MySQL的账户设置
来源:SegmentFault
时间:2023-02-16 15:21:50 171浏览 收藏
编程并不是一个机械性的工作,而是需要有思考,有创新的工作,语法是固定的,但解决问题的思路则是依靠人的思维,这就需要我们坚持学习和更新自己的知识。今天golang学习网就整理分享《MySQL的账户设置》,文章讲解的知识点主要包括MySQL、docker、数据库,如果你对数据库方面的知识点感兴趣,就不要错过golang学习网,在这可以对大家的知识积累有所帮助,助力开发能力的提升。
MySQL的账户设置
使用
➜ ~ docker exec -it mysql8 /bin/bash root@dedd71769326:/#
MySQL数据库连接
MySQL命令语法
用户名是你登录的用户,主机名或者IP地址为可选项,如果是本地连接则不需要设置,远程连接服务端则需要填写,密码是对应用户的密码。
mysql –u用户名 [–h主机名或者IP地址,-P端口号] –p密码
root@dedd71769326:/# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9 Server version: 8.0.21 MySQL Community Server - GPL Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL账户查看
由于
mysql> select user from mysql.user; +------------------+ | user | +------------------+ | root | | mysql.infoschema | | mysql.session | | mysql.sys | | root | +------------------+ 5 rows in set (0.03 sec)
为什么有两条
mysql> select user, host from mysql.user; +------------------+-----------+ | user | host | +------------------+-----------+ | root | % | | mysql.infoschema | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +------------------+-----------+ 5 rows in set (0.00 sec)
这里
mysql> select current_user; +----------------+ | current_user | +----------------+ | root@localhost | +----------------+ 1 row in set (0.00 sec)
如果我们使用外部电脑连接
mysql> select current_user; +----------------+ | current_user | +----------------+ | root@% | +----------------+ 1 row in set (0.00 sec)
则表示当前登陆
CREATE USER [IF NOT EXISTS] user [auth_option] [, user [auth_option]] ... DEFAULT ROLE role [, role ] ... [REQUIRE {NONE | tls_option [[AND] tls_option] ...}] [WITH resource_option [resource_option] ...] [password_option | lock_option] ... user: (see Section 6.2.4, “Specifying Account Names”) auth_option: { IDENTIFIED BY 'auth_string' | IDENTIFIED WITH auth_plugin | IDENTIFIED WITH auth_plugin BY 'auth_string' | IDENTIFIED WITH auth_plugin AS 'hash_string' } tls_option: { SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject' } resource_option: { MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count } password_option: { PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY] | PASSWORD HISTORY {DEFAULT | N} | PASSWORD REUSE INTERVAL {DEFAULT | N DAY} | PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } lock_option: { ACCOUNT LOCK | ACCOUNT UNLOCK }CREATE USER 'tian'@'localhost' IDENTIFIED BY 'password';
加上认证插件
CREATE USER 'tian'@'localhost' IDENTIFIED WITH sha256_password BY 'password';
指定密码过期,以便用户第一次使用的时候需要修改密码
CREATE USER 'tian'@'localhost' IDENTIFIED BY 'new_password' PASSWORD EXPIRE;
也可以指定每隔一段时间修改一次新密码
CREATE USER 'tian'@'localhost' IDENTIFIED BY 'new_password' PASSWORD EXPIRE INTERVAL 180 DAY;
可以指定加密连接
-- 不使用加密连接 CREATE USER 'tian'@'localhost' REQUIRE NONE; -- 使用加密连接 CREATE USER 'tian'@'localhost' REQUIRE SSL; -- 使用加密连接,并要求客户端提供有效证书 CREATE USER 'tian'@'localhost' REQUIRE X509; CREATE USER 'tian'@'localhost' REQUIRE ISSUER 'CA颁发的有效X.509证书'; CREATE USER 'tian'@'localhost' REQUIRE SUBJECT '包含主题的有效X.509证书'; CREATE USER 'tian'@'localhost' REQUIRE CIPHER '指定的加密方法';
可以指定资源控制
-- 单位小时内,账户被允许查询500次,更新100次,单位小时内最大连接数不限制。最大并发连接数不限制 CREATE USER 'tian'@'localhost' WITH MAX_QUERIES_PER_HOUR 500 MAX_UPDATES_PER_HOUR 100 MAX_CONNECTIONS_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
可以锁定账户
-- 锁定 CREATE USER 'tian'@'localhost' ACCOUNT LOCK -- 解锁 ALTER USER 'tian'@'localhost' ACCOUNT UNLOCK
最后完整的命令选项大概这个样子
CREATE USER 'user_name'@'host_name' IDENTIFIED [WITH auth_plugin] BY 'auth_string' [REQUIRE NONE(SSL,X509)] [WITH MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count] [PASSWORD EXPIRE] [ACCOUNT LOCK]
如果你要删除账户
DROP USER 'tian'@'localhost';
如果你要修改名称
RENAME USER 'tian'@'localhost' TO 'tina'@'127.0.0.1';
MySQL角色创建
MySQL8里新加入了对于角色的管理,下面就简单的说一下如何使用:
角色可以理解为一组权限的集合,然后将角色赋给某个帐户,该帐户就拥有了角色对应的权限,每个帐户可以拥有多个角色,就像游戏里,你可以有很多称号一样。-- 名字规范 'role_name'@'host_name' -- 通常仅使用用户名部分指定角色名称,并隐式使用主机名部分 '%',主机名部分没有任何意义 'admin'
创建角色
-- 省略主机名,默认为 '%' CREATE ROLE 'admin', 'dev'; -- 这种也可以,但是没意义 CREATE ROLE 'app'@'localhost';
移除角色
DROP ROLE 'admin', 'dev';
MySQL账户更新
MySQL命令语法
ALTER USER [IF EXISTS] user [auth_option] [, user [auth_option]] ... [REQUIRE {NONE | tls_option [[AND] tls_option] ...}] [WITH resource_option [resource_option] ...] [password_option | lock_option] ... ALTER USER [IF EXISTS] USER() user_func_auth_option ALTER USER [IF EXISTS] user DEFAULT ROLE {NONE | ALL | role [, role ] ...} user: (see Section 6.2.4, “Specifying Account Names”) auth_option: { IDENTIFIED BY 'auth_string' [REPLACE 'current_auth_string'] [RETAIN CURRENT PASSWORD] | IDENTIFIED WITH auth_plugin | IDENTIFIED WITH auth_plugin BY 'auth_string' [REPLACE 'current_auth_string'] [RETAIN CURRENT PASSWORD] | IDENTIFIED WITH auth_plugin AS 'auth_string' | DISCARD OLD PASSWORD } user_func_auth_option: { IDENTIFIED BY 'auth_string' [REPLACE 'current_auth_string'] [RETAIN CURRENT PASSWORD] | DISCARD OLD PASSWORD } tls_option: { SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject' } resource_option: { MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count } password_option: { PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY] | PASSWORD HISTORY {DEFAULT | N} | PASSWORD REUSE INTERVAL {DEFAULT | N DAY} | PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } lock_option: { ACCOUNT LOCK | ACCOUNT UNLOCK }参数选项参考创建账户。
修改自己当前的密码
ALTER USER USER() IDENTIFIED BY 'new_password';
修改账户密码
ALTER USER 'tian'@'localhost' IDENTIFIED BY 'new_password';
修改认证插件
ALTER USER 'tian'@'localhost' IDENTIFIED WITH mysql_native_password;
修改密码和插件
ALTER USER 'tian'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new_password';
修改角色
-- 授予自定义角色 ALTER USER 'tian'@'localhost' DEFAULT ROLE your_role_name; -- 无角色 ALTER USER 'tian'@'localhost' DEFAULT ROLE NONE; -- 所有角色 ALTER USER 'tian'@'localhost' DEFAULT ROLE ALL;
修改加密方式
-- 只有账户密码正确,无须加密连接 ALTER USER 'tian'@'localhost' REQUIRE NONE; -- 需要加密连接 ALTER USER 'tian'@'localhost' REQUIRE SSL; ...
修改资源访问
-- 单位小时内,最大查询数量和更新数量 ALTER USER 'tian'@'localhost' WITH MAX_QUERIES_PER_HOUR 500 MAX_UPDATES_PER_HOUR 100;
指定密码过期
ALTER USER 'tian'@'localhost' PASSWORD EXPIRE;
修改锁定解锁
ALTER USER 'tian'@'localhost' ACCOUNT LOCK; ALTER USER 'tian'@'localhost' ACCOUNT UNLOCK;
MySQL账户授权
MySQL命令语法
GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level TO user_or_role [, user_or_role] ... [WITH GRANT OPTION] [AS user [WITH ROLE DEFAULT | NONE | ALL | ALL EXCEPT role [, role ] ... | role [, role ] ... ] ] } GRANT PROXY ON user_or_role TO user_or_role [, user_or_role] ... [WITH GRANT OPTION] GRANT role [, role] ... TO user_or_role [, user_or_role] ... [WITH ADMIN OPTION] object_type: { TABLE | FUNCTION | PROCEDURE } priv_level: { * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name } user_or_role: { user | role } user: (see Section 6.2.4, “Specifying Account Names”) role: (see Section 6.2.5, “Specifying Role Names”)-- 授予数据库db1的所有权限给指定账户 GRANT ALL ON db1.* TO 'tian'@'localhost'; -- 授予角色给指定的账户 GRANT 'role1', 'role2' TO 'user1'@'localhost', 'user2'@'localhost'; -- 授予数据库world的SELECT权限给指定的角色 GRANT SELECT ON world.* TO 'role3';
基本语法
GRANT [权限] ON [数据库名].[表名] TO 'user_name'@'localhost' ...; -- 授予所有数据库的权限 GRANT [权限] ON *.* TO 'user_name'@'localhost' ...;
注:全局权限是管理或适用于给定服务器上的所有数据库。要分配全局权限,请使用
mysql> show privileges; +----------------------------+---------------------------------------+-------------------------------------------------------+ | Privilege | Context | Comment | +----------------------------+---------------------------------------+-------------------------------------------------------+ | Alter | Tables | To alter the table | | Alter routine | Functions,Procedures | To alter or drop stored functions/procedures | | Create | Databases,Tables,Indexes | To create new databases and tables | | Create routine | Databases | To use CREATE FUNCTION/PROCEDURE | | Create role | Server Admin | To create new roles | | Create temporary tables | Databases | To use CREATE TEMPORARY TABLE | | Create view | Tables | To create new views | | Create user | Server Admin | To create new users | | Delete | Tables | To delete existing rows | | Drop | Databases,Tables | To drop databases, tables, and views | | Drop role | Server Admin | To drop roles | | Event | Server Admin | To create, alter, drop and execute events | | Execute | Functions,Procedures | To execute stored routines | | File | File access on server | To read and write files on the server | | Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess | | Index | Tables | To create or drop indexes | | Insert | Tables | To insert data into tables | | Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) | | Process | Server Admin | To view the plain text of currently executing queries | | Proxy | Server Admin | To make proxy user possible | | References | Databases,Tables | To have references on tables | | Reload | Server Admin | To reload or refresh tables, logs and privileges | | Replication client | Server Admin | To ask where the slave or master servers are | | Replication slave | Server Admin | To read binary log events from the master | | Select | Tables | To retrieve rows from table | | Show databases | Server Admin | To see all databases with SHOW DATABASES | | Show view | Tables | To see views with SHOW CREATE VIEW | | Shutdown | Server Admin | To shut down the server | | Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. | | Trigger | Tables | To use triggers | | Create tablespace | Server Admin | To create/alter/drop tablespaces | | Update | Tables | To update existing rows | | Usage | Server Admin | No privileges - allow connect only | | XA_RECOVER_ADMIN | Server Admin | | | SHOW_ROUTINE | Server Admin | | | RESOURCE_GROUP_USER | Server Admin | | | SET_USER_ID | Server Admin | | | SESSION_VARIABLES_ADMIN | Server Admin | | | CLONE_ADMIN | Server Admin | | | PERSIST_RO_VARIABLES_ADMIN | Server Admin | | | ROLE_ADMIN | Server Admin | | | BACKUP_ADMIN | Server Admin | | | CONNECTION_ADMIN | Server Admin | | | RESOURCE_GROUP_ADMIN | Server Admin | | | INNODB_REDO_LOG_ARCHIVE | Server Admin | | | BINLOG_ENCRYPTION_ADMIN | Server Admin | | | REPLICATION_SLAVE_ADMIN | Server Admin | | | SYSTEM_VARIABLES_ADMIN | Server Admin | | | GROUP_REPLICATION_ADMIN | Server Admin | | | SYSTEM_USER | Server Admin | | | APPLICATION_PASSWORD_ADMIN | Server Admin | | | TABLE_ENCRYPTION_ADMIN | Server Admin | | | SERVICE_CONNECTION_ADMIN | Server Admin | | | AUDIT_ADMIN | Server Admin | | | BINLOG_ADMIN | Server Admin | | | ENCRYPTION_KEY_ADMIN | Server Admin | | | INNODB_REDO_LOG_ENABLE | Server Admin | | | REPLICATION_APPLIER | Server Admin | | +----------------------------+---------------------------------------+-------------------------------------------------------+ 58 rows in set (0.00 sec)
权限范围示例
-- 数据库权限 GRANT ALL ON mydb.* TO 'user_name'@'host_name'; -- 表权限 GRANT ALL ON mydb.mytable TO 'user_name'@'host_name'; -- 列权限 GRANT SELECT (col1), INSERT (col1, col2) ON mydb.mytable TO 'user_name'@'host_name'; -- 存储过程权限 GRANT CREATE ROUTINE ON mydb.* TO 'user_name'@'host_name'; GRANT EXECUTE ON PROCEDURE mydb.myproc TO 'user_name'@'host_name';
授权之后可以使用
FLUSH PRIVILEGES
FLUSH语法
FLUSH [NO_WRITE_TO_BINLOG | LOCAL] { flush_option [, flush_option] ... | tables_option } flush_option: { BINARY LOGS | ENGINE LOGS | ERROR LOGS | GENERAL LOGS | HOSTS | LOGS | PRIVILEGES | OPTIMIZER_COSTS | RELAY LOGS [FOR CHANNEL channel] | SLOW LOGS | STATUS | USER_RESOURCES } tables_option: { TABLES | TABLES tbl_name [, tbl_name] ... | TABLES WITH READ LOCK | TABLES tbl_name [, tbl_name] ... WITH READ LOCK | TABLES tbl_name [, tbl_name] ... FOR EXPORT }FLUSH PRIVILEGES 包含以下操作
- 重新加载
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user_or_role [, user_or_role] ... REVOKE ALL [PRIVILEGES], GRANT OPTION FROM user_or_role [, user_or_role] ... REVOKE PROXY ON user_or_role FROM user_or_role [, user_or_role] ... REVOKE role [, role ] ... FROM user_or_role [, user_or_role ] ... user_or_role: { user | role } user: (see Section 6.2.4, “Specifying Account Names”) role: (see Section 6.2.5, “Specifying Role Names”.-- 撤销用户的INSERT权限 REVOKE INSERT ON *.* FROM 'tian'@'localhost'; -- 撤销用户的指定角色 REVOKE 'role1', 'role2' FROM 'user1'@'localhost', 'user2'@'localhost'; -- 撤销角色的INSERT权限 REVOKE SELECT ON world.* FROM 'role3';
撤销所有权限(只能撤销权限,不能撤销角色)
-- 从账户或者角色上撤销所有权限 REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_or_role [, user_or_role] ... -- 撤销账户 REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'tian'@'localhost' -- 撤销角色 REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'role3'
在全局上撤销权限(.)
-- 全局上撤销所有权限 REVOKE ALL ON *.* FROM 'tian'@'localhost';
今天关于《MySQL的账户设置》的内容介绍就到此结束,如果有什么疑问或者建议,可以在golang学习网公众号下多多回复交流;文中若有不正之处,也希望回复留言以告知!
- 重新加载
声明:本文转载于:SegmentFault 如有侵犯,请联系study_golang@163.com删除
相关阅读
更多>
-
499 收藏
-
160 收藏
-
105 收藏
-
244 收藏
-
235 收藏
最新阅读
更多>
-
208 收藏
-
174 收藏
-
317 收藏
-
371 收藏
-
244 收藏
-
288 收藏
课程推荐
更多>
-
- 前端进阶之JavaScript设计模式
- 设计模式是开发人员在软件开发过程中面临一般问题时的解决方案,代表了最佳的实践。本课程的主打内容包括JS常见设计模式以及具体应用场景,打造一站式知识长龙服务,适合有JS基础的同学学习。
- 立即学习 542次学习
-
- GO语言核心编程课程
- 本课程采用真实案例,全面具体可落地,从理论到实践,一步一步将GO核心编程技术、编程思想、底层实现融会贯通,使学习者贴近时代脉搏,做IT互联网时代的弄潮儿。
- 立即学习 507次学习
-
- 简单聊聊mysql8与网络通信
- 如有问题加微信:Le-studyg;在课程中,我们将首先介绍MySQL8的新特性,包括性能优化、安全增强、新数据类型等,帮助学生快速熟悉MySQL8的最新功能。接着,我们将深入解析MySQL的网络通信机制,包括协议、连接管理、数据传输等,让
- 立即学习 497次学习
-
- JavaScript正则表达式基础与实战
- 在任何一门编程语言中,正则表达式,都是一项重要的知识,它提供了高效的字符串匹配与捕获机制,可以极大的简化程序设计。
- 立即学习 487次学习
-
- 从零制作响应式网站—Grid布局
- 本系列教程将展示从零制作一个假想的网络科技公司官网,分为导航,轮播,关于我们,成功案例,服务流程,团队介绍,数据部分,公司动态,底部信息等内容区块。网站整体采用CSSGrid布局,支持响应式,有流畅过渡和展现动画。
- 立即学习 484次学习
评论列表
-
- 怕孤独的薯片
- 赞 👍👍,一直没懂这个问题,但其实工作中常常有遇到...不过今天到这,看完之后很有帮助,总算是懂了,感谢up主分享文章!
- 2023-05-09 20:05:57
-
- 痴情的雪碧
- 这篇文章出现的刚刚好,太全面了,写的不错,码住,关注师傅了!希望师傅能多写数据库相关的文章。
- 2023-04-19 01:28:47
-
- 甜蜜的水壶
- 这篇博文真是及时雨啊,太全面了,赞 👍👍,码起来,关注up主了!希望up主能多写数据库相关的文章。
- 2023-02-19 09:15:35