mysql用户账户管理
时间:2013-10-10 10:10:29 作者:admin 标签: grant mysql mysqladmin revoke 分类: Mysql
创建mysql用户有三种方式可以创建:
1、通过Create User创建
2、通过Grant语句进行创建
3、直接操作授权表进行
首先看一下,目前数据库有哪些用户:
mysql> select HOST,USER,PASSWORD from mysql.user; +-----------------------+--------+-------------------------------------------+ | HOST | USER | PASSWORD | +-----------------------+--------+-------------------------------------------+ | localhost | root | | | localhost.localdomain | root | | | 127.0.0.1 | root | | | ::1 | root | | | % | beebol | *916F3978962A2C47E1B63DCD7F3D711EE1484228 | +-----------------------+--------+-------------------------------------------+5 rows in set (0.00 sec) 5 rows in set (0.00 sec)
如上是我数据库中的所有mysql用户,除了beebol用户有密码外,root是没有密码的,那么就是说,root从本机不用密码就可以登录数据库。
先用CREATE USER创建一个用户,不过得先看一下语法
mysql> help CREATE USER;
Name: 'CREATE USER'
Description:
Syntax:
CREATE USER user_specification
[, user_specification] ...
user_specification:
user
[
IDENTIFIED BY [PASSWORD] 'password'
| IDENTIFIED WITH auth_plugin [AS 'auth_string']
]
#doc还给出了一个例子CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
下面来创建一个vaster用户,允许生本地登录,密码为123456,也可以用:IDENTIFIED BY PASSWORD ‘这里跟的是PASSWORD(‘密码’)得出来的密码串’
mysql> CREATE USER vaster@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec)
创建成功,尝试登录是ok的。
[root@localhost ~]# mysql -uvaster -p Enter password: .....省略 mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | test | +--------------------+2 rows in set (0.01 sec) 2 rows in set (0.01 sec)
用户创建了,show databases时,只看到了一个test库和infomation_schema库,这个用户还没有权限操作需要的数据库权限。就让这个用户可以访问beebolblog数据库吧。
如下使用的是grant语句来给用户授权,如果用户不存在,会自动创建用户,也就是上面说的使用grant语句创建用户。
mysql> GRANT SELECT ON beebolblog.* TO vaster@'localhost';Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
然后查看权限如下,USAGE表示没有任何权限,vaster只有对beebolblog的select权限
mysql> SHOW GRANTS FOR vaster@'localhost'; +---------------------------------------------------------------------------------------------------------------+ | Grants for vaster@localhost | +---------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'vaster'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | | GRANT SELECT ON `beebolblog`.* TO 'vaster'@'localhost' | +---------------------------------------------------------------------------------------------------------------+2 rows in set (0.00 sec) 2 rows in set (0.00 sec)
刚才我在授权之前,vaster已经登录了,在不退出的情况下是否有效呢?结果是有效的。
mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | beebolblog | | test | +--------------------+3 rows in set (0.00 sec) 3 rows in set (0.00 sec)
如下显示可以select数据库,但不能删除,当然update也不行哦。
mysql> select count(*) from wp_users; +----------+ | count(*) | +----------+ | 4 | +----------+ 1 row in set (0.01 sec) mysql> delete from wp_users;ERROR 1142 (42000): DELETE command denied to user 'vaster'@'localhost' for table 'wp_users' ERROR 1142 (42000): DELETE command denied to user 'vaster'@'localhost' for table 'wp_users'
grant还有此参数,如下:
(1)MAX_QUERIES_PER_HOUR:每小时执行的最大查询数
(2)MAX_UPDATES_PER_HOUR:每小时允许执行的最大更新数
(3)MAX_CONNECTIONS_PER_HOUR:每小时允许的最大连接次数
(5)MAX_USER_CONNECTIONS:允许此用户同时连接数
(6)GRANT OPTION :允许这个用户给别的用户进行授权这些权限
3、直接操作授权表来添加用户
INSERT INTO user VALUES( ‘localhost’, ‘monty’ , PASSWORD(‘some_pass’), 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
flush privileges;
如果需要新创建的账号立即生效,需要执行FLUSH PRIVILEGES的语句。否则,只有重启服务器后更改方会被注意到。
用户创建完了,现在来把创建的用户给删除了!!!
mysql> select host,user,password from mysql.user; +-----------------------+--------+-------------------------------------------+ | host | user | password | +-----------------------+--------+-------------------------------------------+ | localhost | root | | | localhost.localdomain | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | vaster | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | % | beebol | *916F3978962A2C47E1B63DCD7F3D711EE1484228 | +-----------------------+--------+-------------------------------------------+ 6 rows in set (0.00 sec) mysql> DROP USER vaster@'localhost'; Query OK, 0 rows affected (0.00 sec) mysql> select host,user,password from mysql.user; +-----------------------+--------+-------------------------------------------+ | host | user | password | +-----------------------+--------+-------------------------------------------+ | localhost | root | | | localhost.localdomain | root | | | 127.0.0.1 | root | | | ::1 | root | | | % | beebol | *916F3978962A2C47E1B63DCD7F3D711EE1484228 | +-----------------------+--------+-------------------------------------------+5 rows in set (0.00 sec) 5 rows in set (0.00 sec)
用drop user 成功将用户删除了,现在删除了,但其它终端还有vaster还登录着,已经登录的vaster用户还能正常使用吗?
[root@localhost ~]# mysql -uvaster -p Enter password: ..... Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | beebolblog | | test | +--------------------+ 2 rows in set (0.00 sec)mysql> mysql>
答案是肯定的,root删除打开着的会话用户,会话不会主动关闭,只有当用户退出会话后然后再登录就不行了。
那么,如何更改密码呢?
1、用mysqladmin可以更改,但必须具有SUPER权限
修改其他账号密码应该具有什么权限?我把mysql.user表中的Super_priv设置为Y就可以用mysqladmin更改其它用户的密码了。
2、还有就是用set password方法:
mysql> set password for vaster@'localhost'=PASSWORD('654321');Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
3、使用grant来更改密码:
mysql> GRANT USAGE ON *.* TO 'vaster'@'localhost' IDENTIFIED BY '123456';Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec)