1、msyqlLinux通用二进制安装
https://downloads.mysql.com/archives/community/
2.把二进制包放到Linux下
bash
# 添加mysql组
$> groupadd mysql
# 增加mysql用户,把-g mysql组加到mysql用户中,-s 指定用户的登录shell,/bin/false创建没有服务器登录权限的用户 主机,-r 创建一个系统用户,系统用户的 UID 通常小于 1000。
$> useradd -r -g mysql -s /bin/false mysql
$> cd /usr/local
# 把mysql解压到这个目录下
$> tar xvf /path/to/mysql-VERSION-OS.tar.xz
# 创建硬链接mysql
$> ln -s full-path-to-mysql-VERSION-OS mysql
$> cd mysql
$> mkdir mysql-files
$> chown mysql:mysql mysql-files
$> chmod 750 mysql-files
# 初始化数据库
$> bin/mysqld --initialize --user=mysql
# 启动数据库服务端
$> bin/mysqld_safe --user=mysql &
# Next command is optional
$> cp support-files/mysql.server /etc/init.d/mysql.server初始化数据库时可能会出现问题
是因为找不到 libaio.so.1这个库
查看系统是否有libaio.so 但不是 libaio.so.1
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# ldconfig -p | grep libaio
libaio.so.1t64 (libc6,x86-64) => /lib/x86_64-linux-gnu/libaio.so.1t64
libaio.so (libc6,x86-64) => /lib/x86_64-linux-gnu/libaio.so查看libaio.so位置
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# find /usr -name libaio.so*
/usr/lib/x86_64-linux-gnu/libaio.so.1t64.0.2
/usr/lib/x86_64-linux-gnu/libaio.so.1t64
/usr/lib/x86_64-linux-gnu/libaio.so创建硬链接链接到libaio.so.1
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# ln -s /usr/lib/x86_64-linux-gnu/libaio.so.1t64.0.2 /usr/lib/x86_64-linux-gnu/libaio.so.1再次初始化就没问题了,后面他会给你个root的临时密码
bash
2025-01-23T08:37:26.842753Z 0 [System] [MY-013169] [Server] /usr/local/mysql-8.0.28-linux-glibc2.12-x86_64/bin/mysqld (mysqld 8.0.28) initializing of server in progress as process 14334
2025-01-23T08:37:26.897078Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2025-01-23T08:37:27.685107Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2025-01-23T08:37:29.432879Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: t8g,pkplN4YI启动后用mysql客户端连接测试一下
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# bin/mysql -u root -p
bin/mysql: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory是缺少 libtinfo.so.5原因
查找一下有没有这个库
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# ldconfig -p | grep libtinfo
libtinfo.so.6 (libc6,x86-64) => /lib/x86_64-linux-gnu/libtinfo.so.6发现libtinfo.so.6但没有 libtinfo.so.5
也可以用6代替5
找到6库位置
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# find /usr -name libtinfo.so*
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5
/usr/lib/x86_64-linux-gnu/libtinfo.so.6
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# ln -n /usr/lib/x86_64-linux-gnu/libtinfo.so.6.5 /usr/lib/x86_64-linux-gnu/libtinfo.so.5使用初始密码登录成功
bash
root@hwz-VMware-Virtual-Platform:/usr/local/mysql# bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.0.28
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> 他要你改密码后才能操作
bash
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'root-password';这时应该可以正常操作数据库了。
额外的配置
为了可以直接使用mysql命令,不用到/usr/local/mysql/bin找命令,可以mysql的命令添加到环境变量中
