• Database基础(四):密码恢复及设置、 用户授权及撤销、数据备份与恢复、MySQL管理工具


    一、密码恢复及设置

    目标:

    本案例要求熟悉MySQL管理密码的控制,完成以下任务操作:

    1.     练习重置MySQL管理密码的操作
    2.     通过正常途径设置MySQL数据库的管理密码

    步骤:

    步骤一:重置MySQL管理密码

    1)首先停止已运行的MySQL服务程序

        [root@dbsvr1 ~]# systemctl  stop mysqld.service           //停止服务
        [root@dbsvr1 ~]# systemctl  status mysqld.service          //确认状态
        mysqld.service - MySQL Server
           Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
           Active: inactive (dead) since 五 2017-04-07 23:01:38 CST; 21s ago
             Docs: man:mysqld(8)
                   http://dev.mysql.com/doc/refman/en/using-systemd.html
          Process: 20260 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
          Process: 20238 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
         Main PID: 20262 (code=exited, status=0/SUCCESS)

    2)然后跳过授权表启动MySQL服务程序

    这一步主要利用mysqld的 --skip-grant-tables选项

    修改my.cnf配置,添加 skip_grant_tables=1启动设置:

        [root@dbsvr1 ~]# vim /etc/my.cnf
        [mysqld]
        skip_grant_tables=1
        .. ..
        [root@dbsvr1 ~]# systemctl  restart mysqld.service
        [root@dbsvr1 ~]# service mysql status
        mysqld.service - MySQL Server
           Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
           Active: active (running) since 五 2017-04-07 23:40:20 CST; 40s ago
             Docs: man:mysqld(8)
                   http://dev.mysql.com/doc/refman/en/using-systemd.html
          Process: 11698 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
          Process: 11676 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
         Main PID: 11701 (mysqld)
           CGroup: /system.slice/mysqld.service
                   └─11701 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.p...

    3)使用mysql命令连接到MySQL服务,重设root的密码

    由于前一步启动的MySQL服务跳过了授权表,所以可以root从本机直接登录

        [root@dbsvr1 ~]# mysql -u root
        Enter password:                                 //直接回车即可
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 4
        Server version: 5.7.17 MySQL Community Server (GPL)
        Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
        mysql>

    进入 mysql> 环境后,通过修改mysql库中user表的相关记录,重设root用户从本机登录的密码:

        mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
            -> WHERE user='root' AND host='localhost';              //重设root的密码
        Query OK, 1 row affected, 1 warning (0.00 sec)
        Rows matched: 1  Changed: 1  Warnings: 1
        mysql> FLUSH PRIVILEGES;                                  //刷新授权表
        Query OK, 0 rows affected (0.01 sec)
        mysql> exit                                              //退出mysql> 环境
        Bye

    通过执行“FLUSH PRIVILEGES;”可使授权表立即生效,对于正常运行的MySQL服务,也可以用上述方法来修改密码,不用重启服务。本例中因为是恢复密码,最好重启MySQL服务程序,所以上述“FLUSH PRIVILEGES;”操作可跳过。

    4)重新以正常方式启动MySQL服务程序,验证新密码

    如果前面是修改/etc/my.cnf配置的方法来跳过授权表,则重置root密码后,应去除相应的设置以恢复正常:

        [root@dbsvr1 ~]# vim /etc/my.cnf
        [mysqld]
        #skip_grant_tables=1                              //注释掉或删除此行
        .. ..

    按正常方式,通过mysql脚本重启服务即可:

        [root@dbsvr1 ~]# systemctl  restart mysqld.service

    验证无密码登录时,将会被拒绝:

        [root@dbsvr1 ~]# mysql -u root
        Enter password:                            //没有跳过授权表回车会报错
        ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

    只有提供重置后的新密码,才能成功登入:

        [root@dbsvr1 ~]# mysql -u root –p
        Enter password:
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 4
        Server version: 5.7.17 MySQL Community Server (GPL)
        Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
        mysql>

    步骤二:正常设置MySQL管理密码

    正常的前提是:已知当前MySQL管理用户(root)的密码。

    1)方法1,在Shell命令行下设置

    使用mysqladmin管理工具,需要验证旧的密码。比如,以下操作将会把root的密码设置为 1234567:

