创建用户并设置密码
create user zorro identified by \'123\'; 除了本机不能登录,任何一个都可以 (默认%)
create user zorro@localhost identified by \'123\';// 本机zorro用户登录
create user zorro@\'%\' identified by \'123\';
create user zorro@‘172.16.20.9’ identified by ‘123’;//指定ip号
查询
select user from mysql.user;
修改用户名
rename user zorro to robin;
select user from mysql.user;
删除
drop user robin;
drop user robin@‘localhost’;//指定来源
mysql> select password(123);
+-------------------------------------------+
| password(123) |
+-------------------------------------------+
| *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
+-------------------------------------------+
1 row in set (0.00 sec)
修改用户密码(登录之后改)
set password for \'zorro\'@\'%\'= password(\'123\'); //password()函数加密
set password = password(\'123\');修改当前用户
mysqladmin -uroot -p123 password=‘123456’;登录之前改
root密码丢失
重置root口令
1.
shell> mysqld_safe --skip-grant-tables --skip-networking &
shell>mysql -S /var/lib/mysql/mysql.sock (-u root -p)
2.
mysql>update mysql.user set password=password(\'123\') where host=\'localhost\' and user=\'root\' host=‘localhost’;
查询用户权限
show grants for zorro \G
*************************** 1. row ***************************
Grants for zorro@%: GRANT USAGE ON *.* TO \'zorro\'@\'%\' IDENTIFIED BY PASSWORD \'*23AE809DDACAF96AF0FD78ED04B6A265E05AA257\'
USAGE表示没有任何权限
连接测试
mysql -u zorro -p123
ERROR 1045 (28000): Access denied for user \'zorro\'@\'localhost\' (using password: YES)
失败
权限
MySQL存取控制包含2个阶段:
阶段1:服务器检查是否允许你连接。
阶段2:假定你能连接,服务器检查你发出的每个请求。看你是否有足够的权限实施它。例如,如果你从数据库表中选择(select)行或从数据库删除表,服务器确定你对表有SELECT权限或对数据库有DROP权限。
授权grant
命令格式
grant 权限 on 库.表 to 用户@主机 [密码]
grant select on hr.* to zorro@\'localhost\';
show grants for zorro \G
*************************** 1. row ***************************
Grants for zorro@%: GRANT USAGE ON *.* TO \'zorro\'@\'%\' IDENTIFIED BY PASSWORD \'*23AE809DDACAF96AF0FD78ED04B6A265E05AA257\'
*************************** 2. row ***************************
Grants for zorro@%: GRANT SELECT ON `hr`.* TO \'zorro\'@\'%\'
grant select,insert,desc,drop,delect on *.* to zorro@\'localhost\';
权限范围:select,insert,desc,drop,update,alter...
移除权限revoke
命令格式
revoke 权限 on 库.表 from 用户@主机;
revoke select on hr.* from zorro\'localhost\';
远程主机授权
grant all on hr.* to zorro@\'192.168.1.129\' identified by \'123\';
grant all on hr.* to zorro@\'%\' identified by \'123\';
grant和revoke可在几个层次上控制访问权限
整个服务器 grant all 和 revoke all
整个数据库 on databases.*
grant select,insert on hr.* to robin@\'localhost\' identified by \'123\';
特定的表 on database.table;
grant select,insert on hr.tt to tom@\'localhost\' identified by \'123\';
其他方法:
mysql> INSERT INTO user (Host,User,Password) VALUES(\'localhost\',\'dummy\',password());
mysql> FLUSH PRIVILEGES;
练习:
1.创建帐号zorro 允许从本机和任意位置登录
create user zorro@\'%\';
create user zorro@\'%\' identified by \'123\';
create user zorro@\'localhost\' identified by \'123\';
2.修改zorro名字为king
rename user zorro@\'%\' to king@\'%\';
rename user zorro@\'localhost\' to king@\'localhost\';
3.设置king用户的密码位123
set password for king@\'localhost\'=password(\'123\');
set password for king@\'%\'=password(\'123\');
4.以king帐号登录到mysql数据库 设置密码位abc
set password=password(\'123\');
重置root密码
1.停止mysql(pkill mysql)
2./usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables &
3.update mysql.user set password=password(\'123\') where user=\'root\' and host=\'localhost\';
4.停止mysql (pkill mysql)
5./usr/local/mysql/bin/mysqld_safe --user=mysql &
6.正常登录
跳过授权
vim /etc/my.cnf
[mysqld]
skip-grant-tables
----------------------------------------------------------------------
create user robin; 添加帐号
set password for robin=password(\'123\'); 设置密码
create user zorro identified by \'123\'; 创建帐号同时设置密码
rename user zorro to newzorro; 修改帐号名字
drop user newzorro; 删除帐号
set password=password(\'123\'); 设置当前帐号密码
root密码丢失
实验环境
删除数据目录
重新初始化
管理密码为空(直接登录)
重置root密码
shell>/usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables &
--skip-grant-tables 跳过授权表不进行验证.
