chill/chill_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update from Sync Service

Browse Source
This commit is contained in:
FNS Service
2026-04-21 20:34:54 +08:00
parent bccc614a16
commit ed5ec2f47e
3 changed files with 438 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
Linux/MySQL/MySQL用户权限设置.md
View File

@@ -1,28 +1,164 @@
## 关于**==mysql**==的用户管理,笔记
# MySQL 用户权限设置
## 1====、创建新用户
## 通过**==root**==用户登录之后创建
## >>** **grant all privileges on *.* to** **testuser**==@localhost identified by** **"123456"** **;**  **//**  **创建新用户,用户名为****testuser****,密码为****123456** ==
## >>** **grant all privileges on *.* to** **testuser**==@localhost identified by** **"123456"** **;**  **//**  **设置用户****testuser****,可以在本地访问**==mysql
## >>** **grant all privileges on *.* to** **testuser**==@"%" identified by** **"123456"** **;**   **//**  **设置用户****testuser****,可以在远程访问**==mysql
## >>** **flush privileges** **;**  **//**  **mysql** **新设置用户或更改密码后需用**==flush privileges****刷新****MySQL****的系统权限相关表,否则会出现拒绝访问,还有一种方法,就是重新启动****mysql**==服务器,来使新设置生效
## 2====、设置用户访问数据库权限
## >>** **grant all privileges on** **test_db.*** **to** **testuser@localhost identified by "123456" ;**  **//**  **设置用户**==testuser****,只能访问数据库****test_db****,其他数据库均不能访问** ==
## >>** **grant all privileges on** ***.*** **to** **testuser@localhost identified by "123456" ;**  **//**  **设置用户**==testuser****,可以访问****mysql****上的所有数据库** ==
## >>** **grant all privileges on** **test_db.user_infor** **to** **testuser@localhost identified by "123456" ;**  **//**  **设置用户**==testuser****,只能访问数据库****test_db****的表****user_infor****,数据库中的其他表均不能访问** ==
## 3====、设置用户操作权限
## >>** **grant** **all privileges** **on *.* to** **testuser@localhost identified by "123456" WITH GRANT OPTION** **;**  **//**==设置用户****testuser****,拥有所有的操作权限,也就是管理员** ==
## >> grant** **select** **on *.* to** **testuser@localhost identified by "123456" WITH GRANT OPTION** **;**  **//**==设置用户****testuser****,只拥有【查询】操作权限** ==
## >>** **grant** **select,insert** **on *.* to** **testuser@localhost identified by "123456"**  **;**  **//**==设置用户****testuser****,只拥有【查询****\****插入】操作权限** ==
## >>** **grant** **select,insert,update,delete** **on *.* to** **testuser@localhost identified by "123456"**  **;**  **//**==设置用户****testuser****,只拥有【查询****\****插入】操作权限** ==
## >>** **REVOKE** **select,insert** **ON what FROM** **testuser**==//****取消用户****testuser****的【查询****\****插入】操作权限** ==
## 4====、设置用户远程访问权限
## >>** **grant all privileges on *.* to** **testuser@**==“192.168.1.100”** **identified by** **"123456"** **;**  **//****设置用户****testuser****,只能在客户端****IP****为****192.168.1.100****上才能远程访问****mysql** ==
## 5**==、关于****root**==用户的访问设置
## 设置所有用户可以远程访问**==mysql********修改****my.cnf****配置文件,将****bind-address = 127.0.0.1****前面加****“#”****注释掉****,这样就可以允许其他机器远程访问本机****mysql**==了;
## >>** **grant all privileges on *.* to** **root@"%" identified by** **"123456"** **;**   **//**  **设置用户**==root****,可以在远程访问**==mysql
## >>** **select host,user from user;**   **//**==查询****mysql**==中所有用户权限
## 关闭**==root**==用户远程访问权限
## >>** **delete from user where user="root" and host="%" ;**  **//**==禁止****root****用户在远程机器上访问**==mysql
## >>** **flush privileges** **;**  **//**==修改权限之后,刷新****MySQL**==的系统权限相关表方可生效
> 来自 <[https://www.cnblogs.com/candle806/p/4048651.html](https://www.cnblogs.com/candle806/p/4048651.html)>
> MySQL 用户创建、授权、管理
---
## 连接 MySQL
```bash
mysql -u root -p
```
---
## 1. 创建新用户
```sql
-- 创建用户(本地访问)
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' IDENTIFIED BY 'password';
-- 创建用户(远程访问)
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY 'password';
-- 刷新权限
FLUSH PRIVILEGES;
```
---
## 2. 设置数据库访问权限
```sql
-- 只能访问指定数据库
GRANT ALL PRIVILEGES ON mydb.* TO 'username'@'localhost' IDENTIFIED BY 'password';
-- 访问所有数据库
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' IDENTIFIED BY 'password';
-- 只能访问指定表的某列
GRANT SELECT ON mydb.users TO 'username'@'localhost';
```
---
## 3. 设置操作权限
| 权限 | 说明 |
|------|------|
| ALL PRIVILEGES | 所有权限 |
| SELECT | 查询 |
| INSERT | 插入 |
| UPDATE | 更新 |
| DELETE | 删除 |
| CREATE | 创建 |
| DROP | 删除 |
| WITH GRANT OPTION | 可授权 |
```sql
-- 授予所有权限(管理员)
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
-- 只授予查询权限
GRANT SELECT ON *.* TO 'username'@'localhost';
-- 授予查询和插入权限
GRANT SELECT, INSERT ON *.* TO 'username'@'localhost';
-- 授予增删改查权限
GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'username'@'localhost';
```
---
## 4. 撤销权限
```sql
REVOKE SELECT, INSERT ON *.* FROM 'username'@'localhost';
FLUSH PRIVILEGES;
```
---
## 5. 设置远程访问权限
```sql
-- 允许指定 IP 访问
GRANT ALL PRIVILEGES ON *.* TO 'username'@'192.168.1.100' IDENTIFIED BY 'password';
-- 允许所有 IP 访问
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY 'password';
```
### 配置文件修改
```bash
sudo vim /etc/mysql/my.cnf
```
注释掉绑定地址:
```ini
# bind-address = 127.0.0.1
```
重启 MySQL
```bash
sudo systemctl restart mysql
```
---
## 6. Root 用户管理
```sql
-- 查看所有用户
SELECT user, host FROM mysql.user;
-- 允许 root 远程访问
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
-- 禁止 root 远程访问
DELETE FROM mysql.user WHERE user='root' AND host='%';
FLUSH PRIVILEGES;
```
---
## 7. 删除用户
```sql
DROP USER 'username'@'localhost';
```
---
## 8. 查看用户权限
```sql
SHOW GRANTS FOR 'username'@'localhost';
```
---
## 常用示例
```sql
-- 创建开发用户
CREATE USER 'dev'@'localhost' IDENTIFIED BY 'dev_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp.* TO 'dev'@'localhost';
FLUSH PRIVILEGES;
-- 创建只读用户
CREATE USER 'reader'@'%' IDENTIFIED BY 'read_password';
GRANT SELECT ON myapp.* TO 'reader'@'%';
FLUSH PRIVILEGES;
-- 修改用户密码
SET PASSWORD FOR 'username'@'localhost' = PASSWORD('new_password');
FLUSH PRIVILEGES;
```
---
> 参考:[MySQL 用户权限管理](https://www.cnblogs.com/candle806/p/4048651.html)