mysql 安全管理详情 |
1銆佸氨鎸夊崟浠嬬粛
鎹㈠彞璇濊锛岀敤鎴蜂笉鑳藉杩囧鐨勬暟鎹叿鏈夎繃澶氱殑璁块棶鏉冦?/p>
杩欎簺閮藉彧鏄緥瀛愶紝浣嗘湁鍔╀簬璇存槑涓涓噸瑕佺殑浜嬪疄锛屽嵆浣犻渶瑕佺粰鐢ㄦ埛鎻愪緵浠栦滑鎵闇鐨勮闂潈锛屼笖浠呮彁渚涗粬浠墍闇鐨勮闂潈銆?/p> 杩欏氨鏄墍璋撶殑璁块棶鎺у埗锛岀鐞嗚闂帶鍒堕渶瑕佸垱寤哄拰绠$悊鐢ㄦ埛璐﹀彿銆?/p> 闃叉鏃犳剰鐨勯敊璇?閲嶈鐨勬槸娉ㄦ剰鍒帮紝璁块棶鎺у埗鐨勭洰鐨勪笉浠呬粎鏄槻姝㈢敤鎴风殑鎭舵剰浼佸浘銆?/p> 鏁版嵁姊﹂瓏鏇翠负甯歌鐨勬槸鏃犳剰璇嗛敊璇殑缁撴灉锛屽閿欐墦MySQL璇彞锛屽湪涓嶅悎閫傜殑鏁版嵁搴撲腑鎿嶄綔鎴栧叾浠栦竴浜涚敤鎴烽敊璇?/p> 閫氳繃淇濊瘉鐢ㄦ埛涓嶈兘鎵ц浠栦滑涓嶅簲璇ユ墽琛岀殑璇彞锛岃闂帶鍒舵湁鍔╀簬閬垮厤杩欎簺鎯呭喌鐨勫彂鐢?br /> 涓嶈浣跨敤root 搴旇涓ヨ們瀵瑰緟root鐧诲綍鐨勪娇鐢ㄣ備粎鍦ㄧ粷瀵归渶瑕佹椂浣跨敤瀹冿紙鎴栬鍦ㄤ綘涓嶈兘鐧诲綍鍏朵粬绠$悊璐﹀彿鏃朵娇鐢級銆?/p> 涓嶅簲璇ュ湪鏃ュ父鐨?code>MySQL鎿嶄綔涓娇鐢?code>root銆?br />
MySQL鐢ㄦ埛璐﹀彿鍜屼俊鎭瓨鍌ㄥ湪鍚嶄负 涓烘锛屽彲浣跨敤浠ヤ笅浠g爜锛?/strong> use mysql; SELECT USER FROM user;
user琛ㄦ湁涓涓悕涓?code>user鐨勫垪锛屽畠瀛樺偍鐢ㄦ埛鐧诲綍鍚嶃傛柊瀹夎鐨勬湇鍔″櫒鍙兘鍙湁涓涓敤鎴凤紙濡傝繖閲屾墍绀猴級锛岃繃鍘诲缓绔嬬殑鏈嶅姟鍣ㄥ彲鑳藉叿鏈夊緢澶氱敤鎴? 鐢ㄥ涓鎴锋満杩涜璇曢獙 璇曢獙瀵圭敤鎴疯处鍙峰拰鏉冮檺杩涜鏇存敼鐨勬渶濂藉姙娉曟槸鎵撳紑澶氫釜鏁版嵁搴撳鎴锋満锛堝 2銆佸垱寤虹敤鎴?/h2>
CREATE USER ben IDENTIFIED by 'ben123456'; 杩欐牱灏卞垱寤轰簡涓涓敤鎴枫?/p> 鎸囧畾鏁e垪鍙d护 MySQL鐢ㄦ潵瀛樺偍鐢ㄦ埛璐﹀彿淇℃伅鐨勮〃锛堜互鍙婅〃妯″紡绛夛級鏋佷负閲嶈锛屽瀹冧滑鐨勪换浣曟瘉鍧忛兘鍙兘涓ラ噸鍦颁激瀹冲埌MySQL鏈嶅姟鍣ㄣ傚洜姝わ紝鐩稿浜庣洿鎺ュ鐞嗘潵璇达紝鏈濂芥槸鐢ㄦ爣璁板拰鍑芥暟鏉ュ鐞嗚繖浜涜〃 涓洪噸鏂板懡鍚嶄竴涓敤鎴疯处鍙凤紝浣跨敤RENAME USER璇彞锛屽涓嬫墍绀猴細 RENAME USER ben to zhangsan; MySQL 5涔嬪墠 浠匨ySQL 5鎴栦箣鍚庣殑鐗堟湰鏀寔RENAME USER銆備负浜嗗湪浠ュ墠鐨凪ySQL涓噸鍛藉悕涓涓敤鎴凤紝鍙娇鐢║PDATE鐩存帴鏇存柊user琛ㄣ?/p> 3銆佸垹闄ょ敤鎴疯处鍙?/h2>
DROP USER zhangsan; 娉ㄦ剰:
