In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly introduces mysql how to achieve user creation, modification, deletion and authorization operations, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.
1. If the mysql command connects without-h, it means that user@localhost connects to the local localhost database server, and the ip after-h is the IP of the database server.
2. To make all ip connected, add @'%'or no @ after the user name when create user (the default is @'% 'without @)
3. Mysql executes grant for authorization, and the permissions are appended, so don't worry about overwriting the previous ones.
4. Grant can create users, authorize and change passwords at the same time
5. It is recommended to use create to create users, because create can only create users, not authorize them. Mysql does not have connect create session permissions like oracle. Mysql automatically has connect create session permissions as long as users create.
6. It is recommended to use alter user to change the password, because alter does not involve permissions. Although grant can change the password, the grant command should have permission options.
7. If the user name is the same, the corresponding network segment of the host will be the same. The user whose name is the same shall prevail.
That is to say, the following two rules: who executes first and who takes effect first? that is to say, whose password is used after mysql-u test1-p to log in.
Grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
8. Authorization executed by grant does not require flush privileges to take effect. Authorization executed by update mysql.user table requires flush privileges to take effect.
Create a user
Mysql > help create user
Mysql > help grant
Mysql > create user 'user1'@'192.168.10.0/255.255.255.0' identified by' 123456'
Mysql > grant select,update on db1.* to 'user2'@'192.168.10.0/255.255.255.0' identified by' 123456 authorization-created and authorized at the same time
Modify the password
Mysql > help alter user
Mysql > help grant
Mysql > help set password
Mysql > alter user 'user1'@'192.168.10.0/255.255.255.0' identified by' 666666'
Mysql > grant select on mysql.user to 'user1'@'192.168.10.0/255.255.255.0' identified by' 777777 authorization was granted while changing the password
Mysql > set password for 'user1'@'192.168.10.0/255.255.255.0'=password (' 888888')
SET PASSWORD is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release. ALTER USER is now the preferred statement for assigning passwords.
Starting with MySQL 5.7.6, SET PASSWORD is not recommended and will be discarded in future versions of MySQL. ALTER USER is now the preferred declaration for changing passwords.
Authorization
Mysql > help grant
Mysql > grant select,insert,update on *. * to 'user1'@'192.168.10.0/255.255.255.0';-- is only authorized and does not involve changing the password
Delete user
Mysql > help drop user
Mysql > drop user 'user1'@'192.168.10.0/255.255.255.0'
Password-related parameters
Mysql > SHOW VARIABLES LIKE'% password%'
Mysql > CREATE USER 'mytest'@'192.168.20.0/255.255.255.0' identified by' 123456'
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
Mysql > show variables like'% validate_password_policy%'
+-+ +
| | Variable_name | Value |
+-+ +
| | validate_password_policy | MEDIUM |
+-+ +
1 row in set (0.01 sec)
Mysql > set global validate_password_policy=0
Mysql > show variables like'% validate_password_length%'
+-+ +
| | Variable_name | Value |
+-+ +
| | validate_password_length | 8 |
+-+ +
1 row in set (0.00 sec)
Mysql > set global validate_password_length=1
In the following experiment, the DB server ip is 192.168.10.101. Using mysql login locally without adding-h means using user@localhost login, and the DB server ip must be followed by-h.
If all ip logins are allowed, the user name after create user does not add @ or the user name after create user is added @'%'.
[root@mydb ~] # ifconfig | grep 'inet addr'
Inet addr:192.168.10.101 Bcast:192.168.10.255 Mask:255.255.255.0
Inet addr:127.0.0.1 Mask:255.0.0.0
Inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
Mysql > CREATE USER 'mytest01'@'192.168.20.0/255.255.255.0' identified by' 123456'
Query OK, 0 rows affected (0.01 sec)
Mysql > CREATE USER 'mytest02'@'192.168.10.0/255.255.255.0' identified by' 123456'
Query OK, 0 rows affected (0.00 sec)
Mysql > CREATE USER 'mytest03'@'*' identified by' 123456'
Query OK, 0 rows affected (0.00 sec)
[root@mydb] # mysql-u mytest01-p123456
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest01'@'localhost' (using password: YES)
-- unable to log in because not adding-h means using user@localhost
[root@mydb] # mysql-u mytest02-p123456
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest02'@'localhost' (using password: YES)
-- unable to log in because not adding-h means using user@localhost
[root@mydb] # mysql-u mytest03-p123456
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest03'@'localhost' (using password: YES)
-- unable to log in because not adding-h means using user@localhost
-- 'mytest03'@'*', user name followed by @' * 'does not mean that all ip can log in, it should be added @'%'
[root@mydb] # mysql-u mytest01-p123456-h 192.168.10.101
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest01'@'192.168.10.101' (using password: YES)
[root@mydb] # mysql-u mytest02-p123456-h 192.168.10.101
Mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with; or\ g.
Mysql > exit
[root@mydb] # mysql-u mytest03-p123456-h 192.168.10.101
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'mytest03'@'192.168.10.101' (using password: YES)
[root@mydb] # mysql-u mytest02-p123456-h 192.168.10.102
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
-- unable to log in,-h must be followed by DB server ip
Mysql > CREATE USER 'mytest04' identified by' 123456'
Query OK, 0 rows affected (0.00 sec)
[root@mydb] # mysql-u mytest04-p123456
Mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with; or\ g.
Mysql > exit
[root@mydb] # mysql-u mytest04-p123456-h 192.168.10.101
Mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with; or\ g.
Mysql >
[root@mydb] # mysql-u mytest04-p123456-h 192.168.10.102
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
Mysql > create user mytest06@'%' identified by '123456'
Query OK, 0 rows affected (0.01 sec)
[root@mydb] # mysql-u mytest06-p123456
Mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with; or\ g.
Mysql >
[root@mydb] # mysql-u mytest06-p123456-h 192.168.10.101
Mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with; or\ g.
Mysql >
[root@mydb] # mysql-u mytest06-p123456-h 192.168.10.102
Mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.10.102' (113)
In the following experiment, if the user exists, the password can be added after the grant. If the user does not exist, the password must be added after the grant.
Execute grant multiple times, and permissions are appended.
When mytest02@'192.168.10.0/255.255.255.0' already exists
Mysql > grant select on test1.* to mytest02@'192.168.10.0/255.255.255.0'
Query OK, 0 rows affected (0.03 sec)
When mytest03@'192.168.10.0/255.255.255.0' doesn't exist yet,
1. The first step is wrong, because there is no such user.
2. The second step is to create a user password and grant select permissions to the test1 database, as shown in tables mysql.user and mysql.db
Step 3. If the user exists, append the global permissions and change the password. See mysql.user.
Step 4. If the user exists, append the global permissions and change the password. See mysql.user.
Step 5. If the user exists, append the select permission of the test1 database and change the password. See mysql.db.
Mysql > grant select on test1.* to mytest03@'192.168.10.0/255.255.255.0'
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
Mysql > grant select on test1.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tn_123"
Query OK, 0 rows affected, 1 warning (0.00 sec)
Mysql > grant select,update on *. * to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tn123"
Query OK, 0 rows affected, 1 warning (0.02 sec)
Mysql > grant select,insert on *. * to mytest03@'192.168.10.0/255.255.255.0' identified by "123_Tr99"
Query OK, 0 rows affected, 1 warning (0.02 sec)
Mysql > grant select,update on test1.* to mytest03@'192.168.10.0/255.255.255.0' identified by "123_TR00"
Query OK, 0 rows affected, 1 warning (0.00 sec)
The following experiment: if the user name is the same, the corresponding network segment of the host is the same, and the user whose name is Mr. will prevail.
The IP of the database server is 192.168.10.101
The IP of the client is 192.168.10.1
Mysql > grant select on test1.* to test123 identified by "123456"
Mysql > grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
Mysql > grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Mysql > grant select on test1.* to test123@'192.168.10.1' identified by "123456789"
Mysql > grant select on test1.* to test123@'192.168.10.101' identified by "12345678910"
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-+
| | host | user | password_last_changed | |
+-+
| |% | test123 | 2018-09-26 19:21:23 |
| | 192.168.10.0 amp 255.255.255.0 | test123 | 2018-09-26 19:24:08 |
| | 192.168.0.0 amp 255.255.0.0 | test123 | 2018-09-26 19:24:30 |
| | 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| | 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+-+
Whether you execute the mysql command connection on 192.168.10.1 or 192.168.10.101, only the following can be connected, that is, test123@'192.168.10.0/255.255.255.0' is valid
Mysql-u test123-p1234567-h 192.168.10.101
Mysql > drop user test123@'192.168.10.0/255.255.255.0'
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-- +
| | host | user | password_last_changed | |
+-- +
| |% | test123 | 2018-09-26 19:21:23 |
| | 192.168.0.0 amp 255.255.0.0 | test123 | 2018-09-26 19:24:30 |
| | 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| | 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+-- +
Another test found that no matter whether the mysql command connection was executed on 192.168.10.1 or 192.168.10.101, only the following can be connected, that is, test123@'192.168.0.0/255.255.0.0' is valid
Mysql-u test123-p12345678-h 192.168.10.101
Mysql > drop user test123@'192.168.0.0/255.255.0.0'
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-- +
| | host | user | password_last_changed | |
+-- +
| |% | test123 | 2018-09-26 19:21:23 |
| | 192.168.10.1 | test123 | 2018-09-26 19:31:00 |
| | 192.168.10.101 | test123 | 2018-09-26 19:31:16 |
+-- +
Test again
It was found that when the mysql command connection was executed on 192.168.10.1, only the following can be connected, that is, test123@'192.168.10.1' is valid.