        [root@dbsvr1 ~]# mysqladmin -u root -p password '1234567'                    
        Enter password:                                   //验证原来的密码
        mysqladmin: [Warning] Using a password on the command line interface can be insecure.
        Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.                              //提示明文修改不安全,并不是报错

    2)方法2,以root登入mysql> 后,使用SET PASSWORD指令设置

    这个与新安装MySQL-server后首次修改密码时要求的方式相同,平时也可以用:

        mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
        Query OK, 0 rows affected, 1 warning (0.00 sec)

    3)方法3,以root登入mysql> 后,使用GRANT授权工具设置

    这个是最常见的用户授权方式(下一节会做更多授权的练习):

        mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
        Query OK, 0 rows affected, 1 warning (0.00 sec)

    4)方法4,以root登入mysql> 后,使用UPDATE更新相应的表记录

    这种方法与恢复密码时的操作相同:

        mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
            -> WHERE user='root' AND host='localhost';          //重设root的密码
        Query OK, 0 rows affected, 1 warning (0.00 sec)
        Rows matched: 1  Changed: 0  Warnings: 1
        mysql> FLUSH PRIVILEGES;                                  //刷新授权表
        Query OK, 0 rows affected (0.00 sec)

    在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:

        mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
        ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
        mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
        ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement

    二、用户授权及撤销

    目标:

    1.    允许root从192.168.4.0/24网段 访问,对所有库/表有完全权限,密码为tarena
    2.    添加一个管理账号dba007,完全控制及授权
    3.    撤销root从本机访问的权限,然后恢复
    4.    允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
    5.    撤销webuser的完全权限,改为查询权限

    方案:

    使用2台RHEL 7虚拟机,如下图所示。其中192.168.4.10是MySQL服务器,授权及撤销操作均在此服务器上执行;而192.168.4.120作为测试客户机,需要安装好MySQL-client软件包,以便提供mysql命令。

                

    同时,MySQL服务器本身(192.168.4.10)也可以作为测试客户机。

    步骤:

    步骤一:用户授权及撤销

    1)允许root从192.168.4.0/24访问,对所有库表有完全权限,密码为tarena。

    授权之前,从192.168.4.0/24网段的客户机访问时,将会被拒绝:

        [root@host120 ~]# mysql -u root -p -h 192.168.4.10
        Enter password:                                  //输入正确的密码
        ERROR 2003 (HY000): Host '192.168.4.120' is not allowed to connect to this MySQL server

    授权操作,此处可设置与从localhost访问时不同的密码

        mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY 'tarena';
        Query OK, 0 rows affected (0.00 sec)

    再次从192.168.4.0/24网段的客户机访问时,输入正确的密码后可登入:

        [root@host120 ~]# mysql -u root -p -h 192.168.4.10
        Enter password:            //此处输入的密码是tarena才可以登录,tarena是主机授权的登录密码
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 20
        Server version: 5.7.17 MySQL Community Server (GPL)
        Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
        mysql>

    从网络登入后,测试新建一个库、查看所有库:

        mysql> CREATE DATABASE rootdb;                  //创建新库rootdb
        Query OK, 1 row affected (0.06 sec)
        mysql> SHOW DATABASES;
        +--------------------+
        | Database           |
        +--------------------+
        | information_schema |
        | home               |
        | mysql              |
        | performance_schema |
        | rootdb             |                         //新建的rootdb库
        | sys                |
        | userdb             |
        +--------------------+
        7 rows in set (0.01 sec)

    2)在Mysql服务器上建立一个管理账号dba007,对所有库完全控制,并赋予其授权的权限

    新建账号并授权:

        mysql> GRANT all ON *.* TO dba007@localhost
            -> IDENTIFIED BY '1234567'
            -> WITH GRANT OPTION;
        Query OK, 0 rows affected (0.00 sec)

    查看dba007的权限:

        mysql> SHOW GRANTS FOR dba007@localhost;
        +-----------------------------------------------------------------------+
        | Grants for dba007@localhost                                           |
        +-----------------------------------------------------------------------+
        | GRANT ALL PRIVILEGES ON *.* TO 'dba007'@'localhost' WITH GRANT OPTION |
        +-----------------------------------------------------------------------+
        1 row in set (0.00 sec)

