用户管理
如果我们只能使用 root 用户,这样存在安全隐患。这时,就需要使用 MySQL 的用户管理。
用户
用户信息
MySQL 中的用户,都存储在系统数据库 mysql 的 user 表中。
sql
mysql> show databases;
+--------------------+
| Database |
+--------------------+
|//...... |
| mysql |
+--------------------+
10 rows in set (0.00 sec)
mysql> show tables;
+------------------------------------------------------+
| Tables_in_mysql |
+------------------------------------------------------+
|//...... |
| user |
+------------------------------------------------------+
38 rows in set (0.00 sec)
sql
mysql> select * from user\G;
//自行进行查看
sql
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051CF2FD |
+------------------+-----------+------------------------------------------------------------------------+
4 rows in set (0.00 sec)字段解释:
-
host :表示这个用户可以从哪个主机登陆,如果是 localhost,表示只能从本机登陆。
-
user:用户名。
-
authentication_string :用户密码通过 password 函数加密后的值。
-
*_priv:用户拥有的权限。
MySQL 和 Linux 一样,允许我们创建多个用户,这些用户都叫做普通用户,我们root可以给他开账号,所谓的在 MySQL 给一个用户开账号,就是把这个用户的:用户名,允许从哪里登入,以及用户的密码信息放置在 MySQL 中对应的 user 表当中,此时,就有了这个用户了!
所以我们想要在 MySQL 中新增一个用户,做法有一种特别简单粗暴的,就是直接 insert 插入,不需要使用后面的用户操作SQL。但是太麻烦了,列信息,权限等等,这些也是需要进行 insert 的,难道你不写吗?所以我们没有必要直接 insert,虽然也是可以的!
创建用户
语法:
create user '用户名'@'登陆主机/ip' identified by '密码';如果是本地登入,就是"localhost"或者本地环回:"127.0.0.1",或者需要远程登入,还需要给此用户设置密码,这个密码会被进行哈希加密保存在 user 表当中的
案例:
sql
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051CF2FD |
+------------------+-----------+------------------------------------------------------------------------+
4 rows in set (0.00 sec)
mysql> create user 'lfz'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.02 sec)
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| lfz | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6gelwjgB0E56A4F41550DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.00 sec)此时便可以使用新账号新密码进行登陆啦!
不过我们最好在登入之前进行权限刷新:
cpp
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
sql
root@instance-hojuqq09:~# mysql -ulfz -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 29
Server version: 8.0.43 MySQL Community Server - GPL
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
+--------------------+
2 rows in set (0.00 sec)
// 这就比之前的结构少了!-- 备注:可能实际在设置密码的时候,因为 mysql 本身的认证等级比较高,一些简单的密码无法设置,会爆出
如下报错:
--ERROR1819(HY000):Yourpassworddoesnotsatisfythecurrentpolicy
requirements
--解决方案: Your password does not satisfy the current policy requirements-CSDN博客
-- 查看密码设置相关要求: SHOWVARIABLESLIKE'validate_password%';
-- 这个大家下来自己玩玩
-- 关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的 user 。
不过我们现在的 lfz 用户并不能进行远程登入,host 是设置成 localhost,也就是说只允许从本地登入,就是这个 MySQL 在哪一台机器上,就只能在这一台机器上进行登入!不能跨网络访问。
所以,我们现在先来删除用户!
我们当然也可以使用 CURD :
sql
delete from user where USER='lfz'来将这个用户删掉,但是我们不建议,我们依旧推荐相关的用户操作 SQL!然后我们再创建一个允许用户远程登入的账号!
删除用户
语法:
sql
drop user '用户名'@'主机名';示例:
sql
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| lfz | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.00 sec)
mysql> drop user lfz;
ERROR 1396 (HY000): Operation DROP USER failed for 'lfz'@'%'
mysql> drop user lfz@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
4 rows in set (0.00 sec)我们接下来就创建一个可以远程登入的账号!
使用 "%" 代表可以从任意主机进行登入!!!
sql
mysql> create user 'lfz'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| lfz | % | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)修改用户密码
语法:
- 自己改自己密码:
sql
set password = password('新的密码');- root 用户修改指定用户的密码:
sql
set password for '用户名'@'主机名' = password('新的密码');MySQL 5.7 及之前的版本
在 MySQL 5.7 及之前的版本中,可以使用 PASSWORD() 函数来设置密码,如下所示:
cpp
SET PASSWORD FOR '用户名'@'主机名' = PASSWORD('新的密码');MySQL 8.0 及之后的版本
从 MySQL 8.0 开始,推荐使用 ALTER USER 语句来设置密码,如下所示:
cpp
ALTER USER '用户名'@'主机名' IDENTIFIED BY '新的密码';或者,如果需要使用加密的密码,可以使用 CREATE USER 语句:
cpp
CREATE USER '用户名'@'主机名' IDENTIFIED WITH mysql_native_password BY '加密后的密码';在 MySQL 8.0 中,密码加密是在服务器端自动完成的,不需要手动加密密码。
案例:
在 MySQL 表当中所谓的密码就是在修改 user 表!而且是通过加密插入到表结构当中的!
