MariaDB在外网授权的坑
2016-05-23 11:55
316 查看
当mysql部署完成之后,mysql将会读取/etc/hosts中对于服务器内网的host的定义,而阿里云服务器将会自动的将内网的ip地址添加到这个里面。如同下面:
默认的这些账号是由mysql_install_db命令来创建的。纯粹为了方便来操作。也能匿名登录本机。在考虑到安全性的问题的时候,他们还编写了一个mysql_secure_installation工具,中间编写了一些用于清理的函数。
这个里面也就顺带将自己内网连接的方式的密码设置为空了。而且当你以他的内网地址登录的时候是无需要密码的。如果这个时候我们添加了一个test账户来访问这个数据库,并且将密码设置成test。(注意:GRANT命令其实是不需要执行任何FLUSH PRIVILEGES; 很多网上的人都添加上去,也不去做实验。)
如果当我们在本地,使用他的内网地址来访问,就也将会被
代替掉。
而无需任何的密码:
如果想解决掉这个问题,我们需要将服务器中的这些授权都删除掉:
最后就能通过-utest -ptest和设置成自己的iz23jdwmygwz对应的hosts地址也能访问。
其实在自带的工具mysql_secure_installation里面也有类似的东西
[root@iZ23jhimygwZ ~]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 xxx.xxx.xxx.xxx iz23jdwmygwz [mysql]> select user,password,host from user; +------+-------------------------------------------+--------------+ | user | password | host | +------+-------------------------------------------+--------------+ | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | localhost | | root | | iz23jdwmygwz | | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | 127.0.0.1 | | root | | ::1 | | | | localhost | | | | iz23jdwmygwz | | | | iz23jdwmygwz | +------+-------------------------------------------+--------------+
默认的这些账号是由mysql_install_db命令来创建的。纯粹为了方便来操作。也能匿名登录本机。在考虑到安全性的问题的时候,他们还编写了一个mysql_secure_installation工具,中间编写了一些用于清理的函数。
这个里面也就顺带将自己内网连接的方式的密码设置为空了。而且当你以他的内网地址登录的时候是无需要密码的。如果这个时候我们添加了一个test账户来访问这个数据库,并且将密码设置成test。(注意:GRANT命令其实是不需要执行任何FLUSH PRIVILEGES; 很多网上的人都添加上去,也不去做实验。)
GRANT ALL PRIVILEGES ON *.* TO 'test'@'%' IDENTIFIED BY 'test' WITH GRANT OPTION; +------+-------------------------------------------+--------------+ | user | password | host | +------+-------------------------------------------+--------------+ | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | localhost | | root | | iz23jdwmygwz | | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | 127.0.0.1 | | root | | ::1 | | | | localhost | | | | iz23jdwmygwz | | test | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | % | +------+-------------------------------------------+--------------+
如果当我们在本地,使用他的内网地址来访问,就也将会被
| | | localhost | | | | iz23jdwmygwz |
代替掉。
mysql -utest -ptest ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using password: YES)
而无需任何的密码:
mysql -utest Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2667 Server version: 5.5.47-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
如果想解决掉这个问题,我们需要将服务器中的这些授权都删除掉:
MariaDB [mysql]> delete from user where user='' and host='iz23jdwmygwz'; Query OK, 1 row affected (0.07 sec) MariaDB [mysql]> delete from user where user='' and host='localhost'; Query OK, 1 row affected (0.00 sec) MariaDB [mysql]> select user,password,host from user; +------+-------------------------------------------+--------------+ | user | password | host | +------+-------------------------------------------+--------------+ | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | localhost | | root | | iz23jdwmygwz | | root | *45C964FD6EC6A75DA5F19BD625CD6A9D1B91B3FF | 127.0.0.1 | | root | | ::1 | | test | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | % | +------+-------------------------------------------+--------------+ 5 rows in set (0.00 sec)
最后就能通过-utest -ptest和设置成自己的iz23jdwmygwz对应的hosts地址也能访问。
[root@iz23jdwmygwz ~]# mysql -utest -ptest -h127.0.0.1 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2672 Server version: 5.5.47-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> quit Bye [root@iz23jdwmygwz ~]# mysql -utest -ptest -hiz23jdwmygwz Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2673 Server version: 5.5.47-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
其实在自带的工具mysql_secure_installation里面也有类似的东西
echo "By default, a MariaDB installation has an anonymous user, allowing anyone" echo "to log into MariaDB without having to have a user account created for" echo "them. This is intended only for testing, and to make the installation" echo "go a bit smoother. You should remove them before moving into a" echo "production environment." echo echo $echo_n "Remove anonymous users? [Y/n] $echo_c" read reply if [ "$reply" = "n" ]; then echo " ... skipping." else remove_anonymous_users fi echo remove_anonymous_users() { do_query "DELETE FROM mysql.user WHERE User='';" if [ $? -eq 0 ]; then echo " ... Success!" else echo " ... Failed!" clean_and_exit fi return 0 }
相关文章推荐
- MySQL中的integer 数据类型
- MySQL存储过程
- mysql中int、bigint、smallint 和 tinyint的区别与长度
- mysql load data 导出、导入 csv
- source命令执行SQL脚本文件
- MySQL创建用户及权限控制
- MySQL管理数据表
- linux下mysql添加用户
- mysql procedure
- mysql触发器
- MySQL 备份和恢复策略
- mac下安装mysql(转载)
- mysql 修改编码 Linux/Mac/Unix/通用(杜绝修改后无法启动的情况!)
- MySQL数据的导出、导入(mysql内部命令:mysqldump、mysql)
- mysql数据行转列
- Linux下修改MySQL编码的方法
- MySQL Server 日志
- MySQL 安全事宜
- MySQL 备份与恢复