    3)撤销root从本机访问的权限,然后恢复

    注意:如果没有事先建立其他管理账号,请不要轻易撤销root用户的本地访问权限,否则恢复起来会比较困难,甚至不得不重装数据库。

    撤销root对数据库的操作权限:

        mysql> REVOKE all ON *.* FROM root@localhost;
        Query OK, 0 rows affected (0.00 sec)
        mysql> SHOW GRANTS FOR root@localhost;
        +--------------------------------------------------------------+
        | Grants for root@localhost                                    |
        +--------------------------------------------------------------+
        | GRANT USAGE ON *.* TO 'root'@'localhost' WITH GRANT OPTION   |
        | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
        +--------------------------------------------------------------+
        2 rows in set (0.00 sec)

    验证撤销后的权限效果:

        mysql> exit                                      //退出当前MySQL连接
        Bye
        [root@dbsvr1 ~]# mysql -u root -p                  //重新以root从本地登入
        Enter password:
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 6
        Server version: 5.6.15 MySQL Community Server (GPL)
        Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
        mysql> CREATE DATABASE newdb2014;                  //尝试新建库失败
        ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'newdb2014'
        mysql> DROP DATABASE rootdb;                          //尝试删除库失败
        ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'rootdb'

    尝试以当前的root用户恢复权限,也会失败(无权更新授权表):

        mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
        ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

    怎么办呢?

    退出当前MySQL连接,以上一步添加的管理账号dba007登入:

        mysql> exit                                          //退出当前MySQL连接
        Bye
        [root@dbsvr1 ~]# mysql -u dba007 -p                   //以另一个管理账号登入
        Enter password:
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 24
        Server version: 5.7.17 MySQL Community Server (GPL)
        Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

    由管理账号dba007重新为root添加本地访问权限:

        mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
        Query OK, 0 rows affected (0.00 sec)
        mysql> SHOW GRANTS FOR root@localhost;              //查看恢复结果
        +---------------------------------------------------------------------+
        | Grants for root@localhost                                           |
        +---------------------------------------------------------------------+
        | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
        | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
        +---------------------------------------------------------------------+
        2 rows in set (0.00 sec)

    退出,再重新以root登入,测试一下看看,权限又恢复了吧:

        mysql> exit                                      //退出当前MySQL连接
        Bye
        [root@dbsvr1 ~]# mysql -u root -p                 //重新以root登入
        Enter password:
        Welcome to the MySQL monitor.  Commands end with ; or g.
        Your MySQL connection id is 25
        Server version: 5.7.17 MySQL Community Server (GPL)
        Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
        Oracle is a registered trademark of Oracle Corporation and/or its
        affiliates. Other names may be trademarks of their respective
        owners.
        Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
        mysql> CREATE DATABASE newdb2014;                  //成功创建新库
        Query OK, 1 row affected (0.00 sec)

    4)允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888

    添加授权:

        mysql> GRANT all ON webdb.* TO webuser@'%' IDENTIFIED BY '888888';
        Query OK, 0 rows affected (0.00 sec)

    查看授权结果:

        mysql> SHOW GRANTS FOR webuser@'%';
        +----------------------------------------------------+
        | Grants for webuser@%                               |
        +----------------------------------------------------+
        | GRANT USAGE ON *.* TO 'webuser'@'%'                |
        | GRANT ALL PRIVILEGES ON `webdb`.* TO 'webuser'@'%' |
        +----------------------------------------------------+
        2 rows in set (0.00 sec)

    5)撤销webuser的完全权限,改为查询权限

    撤销所有权限:

        mysql> REVOKE all ON webdb.* FROM webuser@'%';
        Query OK, 0 rows affected (0.00 sec)

    只赋予查询权限:

        mysql> GRANT select ON webdb.* TO webuser@'%';
        Query OK, 0 rows affected (0.00 sec)

