mysql数据库用户和权限管理记录_MySQL-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

mysql数据库用户和权限管理记录_MySQL

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 27, 2016 pm 02:12 PM

IP addressmysqldatabaseusername

bitsCN.com

一、MySQL用户的基本说明：

1.1 用户的基本结构
MySQL的用户：用户名@主机

■用户名：16个字符以内
■主机：可以是主机名、IP地址、网络地址等
主机名：www.111cn.net,localhost

IP:192.168.0.1

网络地址：172.16.0.0/255.255.0.0

主机还支持通配符：%和_

172.16.%.%

%.111cn.net
注意：对于包含了主机名的用户，MySQL会尝试反解析主机名，此时可能会造成连接非常慢，如果反解析的IP地址与连接点的地址不同，还可能出现无法连接的情况。因此，为了加快连接并避免出现解析问题，可以在my.cnf文件中加入如下一行加速连接：

--skip-name-resolve
MySQL用户的密码有MySQL内部的password()函数管理。

1.2 授权表：
MySQL用户只是用于认证，而用户具有的权限有相应的授权机制实现。首先MySQL用户授权的，主要为如下刘张表：

user: Contains user accounts, global privileges, and other non-privilege columns.
user: 用户帐号、全局权限

db: Contains database-level privileges.
db: 库级别权限

host: Obsolete.
host: 废弃

tables_priv: Contains table-level privileges.
tables_priv: 表级别权限

columns_priv: Contains column-level privileges.
columns_priv: 列级别权限

procs_priv: Contains stored procedure and function privileges.
procs_priv: 存储过程和存储函数相关的权限

proxies_priv: Contains proxy-user privileges.
proxies_priv: 代理用户权限
在MySQL数据库服务启动后，这六张表会被直接加载到内存，而今后所有的认证都直接从内存中这六张表获取，而不是去读取磁盘。

1.3 各授权表的说明：
■user表范围列决定是否允许或拒绝到来的连接。对于允许的连接，user表授予的权限指出用户的全局(超级用户)权限。这些权限适用于服务器上的all数据库。
■db表范围列决定用户能从哪个主机存取哪个数据库。权限列决定允许哪个操作。授予的数据库级别的权限适用于数据库和它的表。
■tables_priv和columns_priv表类似于db表，但是更精致：它们在表和列级应用而非在数据库级。授予表级别的权限适用于表和所有它的列。授予列级别的权限只适用于专用列。
■procs_priv表适用于保存的程序。授予程序级别的权限只适用于单个程序。
管理权限(例如RELOAD或SHUTDOWN等等)仅在user表中被指定。这是因为管理性操作是服务器本身的操作并且不是特定数据库，因此没有理由在其他授权表中列出这样的权限。事实上，只需要查询user表来决定你是否执行一个管理操作。

FILE权限也仅在user表中指定。它不是管理性权限，但你在服务器主机上读或写文件的能力与你正在存取的数据库无关。

当mysqld服务器启动时，将授权表的内容读入到内存中。你可以通过FLUSH PRIVILEGES语句或执行mysqladmin flush-privileges或mysqladmin reload命令让它重新读取表。

二、MySQL提供的权限
账户权限信息被存储在mysql数据库的user、db、host、tables_priv、columns_priv和procs_priv表中。在MySQL启动时时，服务器将这些数据库表内容读入内存。