bash
vim ~/.bashrc
# 在文件最后加上export PATH=$PATH:/usr/local/mysql/bin
source ~/.bashrc使用systemctl管理MySQL服务
在/etc/systemd/system/mysql.service写入下面配置
bash
[Unit]
Description=MySQL Server
After=network.target
[Service]
User=mysql
Group=mysql
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/mysql/my.cnf
ExecStop=/usr/local/mysql/bin/mysqladmin shutdown
Restart=on-failure
[Install]
WantedBy=multi-user.targetsystemctl配置文件更改需要使用命令刷新一下配置
bash
systemctl daemon-reload配置文件/etc/mysql/my.cnf
bash
[client]
user=root
password=xxx # 配置了这个默认登录root不用输入密码
[mysql]
prompt=(\\u@\\h) [\\d]>\\_ # 更改MySQL客户端命令>前面显示内容
[mysqld]
port=3306
user=mysql
datadir=/usr/local/mysql/data
log_error=error.log如果之前开启过MySQL需要使用命令mysqladmin shutdown关闭 MySQL
查看mysql进程是否存在
bash
root@hwz-VMware-Virtual-Platform:/etc/mysql# ps -ef | grep mysql
mysql 18982 1 0 21:22 ? 00:00:05 /usr/local/mysql/bin/mysqld --defaults-file=/etc/mysql/my.cnf
root 19061 3897 0 21:39 pts/2 00:00:00 grep --color=auto mysql
bash
systemctl start mysql # 启动MySQL
systemctl stop mysql # 关闭MySQL
systemctl status mysql # 查看MySQL服务状态额外注意点
1.启动时如果不特定指定配置文件位置,MySQL启动时会按这几个配置文件顺序读取/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/etc/my.cnf ~/.my.cnf
bash
root@hwz-VMware-Virtual-Platform:~# mysql --help | grep my.cnf
order of preference, my.cnf, $MYSQL_TCP_PORT,
/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/etc/my.cnf ~/.my.cnf 后面的配置文件配置会覆盖前面的配置文件配置
一般配置文件都放在/etc/下,然而/etc/mysql/my.cnf可读性好点,所以推荐放在/etc/mysql/my.cnf
2.前面配置systemctl配置时启动命令为啥不用mysqld_safe而是用mysqld来启动MySQL?
因为mysqld_safe是一个守护进程
这里我使用mysqld_safe启动MySQL会发现它其实是启动了两个进程,一个是mysqld_safe,一个是mysqld,本质还是用mysqld启动MySQL,mysqld_safe是用来监视mysqld的,mysqld挂掉了会自动启动,这里可以使用kill -9 掉mysqld来测试。
bash
root@hwz-VMware-Virtual-Platform:/etc/mysql# mysqld_safe --user=mysql &
[1] 19086
root@hwz-VMware-Virtual-Platform:/etc/mysql# 2025-01-25T13:46:08.647339Z mysqld_safe Logging to '/usr/local/mysql/data/error.log'.
2025-01-25T13:46:08.700221Z mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
root@hwz-VMware-Virtual-Platform:/etc/mysql# ps -ef | grep mysql
root 19086 3897 0 21:46 pts/2 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql
mysql 19210 19086 15 21:46 pts/2 00:00:00 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysq --log-error=error.log --pid-file=hwz-VMware-Virtual-Platform.pid --port=3306
root 19258 3897 0 21:46 pts/2 00:00:00 grep --color=auto mysqlsystemctl本身可以配置 守护进程,自然不需要mysqld_safe
1.1 忘记root密码
忘记root密码怎么修改root密码?
原理:跳过连接层的验证用户功能 ,不让mysql启动加载授权表
1.停掉mysql
sql
root@hwz-VMware-Virtual-Platform:~# systemctl stop mysql2.使用mysqld_safe加关闭授权功能参数启动MySQL ,关闭tcp/ip连接,然后随便一个写个用户都可以登录上
sql
root@hwz-VMware-Virtual-Platform:~# mysqld_safe --skip-grant-tables --skip-networking &
[1] 4150
root@hwz-VMware-Virtual-Platform:~# 2025-02-03T04:12:03.405924Z mysqld_safe Logging to '/usr/local/mysql/data/error.log'.