    确认授权更改结果:

        mysql> SHOW GRANTS FOR webuser@'%';
        +--------------------------------------------+
        | Grants for webuser@%                       |
        +--------------------------------------------+
        | GRANT USAGE ON *.* TO 'webuser'@'%'        |
        | GRANT SELECT ON `webdb`.* TO 'webuser'@'%' |
        +--------------------------------------------+
        2 rows in set (0.00 sec)

    三、数据备份与恢复

    目标:

    本案例要求熟悉MySQL的备份与恢复,完成以下任务操作:

    1.     使用mysqldump备份数据库
    2.     使用mysql 恢复数据库

    步骤:

    步骤一:使用mysqldump进行逻辑备份

    1)备份MySQL服务器上的所有库

    将所有的库备份为mysql-all.sql文件:

        [root@dbsvr1 ~]# mysqldump -u root -p --all-databases > /root/alldb.sql
        Enter password:                                  //验证口令
        [root@dbsvr1 mysql]# file /root/alldb.sql          //确认备份文件类型
        /root/alldb.sql: UTF-8 Unicode English text, with very long lines

    查看备份文件alldb.sql的部分内容:

        [root@dbsvr1 ~]# grep -vE '^/|^-|^$' /root/alldb.sql | head -15
        CREATE DATABASE /*!32312 IF NOT EXISTS*/ `home` /*!40100 DEFAULT CHARACTER SET latin1 */;
        USE `home`;
        DROP TABLE IF EXISTS `biao01`;
        CREATE TABLE `biao01` (
          `id` int(2) NOT NULL,
          `name` varchar(8) DEFAULT NULL
        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
        LOCK TABLES `biao01` WRITE;
        UNLOCK TABLES;
        DROP TABLE IF EXISTS `biao02`;
        CREATE TABLE `biao02` (
          `id` int(4) NOT NULL,
          `name` varchar(8) DEFAULT NULL,
          PRIMARY KEY (`id`)
        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
        .. ..

    注意:若数据库都使用MyISAM存储引擎,可以采用冷备份的方式,直接复制对应的数据库目录即可;恢复时重新复制回来就行。

    2)只备份指定的某一个库

    将userdb库备份为userdb.sql文件:

        [root@dbsvr1 ~]# mysqldump -u root -p userdb > userdb.sql
        Enter password:                                  //验证口令

    查看备份文件userdb.sql的部分内容:

        [root@dbsvr1 ~]# grep -vE '^/|^-|^$' /root/userdb.sql
        DROP TABLE IF EXISTS `stu_info`;
        CREATE TABLE `stu_info` (
          `name` varchar(12) NOT NULL,
          `gender` enum('boy','girl') DEFAULT 'boy',
          `age` int(3) NOT NULL
        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
        LOCK TABLES `stu_info` WRITE;
        .. ..

    3)同时备份指定的多个库

    同时备份mysql、userdb库,保存为mysql+userdb.sql文件:

        [root@dbsvr1 ~]# mysqldump -u root -p -B mysql  userdb > mysql+test+userdb.sql
        Enter password:                                  //验证口令

    查看备份文件userdb.sql的部分内容:

        [root@dbsvr1 ~]# grep '^CREATE DATA' /root/mysql+userdb.sql
        CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysql` /*!40100 DEFAULT CHARACTER SET latin1 */;
        CREATE DATABASE /*!32312 IF NOT EXISTS*/ `userdb` /*!40100 DEFAULT CHARACTER SET latin1 */;

    步骤二:使用mysql命令从备份中恢复数据库、表

    以恢复userdb库为例,可参考下列操作。通常不建议直接覆盖旧库,而是采用建立新库并导入逻辑备份的方式执行恢复,待新库正常后即可废弃或删除旧库。

    1)创建名为userdb2的新库

        mysql> CREATE DATABASE userdb2;
        Query OK, 1 row affected (0.00 sec)

    2)导入备份文件,在新库中重建表及数据

        [root@dbsvr1 ~]# mysql -u root -p userdb2 < /root/userdb.sql
        Enter password:                                  //验证口令