cpp
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| lfz | % | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.00 sec)
mysql> ALTER USER 'lfz'@'%' IDENTIFIED BY '112233';
Query OK, 0 rows affected (0.00 sec)
mysql> select USER, HOST, authentication_string from user;
+------------------+-----------+------------------------------------------------------------------------+
| USER | HOST | authentication_string |
+------------------+-----------+------------------------------------------------------------------------+
| lfz | % | *C42CF059802456312318BB928C3334F1A6133AB4 |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root | localhost | *E092E64E0BD5C6924B0E56A4F4D155051DFCF2FD |
+------------------+-----------+------------------------------------------------------------------------+
5 rows in set (0.00 sec)请根据 MySQL 版本选择相应的命令来设置密码。如果不确定 MySQL 版本,可以使用以下命令查看:
sql
SELECT VERSION();这将返回正在使用的 MySQL 版本。
数据库的权限
MySQL数据库提供的权限列表:
| 权限 | 例 | 上下文 |
|---|---|---|
| CREATE | Create_priv | 数据库、表或索引 |
| DROP | Drop_priv | 数据库或表 |
| GRANT OPTION | Grant_priv | 数据库、表或存储的程序 |
| REFERENCES | References_priv | 数据库或表 |
| ALTER | Alter_priv | 表 |
| DELETE | Delete_priv | 表 |
| INDEX | Index_priv | 表 |
| INSERT | Insert_priv | 表 |
| SELECT | Select_priv | 表 |
| UPDATE | Update_priv | 表 |
| CREATE VIEW | Create_view_priv | 视图 |
| SHOW VIEW | Show_view_priv | 视图 |
| ALTER ROUTINE | Alter_routine_priv | 保存的程序 |
| CREATE ROUTINE | Create_routine_priv | 保存的程序 |
| EXECUTE | Execute_priv | 保存的程序 |
| FILE | File_priv | 服务器主机上的文件访问 |
| CREATE TEMPORARY TABLES | Create_tmp_table_priv | 服务器管理 |
| LOCK TABLES | Lock_tables_priv | 服务器管理 |
| CREATE USER | Create_user_priv | 服务器管理 |
| PROCESS | Process_priv | 服务器管理 |
| RELOAD | Reload_priv | 服务器管理 |
| REPLICATION CLIENT | Repl_client_priv | 服务器管理 |
| REPLICATION SLAVE | Repl_slave_priv | 服务器管理 |
| SHOW DATABASES | Show_db_priv | 服务器管理 |
| SHUTDOWN | Shutdown_priv | 服务器管理 |
| SUPER | Super_priv | 服务器管理 |
给用户授权
语法:
cpp
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码'];说明:
权限列表,多个权限用逗号分开
-
grant select on ... -
grant select, delete, create on ... -
grant all [privileges] on ...--表示赋予该用户在该对象上的所有权限
*.*:代表本系统中的所有数据库的所有对象(表、视图、存储过程等)
库.*:表示某个数据库中的所有数据对象(表、视图、存储过程等)
identified by可选。如果用户不存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户
案例:
sql
-- 使用root账号
-- 先创建A
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> use test;
Database changed
mysql> show tables;
+------------------+
| Tables_in_test |
+------------------+
| account |
| student |
| user |
+------------------+
3 rows in set (0.00 sec)
mysql> select * from account;
+----+--------+--------+
| id | name | balance |
+----+--------+--------+
| 1 | 李四 | 321.00 |
| 2 | 王五 | 5432.00 |
| 3 | 赵六 | 543.90 |
| 4 | 赵六 | 543.90 |
| 5 | 赵六 | 543.90 |
+----+--------+--------+
4 rows in set (0.00 sec)
-- 没有删除权限
mysql> delete from account;
ERROR 1142 (42000): DELETE command denied to user 'whb'@'localhost' for table 'account'
备注:特定用户现在查看权限
mysql> show grants for 'whb'@'%';
+-----------------------------------------------------+
| Grants for whb@% |
+-----------------------------------------------------+
| GRANT USAGE ON *.* TO 'whb'@'%' |
| GRANT ALL PRIVILEGES ON `test`.* TO 'whb'@'%' |
+-----------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'root'@'%';
+-----------------------------------------------------+
| Grants for root@% |
+-----------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION |
+-----------------------------------------------------+
1 row in set (0.00 sec)
[ 注意:如果发现授权后,没有生效,执行如下指令: ]
flush privileges;回收权限
语法:
sql
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';示例:
sql
-- 时刻whb对test数据库的所有权限
-- root身份,终端A
mysql> revoke all on test.* from 'whb'@'localhost';
Query OK, 0 rows affected (0.00 sec)
--whb身份,终端B
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> use test;
Database changed
mysql> show tables;
+------------------+
| Tables_in_test |
+------------------+
| account |
| student |
| user |
+------------------+
3 rows in set (0.01 sec)
-- 使用whb账号
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
1 row in set (0.00 sec)