2025-02-03T04:12:03.459742Z mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
root@hwz-VMware-Virtual-Platform:~# mysql -uxxxxx -pxxxxx
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.28 MySQL Community Server - GPL
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
(xxxxx@localhost) [(none)]> 3.加载授权表(启动时跳过加载授权表,但是修改密码需要授权表,所以启动后加载授权表)
sql
(xxxxx@localhost) [(none)]> flush privileges;
Query OK, 0 rows affected (0.02 sec)3.修改root用户密码
sql
(xxxxx@localhost) [(none)]> alter user root@'localhost' identified by '123456';
Query OK, 0 rows affected (0.01 sec)4.重启MySQL
先关闭mysql_safe方式启动
bash
root@hwz-VMware-Virtual-Platform:~# mysqladmin -uroot -p123456 shutdown
bash
root@hwz-VMware-Virtual-Platform:~# systemctl restart mysql1.2 ssl客户端加密连接
8.0版本默认开启ssl,have_openssl、have_ssl都为yes
sql
(root@localhost) [mysql]> show variables like '%ssl%';
+-------------------------------------+-----------------+
| Variable_name | Value |
+-------------------------------------+-----------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | server-key.pem |
+-------------------------------------+-----------------+
25 rows in set (0.01 sec)默认已经生成SSL 证书和密钥在数据目录下
用户可以手动调用 mysql_ssl_rsa_setup 实用程序(从 MySQL 8.0.34 开始已弃用),之后版本数据库启动时如果SSL 证书和密钥不存在则自动生成。
如果存在这些文件中的任何一个,mysql_ssl_rsa_setup 不会创建 SSL 文件。
ca.pem 自签名 CA 证书 ca-key.pem CA 私有密钥 server-cert.pem 服务器证书 server-key.pem 服务器私钥 client-cert.pem 客户端证书 client-key.pem 客户端私钥
RSA 文件
private_key.pem 私钥.pem 文件,私钥/公钥对的私有成员
public_key.pem 公共成员,属于私钥/公钥对
1.2.1 win客户端navicat ssl加密连接上数据库
1.关闭mysql所在服务器防火窗或者开放3306端口
2.添加一个外网段可以访问mysql的用户
这个ip是我Navicat所在机器ip
sql
(root@localhost) [mysql]> create user root@'172.20.10.1' identified by '123456';
Query OK, 0 rows affected (0.01 sec)创建用户必须要ssl加密才能登录
sql
(root@localhost) [mysql]> create user root@'172.20.10.1' identified by '123456' REQUIRE X509;
Query OK, 0 rows affected (0.01 sec)或者SET PERSIST require_secure_transport=ON;设置所以客户端连接都需要ssl
连接上了但只看到一个数据库说明没有权限
3。授予权限给这个用户
sql
(root@localhost) [mysql]> grant all on *.* to root@'172.20.10.1';
Query OK, 0 rows affected (0.01 sec)重新连接就显示全部数据库了
4.使用ssl方式连接
拿出client-cert.pem 客户端证书 client-key.pem 客户端私钥到客户端机器那边。
验证当前连接是否使用了ssl加密连接,不为空则是使用了ssl加密连接
SHOW SESSION STATUS LIKE 'Ssl_cipher';
2.MySQL的配置参数
查看某个参数可用通配符
sql
show variables like 'data%';变量可分为
- 按作用范围分(不标明默认是会话变量)
- session会话变量(只影响当前会话)
- global全局变量(影响所有会话)
sql
(root@localhost) [(none)]> set session long_query_time=2
-> ;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]> show variables like 'long_query_time';
+-----------------+----------+
| Variable_name | Value |
+-----------------+----------+
| long_query_time | 2.000000 |
+-----------------+----------+
1 row in set (0.01 sec)
(root@localhost) [(none)]> set long_query_time=4;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]> show variables like 'long_query_time';
+-----------------+----------+
| Variable_name | Value |
+-----------------+----------+
| long_query_time | 4.000000 |
+-----------------+----------+
1 row in set (0.00 sec)
(root@localhost) [(none)]> set global long_query_time=6;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]> show variables like 'long_query_time';
+-----------------+----------+
| Variable_name | Value |
+-----------------+----------+
| long_query_time | 4.000000 |
+-----------------+----------+
1 row in set (0.00 sec)
(root@localhost) [(none)]> set global long_query_time=6;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]> show variables like 'long_query_time';