    3)确认新库正常,启用新库

        mysql> USE userdb2;                              //切换到新库
        Reading table information for completion of table and column names
        You can turn off this feature to get a quicker startup with -A
        Database changed
        mysql> SELECT sn,username,uid,gid,homedir          //查询数据,确认可用
            -> FROM userlist LIMIT 10;
        +----+----------+-----+-----+-----------------+
        | sn | username | uid | gid | homedir         |
        +----+----------+-----+-----+-----------------+
        |  1 | root     |   0 |   0 | /root           |
        |  2 | bin      |   1 |   1 | /bin            |
        |  3 | daemon   |   2 |   2 | /sbin           |
        |  4 | adm      |   3 |   4 | /var/adm        |
        |  5 | lp       |   4 |   7 | /var/spool/lpd  |
        |  6 | sync     |   5 |   0 | /sbin           |
        |  7 | shutdown |   6 |   0 | /sbin           |
        |  8 | halt     |   7 |   0 | /sbin           |
        |  9 | mail     |   8 |  12 | /var/spool/mail |
        | 10 | operator |  11 |   0 | /root           |
        +----+----------+-----+-----+-----------------+
        10 rows in set (0.00 sec)

    4)废弃或删除旧库

        mysql> DROP DATABASE userdb;
        Query OK, 2 rows affected (0.09 sec)

    四、MySQL管理工具

    目标:

    本案例要求基于LAMP平台部署一套phpMyAdmin应用系统,实现对MySQL服务器的Web方式管理。

    方案:

    使用2台RHEL6虚拟机 + 1台Windows 7真机,如下图所示。其中192.168.4.10是MySQL服务器,授权操作在此服务器上执行;另一台Linux服务器192.168.4.6上部 署phpMyAdmin管理平台,实现从浏览器访问的Web管理方式。

                 

    步骤:

    步骤一:在MySQL服务器上配置用户访问授权

    为了实验方便起见,直接以root用户为例,允许其从192.168.4.0/24网段访问,密码设置为1234567。

        mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY '1234567';      //授权本地root用户可以从4.0网段登录,为后面用4.0网段PC做客户端验证,提供权限
        Query OK, 0 rows affected, 1 warning (0.00 sec)

    步骤二:搭建phpMyAdmin管理平台(192.168.4.6)

    phpMyAdmin是以PHP语言开发的一套用来管理MySQL数据库的网页程序,因此需要有支持PHP的网站服务器才能正常使用phpMyAdmin平台。

    1)LAMP平台的简易部署

    直接以yum方式安装httpd、mysql、php、php-mysql软件包,本例中只需要MySQl客户端程序,无需安装mysql-server:

        [root@dbsvr ~]# yum -y install httpd mariadb php php-mysql       //此处会安装httpdphp、php-mysql三个包,mariadb在前面实验已安装了
        .. ..

    由于RHEL 7未提供php-mbsring包,而phpMyAdmin套件需要相关库文件,因此需要额外下载适用的RPM包(由教员提供),安装时忽略依赖关系即可:

        [root@dbsvr ~]# rpm -ivh php-mbstring-5.3.3-26.el6.x86_64.rpm -nodeps
        .. ..

    完成安装以后,对httpd服务配置稍作调整,启动httpd网站服务:

        [root@dbsvr ~]# vim /etc/httpd/conf/httpd.conf
        ServerName localhost.localdomain
        .. ..
        DirectoryIndex  index.php index.html
        .. ..
        [root@dbsvr ~]# systemctl  restart httpd      //安装了httpd服务后需要启动该服务才能生效,客户端才能通过http访问服务器数据库验证

    2)下载、部署phpMyAdmin套件

    访问http://www.phpmyadmin.net/,下载支持多语言的源码程序包phpMyAdmin-4.1.2-all-languages.zip。

    将下载回来的源码包解压,并部署到网站目录:

        [root@dbsvr ~]# unzip phpMyAdmin-4.1.2-all-languages.zip
        [root@dbsvr ~]# mv phpMyAdmin-4.1.2-all-languages /var/www/html/pma

