国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home php教程 php手冊 MySQL用戶管理

MySQL用戶管理

Jun 21, 2016 am 09:09 AM
grant mysql quot samp

mysql|用戶管理

MySQL管理員應該知道如何設置MySQL用戶賬號,指出哪個用戶可以連接服務器,從哪里連接,連接后能做什么。MySQL 3.22.11開始引入兩條語句使得這項工作更容易做:GRANT語句創(chuàng)建MySQL用戶并指定其權限,而REVOKE語句刪除權限。兩條語句扮演了mysql數(shù)據(jù)庫的前端角色,并提供與直接操作這些表的內容不同的另一種方法。CREATE和REVOKE語句影響4個表:授權表


內容


user 能連接服務器的用戶以及他們擁有的任何全局權限


db 數(shù)據(jù)庫級權限


tables_priv 表級權限


columns_priv 列級權限


還有第5個授權表(host),但它不受GRANT和REVOKE的影響。


當你對一個用戶發(fā)出一條GRANT語句時,在user表中為該用戶創(chuàng)建一條記錄。如果語句指定任何全局權限(管理權限或適用于所有數(shù)據(jù)庫的權限),這些也記錄在user表中。如果你指定數(shù)據(jù)庫、表和列級權限,他們被分別記錄在db、tables_priv和columns_priv表中。


用GRANT和REVOKE比直接修改授權表更容易些,然而,建議你閱讀一下《MySQL安全性指南》。這些表異常重要,而且作為一名管理員,你應該理解它們如何超越GRANT和REVOKE語句的功能水平。


在下面的章節(jié)中,我們將介紹如何設置MySQL用戶賬號并授權。我們也涉及如何撤權和從授權表中刪除用戶。


你可能也想考慮使用mysqlaccess和mysql_setpermission腳本,它是MySQL分發(fā)的一部分,它們是Perl腳本,提供GRANT語句的另一種選擇設置用戶賬號。mysql_setpermission需要安裝DBI支持。


1 創(chuàng)建用戶并授權


GRANT語句的語法看上去像這樣:


GRANT privileges (columns) ON what TO user IDENTIFIED BY "password" WITH GRANT OPTION 


要使用該語句,你需要填寫下列部分:


privileges


授予用戶的權限,下表列出可用于GRANT語句的權限指定符:


權限指定符


權限允許的操作


ALTER 修改表和索引


CREATE 創(chuàng)建數(shù)據(jù)庫和表


DELETE 刪除表中已有的記錄


DROP 拋棄(刪除)數(shù)據(jù)庫和表


INDEX 創(chuàng)建或拋棄索引


INSERT 向表中插入新行


REFERENCE 未用


SELECT 檢索表中的記錄


UPDATE 修改現(xiàn)存表記錄


FILE 讀或寫服務器上的文件


PROCESS 查看服務器中執(zhí)行的線程信息或殺死線程


RELOAD 重載授權表或清空日志、主機緩存或表緩存。


SHUTDOWN 關閉服務器


ALL 所有;ALL PRIVILEGES同義詞


USAGE 特殊的“無權限”權限


上表顯示在第一組的權限指定符適用于數(shù)據(jù)庫、表和列,第二組數(shù)管理權限。一般,這些被相對嚴格地授權,因為它們允許用戶影響服務器的操作。第三組權限特殊,ALL意味著“所有權限”,UASGE意味著無權限,即創(chuàng)建用戶,但不授予權限。


columns


權限運用的列,它是可選的,并且你只能設置列特定的權限。如果命令有多于一個列,應該用逗號分開它們。


what


權限運用的級別。權限可以是全局的(適用于所有數(shù)據(jù)庫和所有表)、特定數(shù)據(jù)庫(適用于一個數(shù)據(jù)庫中的所有表)或特定表的。可以通過指定一個columns字句是權限是列特定的。


user


權限授予的用戶,它由一個用戶名和主機名組成。在MySQL中,你不僅指定誰能連接,還有從哪里連接。這允許你讓兩個同名用戶從不同地方連接。MySQL讓你區(qū)分他們,并彼此獨立地賦予權限。


