現只有下面的可以連接,即test123@'192.168.10.0/255.255.255.0'有效
mysql -u test123 -p1234567 -h 192.168.10.101
mysql> drop user test123@'192.168.10.0/255.255.255.0';
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+-------------------------+---------+-----------------------+
| host | user | password_last_changed |
+-------------------------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
| 192.168.0.0/255.255.0.0 | test123 | 2018-09-26 19:24:30 |
| 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+-------------------------+---------+-----------------------+
再次測試發現不管在192.168.10.1還是192.168.10.101上執行mysql命令連接,只有下面的可以連接,即test123@'192.168.0.0/255.255.0.0'有效
mysql -u test123 -p12345678 -h 192.168.10.101
mysql> drop user test123@'192.168.0.0/255.255.0.0';
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+----------------+---------+-----------------------+
| host | user | password_last_changed |
+----------------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
| 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+----------------+---------+-----------------------+
再次測試
發現在192.168.10.1執行mysql命令連接,只有下面的可以連接,即test123@'192.168.10.1'有效
mysql -u test123 -p123456789 -h 192.168.10.101
發現在192.168.10.101執行mysql命令連接,只有下面的可以連接,即test123@'192.168.10.101'有效
mysql -u test123 -p12345678910 -h 192.168.10.101
mysql> drop user test123@'192.168.10.1';
mysql> drop user test123@'192.168.10.101';
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+------+---------+-----------------------+
| host | user | password_last_changed |
+------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
+------+---------+-----------------------+
再次測試發現不管在192.168.10.1還是192.168.10.101上執行mysql命令連接,下面的可以連接,即test123有效了
mysql -u test123 -p123456 -h 192.168.10.101
mysql> grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
mysql> grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+----------------------------+---------+-----------------------+
| host | user | password_last_changed |
+----------------------------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
| 192.168.0.0/255.255.0.0 | test123 | 2018-09-26 19:45:45 |
| 192.168.10.0/255.255.255.0 | test123 | 2018-09-26 19:45:58 |
+----------------------------+---------+-----------------------+
再次測試發現不管在192.168.10.1還是192.168.10.101上執行mysql命令連接,下面的可以連接,即test123@'192.168.0.0/255.255.0.0'生效了
mysql -u test123 -p12345678 -h 192.168.10.101
得出結論,以下兩條,誰先執行,誰先生效
grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
mysql> drop user test123@'192.168.0.0/255.255.0.0';
mysql> drop user test123@'192.168.10.0/255.255.255.0';
mysql> grant select on test1.* to test123@'192.168.10.1' identified by "123456789";
mysql> grant select on test1.* to test123@'192.168.10.101' identified by "12345678910";
mysql> grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
mysql> grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
mysql> select host,user,password_last_changed from mysql.user where user='test123' order by 3;
+----------------------------+---------+-----------------------+
| host | user | password_last_changed |
+----------------------------+---------+-----------------------+
| % | test123 | 2018-09-26 19:21:23 |
| 192.168.10.1 | test123 | 2018-09-26 19:48:59 |
| 192.168.10.101 | test123 | 2018-09-26 19:49:05 |
| 192.168.10.0/255.255.255.0 | test123 | 2018-09-26 19:49:21 |
| 192.168.0.0/255.255.0.0 | test123 | 2018-09-26 19:49:28 |
+----------------------------+---------+-----------------------+
再次測試
發現在192.168.10.1執行mysql命令連接,只有下面的可以連接,即test123@'192.168.10.1'有效
mysql -u test123 -p123456789 -h 192.168.10.101
發現在192.168.10.101執行mysql命令連接,只有下面的可以連接,即test123@'192.168.10.101'有效
mysql -u test123 -p12345678910 -h 192.168.10.101
得出結論,以下三條,誰先執行,192.168.10.1上以誰先生效
grant select on test1.* to test123@'192.168.10.1' identified by "123456789";
grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
得出結論,以下三條,誰先執行,192.168.10.101上以誰先生效
grant select on test1.* to test123@'192.168.10.101' identified by "12345678910";
grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678";
grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567";
感謝你能夠認真閱讀完這篇文章,希望小編分享的“mysql如何實現用戶創建、修改、刪除及授權操作”這篇文章對大家有幫助,同時也希望大家多多支持億速云,關注億速云行業資訊頻道,更多相關知識等著你來學習!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
