MySQL(用户授权及撤销)
2019-05-20 18:07
1451 查看
1)允许root从192.168.4.0/24网段 访问,对所有库/表有完全权限,密码为tarena
2)添加一个管理账号dba007,完全控制及授权
3)撤销root从本机访问的权限,然后恢复
4)允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
5)撤销webuser的完全权限,改为查询权限
使用2台RHEL 6虚拟机,如图-1所示。其中192.168.4.10是MySQL服务器,授权及撤销操作均在此服务器上执行;而192.168.4.120作为测试客户机,需要安装好MySQL-client软件包,以便提供mysql命令。
同时,MySQL服务器本身(192.168.4.10)也可以作为测试客户机。
实现此案例需要按照如下步骤进行。
步骤一:用户授权及撤销
1)允许root从192.168.4.0/24访问,对所有库表有完全权限,密码为tarena。
授权之前,从192.168.4.0/24网段的客户机访问时,将会被拒绝:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10 Enter password: //输入正确的密码 ERROR 1130 (HY000): Host '192.168.4.120' is not allowed to connect to this MySQL server
授权操作,此处可设置与从localhost访问时不同的密码:
mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY 'tarena'; Query OK, 0 rows affected (0.00 sec)
再次从192.168.4.0/24网段的客户机访问时,输入正确的密码后可登入:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 5.6.15 MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
从网络登入后,测试新建一个库、查看所有库:
mysql> CREATE DATABASE rootdb; //创建新库rootdb Query OK, 1 row affected (0.06 sec) mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | home | | mydb | | mysql | | performance_schema | | rootdb | //新建的rootdb库 | test | +--------------------+ 7 rows in set (0.08 sec)
2)建立一个管理账号dba007,对所有库完全控制,并赋予其授权的权限
新建账号并授权: mysql> GRANT all ON *.* TO dba007@localhost -> IDENTIFIED BY '1234567' -> WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) 查看dba007的权限: mysql> SHOW GRANTS FOR dba007@localhost; +------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for dba007@localhost | +------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'dba007'@'localhost' IDENTIFIED BY PASSWORD '*6A7A490FB9DC8C33C2B025A91737077A7E9CC5E5' WITH GRANT OPTION | +------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)
3)撤销root从本机访问的权限,然后恢复
注意:如果没有事先建立其他管理账号,请不要轻易撤销root用户的本地访问权限,否则恢复起来会比较困难,甚至不得不重装数据库。
撤销root对数据库的操作权限: mysql> REVOKE all ON *.* FROM root@localhost; Query OK, 0 rows affected (0.00 sec) mysql> SHOW GRANTS FOR root@localhost; +-------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +-------------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*6A7A490FB9DC8C33C2B025A91737077A7E9CC5E5' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +-------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) 验证撤销后的权限效果: mysql> exit //退出当前MySQL连接 Bye [root@dbsvr1 ~]# mysql -u root -p //重新以root从本地登入 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 Server version: 5.6.15 MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE newdb2014; //尝试新建库失败 ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'newdb2014' mysql> DROP DATABASE rootdb; //尝试删除库失败 ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'rootdb' 尝试以当前的root用户恢复权限,也会失败(无权更新授权表): mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567'; ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) 怎么办呢? 退出当前MySQL连接,以上一步添加的管理账号dba007登入: mysql> exit //退出当前MySQL连接 Bye [root@dbsvr1 ~]# mysql -u dba007 -p //以另一个管理账号登入 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.6.15 MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 由管理账号dba007重新为root添加本地访问权限: mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567'; Query OK, 0 rows affected (0.00 sec) mysql> SHOW GRANTS FOR root@localhost; //查看恢复结果 +----------------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +----------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*6A7A490FB9DC8C33C2B025A91737077A7E9CC5E5' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) 退出,再重新以root登入,测试一下看看,权限又恢复了吧: mysql> exit //退出当前MySQL连接 Bye [root@dbsvr1 ~]# mysql -u root -p //重新以root登入 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 5.6.15 MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE newdb2014; //成功创建新库 Query OK, 1 row affected (0.00 sec)
4)允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
< 3ff7 pre>添加授权: mysql> GRANT all ON webdb.* TO webuser@'%' IDENTIFIED BY '888888'; Query OK, 0 rows affected (0.00 sec) 查看授权结果: mysql> SHOW GRANTS FOR webuser@'%'; +--------------------------------------------------------------------------------------------------------+ | Grants for webuser@% | +--------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'webuser'@'%' IDENTIFIED BY PASSWORD '*DA28842831B3C40F4BC1D3C76CF9AD8CBFDAE1CB' | | GRANT ALL PRIVILEGES ON `webdb`.* TO 'webuser'@'%' | +--------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
5)撤销webuser的完全权限,改为查询权限
撤销所有权限: mysql> REVOKE all ON webdb.* FROM webuser@'%'; Query OK, 0 rows affected (0.03 sec) 只赋予查询权限: mysql> GRANT select ON webdb.* TO webuser@'%'; Query OK, 0 rows affected (0.00 sec) 确认授权更改结果: mysql> SHOW GRANTS FOR webuser@'%'; +--------------------------------------------------------------------------------------------------------+ | Grants for webuser@% | +--------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'webuser'@'%' IDENTIFIED BY PASSWORD '*DA28842831B3C40F4BC1D3C76CF9AD8CBFDAE1CB' | | GRANT SELECT ON `webdb`.* TO 'webuser'@'%' | +--------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- MySQL学习笔记之二十五 撤销用户和授权
- mysql5.7创建用户授权删除用户撤销授权
- mysql用户授权与权限撤销
- MySQL总结笔记2-创建,删除用户与授权,撤销权限
- MySQL-创建用户、授权用户、撤销用户权限、更改用户密码、删除用户
- MySQL创建用户与授权及撤销用户权限方法
- MYSQL创建、授权、撤销、查看、删除用户
- mysql用户授权及撤销
- MySQL创建用户与授权及撤销用户权限方法
- 用户授权及撤销 、 数据备份与恢复 、 MySQL管理工具
- mysql新建用户,授权与撤销权限
- MySQL创建用户并授权及撤销用户权限
- MySQL创建用户、授权、撤销权限、删除用户
- MySQL 创建用户、授权用户、撤销用户权限、更改用户密码、删除用户(实用技巧)
- mysql5.7创建用户授权删除用户撤销授权
- 授权和撤销 MySQL 用户权限
- MySQL创建用户、授权、撤销权限、删除用户
- 04: 用户授权及撤销 、 数据备份与恢复 、 MySQL管理工具
- MySQL第四天(用户授权与撤销,完全备份和完全恢复)
- 浅谈MySQL中授权(grant)和撤销授权(revoke)用法详解