1、允许来自任意网段的root用户远程连接 所有 数据库并拥有所有权限
格式:grant 权限 on 数据库.* to 用户名@登录主机 identified by “密码”;
mysql> grant all privileges on *.* to 'root'@'%' identified by '123456';
mysql> flush privileges;
2、只允许来自172.16.1.0的网段的root用户连接数据库
mysql> grant all privileges on rdc_manager.* to 'clouddeep'@'127.16.1.%' identified by 'Clouddeep@8890';
mysql> flush privileges;
3、只允许来自127.0.0.1的development用户连接数据库,并且只有只读权限
mysql> grant SELECT on rdc_manager.* to 'development'@'127.0.0.1' identified by 'Deve@deep89.cn';
Query OK, 0 rows affected, 1 warning (0.02 sec)#查看授权
SHOW GRANTS FOR 'username'@'host';
4、撤销权限
REVOKE INSERT, UPDATE, DELETE ON database.table FROM 'username'@'host';
2、只允许 blog用户 远程连接 BLOG数据库并拥有所有权限,如果blog用户不存在就创建
格式:grant 权限 on 数据库.* to 用户名@登录主机 identified by “密码”;
mysql> grant all privileges on BLOG.* to 'blog'@'%' identified by 'blog';
mysql> flush privileges;
3、在主从环境中只需要让slave拥有查看master的状态和复制master数据的权限就可以了
mysql> grant replication slave on *.* to repl@'172.16.1.%' identified by 'Clouddeep@8890';这句话意思是,允许来自于172.16.1.%网段的repl用户登录master服务器并拥有查看状态(slave)权和复制数据权限(replication),所使用的凭据(identified)是Clouddeep@8890slave的意思是: show master status; show slave status;
replication的意思是:复制主库数据的权限。
4、某公司线上授权记录
grant SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, ALTER, LOCK TABLES on playyx_seq.* to 'develop'@'10.1.%' identified by 'dev!.AOrocnn.coM';develop有用的权限:
SELECT:查询
INSERT:插入
UPDATE:更新
DELETE:删除
CREATE:创建
INDEX: 索引
ALTER: 修改
LOCK TABLES:锁表
5、当root用户无法给普通用户授权的时候
(1)登录mysql
[root@localhost ~]# mysql -uroot -p -h localhost
mysql> grant all on *.* to root@'localhost' identified by '123456';
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) #报错(2)查看当前有哪些用户
mysql> SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
+---------------------------------------+
| query |
+---------------------------------------+
| User: 'root'@'127.0.0.1'; | #使用 mysql -uroot -p -h127.0.0.1登录mysql授权没问题
| User: 'wenqiang'@'172.16.1.%'; |
| User: 'root'@'localhost'; | #我发现从localhost登录的root用户无法给普通用户授权
| User: 'root'@'localhost.localdomain'; |
+---------------------------------------+
4 rows in set (0.00 sec)(3)查看该root用户的Grant_priv选项是Y还是N(N表示无权给普通用户授权)
mysql> select * from mysql.user where User='root' and Host='localhost'\G;
*************************** 1. row ***************************Host: localhostUser: rootPassword: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9Select_priv: YInsert_priv: YUpdate_priv: YDelete_priv: YCreate_priv: YDrop_priv: YReload_priv: YShutdown_priv: YProcess_priv: YFile_priv: YGrant_priv: N #无授权权限References_priv: YIndex_priv: YAlter_priv: YShow_db_priv: YSuper_priv: YCreate_tmp_table_priv: YLock_tables_priv: YExecute_priv: YRepl_slave_priv: YRepl_client_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YCreate_user_priv: YEvent_priv: YTrigger_priv: Y
Create_tablespace_priv: Yssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin: mysql_native_passwordauthentication_string: password_expired: N
1 row in set (0.00 sec)ERROR:
No query specified(3)把Grant_priv选项的N改为Y就可以了
mysql> update mysql.user set Grant_priv='Y' where User='root' and Host='localhost';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)(4)退出重新登录mysql,再次给普通用户授权(一定要先退出mysql)
mysql> grant all on *.* to root@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
![[ Linux 命令基础 4 ] Linux 命令详解-文本处理命令](https://i-blog.csdnimg.cn/direct/b0e154d62a584372ade0c70e4bf70031.png)