GRANT和REVOKE语句所用的涉及权限的名称显示在下表，还有在授权表中每个权限的表列名称和每个权限有关的上下文。

权限
列
上下文

CREATE
Create_priv
数据库、表或索引

DROP
Drop_priv
数据库或表

GRANT OPTION
Grant_priv
数据库、表或保存的程序

REFERENCES
References_priv
数据库或表

ALTER
Alter_priv
表

DELETE
Delete_priv
表

INDEX
Index_priv
表

INSERT
Insert_priv
表

SELECT
Select_priv
表

UPDATE
Update_priv
表

CREATE VIEW
Create_view_priv
视图

SHOW VIEW
Show_view_priv
视图

ALTER ROUTINE
Alter_routine_priv
保存的程序

CREATE ROUTINE
Create_routine_priv
保存的程序

EXECUTE
Execute_priv
保存的程序

FILE
File_priv
服务器主机上的文件访问

CREATE TEMPORARY TABLES
Create_tmp_table_priv
服务器管理

LOCK TABLES
Lock_tables_priv
服务器管理

CREATE USER
Create_user_priv
服务器管理

PROCESS
Process_priv
服务器管理

RELOAD
Reload_priv
服务器管理

REPLICATION CLIENT
Repl_client_priv
服务器管理

REPLICATION SLAVE
Repl_slave_priv
服务器管理

SHOW DATABASES
Show_db_priv
服务器管理

SHUTDOWN
Shutdown_priv
服务器管理

SUPER
Super_priv
服务器管理

三、权限更改何时生效
当mysqld启动时，所有授权表的内容被读进内存并且从此时生效。

当服务器注意到授权表被改变了时，现存的客户端连接有如下影响：

■表和列权限在客户端的下一次请求时生效。
■数据库权限改变在下一个USE db_name命令生效。
■全局权限的改变和密码改变在下一次客户端连接时生效。
如果用GRANT、REVOKE或SET PASSWORD对授权表进行修改，服务器会注意到并立即重新将授权表载入内存。

如果你手动地修改授权表(使用INSERT、UPDATE或DELETE等等)，你应该执行mysqladmin flush-privileges或mysqladmin reload告诉服务器再装载授权表，否则你的更改将不会生效，除非你重启服务器。

如果你直接更改了授权表但忘记重载，重启服务器后你的更改方生效。这样可能让你迷惑为什么你的更改没有什么变化！

四、MySQL用户账户管理
4.1 创建用户与授权：
4.1.1 创建用户：CREATE USER
基本语法：

CREATE USER username@host [IDENTIFIED BY 'password']
示例：

mysql> CREATE USER barlow@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.34 sec)
4.2.2 创建用户并授权：GRANT
基本语法：

mysql> GRANT CREATE,INSERT,SELECT,UPDATE,DELETE ON testdb.* TO barlow@'%';
Query OK, 0 rows affected (0.21 sec)

mysql> SHOW GRANTS FOR 'barlow'@'%';
+-------------------------------------------------------------------------------------------------------+
| Grants for barlow@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'barlow'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `testdb`.* TO 'barlow'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)

通过上图实例可以看到，用户只拥有明确授权的权限。

4.3 用户管理
4.3.1 删除用户：
基本语法：

DROP USER 'username'@'host'
4.3.2 重命名用户：
基本语法：

RENAME USER old_name TO new_name
4.3.3 收回已授予的用户权限
基本语法：

REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ...
示例：

mysql> mysql> REVOKE INSERT ON testdb.* FROM barlow@'%';
Query OK, 0 rows affected (0.01 sec)

从上图可以看出，barlow@'%'用户已经没有了INSERT权限。

4.3.4 修改用户密码：
方法一：SET PASSWORD
基本语法：

SET PASSWORD FOR 'user_name'@'host' = PASSWORD('new_password');
示例：

mysql> SET PASSWORD FOR 'barlow'@'%' = PASSWORD('987654');
Query OK, 0 rows affected (0.07 sec)
说明：管理员可以修改任何用户的密码，但普通用户只能修改自己的密码。

用户修改自己的密码语法（也可以使用上述语法修改）：

SET PASSWORD = PASSWORD('new_password');方法二：直接update mysql.user表的password字段实现修改密码：基本语法：mysql> use mysql

mysql> UPDATE user SET Password = PASSWORD('new_password') WHERE User='user_name' AND Host='host';

mysql> FLUSH PRIVILEGES;
示例：

mysql> use mysql

Database changed

mysql> UPDATE user SET Password = PASSWORD('redhat') WHERE User='barlow' AND Host='%';

Query OK, 1 row affected (0.03 sec)

Rows matched: 1 Changed: 1 Warnings: 0

mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.08 sec)
4.4 找回root用户的密码：
如果root用户的密码忘记后，可以通过如下方法找回：

■停止mysqld服务
■启动mysqld_safe时传递两个参数：--skip-grant-tables --skip-networking
■启动mysqld服务
■使用直接update mysql.user表的password字段实现修改root用户密码
示例：

停止服务，修改mysqld_safe传递参数：

[root@localhost ~]# service mysqld stop

Shutting down MySQL........ SUCCESS!

[root@localhost ~]# vim /etc/init.d/mysqld

登录mysql修改密码：

[root@localhost ~]# service mysqld start

Starting MySQL....................... SUCCESS!

[root@localhost ~]# mysql ##注意，这里已经不需要登录密码了

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 1

Server version: 5.6.13 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> UPDATE mysql.user SET Password = PASSWORD('123456') WHERE User='root';

Query OK, 0 rows affected (0.00 sec)

Rows matched: 3 Changed: 0 Warnings: 0

mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.03 sec)
恢复mysqld_safe传递参数：

[root@localhost ~]# service mysqld stop

Shutting down MySQL........ SUCCESS!