shell>mysql 进去就行了
mysql> update mysql.user set password=password(\'123\') where user=\'root\' and host=\'localhost\'; 更新密码
pkill mysql
service mysqldd restart
授权
1.是否能连接数据库 localhost %
2.验证帐号密码
1.能否连接数据库
第一部分 本地来源
第二部分 远程来源
create user zorro@\'%\' identified by \'123\';
select user,password,host from mysql.user;
create user zorro@\'localhost\' identified by \'123\';
2,授权
grant all on db.* to zorro@\'localhost\'; db库所有表具有所有权限
grant select,insert on db.t5 to robin@\'localhost\' identified by \'123\'; 授权同时创建帐号
回收权限revoke all on db.* from zorro@\'localhost\';
*.* mysql.user
db.* mysql.db
db.t5 mysql.tables_priv
db.t5(id) mysql.columns_priv
用户信息mysql.user存储所有用户信息,权限信息分布不同的表中
grant all on *.* to abc1@localhost identified by \'123\';
abc1 权限保存在 mysql.user
grant all on db.* to abc2@localhost identified by \'123\';
abc2 权限保存在 mysql.db
grant all on db.test20 to abc3@localhost identified by \'123\';
abc3 权限保存在 mysql.tables_priv
grant select(name) on db.test20 to abc4@localhost identified by \'123\';
abc4 权限保存在 mysql.columns_priv
select * from mysql.tables_priv;
能不能update更新权限?
更新授权表,获取对所有库所有表的权限
mysql> create user tom@\'localhost\';
mysql> set password for \'tom\'@\'localhost\' =password(\'123\');
mysql> update mysql.user set Select_priv=\'Y\' where user=\'tom\';
mysql> select * from mysql.user where user=\'tom\';
mysql> flush privileges;
更新授权表,获取对kkk库所有表的权限
mysql> insert into mysql.db(Host,Db,User,Insert_priv) values(\'localhost\',\'kkk\',\'tom\',\'Y\');
mysql> flush privileges;
更新授权表,获取对kkk库t1表的权限
mysql> insert into mysql.tables_priv(Host,Db,User,Table_name,Table_priv) values(\'localhost\',\'kkk\',\'tom\',\'t1\',\'Update\');
mysql> flush privileges;
更新授权表,获取对kkk库t2表的id列update权限
mysql> insert into mysql.columns_priv(Host,Db,User,Table_name,Column_name,Column_priv) values(\'localhost\',\'kkk\',\'tom\',\'t2\',\'did\',\'Update\'); ----------列权限
mysql> insert into mysql.tables_priv(Host,Db,User,Table_name,Column_priv) values(\'localhost\',\'kkk\',\'tom\',\'t2\',\'Update\'); ----------表权限
mysql> flush privileges;