Mariadb 許可權管理
阿新 • • 發佈:2018-12-13
Mariadb使用者和許可權管理
許可權類別
庫級別
表級別
欄位級別
管理類
程式類
管理類:
CREATE TEMPORARY TABLES 建立臨時表
CREATE USER 建立使用者
FILE
SUPER
SHOW DATABASES
RELOAD
SHUTDOWN
REPLACTION SLAVE
REPLACTION CLIENT
LOCK TABLES
PRECESS
程式類:
FUNCTION
PROCEDURE
TRIGGER
CREATE,ALTER,DROP,EXCUTE
庫和表級別:
ALTER CREATE CREATE VIEW UPDATE INDEX DROP SHOW VIEW GRANT OPTION: 能否將自己的許可權轉送給另一個使用者
資料操作
SELECT
DELETE
UPDATE
INSERT
欄位級別
SELECT(COLL1,COLL2...)
UPDATE(COLL1,COLL2...)
...
所有許可權為ALL PROVILEGES mysql的元資料庫 mysql
mysql庫內有授權表 db,host,user 其中user表上可以檢視使用者具有哪些許可權,以及使用者的密碼(加密或者明文) DESC user; --> +------------------------+-----------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +------------------------+-----------------------------------+------+-----+---------+-------+ | Host | char(60) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Password | char(41) | NO | | | | | Select_priv | enum('N','Y') | NO | | N | | | Insert_priv | enum('N','Y') | NO | | N | | | Update_priv | enum('N','Y') | NO | | N | | | Delete_priv | enum('N','Y') | NO | | N | | | Create_priv | enum('N','Y') | NO | | N | | | Drop_priv | enum('N','Y') | NO | | N | | | Reload_priv | enum('N','Y') | NO | | N | | | Shutdown_priv | enum('N','Y') | NO | | N | | | Process_priv | enum('N','Y') | NO | | N | | | File_priv | enum('N','Y') | NO | | N | | | Grant_priv | enum('N','Y') | NO | | N | | | References_priv | enum('N','Y') | NO | | N | | | Index_priv | enum('N','Y') | NO | | N | | | Alter_priv | enum('N','Y') | NO | | N | | | Show_db_priv | enum('N','Y') | NO | | N | | | Super_priv | enum('N','Y') | NO | | N | | | Create_tmp_table_priv | enum('N','Y') | NO | | N | | | Lock_tables_priv | enum('N','Y') | NO | | N | | | Execute_priv | enum('N','Y') | NO | | N | | | Repl_slave_priv | enum('N','Y') | NO | | N | | | Repl_client_priv | enum('N','Y') | NO | | N | | | Create_view_priv | enum('N','Y') | NO | | N | | | Show_view_priv | enum('N','Y') | NO | | N | | | Create_routine_priv | enum('N','Y') | NO | | N | | | Alter_routine_priv | enum('N','Y') | NO | | N | | | Create_user_priv | enum('N','Y') | NO | | N | | | Event_priv | enum('N','Y') | NO | | N | | | Trigger_priv | enum('N','Y') | NO | | N | | | Create_tablespace_priv | enum('N','Y') | NO | | N | | | ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | | | ssl_cipher | blob | NO | | NULL | | | x509_issuer | blob | NO | | NULL | | | x509_subject | blob | NO | | NULL | | | max_questions | int(11) unsigned | NO | | 0 | | | max_updates | int(11) unsigned | NO | | 0 | | | max_connections | int(11) unsigned | NO | | 0 | | | max_user_connections | int(11) | NO | | 0 | | | plugin | char(64) | NO | | | | | authentication_string | text | NO | | NULL | | +------------------------+-----------------------------------+------+-----+---------+-------+
使用者賬號
'USERNAME'@'PASSWORD'
@'HOST'可以使用如下格式
@'192.168.1.1'
@'%.%.%.%'
@'192.168.%.%'
@'localhost'
建立使用者
CREATE USER 'USERNAME'@'HOST' [IDENTIFIED BY 'PASS'];
檢視使用者所有的許可權
SHOW GRANT FOR 'user'@'host';
使用者重新命名
RENAME USER old_name TO new_name;
刪除使用者
DROP USER 'username'@'host';
修改密碼
SET PASSWORD FOR username = PASSWORD('password'); SET PASSWORD FOR slackware = PASSWORD('openstack'); 修改mysql.user表 UPDATE mysql.user SET Password=PASSWORD('passwoard') WHERE User='xxx'; mysqladmin password命令
忘記管理員密碼解決辦法
在/etc/my.cnf中的mysqld段新增
skip_grant_tables
skip_networking
systemctl stop mariadb
systemctl start mariadb
可以忽略授權表登入並且使用root使用者登入mysql資料庫
然後可以修改root的密碼
修改完退出以後,刪除my.cnf中的兩個引數
授權
GRANT prvi_type[,...] ON [table|function|procedure] db.{table|routine} TO
'username'@'HOST' [IDENTIFIED BY 'password'] [REQUIRE SSL] [WITH with_options]
with_options:
MAX_QUERIES_PER_HOUR count(數值)
MAX_UPDATES_PER_HOUR count
MAX_CONNECTIONS_PER_HOUR count
MAX_USER_CONNECTIONS count
取消授權
REVOKE prvi_type [[(column_list)] [,(column_list)]] ... ON prvi_level FROM user