MySQL中的一個用戶名就是你連接服務器時指定的用戶名,該名字不必與你的Unix登錄名或Windows名聯(lián)系起來。缺省地,如果你不明確指定一個名字,客戶程序將使用你的登錄名作為MySQL用戶名。這只是一個約定。你可以在授權表中將該名字改為nobody,然后以nobody連接執(zhí)行需要超級用戶權限的操作。


password


賦予用戶的口令,它是可選的。如果你對新用戶沒有指定IDENTIFIED BY子句,該用戶不賦給口令(不安全)。對現(xiàn)有用戶,任何你指定的口令將代替老口令。如果你不指定口令,老口令保持不變,當你用IDENTIFIED BY時,口令字符串用改用口令的字面含義,GRANT將為你編碼口令,不要象你用SET PASSWORD 那樣使用password()函數(shù)。


WITH GRANT OPTION子句是可選的。如果你包含它,用戶可以授予權限通過GRANT語句授權給其它用戶。你可以用該子句給與其它用戶授權的能力。


用戶名、口令、數(shù)據(jù)庫和表名在授權表記錄中是大小寫敏感的,主機名和列名不是。

一般地,你可以通過詢問幾個簡單的問題來識別GRANT語句的種類:


誰能連接,從那兒連接?


用戶應該有什么級別的權限,他們適用于什么?


用戶應該允許管理權限嗎?


下面就討論一些例子。


1.1 誰能連接,從那兒連接?


你可以允許一個用戶從特定的或一系列主機連接。有一個極端,如果你知道降職從一個主機連接,你可以將權限局限于單個主機:


GRANT ALL ON samp_db.* TO boris@localhost IDENTIFIED BY "ruby"GRANT ALL ON samp_db.* TO fred@res.mars.com IDENTIFIED BY "quartz"


(samp_db.*意思是“samp_db數(shù)據(jù)庫的所有表)另一個極端是,你可能有一個經(jīng)常旅行并需要能從世界各地的主機連接的用戶max。在這種情況下,你可以允許他無論從哪里連接:


GRANT ALL ON samp_db.* TO max@% IDENTIFIED BY "diamond"


“%”字符起通配符作用,與LIKE模式匹配的含義相同。在上述語句中,它意味著“任何主機”。所以max和max@%等價。這是建立用戶最簡單的方法,但也是最不安全的。


取其中,你可以允許一個用戶從一個受限的主機集合訪問。例如,要允許mary從snake.net域的任何主機連接,用一個%.snake.net主機指定符:


GRANT ALL ON samp_db.* TO mary@.snake.net IDENTIFIED BY "quartz";


如果你喜歡,用戶標識符的主機部分可以用IP地址而不是一個主機名來給定。你可以指定一個IP地址或一個包含模式字符的地址,而且,從MySQL 3.23,你還可以指定具有指出用于網(wǎng)絡號的位數(shù)的網(wǎng)絡掩碼的IP號:


GRANT ALL ON samp_db.* TO boris@192.168.128.3 IDENTIFIED BY "ruby" GRANT ALL ON samp_db.* TO fred@192.168.128.% IDENTIFIED BY "quartz" GRANT ALL ON samp_db.* TO rex@192.168.128.0/17 IDENTIFIED BY "ruby"


第一個例子指出用戶能從其連接的特定主機,第二個指定對于C類子網(wǎng)192.168.128的IP模式,而第三條語句中,192.168.128.0/17指定一個17位網(wǎng)絡號并匹配具有192.168.128頭17位的IP地址?!?


如果MySQL抱怨你指定的用戶值,你可能需要使用引號(只將用戶名和主機名部分分開加引號)。


GRANT ALL ON samp_db.president TO "my friend"@"boa.snake.net"


1.2 用戶應該有什么級別的權限和它們應該適用于什么?