[root@localhost ~]# vim /etc/init.d/mysqld

$bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &

[root@localhost ~]# service mysqld start

Starting MySQL...... SUCCESS!

[root@localhost ~]# mysql ##再次登录，提示需要密码

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

[root@localhost ~]# mysql -u root –p ##使用新密码正常登录

Enter password:

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 2

Server version: 5.6.13 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql>

更多详细内容请查看：http://www.111cn.net/database/mysql/56298.htm

bitsCN.com

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Explain the role of InnoDB redo logs and undo logs.Apr 15, 2025 am 12:16 AM

InnoDB uses redologs and undologs to ensure data consistency and reliability. 1.redologs record data page modification to ensure crash recovery and transaction persistence. 2.undologs records the original data value and supports transaction rollback and MVCC.

What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?Apr 15, 2025 am 12:15 AM

Key metrics for EXPLAIN commands include type, key, rows, and Extra. 1) The type reflects the access type of the query. The higher the value, the higher the efficiency, such as const is better than ALL. 2) The key displays the index used, and NULL indicates no index. 3) rows estimates the number of scanned rows, affecting query performance. 4) Extra provides additional information, such as Usingfilesort prompts that it needs to be optimized.

What is the Using temporary status in EXPLAIN and how to avoid it?Apr 15, 2025 am 12:14 AM

Usingtemporary indicates that the need to create temporary tables in MySQL queries, which are commonly found in ORDERBY using DISTINCT, GROUPBY, or non-indexed columns. You can avoid the occurrence of indexes and rewrite queries and improve query performance. Specifically, when Usingtemporary appears in EXPLAIN output, it means that MySQL needs to create temporary tables to handle queries. This usually occurs when: 1) deduplication or grouping when using DISTINCT or GROUPBY; 2) sort when ORDERBY contains non-index columns; 3) use complex subquery or join operations. Optimization methods include: 1) ORDERBY and GROUPB

Describe the different SQL transaction isolation levels (Read Uncommitted, Read Committed, Repeatable Read, Serializable) and their implications in MySQL/InnoDB.Apr 15, 2025 am 12:11 AM

MySQL/InnoDB supports four transaction isolation levels: ReadUncommitted, ReadCommitted, RepeatableRead and Serializable. 1.ReadUncommitted allows reading of uncommitted data, which may cause dirty reading. 2. ReadCommitted avoids dirty reading, but non-repeatable reading may occur. 3.RepeatableRead is the default level, avoiding dirty reading and non-repeatable reading, but phantom reading may occur. 4. Serializable avoids all concurrency problems but reduces concurrency. Choosing the appropriate isolation level requires balancing data consistency and performance requirements.

MySQL vs. Other Databases: Comparing the OptionsApr 15, 2025 am 12:08 AM

MySQL is suitable for web applications and content management systems and is popular for its open source, high performance and ease of use. 1) Compared with PostgreSQL, MySQL performs better in simple queries and high concurrent read operations. 2) Compared with Oracle, MySQL is more popular among small and medium-sized enterprises because of its open source and low cost. 3) Compared with Microsoft SQL Server, MySQL is more suitable for cross-platform applications. 4) Unlike MongoDB, MySQL is more suitable for structured data and transaction processing.

How does MySQL index cardinality affect query performance?Apr 14, 2025 am 12:18 AM

MySQL index cardinality has a significant impact on query performance: 1. High cardinality index can more effectively narrow the data range and improve query efficiency; 2. Low cardinality index may lead to full table scanning and reduce query performance; 3. In joint index, high cardinality sequences should be placed in front to optimize query.

MySQL: Resources and Tutorials for New UsersApr 14, 2025 am 12:16 AM

The MySQL learning path includes basic knowledge, core concepts, usage examples, and optimization techniques. 1) Understand basic concepts such as tables, rows, columns, and SQL queries. 2) Learn the definition, working principles and advantages of MySQL. 3) Master basic CRUD operations and advanced usage, such as indexes and stored procedures. 4) Familiar with common error debugging and performance optimization suggestions, such as rational use of indexes and optimization queries. Through these steps, you will have a full grasp of the use and optimization of MySQL.

Real-World MySQL: Examples and Use CasesApr 14, 2025 am 12:15 AM

MySQL's real-world applications include basic database design and complex query optimization. 1) Basic usage: used to store and manage user data, such as inserting, querying, updating and deleting user information. 2) Advanced usage: Handle complex business logic, such as order and inventory management of e-commerce platforms. 3) Performance optimization: Improve performance by rationally using indexes, partition tables and query caches.

See all articles