MySQL快速入门——用户管理
MySQL快速入门——用户管理
- 1. 用户
- 1.1 用户信息
- 1.2 创建用户
- 1.3 删除用户
- 1.4 修改用户密码
- 2. 数据库的权限
- 2.1 给用户授权
- 2.2 回收权限
1. 用户
- 如果我们只能使用root用户,这样存在安全隐患。这时,就需要使用MySQL的用户管理。
1.1 用户信息
1. MySQL中的用户,都存储在系统数据库mysql的user表中
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> select host,user,authentication_string from user;
+-----------+------------------+------------------------------------------------------------------------+
| host | user | authentication_string |
+-----------+------------------+------------------------------------------------------------------------+
| % | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| localhost | mysql.session | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| localhost | mysql.sys | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| localhost | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+-----------+------------------+------------------------------------------------------------------------+
5 rows in set (0.01 sec)
2. 可以通过desc初步查看一下表的结构:
- 可以看到结构是相当复杂的,有很多字段。在上面的例子中,我们只是将最常用的字段展示出来了,即主机
host,用户名user,密码authentication_string。
mysql> desc user;
+--------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Host | char(255) | NO | PRI | | |
| User | char(32) | NO | PRI | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
| Create_tablespace_priv | enum('N','Y') | NO | | N | |
| ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | |
| ssl_cipher | blob | NO | | NULL | |
| x509_issuer | blob | NO | | NULL | |
| x509_subject | blob | NO | | NULL | |
| max_questions | int unsigned | NO | | 0 | |
| max_updates | int unsigned | NO | | 0 | |
| max_connections | int unsigned | NO | | 0 | |
| max_user_connections | int unsigned | NO | | 0 | |
| plugin | char(64) | NO | | caching_sha2_password | |
| authentication_string | text | YES | | NULL | |
| password_expired | enum('N','Y') | NO | | N | |
| password_last_changed | timestamp | YES | | NULL | |
| password_lifetime | smallint unsigned | YES | | NULL | |
| account_locked | enum('N','Y') | NO | | N | |
| Create_role_priv | enum('N','Y') | NO | | N | |
| Drop_role_priv | enum('N','Y') | NO | | N | |
| Password_reuse_history | smallint unsigned | YES | | NULL | |
| Password_reuse_time | smallint unsigned | YES | | NULL | |
| Password_require_current | enum('N','Y') | YES | | NULL | |
| User_attributes | json | YES | | NULL | |
+--------------------------+-----------------------------------+------+-----+-----------------------+-------+
51 rows in set (0.01 sec)
3. 字段解释:
host:表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆。%表示可以从任意远端主机登入;user:用户名;authentication_string:用户密码通过caching_sha2_password函数加密后的(MySQL5.7及之前,采用password函数加密);*_priv: 用户拥有的权限。
在生产环境下,
root用户强烈不建议设置host为%,不安全。其实MySQL一般都是在公司内网使用,都不会将端口号暴漏在公网上。
1.2 创建用户
1. 语法:
create user '用户名'@'登陆主机/ip' identified by '密码';
2. 案例:
mysql> create user 'lhy'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.02 sec)mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| lhy | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | -- 新增用户
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
6 rows in set (0.00 sec)
关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的
user。
1.3 删除用户
1. 语法
drop user '用户名'@'主机名';
2. 案例
mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| lhy | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
6 rows in set (0.00 sec)mysql> drop user lhy; -- 尝试删除
ERROR 1396 (HY000): Operation DROP USER failed for 'lhy'@'%'
-- 直接给个用户名,不能删除,它默认是%,表示所有地方可以登陆的用户mysql> drop user 'lhy'@'localhost';
Query OK, 0 rows affected (0.01 sec)mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.01 sec)
删除用户本质上就是删除
user表中的一行记录,完全可以使用delete操作,只不过mysql专门设置了另一套sql又封装了一下;创建用户亦是如此,如果使用insert into插入数据,岂不是要插入那么多列信息?太麻烦了。
1.4 修改用户密码
1. 语法:
- 自己改自己密码:
set password=password('新的密码'); -- MySQL5.7及之前
set password='新密码'; -- MySQL8.0及以后,会自动加密
root用户修改指定用户的密码:
set password for '用户名'@'主机名'=password('新的密码'); -- MySQL5.7即之前
set password for '用户名'@'主机名'='新密码'; -- MySQL8.0及以后,自动加密
- 通用写法:
alter user '用户名'@'主机名' identified by 'new_password'; -- MySQL8.0及以后
2. 案例(root用户修改其他用户密码)
mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| lhy | localhost | *AA1420F182E88B9E5F874F6FBE7459291E8F4601 | -- 旧密码
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
6 rows in set (0.00 sec)mysql> set password for 'lhy'@'localhost' = '654321';
Query OK, 0 rows affected (0.01 sec)mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| lhy | localhost | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 | -- 密码改变
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
6 rows in set (0.00 sec)
2. 数据库的权限
- MySQL数据库提供的权限列表:
2.1 给用户授权
刚创建的用户没有任何权限。需要给用户授权。
1. 语法
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码'];
2. 说明
- 权限列表,多个权限用逗号分开:
grant select on ...
grant select, delete, create on ....
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限
*.*:代表本系统中的所有数据库的所有对象(表,视图,存储过程等)。库.*:表示某个数据库中的所有数据对象(表,视图,存储过程等)。identified by:可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户。
3. 案例
- 使用
root用户,创建一个新用户new(终端A):
mysql> create user 'new'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.01 sec)mysql> select user,host,authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| user | host | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| root | % | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| lhy | localhost | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| new | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
+------------------+-----------+------------------------------------------------------------------------+
7 rows in set (0.00 sec)
- 使用来自
oracle 9i的经典测试表中数据测试:
mysql> use scott;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+-----------------+
| Tables_in_scott |
+-----------------+
| dept |
| emp |
| salgrade |
+-----------------+
5 rows in set (0.00 sec)
- 新启一个终端,使用
new用户连接,试试看能不能访问这个库和这个表(终端B):
(base) ubuntu@Ubuntu22:~$ mysql -unew -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.43 MySQL Community Server - GPLCopyright (c) 2000, 2025, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases; -- 发现新用户几乎什么权限没有,什么库都看不到
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
+--------------------+
2 rows in set (0.02 sec)
- 回到终端A,用
root给用户new赋予scott数据库下所有文件的select权限(终端A):
mysql> grant select on scott.* to 'new'@'localhost';
Query OK, 0 rows affected (0.01 sec)
- 到终端B,看看现在
new用户能访问scott库了吗(终端B):
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
| scott | -- 可以看到 scott 库了
+--------------------+
3 rows in set (0.00 sec)mysql> use scott;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+-----------------+
| Tables_in_scott |
+-----------------+
| dept |
| emp |
| salgrade |
+-----------------+
3 rows in set (0.00 sec)mysql> select * from emp; -- 有select权限
+--------+--------+-----------+------+---------------------+---------+---------+--------+
| empno | ename | job | mgr | hiredate | sal | comm | deptno |
+--------+--------+-----------+------+---------------------+---------+---------+--------+
| 007369 | SMITH | CLERK | 7902 | 1980-12-17 00:00:00 | 800.00 | NULL | 20 |
| 007499 | ALLEN | SALESMAN | 7698 | 1981-02-20 00:00:00 | 1600.00 | 300.00 | 30 |
| 007521 | WARD | SALESMAN | 7698 | 1981-02-22 00:00:00 | 1250.00 | 500.00 | 30 |
| 007566 | JONES | MANAGER | 7839 | 1981-04-02 00:00:00 | 2975.00 | NULL | 20 |
| 007654 | MARTIN | SALESMAN | 7698 | 1981-09-28 00:00:00 | 1250.00 | 1400.00 | 30 |
| 007698 | BLAKE | MANAGER | 7839 | 1981-05-01 00:00:00 | 2850.00 | NULL | 30 |
| 007782 | CLARK | MANAGER | 7839 | 1981-06-09 00:00:00 | 2450.00 | NULL | 10 |
| 007788 | SCOTT | ANALYST | 7566 | 1987-04-19 00:00:00 | 3000.00 | NULL | 20 |
| 007839 | KING | PRESIDENT | NULL | 1981-11-17 00:00:00 | 5000.00 | NULL | 10 |
| 007844 | TURNER | SALESMAN | 7698 | 1981-09-08 00:00:00 | 1500.00 | 0.00 | 30 |
| 007876 | ADAMS | CLERK | 7788 | 1987-05-23 00:00:00 | 1100.00 | NULL | 20 |
| 007900 | JAMES | CLERK | 7698 | 1981-12-03 00:00:00 | 950.00 | NULL | 10 |
| 007902 | FORD | ANALYST | 7566 | 1981-12-03 00:00:00 | 3000.00 | NULL | 20 |
| 007934 | MILLER | CLERK | 7782 | 1982-01-23 00:00:00 | 1300.00 | NULL | 10 |
+--------+--------+-----------+------+---------------------+---------+---------+--------+
14 rows in set (0.01 sec)
- 试试有其他权限吗(终端B):
mysql> select * from emp;
+--------+--------+-----------+------+---------------------+---------+---------+--------+
| empno | ename | job | mgr | hiredate | sal | comm | deptno |
+--------+--------+-----------+------+---------------------+---------+---------+--------+
| 007369 | SMITH | CLERK | 7902 | 1980-12-17 00:00:00 | 800.00 | NULL | 20 |
| 007499 | ALLEN | SALESMAN | 7698 | 1981-02-20 00:00:00 | 1600.00 | 300.00 | 30 |
| 007521 | WARD | SALESMAN | 7698 | 1981-02-22 00:00:00 | 1250.00 | 500.00 | 30 |
| 007566 | JONES | MANAGER | 7839 | 1981-04-02 00:00:00 | 2975.00 | NULL | 20 |
| 007654 | MARTIN | SALESMAN | 7698 | 1981-09-28 00:00:00 | 1250.00 | 1400.00 | 30 |
| 007698 | BLAKE | MANAGER | 7839 | 1981-05-01 00:00:00 | 2850.00 | NULL | 30 |
| 007782 | CLARK | MANAGER | 7839 | 1981-06-09 00:00:00 | 2450.00 | NULL | 10 |
| 007788 | SCOTT | ANALYST | 7566 | 1987-04-19 00:00:00 | 3000.00 | NULL | 20 |
| 007839 | KING | PRESIDENT | NULL | 1981-11-17 00:00:00 | 5000.00 | NULL | 10 |
| 007844 | TURNER | SALESMAN | 7698 | 1981-09-08 00:00:00 | 1500.00 | 0.00 | 30 |
| 007876 | ADAMS | CLERK | 7788 | 1987-05-23 00:00:00 | 1100.00 | NULL | 20 |
| 007900 | JAMES | CLERK | 7698 | 1981-12-03 00:00:00 | 950.00 | NULL | 10 |
| 007902 | FORD | ANALYST | 7566 | 1981-12-03 00:00:00 | 3000.00 | NULL | 20 |
| 007934 | MILLER | CLERK | 7782 | 1982-01-23 00:00:00 | 1300.00 | NULL | 10 |
+--------+--------+-----------+------+---------------------+---------+---------+--------+
14 rows in set (0.00 sec)mysql> delete from emp where empno=7369; -- 很显然,sql被拒绝了
ERROR 1142 (42000): DELETE command denied to user 'new'@'localhost' for table 'emp'
4. 特定用户现有查看权限
- 非
root用户,只能查看自己的权限:
mysql> show grants for 'new'@'localhost';
+------------------------------------------------+
| Grants for new@localhost |
+------------------------------------------------+
| GRANT USAGE ON *.* TO `new`@`localhost` |
| GRANT SELECT ON `scott`.* TO `new`@`localhost` | -- 对scott库中所有表*有select权限
+------------------------------------------------+
2 rows in set (0.00 sec)
5. 赋权后不生效?
- 这是因为赋权操作将权限写入磁盘后,并没有加载进缓存中,所以需要刷新:
flush privileges;
2.2 回收权限
1. 语法:
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
2. 案例
-- 终端A
mysql> revoke all on scott.* from 'new'@'localhost';
Query OK, 0 rows affected (0.01 sec)-- 终端B
mysql> select user();
+---------------+
| user() |
+---------------+
| new@localhost |
+---------------+
1 row in set (0.00 sec)mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
+--------------------+
2 rows in set (0.00 sec)