你可以授權不同級別的權限,全局權限是最強大的,因為它們適用于任何數(shù)據(jù)庫。要使ethel成為可做任何事情的超級用戶,包括能授權給其它用戶,發(fā)出下列語句:


GRANT ALL ON *.* TO ethel@localhost IDENTIFIED BY "coffee" WITH GRANT OPTION


ON子句中的*.*意味著“所有數(shù)據(jù)庫、所有表”。從安全考慮,我們指定ethel只能從本地連接。限制一個超級用戶可以連接的主機通常是明智的,因為它限制了試圖破解口令的主機。


有些權限(FILE、PROCESS、RELOAD和SHUTDOWN)是管理權限并且只能用"ON *.*"全局權限指定符授權。如果你愿意,你可以授權這些權限,而不授權數(shù)據(jù)庫權限。例如,下列語句設置一個flush用戶,他只能發(fā)出flush語句。這可能在你需要執(zhí)行諸如清空日志等的管理腳本中會有用:


GRANT RELOAD ON *.* TO flushl@localhost IDENTIFIED BY "flushpass"


一般地,你想授權管理權限,吝嗇點,因為擁有它們的用戶可以影響你的服務器的操作。


數(shù)據(jù)庫級權限適用于一個特定數(shù)據(jù)庫中的所有表,它們可通過使用ON db_name.*子句授予:


GRANT ALL ON samp_db TO bill@racer.snake.net INDETIFIED BY "rock" GRANT SELECT ON samp_db TO ro_user@% INDETIFIED BY "rock"


第一條語句向bill授權samp_db數(shù)據(jù)庫中所有表的權限,第二條創(chuàng)建一個嚴格限制訪問的用戶ro_user(只讀用戶),只能訪問samp_db數(shù)據(jù)庫中的所有表,但只有讀取,即用戶只能發(fā)出SELECT語句。


你可以列出一系列同時授予的各個權限。例如,如果你想讓用戶能讀取并能修改現(xiàn)有數(shù)據(jù)庫的內容,但不能創(chuàng)建新表或刪除表,如下授予這些權限:


GRANT SELECT,INSERT,DELETE,UPDATE ON samp_db TO bill@snake.net INDETIFIED BY "rock"


對于更精致的訪問控制,你可以在各個表上授權,或甚至在表的每個列上。當你想向用戶隱藏一個表的部分時,或你想讓一個用戶只能修改特定的列時,列特定權限非常有用。如:


GRANT SELECT ON samp_db.member TO bill@localhost INDETIFIED BY "rock"GRANT UPDATE (expiration) ON samp_db. member TO bill@localhost


第一條語句授予對整個member表的讀權限并設置了一個口令,第二條語句增加了UPDATE權限,當只對expiration列。沒必要再指定口令,因為第一條語句已經(jīng)指定了。


如果你想對多個列授予權限,指定一個用逗號分開的列表。例如,對assistant用戶增加member表的地址字段的UPDATE權限,使用如下語句,新權限將加到用戶已有的權限中:


GRANT UPDATE (street,city,state,zip) ON samp_db TO assistant@localhost


通常,你不想授予任何比用戶確實需要的權限寬的權限。然而,當你想讓用戶能創(chuàng)建一個臨時表以保存中間結果,但你又不想讓他們在一個包含他們不應修改內容的數(shù)據(jù)庫中這樣做時,發(fā)生了要授予在一個數(shù)據(jù)庫上的相對寬松的權限。你可以通過建立一個分開的數(shù)據(jù)庫(如tmp)并授予開數(shù)據(jù)庫上的所有權限來進行。例如,如果你想讓來自mars.net域中主機的任何用戶使用tmp數(shù)據(jù)庫,你可以發(fā)出這樣的GRANT語句:


GRANT ALL ON tmp.* TO ""@mars.net


在你做完之后,用戶可以創(chuàng)建并用tmp.tbl_name形式引用tmp中的表(在用戶指定符中的""創(chuàng)建一個匿名用戶,任何用戶均匹配空白用戶名)。


1.3 用戶應該被允許管理權限嗎?


