标签:存在 tab empty 刷新 out sock 超级用户 mes 方法
数据库的权限管理一直是很麻烦的一件事情,因为权限是很分散的,不容易查看,也不容易修改的完善。但是MySQL的权限管理让人眼前一亮的感觉。因为什么都是那么一目了然。1# 查看权限
比如,我们想要看看MySQL的root用户,拥有什么权限:
(root@localhost)[(none)]> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
(root@localhost)[(none)]> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*A0F874BC7F54EE086FCE60A37CE7887D8B31086B‘ WITH GRANT OPTION |
| GRANT PROXY ON ‘‘@‘‘ TO ‘root‘@‘localhost‘ WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
一条show grants解决了问题,并且连grant语句都给我们了。这样就是说,我们稍微修修改改就可用重造出另一个和root一样的超级用户了。
其中第一条:
GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*A0F874BC7F54EE086FCE60A37CE7887D8B31086B‘ WITH GRANT OPTION 不光光grant 了 . 上的ALL PRIVILEGES 给‘root‘@‘localhost‘ ,甚至还有验证密码和 WITH 信息。实际上这条语句是可用拿来创建这个用户的。这也是一个另类的创建用户的方法。
查看他人的权限:
(root@localhost)[(none)]> show grants for test1
-> ;
+------------------------------------------------------------------------------------------------------+
| Grants for test1@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘test1‘@‘%‘ IDENTIFIED BY PASSWORD ‘*CFA887C680E792C2DCF622D56FB809E3F8BE63CC‘ |
+------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
这里看到用户‘test1‘@‘%‘只有一条权限,这条权限也是默认的创建用户语句。
2# 授予权限:
用户必然是需要使用数据库的。所以如果用户只有usage这个没用的权限的话,这个用户就不需要存在了。
语法:
(root@localhost)[(none)]> help grant
Name: ‘GRANT‘
Description:
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | tsl_option [[AND] tsl_option] ...}]
[WITH {GRANT OPTION | resource_option} ...]
GRANT PROXY ON user_specification #这个代理也是语句也是单独存在
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]
object_type: { #对象类型
TABLE
| FUNCTION
| PROCEDURE
}
priv_level: { #权限的等级分类
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
}
user_specification: #用户
user [ auth_option ]
auth_option: { #验证信息
IDENTIFIED BY ‘auth_string‘
| IDENTIFIED BY PASSWORD ‘hash_string‘
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS ‘hash_string‘
}
tsl_option: { #SSL类型
SSL
| X509
| CIPHER ‘cipher‘
| ISSUER ‘issuer‘
| SUBJECT ‘subject‘
}
resource_option: { #资源使用定义
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
用户权限列表,见官方文档:https://dev.mysql.com/doc/refman/5.6/en/grant.html
用户test1当前是没有任何权限的。假设我们需要让他访问mysql.user表
(test1@localhost)[(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
(test1@localhost)[mysql]> select count(*) from user;
+----------+
| count(*) |
+----------+
| 4 |
+----------+
1 row in set (0.00 sec)
(test1@localhost)[mysql]>
建立一个新数据库,建立一个新表,对这个表进行访问以及控制:
(root@localhost)[mysql]> create database sample;
Query OK, 1 row affected (0.00 sec)
(root@localhost)[mysql]> use sample;
Database changed
(root@localhost)[sample]> show tables;
Empty set (0.00 sec)
(root@localhost)[sample]> create table smp (id int,name char(20));
Query OK, 0 rows affected (0.07 sec)
(root@localhost)[sample]> grant all privileges on sample.smp to test1;
Query OK, 0 rows affected (0.00 sec)
(root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv;
+-------+------------+----------------------------------------------------------------------------------------------+
| User | Table_name | Table_priv |
+-------+------------+----------------------------------------------------------------------------------------------+
| test1 | user | Select |
| test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger |
+-------+------------+----------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
(root@localhost)[sample]>
更多的怎删改和删除表
(test1@localhost)[sample]> insert into smp values (1,‘abc‘);
Query OK, 1 row affected (0.00 sec)
(test1@localhost)[sample]> select * from smp;
+------+------+
| id | name |
+------+------+
| 1 | abc |
+------+------+
1 row in set (0.00 sec)
(test1@localhost)[sample]> delete from smp;
Query OK, 1 row affected (0.00 sec)
(test1@localhost)[sample]> select * from smp;
Empty set (0.00 sec)
(test1@localhost)[sample]> drep table smp;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘drep table smp‘ at line 1
(test1@localhost)[sample]> drop table smp;
Query OK, 0 rows affected (0.00 sec)
drop table 是DDL, 这个时候table已经删除了,再看看权限:
(root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv;
+-------+------------+----------------------------------------------------------------------------------------------+
| User | Table_name | Table_priv |
+-------+------------+----------------------------------------------------------------------------------------------+
| test1 | user | Select |
| test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger |
+-------+------------+----------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
权限依然存在。说明删除表是不会删除用户所拥有的对象权限的。
试试看建回来:
(test1@localhost)[sample]> create table smp (id int,name char(20));
Query OK, 0 rows affected (0.00 sec)
(test1@localhost)[sample]> create table smp1 (id int,name char(20));
ERROR 1142 (42000): CREATE command denied to user ‘test1‘@‘localhost‘ for table ‘smp1‘
(test1@localhost)[sample]>
成功建回来。那么是否可用在这个数据库中建立另外一张表呢?不行。
对 sample. 层面授予权限。
(root@localhost)[sample]> grant create on sample.* to test1;
Query OK, 0 rows affected (0.00 sec)
(root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv;
+-------+------------+----------------------------------------------------------------------------------------------+
| User | Table_name | Table_priv |
+-------+------------+----------------------------------------------------------------------------------------------+
| test1 | user | Select |
| test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger |
+-------+------------+----------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
(root@localhost)[sample]> show grants for test1;
+------------------------------------------------------------------------------------------------------+
| Grants for test1@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘test1‘@‘%‘ IDENTIFIED BY PASSWORD ‘*CFA887C680E792C2DCF622D56FB809E3F8BE63CC‘ |
| GRANT CREATE ON `sample`.* TO ‘test1‘@‘%‘ |
| GRANT ALL PRIVILEGES ON `sample`.`smp` TO ‘test1‘@‘%‘ |
| GRANT SELECT ON `mysql`.`user` TO ‘test1‘@‘%‘ |
+------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
(root@localhost)[sample]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
这个时候,test1用户有了CREATE ON sample. 。尝试在数据库中创建表对象。
(test1@localhost)[sample]> create table smp1 (id int,name char(20));
ERROR 1142 (42000): CREATE command denied to user ‘test1‘@‘localhost‘ for table ‘smp1‘
失败!很奇怪,已经有了权限,还是失败。尝试重新登陆
(test1@localhost)[sample]> exit
Bye
[mysql@mysql01 ~]$ mysql -utest1 -S /data/mysqldata/3306/mysql.sock -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25
Server version: 5.6.31-log Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
(test1@localhost)[(none)]>
(test1@localhost)[(none)]>
(test1@localhost)[(none)]> create table smp1 (id int,name char(20));
ERROR 1046 (3D000): No database selected
(test1@localhost)[(none)]> use sample;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
(test1@localhost)[sample]> create table smp1 (id int,name char(20));
Query OK, 0 rows affected (0.01 sec)
重新登陆后建立表对象成功。说明普通用户的权限需要在登陆的时候刷新。
标签:存在 tab empty 刷新 out sock 超级用户 mes 方法
原文地址:http://blog.51cto.com/accole/2166249