4銆佽闂潈闄?/h2>鍦ㄥ垱寤虹敤鎴疯处鍙峰悗锛屽繀椤绘帴鐫鍒嗛厤璁块棶鏉冮檺銆傛柊鍒涘缓鐨勭敤鎴疯处鍙锋病鏈夎闂潈闄愩傚畠浠兘鐧诲綍MySQL锛屼絾涓嶈兘鐪嬪埌鏁版嵁锛屼笉鑳芥墽琛屼换浣曟暟鎹簱鎿嶄綔銆?/p> CREATE USER zhangsan IDENTIFIED by 'zhang123456'; 涓虹湅鍒拌祴浜堢敤鎴疯处鍙风殑鏉冮檺锛屼娇鐢?code>SHOW GRANTS FOR锛?strong>濡備笅鎵绀猴細 SHOW GRANTS FOR 'zhangsan'; 缁撴灉: GRANT USAGE ON *.* TO 'zhangsan'@'%' IDENTIFIED BY PASSWORD '*557661E2A88A816A3155408E5D15997A8C5C7D25' 鏄剧ず娌℃湁浠讳綍鏉冮檺銆?/p> USAGE琛?绀烘牴鏈病鏈夋潈闄愶紙鎴戠煡閬擄紝杩欎笉寰堢洿瑙傦級锛屾墍浠ワ紝姝ょ粨鏋滆〃绀哄湪浠绘剰鏁版嵁搴撳拰浠绘剰琛ㄤ笂瀵逛换浣曚笢瑗挎病鏈夋潈闄愩?/p> 鐢ㄦ埛瀹氫箟涓簎ser@host MySQL鐨勬潈闄愮敤鐢ㄦ埛鍚嶅拰涓绘満鍚嶇粨鍚堝畾涔夈傚鏋滀笉鎸囧畾涓绘満鍚嶏紝鍒欎娇鐢ㄩ粯璁ょ殑涓绘満鍚?锛堟巿浜堢敤鎴疯闂潈闄愯屼笉绠′富鏈哄悕锛?/p> 涓鸿缃潈闄愶紝浣跨敤GRANT璇彞銆侴RANT瑕佹眰浣犺嚦灏戠粰鍑轰互涓嬩俊鎭細
浠ヤ笅渚嬪瓙缁欏嚭GRANT鐨勭敤娉曪細 GRANT SELECT ON test.* to zhangsan; 鐒跺悗: SHOW GRANTS FOR zhangsan; GRANT SELECT ON `test`.* TO 'zhangsan'@'%' 姣忎釜GRANT娣诲姞锛堟垨鏇存柊锛夌敤鎴风殑涓涓潈闄愩侻ySQL璇诲彇鎵鏈夋巿鏉冿紝骞舵牴鎹畠浠‘瀹氭潈闄愩?/p>
REVOKE SELECT ON test.* FROM zhangsan; 杩欐潯REVOKE璇彞鍙栨秷鍒氳祴浜堢敤鎴穊forta鐨凷ELECT璁块棶鏉冮檺銆傝鎾ら攢鐨勮闂潈闄愬繀椤诲瓨鍦紝鍚﹀垯浼氬嚭閿欍?/p> GRANT鍜孯EVOKE鍙湪鍑犱釜灞傛涓婃帶鍒惰闂潈闄愶細
绀轰緥: ALL 闄RANT OPTION澶栫殑鎵鏈夋潈闄? ALTER 浣跨敤ALTER TABLE ALTER ROUTINE 浣跨敤ALTER PROCEDURE鍜孌ROP PROCEDURE CREATE 浣跨敤CREATE TABLE CREATE ROUTINE 浣跨敤CREATE PROCEDURE CREATE TEMPORARY TABLES 浣跨敤CREATE TEMPORARY TABLE CREATE USER 浣跨敤CREATE USER銆丏ROP USER銆丷ENAME USER鍜孯EVOKE ALL PRIVILEGES