你可以允許一個數(shù)據(jù)庫的擁有者通過授予數(shù)據(jù)庫上的所有擁有者權限來控制數(shù)據(jù)庫的訪問,在授權時,指定WITH GRANT OPTION。例如:如果你想讓alicia能從big.corp.com域的任何主機連接并具有sales數(shù)據(jù)庫中所有表的管理員權限,你可以用如下GRANT語句:


GRANT ALL ON sales.* TO alicia@%.big.corp.com INDETIFIED BY "applejuice" WITH GRANT OPTION


在效果上WITH GRANT OPTION子句允許你把訪問授權的權利授予另一個用戶。要注意,擁有GRANT權限的兩個用戶可以彼此授權。如果你只給予了第一個用戶SELECT權限,而另一個用戶有GRANT加上SELECT權限,那么第二個用戶可以是第一個用戶更“強大”。


2 撤權并刪除用戶


要取消一個用戶的權限,使用REVOKE語句。REVOKE的語法非常類似于GRANT語句,除了TO用FROM取代并且沒有INDETIFED BY和WITH GRANT OPTION子句:


REVOKE privileges (columns) ON what FROM user


user部分必須匹配原來GRANT語句的你想撤權的用戶的user部分。privileges部分不需匹配,你可以用GRANT語句授權,然后用REVOKE語句只撤銷部分權限。


REVOKE語句只刪除權限,而不刪除用戶。即使你撤銷了所有權限,在user表中的用戶記錄依然保留,這意味著用戶仍然可以連接服務器。要完全刪除一個用戶,你必須用一條DELETE語句明確從user表中刪除用戶記錄:


%mysql -u root mysqlmysql>DELETE FROM user ->WHERE User="user_name" and Host="host_name";mysql>FLUSH PRIVILEGES; 


DELETE語句刪除用戶記錄,而FLUSH語句告訴服務器重載授權表。(當你使用GRANT和REVOKE語句時,表自動重載,而你直接修改授權表時不是。)



Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

PHP Tutorial
1488
72
How to use PHP to develop a Q&A community platform Detailed explanation of PHP interactive community monetization model How to use PHP to develop a Q&A community platform Detailed explanation of PHP interactive community monetization model Jul 23, 2025 pm 07:21 PM

1. The first choice for the Laravel MySQL Vue/React combination in the PHP development question and answer community is the first choice for Laravel MySQL Vue/React combination, due to its maturity in the ecosystem and high development efficiency; 2. High performance requires dependence on cache (Redis), database optimization, CDN and asynchronous queues; 3. Security must be done with input filtering, CSRF protection, HTTPS, password encryption and permission control; 4. Money optional advertising, member subscription, rewards, commissions, knowledge payment and other models, the core is to match community tone and user needs.

Automating MySQL Deployments with Infrastructure as Code Automating MySQL Deployments with Infrastructure as Code Jul 20, 2025 am 01:49 AM

To achieve MySQL deployment automation, the key is to use Terraform to define resources, Ansible management configuration, Git for version control, and strengthen security and permission management. 1. Use Terraform to define MySQL instances, such as the version, type, access control and other resource attributes of AWSRDS; 2. Use AnsiblePlaybook to realize detailed configurations such as database user creation, permission settings, etc.; 3. All configuration files are included in Git management, support change tracking and collaborative development; 4. Avoid hard-coded sensitive information, use Vault or AnsibleVault to manage passwords, and set access control and minimum permission principles.

How to set environment variables in PHP environment Description of adding PHP running environment variables How to set environment variables in PHP environment Description of adding PHP running environment variables Jul 25, 2025 pm 08:33 PM

There are three main ways to set environment variables in PHP: 1. Global configuration through php.ini; 2. Passed through a web server (such as SetEnv of Apache or fastcgi_param of Nginx); 3. Use putenv() function in PHP scripts. Among them, php.ini is suitable for global and infrequently changing configurations, web server configuration is suitable for scenarios that need to be isolated, and putenv() is suitable for temporary variables. Persistence policies include configuration files (such as php.ini or web server configuration), .env files are loaded with dotenv library, and dynamic injection of variables in CI/CD processes. Security management sensitive information should be avoided hard-coded, and it is recommended to use.en

mysql revoke privileges from user mysql revoke privileges from user Jul 16, 2025 am 03:56 AM

To recycle MySQL user permissions using REVOKE, you need to specify the permission type, database, and user by format. 1. Use REVOKEALLPRIVILEGES, GRANTOPTIONFROM'username'@'hostname'; 2. Use REVOKEALLPRIVILEGESONmydb.FROM'username'@'hostname'; 3. Use REVOKEALLPRIVILEGESONmydb.FROM'username'@'hostname'; 3. Use REVOKE permission type ON.*FROM'username'@'hostname'; Note that after execution, it is recommended to refresh the permissions. The scope of the permissions must be consistent with the authorization time, and non-existent permissions cannot be recycled.