Mysql-u test123-p123456789-h 192.168.10.101
It is found that when the mysql command connection is executed in 192.168.10.101, only the following can be connected, that is, test123@'192.168.10.101' is valid.
Mysql-u test123-p12345678910-h 192.168.10.101
Mysql > drop user test123@'192.168.10.1'
Mysql > drop user test123@'192.168.10.101'
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-- +
| | host | user | password_last_changed | |
+-- +
| |% | test123 | 2018-09-26 19:21:23 |
+-- +
Another test found that no matter the mysql command connection was executed on 192.168.10.1 or 192.168.10.101, the following can be connected, that is, test123 is valid.
Mysql-u test123-p123456-h 192.168.10.101
Mysql > grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Mysql > grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-+
| | host | user | password_last_changed | |
+-+
| |% | test123 | 2018-09-26 19:21:23 |
| | 192.168.0.0 amp 255.255.0.0 | test123 | 2018-09-26 19:45:45 |
| | 192.168.10.0 amp 255.255.255.0 | test123 | 2018-09-26 19:45:58 |
+-+
Another test found that no matter the mysql command connection was executed on 192.168.10.1 or 192.168.10.101, the following can be connected, that is, test123@'192.168.0.0/255.255.0.0' is in effect.
Mysql-u test123-p12345678-h 192.168.10.101
It is concluded that the following two rules will be implemented first and who will take effect first.
Grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
Mysql > drop user test123@'192.168.0.0/255.255.0.0'
Mysql > drop user test123@'192.168.10.0/255.255.255.0'
Mysql > grant select on test1.* to test123@'192.168.10.1' identified by "123456789"
Mysql > grant select on test1.* to test123@'192.168.10.101' identified by "12345678910"
Mysql > grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
Mysql > grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Mysql > select host,user,password_last_changed from mysql.user where user='test123' order by 3
+-+
| | host | user | password_last_changed | |
+-+
| |% | test123 | 2018-09-26 19:21:23 |
| | 192.168.10.1 | test123 | 2018-09-26 19:48:59 |
| | 192.168.10.101 | test123 | 2018-09-26 19:49:05 |
| | 192.168.10.0 amp 255.255.255.0 | test123 | 2018-09-26 19:49:21 |
| | 192.168.0.0 amp 255.255.0.0 | test123 | 2018-09-26 19:49:28 |
+-+
Test again
It was found that when the mysql command connection was executed on 192.168.10.1, only the following can be connected, that is, test123@'192.168.10.1' is valid.
Mysql-u test123-p123456789-h 192.168.10.101
It is found that when the mysql command connection is executed in 192.168.10.101, only the following can be connected, that is, test123@'192.168.10.101' is valid.
Mysql-u test123-p12345678910-h 192.168.10.101
It is concluded that the following three articles will be implemented first and who will take effect first on 192.168.10.1.
Grant select on test1.* to test123@'192.168.10.1' identified by "123456789"
Grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
It is concluded that the following three rules will be implemented first and who will take effect first on 192.168.10.101.
Grant select on test1.* to test123@'192.168.10.101' identified by "12345678910"
Grant select on test1.* to test123@'192.168.0.0/255.255.0.0' identified by "12345678"
Grant select on test1.* to test123@'192.168.10.0/255.255.255.0' identified by "1234567"
Thank you for reading this article carefully. I hope the article "how to create, modify, delete and authorize users in mysql" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