    切换到部署后的pma程序目录,拷贝配置文件,并修改配置以正确指定MySQL服务器的IP地址。

        [root@dbsvr ~]# cd /var/www/html/pma/
        [root@dbsvr pma]# cp config.sample.inc.php config.inc.php
        [root@dbsvr pma]# vim config.inc.php
        <?php
        .. ..
        $cfg[‘blowfish_secret’]=’tarena’;          //在单引号里随意添加字符,如果不修改这项,会报错【配置文件现在需要绝密的短语密码(blowfish_secret)】。
        .. ..
        $cfg['Servers'][$i]['host'] = '192.168.4.10';
        .. ..
        ?>

    3)从浏览器访问phpMyAdmin系统

    在Windows 7客户机中,打开IE网页浏览器,访问部署了phpMyAdmin系统的网站http://192.168.4.6/pma/index.php,即可打 开phpMyAdmin管理平台。如下图所示,输入正确的数据库用户名(如root)及密码登入即可。      //如果前面只是启动http服务,没有默认页面,可以访问http://192.168.4.6/pma/网址,不用加默认网页,输入登录数据库的账户密码,root & 123456

              

    登入成功后,如下图所示,即可在授权范围内对MySQL数据库进行管理。

               

     附加:

    一、管理root用户密码(知道root用户密码的情况)

    1> 直接在shell环境下直接更改

    # mysqladmin -hlocalhost -uroot -p password"新密码"     //知道用户密码,需要更改成新密码时操作命令
    Enter password:     //会进入交互界面,需要旧的密码才可以更改,未报错即成功

    2> 可以在mysql命令行用set password命令

    mysql> set password for 'root'@'localhost' = password('123456');   //注意格式正确,否则报错

    二、管理root用户密码(不知道root用户密码的情况)

    1> 修改配置文件

    # vim /etc/my.cnf
    [mysqld]
    skip-grant-tables    //加这条后需要将下面的密码验证策略注释掉才可以成功,不然会报错无法识别该命令
    secure_file_priv="/mydatadir"
    #validate_password_policy=0    //密码验证策略
    #validate_password_length=6    //密码长度
    default_storage_engine=myisam
    ...
    :wq   //保存并退出

    2> 无密码登录mysql数据库

    # mysql -uroot    //后面不用加-p‘密码’,上面有策略跳过密码验证

    3> 查看root用户密码字段

    mysql> desc mysql.user;    //查看表结构,查找密码字段的字段名
    +------------------------+-----------------------------------+------+-----+-----------------------+-------+
    | Field                  | Type                              | Null | Key | Default               | Extra |
    +------------------------+-----------------------------------+------+-----+-----------------------+-------+
    | Host                   | char(60)                          | NO   | PRI |                       |       |
    | User                   | char(32)                          | NO   | PRI |                       |       |
    | Select_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Insert_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Update_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Delete_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Drop_priv              | enum('N','Y')                     | NO   |     | N                     |       |
    | Reload_priv            | enum('N','Y')                     | NO   |     | N                     |       |
    | Shutdown_priv          | enum('N','Y')                     | NO   |     | N                     |       |
    | Process_priv           | enum('N','Y')                     | NO   |     | N                     |       |
    | File_priv              | enum('N','Y')                     | NO   |     | N                     |       |
    | Grant_priv             | enum('N','Y')                     | NO   |     | N                     |       |
    | References_priv        | enum('N','Y')                     | NO   |     | N                     |       |
    | Index_priv             | enum('N','Y')                     | NO   |     | N                     |       |
    | Alter_priv             | enum('N','Y')                     | NO   |     | N                     |       |
    | Show_db_priv           | enum('N','Y')                     | NO   |     | N                     |       |
    | Super_priv             | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_tmp_table_priv  | enum('N','Y')                     | NO   |     | N                     |       |
    | Lock_tables_priv       | enum('N','Y')                     | NO   |     | N                     |       |
    | Execute_priv           | enum('N','Y')                     | NO   |     | N                     |       |
    | Repl_slave_priv        | enum('N','Y')                     | NO   |     | N                     |       |
    | Repl_client_priv       | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_view_priv       | enum('N','Y')                     | NO   |     | N                     |       |
    | Show_view_priv         | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_routine_priv    | enum('N','Y')                     | NO   |     | N                     |       |
    | Alter_routine_priv     | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_user_priv       | enum('N','Y')                     | NO   |     | N                     |       |
    | Event_priv             | enum('N','Y')                     | NO   |     | N                     |       |
    | Trigger_priv           | enum('N','Y')                     | NO   |     | N                     |       |
    | Create_tablespace_priv | enum('N','Y')                     | NO   |     | N                     |       |
    | ssl_type               | enum('','ANY','X509','SPECIFIED') | NO   |     |                       |       |
    | ssl_cipher             | blob                              | NO   |     | NULL                  |       |
    | x509_issuer            | blob                              | NO   |     | NULL                  |       |
    | x509_subject           | blob                              | NO   |     | NULL                  |       |
    | max_questions          | int(11) unsigned                  | NO   |     | 0                     |       |
    | max_updates            | int(11) unsigned                  | NO   |     | 0                     |       |
    | max_connections        | int(11) unsigned                  | NO   |     | 0                     |       |
    | max_user_connections   | int(11) unsigned                  | NO   |     | 0                     |       |
    | plugin                 | char(64)                          | NO   |     | mysql_native_password |       |
    | authentication_string  | text                              | YES  |     | NULL                  |       |
    | password_expired       | enum('N','Y')                     | NO   |     | N                     |       |
    | password_last_changed  | timestamp                         | YES  |     | NULL                  |       |
    | password_lifetime      | smallint(5) unsigned              | YES  |     | NULL                  |       |
    | account_locked         | enum('N','Y')                     | NO   |     | N                     |       |
    +------------------------+-----------------------------------+------+-----+-----------------------+-------+
    45 rows in set (0.00 sec)
    mysql> select host,user,authentication_string from mysql.user;     //查找主机名、用户名、密码对应关系
    +-----------+-----------+-------------------------------------------+
    | host      | user      | authentication_string                     |
    +-----------+-----------+-------------------------------------------+
    | localhost | root      | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
    | localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
    +-----------+-----------+-------------------------------------------+
    2 rows in set (0.00 sec)

