• mysql 设置账户权限


    安装完mysql-server
    会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置:

    a)为root用户设置密码
    b)删除匿名账号
    c)取消root用户远程登录
    d)删除test库和对test库的访问权限

    e)刷新授权表使修改生效

    通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:

    复制代码
    代码如下:

    [root@server1 ~]#
    mysql_secure_installation
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS
    RECOMMENDED FOR ALL MySQL
    SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP
    CAREFULLY!
    In order to log into MySQL to secure it, we'll need the
    current
    password for the root user. If you've just installed MySQL,
    and
    you haven""t set the root password yet, the password will be blank,
    so
    you should just press enter here.
    Enter current password for root (enter for
    none):<–初次运行直接回车
    OK, successfully used
    password, moving on…
    Setting the root password ensures that nobody can log
    into the MySQL
    root user without the proper authorisation.
    Set root
    password? [Y/n] <–
    是否设置root用户密码,输入y并回车或直接回车
    New password: <– 设置root用户的密码
    Re-enter new password: <– 再输入一次你设置的密码
    Password updated
    successfully!
    Reloading privilege tables..
    … Success!
    By default, a
    MySQL installation has an anonymous user, allowing anyone
    to log into MySQL
    without having to have a user account created for
    them. This is intended only
    for testing, and to make the installation
    go a bit smoother. You should
    remove them before moving into a
    production environment.
    Remove anonymous
    users? [Y/n] <–
    是否删除匿名用户,生产环境建议删除,所以直接回车
    … Success!
    Normally, root should only be
    allowed to connect from 'localhost'. This
    ensures that someone cannot guess
    at the root password from the network.
    Disallow root login remotely?
    [Y/n]
    <–是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止
    … Success!
    By default, MySQL
    comes with a database named 'test' that anyone can
    access. This is also
    intended only for testing, and should be removed
    before moving into a
    production environment.
    Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车
    - Dropping test
    database…
    … Success!

    查看用户表
    mysql> select host,user,password from mysql.user;
    +---------------+-------+-------------------------------------------+
    | host          | user  | password                                  |
    +---------------+-------+-------------------------------------------+
    | localhost          | root  | *C9A034778FB438CDECD150408139516FEBC8FA5B |
    | 127.0.0.1         | root  | *C9A034778FB438CDECD150408139516FEBC8FA5B |
    | ::1                  | root  | *C9A034778FB438CDECD150408139516FEBC8FA5B |
    | 192.168.1.104 | slave | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
    +---------------+-------+-------------------------------------------+


    在mysql库
    mysql> use mysql
    Database changed;
    修改root用户登陆密码
    mysql> update mysql.user set password = password('gaofei') where user='root';
    刷新授权表  或者退出mysql重启
    mysql> flush privileges;

    如果忘记密码了就:
    修改配置文件
    vi /etc/my.cnf
    搜索 :/mysqld 在他下面这一行添加 skip-grant-tables  跳过权限验证
    [mysqld]
    skip-grant-tables
    重启myslq
    service mysql restart
    在进入mysql的时候就不用输密码了 这时在执行刚才的修改密码 这样密码就能修改了 修改好之后要删除刚才在配置项中添加的skip-.. 命令 不然密码形同虚设


    添加一个用户
    all 代表可执行的操作 比如delete/alter/insert等  *.*是执行范围 '所有表.所有数据库' 'lisi'是账号 'localhost'是ip  最后那个是登陆密码
    mysql> grant all on *.* to 'lisi'@'localhost' identified by '123123';
    刷新授权表 或重启mysql
    mysql> flush privileges;


    创建一个测试数据库和表 添加个数据
    mysql> create database hd charset utf8;
    mysql> use hd;
    mysql> create table stu(id int,name char(20));
    mysql> insert into stu set id=1,name=12123;

    添加一个只有查看权限的用户
    mysql> grant select on hd.* to 'wangwu'@'localhost' identified by '123123';
    添加完以后一定要刷新权限表 这样刚添加的账户立即生效  然后用 wangwu登陆的时候就只有hd库中所有表的查看权限了  'localhost'代表本地主机  可以设置成其他ip的 也可以设置成任何ip的'%'  'wangwu'@'%'  这样就说明只要是叫wangwu的都只有查看权限了
    因此也能看出账号同名同密码都可以 因为抓取的地址不同那么他所拥有的权限也会不同 如下:
    mysql> grant select on hd.* to 'wangwu'@'192.168.1.1' identified by '123123';
    mysql> grant delete on hd.* to 'wangwu'@'192.168.1.2' identified by '123123';

  • 相关阅读:
    Oracle数据类型再探:plsql能建表时能用的数据类型
    数据库中的不同类型
    数据库类型研究
    代码块,静态变量,静态代码块,运算符优先级
    JAVA运算符
    Java多线程详解
    JAVA对象序列化(Serializable、ObjectOutputStream、ObjectInputStream、 transient)
    java的IO详解
    Java死锁
    Java重载、覆写、this、super、抽象类、接口
  • 原文地址:https://www.cnblogs.com/gaofeifiy/p/5081534.html
Copyright © 2020-2023  润新知