mysql 设置账户权限
时间:2021-07-01 10:21:17
帮助过:4人阅读
会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置:a)为root用户设置密码b)删除匿名账号c)取消root用户远程登录d)删除test库和对test库的访问权限e)刷新授权表使修改生效通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:复制代码代码如下:[root@server1 ~]#mysql_secure_installationNOTE: RUNNING ALL PARTS OF THIS SCRIPT ISRECOMMENDED FOR ALL MySQLSERVERS IN PRODUCTION USE! PLEASE READ EACH STEPCAREFULLY!In order to log into MySQL to secure it, we‘ll need thecurrentpassword for the root user. If you‘ve just installed MySQL,andyou haven""t set the root password yet, the password will be blank,soyou should just press enter here.Enter current password for root (enter fornone):<–初次运行直接回车OK, successfully usedpassword, moving on…Setting the root password ensures that nobody can loginto the MySQLroot user without the proper authorisation.Set rootpassword? [Y/n] <–是否设置root用户密码,输入y并回车或直接回车New password: <– 设置root用户的密码Re-enter new password: <– 再输入一次你设置的密码Password updatedsuccessfully!Reloading privilege tables..… Success!By default, aMySQL installation has an anonymous user, allowing anyoneto log into MySQLwithout having to have a user account created forthem. This is intended onlyfor testing, and to make the installationgo a bit smoother. You shouldremove them before moving into aproduction environment.Remove anonymoususers? [Y/n] <–是否删除匿名用户,生产环境建议删除,所以直接回车… Success!Normally, root should only beallowed to connect from ‘localhost‘. Thisensures that someone cannot guessat the root password from the network.Disallow root login remotely?[Y/n]<–是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止… Success!By default, MySQLcomes with a database named ‘test‘ that anyone canaccess. This is alsointended only for testing, and should be removedbefore moving into aproduction environment.Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车- Dropping testdatabase…… Success! 查看用户表mysql> select host,user,password from mysql.user;+---------------+-------+-------------------------------------------+| host | user | password |+---------------+-------+-------------------------------------------+| localhost | root | *C9A034778FB438CDECD150408139516FEBC8FA5B || 127.0.0.1 | root | *C9A034778FB438CDECD150408139516FEBC8FA5B || ::1 | root | *C9A034778FB438CDECD150408139516FEBC8FA5B || 192.168.1.104 | slave | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |+---------------+-------+-------------------------------------------+在mysql库mysql> use mysqlDatabase changed;修改root用户登陆密码mysql> update mysql.user set password = password(‘gaofei‘) where user=‘root‘;刷新授权表 或者退出mysql重启mysql> flush privileges;如果忘记密码了就:修改配置文件vi /etc/my.cnf搜索 :/mysqld 在他下面这一行添加 skip-grant-tables 跳过权限验证 [mysqld]skip-grant-tables重启myslqservice mysql restart在进入mysql的时候就不用输密码了 这时在执行刚才的修改密码 这样密码就能修改了 修改好之后要删除刚才在配置项中添加的skip-.. 命令 不然密码形同虚设添加一个用户all 代表可执行的操作 比如delete/alter/insert等 *.*是执行范围 ‘所有表.所有数据库‘ ‘lisi‘是账号 ‘localhost‘是ip 最后那个是登陆密码mysql> grant all on *.* to ‘lisi‘@‘localhost‘ identified by ‘123123‘;刷新授权表 或重启mysqlmysql> flush privileges;创建一个测试数据库和表 添加个数据mysql> create database hd charset utf8;mysql> use hd;mysql> create table stu(id int,name char(20));mysql> insert into stu set id=1,name=12123;添加一个只有查看权限的用户mysql> grant select on hd.* to ‘wangwu‘@‘localhost‘ identified by ‘123123‘;添加完以后一定要刷新权限表 这样刚添加的账户立即生效 然后用 wangwu登陆的时候就只有hd库中所有表的查看权限了 ‘localhost‘代表本地主机 可以设置成其他ip的 也可以设置成任何ip的‘%‘ ‘wangwu‘@‘%‘ 这样就说明只要是叫wangwu的都只有查看权限了因此也能看出账号同名同密码都可以 因为抓取的地址不同那么他所拥有的权限也会不同 如下:mysql> grant select on hd.* to ‘wangwu‘@‘192.168.1.1‘ identified by ‘123123‘;mysql> grant delete on hd.* to ‘wangwu‘@‘192.168.1.2‘ identified by ‘123123‘;mysql 设置账户权限
标签: