MySQL 用户
快速命令
CREATE USER 'username'@'host' IDENTIFIED BY 'password'; CREATE USER 'cmz'@'localhost' IDENTIFIED BY '123456'; # 创建用户,只能在mysql的服务器端菜能登录,密码是123456 CREATE USER 'cmz'@'192.168.5.122' IDENTIFIED BY '123456'; # 创建用户,限制来访的IP地址必须是192.168.5.5.5.5.5.122,密码是123456 CREATE USER 'cmz'@'%' IDENTIFIED BY '123456'; # 创建用户,不限制来访IP,密码是123456 CREATE USER 'cmz'@'%' IDENTIFIED BY ''; # 创建用户,不限制来访IP,不无密码 CREATE USER 'cmz'@'%'; # 创建用户,不限制来访IP,不无密码 和上面相等 GRANT privileges ON databasename.tablename TO 'username'@'host' GRANT SELECT, INSERT ON cmz.leco TO 'cmz'@'%'; # 授权cmz 用户,拥有cmz库的leco表有select,insert 权限 GRANT ALL ON *.* TO 'cmz'@'%'; # 授权cmz 用户,拥有所有权限 GRANT ALL ON cmz.* TO 'cmz'@'%'; # 授权cmz 用户,拥有所cmz库的下所有表的所有权限 SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword'); SET PASSWORD FOR 'cmz'@'%' = PASSWORD('cmz'); SET PASSWORD = PASSWORD("newpassword"); SET PASSWORD = PASSWORD("cmz123456"); REVOKE privilege ON databasename.tablename FROM 'username'@'host'; REVOKE SELECT ON *.* FROM 'cmz'@'%'; DROP USER 'username'@'host'; drop user 'cmz';
1. 创建用户¶
1.1 语法¶
CREATE USER 'username'@'host' IDENTIFIED BY 'password';
参数解释
username: 你将创建的用户名 host: 指定该用户在哪个主机上可以登陆,如果是本地用户可用localhost,如果想让该用户可以从任意远程主机登陆,可以使用通配符% password: 该用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器
1.2 例子¶
CREATE USER 'cmz'@'localhost' IDENTIFIED BY '123456'; # 创建用户,只能在mysql的服务器端菜能登录,密码是123456 CREATE USER 'cmz'@'192.168.5.122' IDENTIFIED BY '123456'; # 创建用户,限制来访的IP地址必须是192.168.2.122,密码是123456 CREATE USER 'cmz'@'%' IDENTIFIED BY '123456'; # 创建用户,不限制来访IP,密码是123456 CREATE USER 'cmz'@'%' IDENTIFIED BY ''; # 创建用户,不限制来访IP,不无密码 CREATE USER 'cmz'@'%'; # 创建用户,不限制来访IP,不无密码 和上面相等
1.3 环境¶
root@leco:~# mysql -V mysql Ver 14.14 Distrib 5.7.25, for Linux (x86_64) using EditLine wrapper mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 6 rows in set (0.00 sec)
1.3.1 例子1¶
CREATE USER 'cmz'@'localhost' IDENTIFIED BY '123456';
mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 6 rows in set (0.00 sec) mysql> CREATE USER 'cmz'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.01 sec) mysql> select * from user; ERROR 1046 (3D000): No database selected mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | cmz | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 7 rows in set (0.00 sec) 在服务器端登录 leco@leco:~$ mysql -ucmz -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 79 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 说明可登录,换其他机器登录 C:\Users\cmz>mysql -h192.168.5.110 -ucmz -pcmz Warning: Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'cmz'@'192.168.5.1' (using password: YES) 禁止登录了。
1.3.2 例子2¶
CREATE USER 'cmz'@'192.168.5.122' IDENTIFIED BY '123456';
# 1. 先删除上面cmz用户。 mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | cmz | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 7 rows in set (0.00 sec) mysql> drop user cmz@'localhost'; Query OK, 0 rows affected (0.01 sec) mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 6 rows in set (0.00 sec) # 2. 创建用户 mysql> CREATE USER 'cmz'@'192.168.2.112' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) mysql> select host,user from mysql.user; +---------------+------------------+ | host | user | +---------------+------------------+ | % | repl | | % | root | | 192.168.2.112 | cmz | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +---------------+------------------+ 7 rows in set (0.00 sec) # 3. mysql服务器本地登录 leco@leco:~$ mysql -ucmz -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'cmz'@'localhost' (using password: YES) 被拒绝,正常。 # 4. 从192.168.5.122 机器登录 C:\Users\cmz>mysql -h192.168.5.110 -ucmz -p123456 Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 100 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK
1.3.3 例子3¶
CREATE USER 'cmz'@'%' IDENTIFIED BY '123456';