CREATE VIEW 浣跨敤CREATE VIEW DELETE 浣跨敤DELETE DROP 浣跨敤DROP TABLE EXECUTE 浣跨敤CALL鍜屽瓨鍌ㄨ繃绋? FILE 浣跨敤SELECT INTO OUTFILE鍜孡OAD DATA INFILE GRANT OPTION 浣跨敤GRANT鍜孯EVOKE INDEX 浣跨敤CREATE INDEX鍜孌ROP INDEX INSERT 浣跨敤INSERT LOCK TABLES 浣跨敤LOCK TABLES PROCESS 浣跨敤SHOW FULL PROCESSLIST RELOAD 浣跨敤FLUSH REPLICATION CLIENT 鏈嶅姟鍣ㄤ綅缃殑璁块棶 REPLICATION SLAVE 鐢卞鍒朵粠灞炰娇鐢? SELECT 浣跨敤SELECT SHOW DATABASES 浣跨敤SHOW DATABASES SHOW VIEW 浣跨敤SHOW CREATE VIEW SHUTDOWN 浣跨敤mysqladmin shutdown锛堢敤鏉ュ叧闂璏ySQL锛? SUPER 浣跨敤CHANGE MASTER銆並ILL銆丩OGS銆丳URGE銆丮ASTER 鍜孲ET GLOBAL銆傝繕鍏佽mysqladmin璋冭瘯鐧诲綍 UPDATE 浣跨敤UPDATE USAGE 鏃犺闂潈闄? 浣跨敤 鏈潵鐨勬巿鏉?鍦ㄤ娇鐢℅RANT鍜孯EVOKE鏃讹紝鐢ㄦ埛璐﹀彿蹇呴』瀛樺湪锛屼絾瀵规墍娑夊強鐨勫璞℃病鏈夎繖涓姹傘?/p> 杩欏厑璁哥鐞嗗憳鍦ㄥ垱寤烘暟鎹簱鍜岃〃涔嬪墠璁捐鍜屽疄鐜板畨鍏ㄦ帾鏂姐?/p> 杩欐牱鍋氱殑鍓綔鐢ㄦ槸锛屽綋鏌愪釜鏁版嵁搴撴垨琛ㄨ鍒犻櫎鏃讹紙鐢―ROP璇彞锛夛紝鐩稿叧鐨勮闂潈闄愪粛鐒跺瓨鍦ㄣ傝屼笖锛屽鏋滃皢鏉ラ噸鏂板垱寤鸿鏁版嵁搴撴垨琛紝杩欎簺鏉冮檺浠嶇劧璧蜂綔鐢ㄣ?/p> 绠鍖栧娆℃巿鏉?鍙氳繃鍒楀嚭鍚勬潈闄愬苟鐢ㄩ楀彿鍒嗛殧锛屽皢澶氭潯GRANT璇彞涓插湪涓璧凤紝濡備笅鎵绀猴細 GRANT SELECT, INSERT ON test.* to zhangsan; 5銆佹洿鏀瑰彛浠?/h2>涓轰簡鏇存敼鐢ㄦ埛鍙d护锛屽彲浣跨敤SET PASSWORD璇彞銆傛柊鍙d护蹇呴』濡備笅鍔犲瘑锛?/strong>
SET PASSWORD FOR zhangsan = PASSWORD('zhangsan');
淇敼褰撳墠鐢ㄦ埛鐨勫彛浠?
SET PASSWORD = PASSWORD('root');
鍒版杩欑瘒鍏充簬mysql 瀹夊叏绠$悊璇︽儏鐨勬枃绔犲氨浠嬬粛鍒拌繖浜?鏇村鐩稿叧mysql 瀹夊叏绠$悊鍐呭璇锋悳绱㈣剼鏈箣瀹朵互鍓嶇殑鏂囩珷鎴栫户缁祻瑙堜笅闈㈢殑鐩稿叧鏂囩珷甯屾湜澶у浠ュ悗澶氬鏀寔鑴氭湰涔嬪锛?/p> |
