MYSQL数据库初阶 之 MYSQL用户管理

好名字更能让你们记住我2025-09-14 11:57

文章目录

  • [13. MySQL用户管理](#13. MySQL用户管理)
    • [13.1 用户管理](#13.1 用户管理)
      • [13.1.1 用户信息](#13.1.1 用户信息)
      • [13.1.2 创建用户](#13.1.2 创建用户)
      • [13.1.3 删除用户](#13.1.3 删除用户)
      • [13.1.4 修改用户密码](#13.1.4 修改用户密码)
    • [13.2 数据库权限管理](#13.2 数据库权限管理)
      • MySQL权限列表
      • [13.2.1 授权](#13.2.1 授权)
      • [13.2.2 回收权限](#13.2.2 回收权限)

13. MySQL用户管理

如果我们只能使用root用户,这样存在安全隐患。这时,就需要使用MySQL的用户管理。

13.1 用户管理

13.1.1 用户信息

MySQL用户存储在系统库 mysqluser 表中:

sql 复制代码 
mysql> use mysql;
Database changed
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *EDD1889F47EEB2C9DDB1855642E57BBEFFC2158F |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *sTHISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
-- 可以通过desc user初步查看一下表结构

字段说明:

  • host:登录主机(localhost 表示仅本机登录)
  • user:用户名
  • authentication_string:加密后的密码
  • *_priv:权限字段

13.1.2 创建用户

语法:

sql 复制代码 
CREATE USER '用户名'@'登录主机/IP' IDENTIFIED BY '密码';

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

mysql> create user 'lll'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

-- 此时便可以使用新账号新密码进行登陆啦

-- 备注:可能实际在设置密码的时候,因为mysql本身的认证等级比较高,一些简单的密码无法设置,会爆出如下报错:
-- ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
-- 解决方案:https://blog.csdn.net/zhanaolu4821/article/details/93622812
-- 查看密码设置相关要求:SHOW VARIABLES LIKE 'validate_password%';

-- 这个大家下来自己玩玩
-- 关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的user。

13.1.3 删除用户

语法:

sql 复制代码 
drop user '用户名'@'主机名'

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> drop user 'lll'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

13.1.4 修改用户密码

修改自己的密码:

sql 复制代码 
SET PASSWORD = PASSWORD('新密码');

Root修改其他用户密码:

sql 复制代码 
SET PASSWORD FOR '用户名'@'主机名' = PASSWORD('新密码');

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | %         | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> set password for 'lll'@'%'=password('654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | %         | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

13.2 数据库权限管理

MySQL权限列表

13.2.1 授权

语法:

sql 复制代码 
GRANT 权限列表 ON 库.对象 TO '用户'@'登录位置' [IDENTIFIED BY '密码'];

关键符号:

  • 权限列表,多个权限用逗号分开
  • . : 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)
  • 库.* : 表示某个数据库中的所有数据对象(表,视图,存储过程等)
  • identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户

示例:

sql 复制代码 
-- 使用root账号
-- 终端A
mysql> create database rootdb;
Query OK, 1 row affected (0.00 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| bit_index          |
| index_db           |
| mysql              |
| performance_schema |
| rootdb             |
| scott              |
| sys                |
| test_db            |
+--------------------+
9 rows in set (0.00 sec)

mysql> use rootdb;
Database changed
mysql> create table user(id int primary key,name varchar(20));
Query OK, 0 rows affected (0.01 sec)

mysql> insert into user values (1,'张三');
Query OK, 1 row affected (0.00 sec)

mysql> show tables;
+------------------+
| Tables_in_rootdb |
+------------------+
| user             |
+------------------+
1 row in set (0.00 sec)

-- 给用户lll赋予rootdb数据库下所有文件的select权限
mysql> grant select on rootdb.* to 'lll'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

-- 使用lll账号

-- 终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

-- 暂停等root用户给lll赋完权之后,在查看

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| rootdb             |
+--------------------+
2 rows in set (0.00 sec)

mysql> use rootdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select*from user;
+----+--------+
| id | name   |
+----+--------+
|  1 | 张三   |
+----+--------+
1 row in set (0.00 sec)

-- 没有删除权限
mysql> delete from user;
ERROR 1142 (42000): DELETE command denied to user 'lll'@'localhost' for table 'user'

备注:特定用户现有查看权限
mysql> show grants for 'whb'@'%';

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'root'@'localhost';
+---------------------------------------------------------------------+
| Grants for root@localhost                                           |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)

注意:如果发现赋权限后,没有生效,执行如下指令:

sql 复制代码 
flush privileges;

13.2.2 回收权限

语法:

sql 复制代码 
REVOKE 权限列表 ON 库.对象 FROM '用户'@'登录位置';

示例:

sql 复制代码 
-- 回收whb对test数据库的所有权限
-- root身份,终端A

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

mysql> revoke select on rootdb.* from 'lll'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'lll'@'%';
+---------------------------------+
| Grants for lll@%                |
+---------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%' |
+---------------------------------+
1 row in set (0.00 sec)

-- 终端B

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
相关推荐
Solar202512 分钟前
MySQL安装避坑指南:从下载到启动的全平台避坑手册
adb
一 乐19 分钟前
车辆管理|校园车辆信息|基于SprinBoot+vue的校园车辆管理系统(源码+数据库+文档)
java·前端·数据库·vue.js·论文·毕设·车辆管理
得物技术29 分钟前
告别数据无序:得物数据研发与管理平台的破局之路
大数据·数据库·数据分析
特种加菲猫1 小时前
自定义协议、序列化与守护进程:构建可靠后端服务
linux·网络·笔记
指尖@韶华1 小时前
【Kylin Linux root 密码故障处置指南(超限重试 + 改回原密码)】
linux·运维·kylin
Madison-No71 小时前
【Linux】 第一个系统程序——进度条
linux·运维·服务器
求你别吃了ど⁰̷̴͈꒨⁰̷̴͈う♡1 小时前
Linux给命令起别名
linux·运维·服务器
年度最佳学生1 小时前
【linux】解决selinux 导致的 systemctl code=exited, status=203/EXEC
linux·运维·服务器
Maple_land1 小时前
内建命令揭秘与环境变量全景:Linux变量体系的完整闭环
linux·运维·服务器·c++·centos
被遗忘的旋律.1 小时前
Linux驱动开发笔记(十三)——platform设备驱动
linux·驱动开发·笔记
热门推荐
01GitHub 镜像站点02BongoCat - 跨平台键盘猫动画工具03UV安装并设置国内源04GitLab 零基础入门指南:从安装到项目管理全流程05Linux下V2Ray安装配置指南06Labelme从安装到标注:零基础完整指南07NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南08Burp与其他安全工具联动及代理设置教程09Pycharm+Neo4j红楼梦人物关系图谱10jdk21下载、安装(Windows、Linux、macOS)