mysql> CREATE USER 'cmz'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) mysql> select host,user from mysql.user where user='cmz'; +------+------+ | host | user | +------+------+ | % | cmz | +------+------+ 1 row in set (0.00 sec) # 1. mysql服务器本地登录 leco@leco:~$ mysql -ucmz -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 85 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK。 # 2. 其他机器登录 C:\Users\cmz>mysql -h192.168.5.110 -ucmz -p123456 Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 87 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK
1.3.4 例子4¶
CREATE USER 'cmz'@'%' IDENTIFIED BY '';
mysql> drop user cmz@'192.168.5.122'; Query OK, 0 rows affected (0.00 sec) mysql> CREATE USER 'cmz'@'%' IDENTIFIED BY ''; Query OK, 0 rows affected (0.01 sec) mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | cmz | | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 7 rows in set (0.00 sec) # 1. 服务器本地登录 leco@leco:~$ mysql -ucmz Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 104 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK # 2. 其他机器登录 C:\Users\cmz>mysql -h192.168.5.110 -ucmz Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 103 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK
2. 授权¶
2.1 语法¶
GRANT privileges ON databasename.tablename TO 'username'@'host'
参数解释
privileges: 用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所的权限则使用ALL databasename:数据库名 tablename: 表名,如果要授予该用户对所有数据库和表的相应操作权限则可用*表示,如*.*
2.2 例子¶
GRANT SELECT, INSERT ON cmz.leco TO 'cmz'@'%'; # 授权cmz 用户,拥有cmz库的leco表有select,insert 权限 GRANT ALL ON *.* TO 'cmz'@'%'; # 授权cmz 用户,拥有所有权限 GRANT ALL ON cmz.* TO 'cmz'@'%'; # 授权cmz 用户,拥有所cmz库的下所有表的所有权限
注意
1. grant 可以授权的同时创建该用户, 2. 用以上命令授权的用户不能给其它用户授权,如果想让该用户可以授权,用以下命令: GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
2.3 环境¶
2.3.1 例子1¶
GRANT SELECT, INSERT ON cmz.leco TO 'cmz'@'%';
mysql> GRANT SELECT, INSERT ON cmz.leco TO 'cmz'@'%'; Query OK, 0 rows affected (0.00 sec) mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | cmz | | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 7 rows in set (0.00 sec) # 1. 测试 leco@leco:~$ mysql -ucmz -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'cmz'@'localhost' (using password: YES) leco@leco:~$ mysql -ucmz Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 107 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | cmz | +--------------------+ 2 rows in set (0.00 sec) mysql> use cmz; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +---------------+ | Tables_in_cmz | +---------------+ | leco | +---------------+ 1 row in set (0.00 sec) mysql> desc leco; +-------+-----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+-----------------------+------+-----+---------+-------+ | id | int(11) | YES | | NULL | | | name | varchar(50) | YES | | NULL | | | sex | enum('male','female') | YES | | NULL | | | age | int(3) | YES | | NULL | | +-------+-----------------------+------+-----+---------+-------+ 4 rows in set (0.00 sec) mysql> drop table leco; ERROR 1142 (42000): DROP command denied to user 'cmz'@'localhost' for table 'leco' mysql> select * from leco; +------+--------+--------+------+ | id | name | sex | age | +------+--------+--------+------+ | 1 | 张三 | female | 18 | | 4 | 张三 | male | 40 | | 2 | 李四 | male | 20 | | 3 | 王五 | male | 30 | | 4 | 赵六 | female | 40 | +------+--------+--------+------+ 5 rows in set (0.00 sec) mysql> insert into leco(id,name,sex,age) values(5,"caimengzhi",'male',30); Query OK, 1 row affected (0.01 sec) mysql> select * from leco; +------+------------+--------+------+ | id | name | sex | age | +------+------------+--------+------+ | 1 | 张三 | female | 18 | | 4 | 张三 | male | 40 | | 2 | 李四 | male | 20 | | 3 | 王五 | male | 30 | | 4 | 赵六 | female | 40 | | 5 | caimengzhi | male | 30 | +------+------------+--------+------+ 5 rows in set (0.00 sec) 测试OK。
3. 修改用户密码¶
3.1 语法¶
SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');
SET PASSWORD = PASSWORD("newpassword");
3.2 修改某个用户¶
