pt-show-grants的用法
1、先查找所有用户和Host
2、然后逐个执行show grants
pt-show-grants的功能是格式化打印输出MySQL上的赋权,以便你可以有效地复制、比较以及版本控制。
[mysql@db130 ~]$ pt-show-grants --user=root --host=localhost --port=3306 --socket=/data/mysql/percona_server/run/mysql.sock --password="xxx" --charset=utf8mb4
-- Grants dumped by pt-show-grants
-- Dumped from server Localhost via UNIX socket, MySQL 5.6.41-84.1-log at 2019-03-27 14:51:02
-- Grants for 'root'@'127.0.0.1'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY PASSWORD '*B9C917EC2C16F9047157E4F6A12E158E5D5B86B2' WITH GRANT OPTION;
-- Grants for 'root'@'localhost'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*B9C917EC2C16F9047157E4F6A12E158E5D5B86B2' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION; # 增加 --drop参数 [mysql@db130 ~]$ pt-show-grants --user=root --host=localhost --port=3306 --socket=/data/mysql/percona_server/run/mysql.sock --password="xxx" --drop -- Grants dumped by pt-show-grants -- Dumped from server Localhost via UNIX socket, MySQL 5.6.41-84.1-log at 2019-03-27 14:48:12 DROP USER 'root'@'127.0.0.1'; DELETE FROM `mysql`.`user` WHERE `User`='root' AND `Host`='127.0.0.1'; -- Grants for 'root'@'127.0.0.1' GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY PASSWORD '*B9C917EC2C16F9047157E4F6A12E158E5D5B86B2' WITH GRANT OPTION; DROP USER 'root'@'localhost'; DELETE FROM `mysql`.`user` WHERE `User`='root' AND `Host`='localhost'; -- Grants for 'root'@'localhost' GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*B9C917EC2C16F9047157E4F6A12E158E5D5B86B2' WITH GRANT OPTION; GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION; [mysql@db130 ~]$
[mysql@db130 ~]$ pt-show-grants --help pt-show-grants shows grants (user privileges) from a MySQL server. For more details, please use the --help option, or try 'perldoc /usr/local/bin/pt-show-grants' for complete documentation. Usage: pt-show-grants [OPTIONS] [DSN] Options: --ask-pass Prompt for a password when connecting to MySQL --charset=s -A Default character set --config=A Read this comma-separated list of config files; if specified, this must be the first option on the command line --database=s -D The database to use for the connection --defaults-file=s -F Only read mysql options from the given file --drop Add DROP USER before each user in the output --flush Add FLUSH PRIVILEGES after output --[no]header Print dump header (default yes) --help Show help and exit --host=s -h Connect to host --ignore=a Ignore this comma-separated list of users --only=a Only show grants for this comma-separated list of users --password=s -p Password to use when connecting --pid=s Create the given PID file --port=i -P Port number to use for connection --revoke Add REVOKE statements for each GRANT statement --separate List each GRANT or REVOKE separately --set-vars=A Set the MySQL variables in this comma-separated list of variable=value pairs --socket=s -S Socket file to use for connection --[no]timestamp Add timestamp to the dump header (default yes) --user=s -u User for login if not current user --version Show version and exit Option types: s=string, i=integer, f=float, h/H/a/A=comma-separated list, d=DSN, z=size, m=time Rules: This tool accepts additional command-line arguments. Refer to the SYNOPSIS and usage information for details. DSN syntax is key=value[,key=value...] Allowable DSN keys: KEY COPY MEANING === ==== ============================================= A yes Default character set D yes Default database F yes Only read default options from the given file P yes Port number to use for connection S yes Socket file to use for connection h yes Connect to host p yes Password to use when connecting u yes User for login if not current user If the DSN is a bareword, the word is treated as the 'h' key. Options and values after processing arguments: --ask-pass FALSE --charset (No value) --config /etc/percona-toolkit/percona-toolkit.conf,/etc/percona-toolkit/pt-show-grants.conf,/data/mysql/.percona-toolkit.conf,/data/mysql/.pt-show-grants.conf --database (No value) --defaults-file (No value) --drop FALSE --flush FALSE --header TRUE --help TRUE --host (No value) --ignore (No value) --only (No value) --password (No value) --pid (No value) --port (No value) --revoke FALSE --separate FALSE --set-vars --socket (No value) --timestamp TRUE --user (No value) --version FALSE [mysql@db130 ~]$