安装完mysql-server
会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置:
a)为root用户设置密码
b)删除匿名账号
c)取消root用户远程登录
d)删除test库和对test库的访问权限
e)刷新授权表使修改生效
通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:
复制代码
代码如下:
[root@server1 ~]#
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS
RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP
CAREFULLY!
In order to log into MySQL to secure it, we'll need the
current
password for the root user. If you've just installed MySQL,
and
you haven""t set the root password yet, the password will be blank,
so
you should just press enter here.
Enter current password for root (enter for
none):<–初次运行直接回车
OK, successfully used
password, moving on…
Setting the root password ensures that nobody can log
into the MySQL
root user without the proper authorisation.
Set root
password? [Y/n] <–
是否设置root用户密码,输入y并回车或直接回车
New password: <– 设置root用户的密码
Re-enter new password: <– 再输入一次你设置的密码
Password updated
successfully!
Reloading privilege tables..
… Success!
By default, a
MySQL installation has an anonymous user, allowing anyone
to log into MySQL
without having to have a user account created for
them. This is intended only
for testing, and to make the installation
go a bit smoother. You should
remove them before moving into a
production environment.
Remove anonymous
users? [Y/n] <–
是否删除匿名用户,生产环境建议删除,所以直接回车
… Success!
Normally, root should only be
allowed to connect from 'localhost'. This
ensures that someone cannot guess
at the root password from the network.
Disallow root login remotely?
[Y/n]
<–是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止
… Success!
By default, MySQL
comes with a database named 'test' that anyone can
access. This is also
intended only for testing, and should be removed
before moving into a
production environment.
Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车
- Dropping test
database…
… Success!
查看用户表
mysql> select host,user,password from mysql.user;
+---------------+-------+-------------------------------------------+
| host | user | password |
+---------------+-------+-------------------------------------------+
| localhost | root | *C9A034778FB438CDECD150408139516FEBC8FA5B |
| 127.0.0.1 | root | *C9A034778FB438CDECD150408139516FEBC8FA5B |
| ::1 | root | *C9A034778FB438CDECD150408139516FEBC8FA5B |
| 192.168.1.104 | slave | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
+---------------+-------+-------------------------------------------+
在mysql库
mysql> use mysql
Database changed;
修改root用户登陆密码
mysql> update mysql.user set password = password('gaofei') where user='root';
刷新授权表 或者退出mysql重启
mysql> flush privileges;
如果忘记密码了就:
修改配置文件
vi /etc/my.cnf
搜索 :/mysqld 在他下面这一行添加 skip-grant-tables 跳过权限验证
[mysqld]
skip-grant-tables
重启myslq
service mysql restart
在进入mysql的时候就不用输密码了 这时在执行刚才的修改密码 这样密码就能修改了 修改好之后要删除刚才在配置项中添加的skip-.. 命令 不然密码形同虚设
添加一个用户
all 代表可执行的操作 比如delete/alter/insert等 *.*是执行范围 '所有表.所有数据库' 'lisi'是账号 'localhost'是ip 最后那个是登陆密码
mysql> grant all on *.* to 'lisi'@'localhost' identified by '123123';
刷新授权表 或重启mysql
mysql> flush privileges;
创建一个测试数据库和表 添加个数据
mysql> create database hd charset utf8;
mysql> use hd;
mysql> create table stu(id int,name char(20));
mysql> insert into stu set id=1,name=12123;
添加一个只有查看权限的用户
mysql> grant select on hd.* to 'wangwu'@'localhost' identified by '123123';
添加完以后一定要刷新权限表 这样刚添加的账户立即生效 然后用 wangwu登陆的时候就只有hd库中所有表的查看权限了 'localhost'代表本地主机 可以设置成其他ip的 也可以设置成任何ip的'%' 'wangwu'@'%' 这样就说明只要是叫wangwu的都只有查看权限了
因此也能看出账号同名同密码都可以 因为抓取的地址不同那么他所拥有的权限也会不同 如下:
mysql> grant select on hd.* to 'wangwu'@'192.168.1.1' identified by '123123';
mysql> grant delete on hd.* to 'wangwu'@'192.168.1.2' identified by '123123';