+-----------------+----------+
| Variable_name | Value |
+-----------------+----------+
| long_query_time | 4.000000 |
+-----------------+----------+
1 row in set (0.00 sec)
(root@localhost) [(none)]> set global long_query_time=8;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]> show global variables like 'long_query_time';
+-----------------+----------+
| Variable_name | Value |
+-----------------+----------+
| long_query_time | 8.000000 |
+-----------------+----------+
1 row in set (0.01 sec)需要注意的是一个会话set global后,有另外一个会话在set global前打开的这个会话,那直接show variables是不会读取到set global后的值的,show global variables可以读取到,你需要重新打开这个会话show variables才会读取到set global后的值。
查看其他会话的变量值
sql
(root@localhost) [performance_schema]> show tables like '%variables%';
+--------------------------------------------+
| Tables_in_performance_schema (%variables%) |
+--------------------------------------------+
| global_variables |
| persisted_variables |
| session_variables |
| user_variables_by_thread |
| variables_by_thread |
| variables_info |
+--------------------------------------------+
6 rows in set (0.00 sec)
(root@localhost) [performance_schema]> select * from variables_by_thread where VARIABLE_NAME='long_query_time';
+-----------+-----------------+----------------+
| THREAD_ID | VARIABLE_NAME | VARIABLE_VALUE |
+-----------+-----------------+----------------+
| 47 | long_query_time | 10.000000 |
| 48 | long_query_time | 8.000000 |
+-----------+-----------------+----------------+
2 rows in set (0.00 sec)这里可以看到一个是10是我当前会话的 long_query_time的值,另外一个8是另外一个会话设置的值
- 按类型分
- 可修改变量
- 只读变量(mysql运行中不能修改这种变量比如datadir变量)
MySQL :: MySQL 8.0 参考手册 :: 7.1.8 服务器系统变量
可以查看参数是否是可修改的变量,Dynamic为yes的变量可修改
3.用户权限管理
创建用户
sql
create user 'hwz'@'192.168.1.%' identified by '123456';删除用户
sql
drop user 'hwz'@'192.168.1.%';修改用户密码
sql
(root@localhost) [mysql]> alter user 'hwz'@'localhost' identified by '1234';
Query OK, 0 rows affected (0.01 sec)查看创建的用户
sql
(root@localhost) [mysql]> show create user 'hwz'@'localhost'\G
*************************** 1. row ***************************
CREATE USER for hwz@localhost: CREATE USER `hwz`@`localhost` IDENTIFIED WITH 'caching_sha2_password' AS '$A$005$\\F]4\\L~dQ>A\n\'MP~wsWQWtSMTdbwDCdYV0qIKuWUr.2DKpaWruXUVBb3CSlA' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT PASSWORD REQUIRE CURRENT DEFAULT用户上锁
sql
(root@localhost) [(none)]> alter user hwz@'localhost' account lock;
Query OK, 0 rows affected (0.01 sec)
(root@localhost) [(none)]> select user,host,account_locked from mysql.user;
+------------------+-------------+----------------+
| user | host | account_locked |
+------------------+-------------+----------------+
| hwz | 192.168.1.% | N |
| hwz | localhost | Y |
| mysql.infoschema | localhost | Y |
| mysql.session | localhost | Y |
| mysql.sys | localhost | Y |
| root | localhost | N |
+------------------+-------------+----------------+
6 rows in set (0.00 sec)用户解锁
sql
(root@localhost) [(none)]> alter user hwz@'localhost' account unlock;
Query OK, 0 rows affected (0.00 sec)查看所有的用户
sql
(root@localhost) [mysql]> select host,user from user;
+-------------+------------------+
| host | user |
+-------------+------------------+
| 192.168.1.% | hwz |
| localhost | hwz |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-------------+------------------+
6 rows in set (0.00 sec)授予权限
语法:grant 权限 on 权限级别 to 用户;
权限级别有四种:
- *.* : 全库级别 ----->管理员 --->mysql.user
- test.*: 单库级别 ----->业务层面 ------>mysql.db
- test.t1: 单表级别 ------->mysql.tables_priv
- select(id,name) : 列级别 --------->mysql.columns_priv
sql
# 授予权限前不能看到mysql数据库
(hwz@localhost) [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
# 使用root账号授权给hwz账号查看mysql数据库所有表的权限
(root@localhost) [mysql]> grant select on mysql.* to 'hwz'@'localhost';
Query OK, 0 rows affected (0.01 sec)
# 授予权限后
(hwz@localhost) [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
+--------------------+授予权限同时授予他的权限授予别人
sql
(root@localhost) [mysql]> grant select,insert on mysql.* to 'hwz'@'localhost' with grant option;
Query OK, 0 rows affected (0.01 sec)
(root@localhost) [mysql]> show grants for 'hwz'@'localhost';
+--------------------------------------------------------------------------+
| Grants for hwz@localhost |
+--------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `hwz`@`localhost` |
| GRANT SELECT, INSERT ON `mysql`.* TO `hwz`@`localhost` WITH GRANT OPTION |
+--------------------------------------------------------------------------+
2 rows in set (0.00 sec)查看当前用户权限
sql
(hwz@localhost) [(none)]> show grants;
+-----------------------------------------+
| Grants for hwz@localhost |
+-----------------------------------------+
| GRANT USAGE ON *.* TO `hwz`@`localhost` |
+-----------------------------------------+查看别的用户权限
sql
(root@localhost) [mysql]> show grants for 'hwz'@'localhost';
+-----------------------------------------+
| Grants for hwz@localhost |
+-----------------------------------------+
| GRANT USAGE ON *.* TO `hwz`@`localhost` |
+-----------------------------------------+通过权限表查看用户权限
sql
# 这里授权hwz用户能只能查询test库的user表的name字段
(root@localhost) [test]> grant select(name) on test.user to hwz@'localhost';
Query OK, 0 rows affected (0.01 sec)
# 可以通过查询mysql.columns_priv查询到该权限,第三个即是
(root@localhost) [mysql]> select * from mysql.columns_priv where user='hwz'\G
*************************** 1. row ***************************
Host: localhost
Db: mysql
User: hwz
Table_name: user
Column_name: host
Timestamp: 2025-01-28 22:35:17
Column_priv: Select
*************************** 2. row ***************************
Host: localhost
Db: mysql
User: hwz
Table_name: user
Column_name: user
Timestamp: 2025-01-28 22:35:17
Column_priv: Select
*************************** 3. row ***************************
Host: localhost
Db: test
User: hwz
Table_name: user
Column_name: name
Timestamp: 2025-02-03 15:51:27
Column_priv: Select
3 rows in set (0.00 sec)刚创建的用户只有USAGE权限,相当于没有权限,只能登录
MySQL :: MySQL 8.0 参考手册 :: MySQL 提供的 8.2.2 权限 查看所有详细的权限和说明
查看有哪些权限
sql
(root@localhost) [(none)]> show privileges;收回权限
sql
(root@localhost) [mysql]> revoke select on mysql.* from 'hwz'@'localhost';
Query OK, 0 rows affected (0.01 sec)
(root@localhost) [mysql]> show grants for 'hwz'@'localhost';
+-----------------------------------------+
| Grants for hwz@localhost |
+-----------------------------------------+
| GRANT USAGE ON *.* TO `hwz`@`localhost` |
+-----------------------------------------+3.1 角色创建和授权
8.0后社区版本才有角色授权
sql
(root@localhost) [mysql]> create role dev_role@'localhost';
Query OK, 0 rows affected (0.02 sec)
(root@localhost) [mysql]> grant select,update,insert on test.* to dev_role@'localhost';
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [mysql]> create user dev_user@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [mysql]> grant dev_role@'localhost' to dev_user@'localhost';
