MySQL使用者和許可權及破解root口令的方法示例
MySQL使用者和許可權
在MySQL中有一個系統自身就帶有的資料庫叫MySQL,資料庫裝好以後系統自帶了好幾個資料庫MySQL就是其中過一個,MySQL資料庫有個使用者賬戶許可權相關的表叫user表,在其中就有建立的使用者。
MySQL中完整的使用者名稱是由使用者+主機名形成,主機名決定了這個使用者在哪個主機上能登陸。
一、使用者的建立和密碼修改
1.使用者的建立
create user 'USERNAME'@'HOST' identified by 'PASSWORD';
USERNAME:使用者名稱
HOST:主機地址
PASSWORD:密碼
示例:
MariaDB [(none)]> create user [email protected] identified by 'centos'; Query OK,0 rows affected (0.01 sec) MariaDB [(none)]> select user,host,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | localhost.localdomain | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 7 rows in set (0.00 sec)
MySQL中有匿名賬戶,可以通過跑安全加固指令碼mysql_secure_installation來進行刪除,也可以手動將其刪除。
刪除使用者:
DROP USER 'USERNAME'@'HOST';
示例:
MariaDB [(none)]> select user,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | localhost.localdomain | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 7 rows in set (0.00 sec) MariaDB [(none)]> DROP USER ''@'localhost'; Query OK,0 rows affected (0.00 sec) MariaDB [(none)]> DROP USER ''@'localhost.localdomain'; Query OK,0 rows affected (0.00 sec) MariaDB [(none)]> select user,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 5 rows in set (0.00 sec)
2.密碼的修改
mysql密碼的修改
SET PASSWORD FOR user = PASSWORD('cleartext password') UPDATE table SET password = password('cleartext password')
示例:
對masuri使用者做密碼的修改
MariaDB [(none)]> SET PASSWORD FOR [email protected] = PASSWORD ('magedu'); Query OK,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | masuri | 192.168.73.133 | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 | +--------+-----------------------+-------------------------------------------+ #此時密碼已經發生改變
root賬號口令為空,為root口令設定口令,由於一條一條的設定太過麻煩也可以使用修改表的操作來修改密碼
MariaDB [(none)]> update mysql.user set password=password('centos') where user='root'; Query OK,4 rows affected (0.01 sec) Rows matched: 4 Changed: 4 Warnings: 0 MariaDB [(none)]> select user,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | *128977E278358FF80A246B5046F51043A2B1FCED | | root | localhost.localdomain | *128977E278358FF80A246B5046F51043A2B1FCED | | root | 127.0.0.1 | *128977E278358FF80A246B5046F51043A2B1FCED | | root | ::1 | *128977E278358FF80A246B5046F51043A2B1FCED | | masuri | 192.168.73.133 | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 | +--------+-----------------------+-------------------------------------------+ 5 rows in set (0.00 sec)
此時密碼已經修改但依舊無法登陸,需要將許可權重新整理
MariaDB [(none)]> FLUSH PRIVILEGES; Query OK,0 rows affected (0.00 sec)
二、MySQL許可權管理
許可權管理涉及到多種許可權的類別,比如說有管理類、程式類、資料庫級別、表級別和欄位級別
管理類:能否建立使用者,能否顯示資料庫列表,能否重新載入配置檔案,能否關閉資料庫,和複製相關的能否執行,能否管理程序,能否建立臨時表,能否建立資料庫中的檔案。
程式類主要涉及3個程式,函式,儲存過程和觸發器,例如能否建立,修改,刪除和執行這些程式庫,表和欄位級別的許可權:比如能否在庫,表字段裡進行增、刪、查、改等操作
1.授權GRANT
授權使用者時如果使用者不存在可以將其創建出來,在授權前首先要確認自己是管理員有授權的許可權。
GRANT priv_type [(column_list)] [,priv_type [(column_list)]] ... ON [object_type] priv_level TO user_specification [,user_specification] ... [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}] [WITH with_option ...]
示例:
建立一個wordpress的使用者,並授權。
MariaDB [(none)]> CREATE DATABASE wordpress; Query OK,1 row affected (0.02 sec) MariaDB [(none)]> GRANT ALL ON wordpress.* TO wpuser@'192.168.73.%' identified by 'mylinuxops'; Query OK,0 rows affected (0.00 sec)
2.檢視使用者的許可權
MariaDB [(none)]> show grants for wpuser@'192.168.73.%'; +------------------------------------------------------------------------------------------------------------------+ | Grants for [email protected].% | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406' | | GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wpuser'@'192.168.73.%' | +------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
3.授權的其他選項
MAX_QUESRIES_PER_HOUR count #每小時最多查多少次 MAX_UPDATES_PER_HOUR count #每小時最多改多少次 MAX_CONNECTIONS_PER_HOUR count #每小時最多連多少次 MAX_USER_CONNECTIONS count #使用者的最大數連線數
取消許可權
REVOKE priv_type [(column_list)] [,priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [,user] ...
示例:
MariaDB [(none)]> revoke delete on wordpress.* from wpuser@'192.168.73.%'; Query OK,0 rows affected (0.00 sec) MariaDB [(none)]> show grants for wpuser@'192.168.73.%'; +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for [email protected].% | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406' | | GRANT SELECT,INSERT,UPDATE,CREATE,DROP,REFERENCES,INDEX,ALTER,CREATE TEMPORARY TABLES,LOCK TABLES,EXECUTE,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,EVENT,TRIGGER ON `wordpress`.* TO 'wpuser'@'192.168.73.%' | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) # 此時wpuser@'192.168.73.%'已經沒有了delete許可權
MySQL的root口令破解
工作中有時候可能會遇到root口令丟失的情況,此時可以通過以下方法進行找回root口令
以下為示範如何破解root口令
一、密碼未知無法登陸MySQL
[root@localhost ~]# mysql ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
二、破解
1.修改配置檔案/etc/my.cnf,新增兩行引數
skip_grant_tables:跳過授權表資訊,此項生效後再次使用MySQL就無需使用密碼了,但是遠端的其他使用者也可以不使用密碼登陸,有一定的風險性
skip_networking:關閉網路功能,由於光啟用skip_grant_tables選項,其他使用者也可以無需密碼登陸MySQL非常危險,所以需要關閉網路功能只允許本地的使用者進行操作。
[root@localhost ~]# vim /etc/my.cnf [mysqld] skip_networking=on #不啟用網路功能 skip_grant_tables=on #跳過授權表 [root@localhost ~]# service mysqld restart #對位置檔案修改後需要重新啟動服務 Restarting mysqld (via systemctl): [ OK ]
2.登陸MySQL,進行密碼修改
[root@localhost ~]# mysql #此時已經無需輸入密碼就能登陸 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 11 Server version: 10.2.23-MariaDB-log Source distribution Copyright (c) 2000,2018,Oracle,MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> UPDATE mysql.user SET password=PASSWORD('123456') where user='root'; #對root的口令進行修改 Query OK,4 rows affected (0.01 sec) Rows matched: 4 Changed: 4 Warnings: 0
3.口令修改完畢後,需要將配置檔案恢復
將剛才啟用的兩個選項進行登出或者刪除,然後重啟服務
[root@localhost ~]# vim /etc/my.cnf [mysqld] #skip_networking=on #skip_grant_tables=on [root@localhost ~]# service mysqld restart Restarting mysqld (via systemctl): [ OK ]
4.使用新口令登陸MySQL
[root@localhost ~]# mysql -uroot -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.2.23-MariaDB-log Source distribution Copyright (c) 2000,MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支援我們。