How to use PHP to develop product recommendation module PHP recommendation algorithm and user behavior analysis How to use PHP to develop product recommendation module PHP recommendation algorithm and user behavior analysis Jul 23, 2025 pm 07:00 PM

To collect user behavior data, you need to record browsing, search, purchase and other information into the database through PHP, and clean and analyze it to explore interest preferences; 2. The selection of recommendation algorithms should be determined based on data characteristics: based on content, collaborative filtering, rules or mixed recommendations; 3. Collaborative filtering can be implemented in PHP to calculate user cosine similarity, select K nearest neighbors, weighted prediction scores and recommend high-scoring products; 4. Performance evaluation uses accuracy, recall, F1 value and CTR, conversion rate and verify the effect through A/B tests; 5. Cold start problems can be alleviated through product attributes, user registration information, popular recommendations and expert evaluations; 6. Performance optimization methods include cached recommendation results, asynchronous processing, distributed computing and SQL query optimization, thereby improving recommendation efficiency and user experience.

Securing MySQL Connections with SSL/TLS Encryption Securing MySQL Connections with SSL/TLS Encryption Jul 21, 2025 am 02:08 AM

Why do I need SSL/TLS encryption MySQL connection? Because unencrypted connections may cause sensitive data to be intercepted, enabling SSL/TLS can prevent man-in-the-middle attacks and meet compliance requirements; 2. How to configure SSL/TLS for MySQL? You need to generate a certificate and a private key, modify the configuration file to specify the ssl-ca, ssl-cert and ssl-key paths and restart the service; 3. How to force SSL when the client connects? Implemented by specifying REQUIRESSL or REQUIREX509 when creating a user; 4. Details that are easily overlooked in SSL configuration include certificate path permissions, certificate expiration issues, and client configuration requirements.

How to build an online customer service robot with PHP. PHP intelligent customer service implementation technology How to build an online customer service robot with PHP. PHP intelligent customer service implementation technology Jul 25, 2025 pm 06:57 PM

PHP plays the role of connector and brain center in intelligent customer service, responsible for connecting front-end input, database storage and external AI services; 2. When implementing it, it is necessary to build a multi-layer architecture: the front-end receives user messages, the PHP back-end preprocesses and routes requests, first matches the local knowledge base, and misses, call external AI services such as OpenAI or Dialogflow to obtain intelligent reply; 3. Session management is written to MySQL and other databases by PHP to ensure context continuity; 4. Integrated AI services need to use Guzzle to send HTTP requests, safely store APIKeys, and do a good job of error handling and response analysis; 5. Database design must include sessions, messages, knowledge bases, and user tables, reasonably build indexes, ensure security and performance, and support robot memory

How to develop AI intelligent form system with PHP PHP intelligent form design and analysis How to develop AI intelligent form system with PHP PHP intelligent form design and analysis Jul 25, 2025 pm 05:54 PM

When choosing a suitable PHP framework, you need to consider comprehensively according to project needs: Laravel is suitable for rapid development and provides EloquentORM and Blade template engines, which are convenient for database operation and dynamic form rendering; Symfony is more flexible and suitable for complex systems; CodeIgniter is lightweight and suitable for simple applications with high performance requirements. 2. To ensure the accuracy of AI models, we need to start with high-quality data training, reasonable selection of evaluation indicators (such as accuracy, recall, F1 value), regular performance evaluation and model tuning, and ensure code quality through unit testing and integration testing, while continuously monitoring the input data to prevent data drift. 3. Many measures are required to protect user privacy: encrypt and store sensitive data (such as AES

See all articles