Query OK, 0 rows affected (0.01 sec)查看角色
sql
(root@localhost) [mysql]> select * from mysql.role_edges;
+-----------+-----------+-----------+----------+-------------------+
| FROM_HOST | FROM_USER | TO_HOST | TO_USER | WITH_ADMIN_OPTION |
+-----------+-----------+-----------+----------+-------------------+
| localhost | dev_role | localhost | dev_user | N |
+-----------+-----------+-----------+----------+-------------------+
1 row in set (0.00 sec)角色也相当于一个上锁的用户(不能登陆)
sql
(root@localhost) [mysql]> select user,host,authentication_string,account_locked from mysql.user\G
*************************** 2. row ***************************
user: dev_role
host: localhost
authentication_string:
account_locked: Y还可以这样查询用户权限
sql
(root@localhost) [mysql]> select * from information_schema.user_privileges;3.2 激活角色
向角色授予权限后默认是没有激活角色的。
登录上被授予角色的用户查看当前会话激活的角色,NONE即是没有。
sql
(dev_user2@localhost) [test]> SELECT CURRENT_ROLE();
+----------------+
| CURRENT_ROLE() |
+----------------+
| NONE |
+----------------+
1 row in set (0.00 sec)有三种方法激活角色
- 设置默认激活的角色。当用户登录上时会自动激活默认角色。
设置默认将所有的授予的角色激活
sql
(root@localhost) [mysql]> set default role all to dev_user2@'localhost';
Query OK, 0 rows affected (0.01 sec)我这里授予了两个角色,所以默认有两个,你也可以默认激活指定一个
sql
(dev_user2@localhost) [(none)]> SELECT CURRENT_ROLE();
+---------------------------------+
| CURRENT_ROLE() |
+---------------------------------+
| `dev_role2`@`%`,`dev_role3`@`%` |
+---------------------------------+
1 row in set (0.00 sec)2.当前会话手动激活指定角色。
sql
(dev_user2@localhost) [(none)]> set role dev_role3;
Query OK, 0 rows affected (0.00 sec)
(dev_user2@localhost) [(none)]> SELECT CURRENT_ROLE();
+-----------------+
| CURRENT_ROLE() |
+-----------------+
| `dev_role3`@`%` |
+-----------------+
1 row in set (0.00 sec)还有种方式激活所有排查指定角色
sql
(dev_user2@localhost) [(none)]> set role all except dev_role3;
Query OK, 0 rows affected (0.01 sec)
(dev_user2@localhost) [(none)]> SELECT CURRENT_ROLE();
+-----------------+
| CURRENT_ROLE() |
+-----------------+
| `dev_role2`@`%` |
+-----------------+
1 row in set (0.00 sec)3.开启系统参数activate-all-roles-on-login登录自动激活所有授予的角色。
sql
(root@localhost) [mysql]> show variables like 'activate_all_roles_on_login';
+-----------------------------+-------+
| Variable_name | Value |
+-----------------------------+-------+
| activate_all_roles_on_login | OFF |
+-----------------------------+-------+
1 row in set (0.01 sec)
(root@localhost) [mysql]> SET GLOBAL activate_all_roles_on_login=ON;
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [mysql]> show variables like 'activate_all_roles_on_login';
+-----------------------------+-------+
| Variable_name | Value |
+-----------------------------+-------+
| activate_all_roles_on_login | ON |
+-----------------------------+-------+
1 row in set (0.00 sec)3.3 回收角色
sql
(root@localhost) [mysql]> show grants for hwz@'localhost';
+----------------------------------------------------------------------+
| Grants for hwz@localhost |
+----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `hwz`@`localhost` |
| GRANT INDEX ON `mysql`.* TO `hwz`@`localhost` |
| GRANT SELECT (`host`, `user`) ON `mysql`.`user` TO `hwz`@`localhost` |
| GRANT SELECT (`name`) ON `test`.`user` TO `hwz`@`localhost` |
| GRANT `dev_role2`@`%` TO `hwz`@`localhost` |
+----------------------------------------------------------------------+
5 rows in set (0.00 sec)
(root@localhost) [mysql]> revoke dev_role2 from hwz@'localhost';