mysql> SET PASSWORD FOR 'cmz'@'%' = PASSWORD('cmz'); Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec 登录测试 leco@leco:~$ mysql -ucmz -p Enter password: ERROR 1045 (28000): Access denied for user 'cmz'@'localhost' (using password: NO) leco@leco:~$ mysql -ucmz -pcmz mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 110 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK
3.3 修改当前登录用户¶
leco@leco:~$ mysql -ucmz -pcmz mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 110 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> SET PASSWORD = PASSWORD("cmz123456"); Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> flush privileges; ERROR 1227 (42000): Access denied; you need (at least one of) the RELOAD privilege(s) for this operation mysql> ^DBye leco@leco:~$ mysql -ucmz -pcmz mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'cmz'@'localhost' (using password: YES) leco@leco:~$ mysql -ucmz -pcmz123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 112 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> 测试OK
4. 撤销权限¶
4.1 语法¶
REVOKE privilege ON databasename.tablename FROM 'username'@'host';
注意
privilege, databasename, tablename:同授权部分
例子
REVOKE SELECT ON *.* FROM 'cmz'@'%';
4.2 撤销例子¶
mysql> show grants for cmz@'%'; +---------------------------------------------------+ | Grants for cmz@% | +---------------------------------------------------+ | GRANT USAGE ON *.* TO 'cmz'@'%' | | GRANT SELECT, INSERT ON `cmz`.`leco` TO 'cmz'@'%' | +---------------------------------------------------+ 2 rows in set (0.00 sec) mysql> revoke insert on cmz.leco from cmz@'%'; Query OK, 0 rows affected (0.01 sec) mysql> show grants for cmz@'%'; +-------------------------------------------+ | Grants for cmz@% | +-------------------------------------------+ | GRANT USAGE ON *.* TO 'cmz'@'%' | | GRANT SELECT ON `cmz`.`leco` TO 'cmz'@'%' | +-------------------------------------------+ 2 rows in set (0.00 sec) # 测试insert权限 leco@leco:~$ mysql -ucmz -pcmz123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 113 Server version: 5.7.25-0ubuntu0.16.04.2-log (Ubuntu) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | cmz | +--------------------+ 2 rows in set (0.00 sec) mysql> use cmz; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +---------------+ | Tables_in_cmz | +---------------+ | leco | +---------------+ 1 row in set (0.00 sec) mysql> desc leco; +-------+-----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+-----------------------+------+-----+---------+-------+ | id | int(11) | YES | | NULL | | | name | varchar(50) | YES | | NULL | | | sex | enum('male','female') | YES | | NULL | | | age | int(3) | YES | | NULL | | +-------+-----------------------+------+-----+---------+-------+ 4 rows in set (0.00 sec) mysql> select * from leco; +------+------------+--------+------+ | id | name | sex | age | +------+------------+--------+------+ | 1 | 张三 | female | 18 | | 4 | 张三 | male | 40 | | 2 | 李四 | male | 20 | | 3 | 王五 | male | 30 | | 4 | 赵六 | female | 40 | | 5 | caimengzhi | male | 30 | +------+------------+--------+------+ 6 rows in set (0.00 sec) mysql> insert into cmz(id,name,age,score) values(6,"keke",'female',3); ERROR 1142 (42000): INSERT command denied to user 'cmz'@'localhost' for table 'cmz'
5. 删除用户¶
5.1 语法¶
DROP USER 'username'@'host';
注意
DROP USER 'username'@'host'; 若是不指定host也就是DROP USER 'username',就是删除username所有用户。
5.2 例子¶
mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | cmz | | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 7 rows in set (0.00 sec) mysql> drop user 'cmz'; Query OK, 0 rows affected (0.00 sec) mysql> select host,user from mysql.user; +-----------+------------------+ | host | user | +-----------+------------------+ | % | repl | | % | root | | localhost | debian-sys-maint | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 6 rows in set (0.00 sec)