    4> 更改root用户对应密码、刷新、退出

    mysql> update mysql.user set authentication_string=password("123456") where host="localhost" and user="root";    //更改数据库密码
    mysql> flush privileges;    //刷新MySQL的系统权限相关表,否则会出现拒绝访问,还有一种方法,就是重新启动mysql服务器,来使新设置生效。­未报错即生效
    mysql> quit

    5> 改回密码验证策略

    # vim /etc/my.cnf
    [mysqld]
    #skip-grant-tables    //将这条跳过密码验证策略关闭,保证数据库需要密码登录登录
    secure_file_priv="/mydatadir"
    validate_password_policy=0    //打开密码验证策略
    validate_password_length=6    //打开密码长度策略验证
    default_storage_engine=myisam
    ...
    :wq   //保存并退出

    # systemctl restart mysqld     //重启服务使得更改配置生效

    6> 重新登录测试

    # mysql -uroot -p123456;   //需要加-p‘密码’验证登录
    ......
    mysql> quit

    三、Grant配置授权

    基本用法:grant  权限列表..  on  库名.表名  to  用户名@‘客户端地址’  identified  by  '密码'  [with grant option]     

    //密码是设置密码,with grant option是否有授权权限(一般root用户有授权权限)

    高级版本破解“初始”密码

    mysql_install_db --user=mysql --datadir=/var/lib/mysql

    validate_password_policy=0
    validate_password_length=6
    plugin-load=validate_password.so
    validate-password=FORCE_PLUS_PERMANENT

  • 相关阅读:
    PHP 实现Word,excel等转换pdf
    ajax提交表单
    HDOJ题目2089 不要62(数位DP)
    linux中断子系统:中断号的映射与维护初始化mmap过程
    hdu 1548
    怎样高效利用GitHub(非常多资料可供下载)
    MySQL命令学习(一)
    Error-Javascript:错误:页面文档类型(DOCTYPE)未声明!
    Un-Error-ASP.NET:无法加载协定为“YlbService.MMSHServicesSoap”的终结点配置部分,因为找到了该协定的多个终结点配置。请按名称指示首选的终结点配置部分。
    故事-民间故事:《石头汤》
  • 原文地址:https://www.cnblogs.com/baichuanhuihai/p/8312861.html
Copyright © 2020-2023  润新知