Query OK, 0 rows affected (0.00 sec)4、
常用命令
1、linux命令
bash
查看某参数的默认值或者官方解释
mysqld --help --verbose | grep defaults-file2、SQL命令
查找某个配置变量的值
sql
(root@localhost) [(none)]> show variables like 'data%';
+---------------+------------------------+
| Variable_name | Value |
+---------------+------------------------+
| datadir | /usr/local/mysql/data/ |
+---------------+------------------------+
1 row in set (0.01 sec)查看告警
sql
show warnings;查看表结构
sql
desc table_name;查看当前连接服务端的状态
sql
(root@localhost) [mysql]> status
--------------
mysql Ver 8.0.28 for Linux on x86_64 (MySQL Community Server - GPL)
Connection id: 8
Current database: mysql
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 8.0.28 MySQL Community Server - GPL
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /tmp/mysql.sock
Binary data as: Hexadecimal
Uptime: 8 hours 44 min 31 sec
Threads: 3 Questions: 235 Slow queries: 0 Opens: 260 Flush tables: 3 Open tables: 179 Queries per second avg: 0.007
--------------
(root@localhost) [mysql]> \s
--------------
mysql Ver 8.0.28 for Linux on x86_64 (MySQL Community Server - GPL)
Connection id: 8
Current database: mysql
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 8.0.28 MySQL Community Server - GPL
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /tmp/mysql.sock
Binary data as: Hexadecimal
Uptime: 8 hours 44 min 38 sec
Threads: 3 Questions: 238 Slow queries: 0 Opens: 260 Flush tables: 3 Open tables: 179 Queries per second avg: 0.007
--------------查看是否开启ssl连接,主要看have_openssl为yes即为开启(8.x版本默认开启)
sql
(root@localhost) [mysql]> show variables like '%ssl%';
+-------------------------------------+-----------------+
| Variable_name | Value |
+-------------------------------------+-----------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | server-key.pem |
+-------------------------------------+-----------------+查看前台连接线程
sql
(root@localhost) [(none)]> show processList;
+----+-----------------+-----------+------+---------+------+------------------------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+-----------------+-----------+------+---------+------+------------------------+------------------+
| 5 | event_scheduler | localhost | NULL | Daemon | 131 | Waiting on empty queue | NULL |
| 8 | root | localhost | NULL | Query | 0 | init | show processList |
+----+-----------------+-----------+------+---------+------+------------------------+------------------+
2 rows in set (0.00 sec)查看后台在执行的线程(像io线程,SQL线程。。。。)
sql
(root@localhost) [(none)]> select * from performance_schema.threads\G
*************************** 1. row ***************************
THREAD_ID: 1
NAME: thread/sql/main
TYPE: BACKGROUND
PROCESSLIST_ID: NULL
PROCESSLIST_USER: NULL
PROCESSLIST_HOST: NULL
PROCESSLIST_DB: mysql
PROCESSLIST_COMMAND: NULL
PROCESSLIST_TIME: 565
PROCESSLIST_STATE: NULL
PROCESSLIST_INFO: NULL
PARENT_THREAD_ID: NULL
ROLE: NULL
INSTRUMENTED: YES
HISTORY: YES
CONNECTION_TYPE: NULL
THREAD_OS_ID: 4620
RESOURCE_GROUP: SYS_default
*************************** 2. row ***************************
THREAD_ID: 3
NAME: thread/innodb/io_ibuf_thread
TYPE: BACKGROUND
PROCESSLIST_ID: NULL
PROCESSLIST_USER: NULL
PROCESSLIST_HOST: NULL
PROCESSLIST_DB: NULL
PROCESSLIST_COMMAND: NULL
PROCESSLIST_TIME: NULL
PROCESSLIST_STATE: NULL
PROCESSLIST_INFO: NULL
PARENT_THREAD_ID: NULL
ROLE: NULL
INSTRUMENTED: YES
HISTORY: YES
CONNECTION_TYPE: NULL
THREAD_OS_ID: 4625
RESOURCE_GROUP: SYS_default