SQL语言续2

SQL语言续2

3.9权限管理和DCL语句

在MySQL服务中，新创建的用户仅仅只能连接，没有操作权限，需要配置相应的权限后才能使用。

3.9.1 权限类别

管理类 CREATE USER，FILE，SUPER，SHOW DATABASES，RELOAD，SHUTDOWN，REPLICATION SLAVE， REPLICATION CLIENT，LOCK TABLES，PROCESS，CREATE TEMPORARY TABLES

程序类针对FUNCTION、PROCEDURE、TRIGGER CREATE，ALTER，DROP，EXCUTE

库和表级别针对DATABASE、TABLE ALTER，CREATE，CREATE VIEW，DROP INDEX，SHOW VIEW，WITH GRANT OPTION(将自己获得的 权限转赠给其他数据操作 SELECT，INSERT，DELETE，UPDATE户）

字段级别 SELECT(col1,coI2.,...)，UPDATE(col1,col2,...)，INSERT(col1,col2,...)

所有权限 ALL PRIVILEGES或ALL

3.9.2 授权#

mysql> help grant
Name: 'GRANT'
Description:
Syntax:
GRANT
   priv_type [(column_list)]
     [, priv_type [(column_list)]] ...
   ON [object_type] priv_level
   TO user_or_role [, user_or_role] ...
   [WITH GRANT OPTION]
   [AS user
       [WITH ROLE
           DEFAULT
         | NONE
         | ALL
         | ALL EXCEPT role [, role ] ...
         | role [, role ] ...
#priv_type       要授予的权限ALL [PRIVILEGES]
#object_type     对象的类型TABLE|FUNCTION|PROCEDURE
#priv_level     范围 
*|*.*|db_name.*|db_name.tbl_name|tbl_name|db_name.routine_name(指定库的函数，存储过
程，触发器)
#with_option   选项
 #GRANT OPTION   可以将自己的权限授权给其它账号
 #MAX_QUERIES_PER_HOUR N   每小时最大查询次数
 #MAX_UPDATES_PER_HOUR N   每小时最大更新次数
 #MAX_CONNECTIONS_PER_HOUR N   每小时最大连接次数
 #MAX_USER_CONNECTIONS N   最大用户连接数
#MAX_USER_CONNECTIONS   指的是瞬间的并发连接数，而MAX_CONNECTIONS_PER_HOUR指的是每小时
累计的最大连接次数
#资源限制是对某一账号进行累计的，而不是对账号的一次连接进行累计的，当资源限制到达后，账号的任何一
次相关操作都会被拒

范例：

#只能查询，插入指定字段
GRANT SELECT(col1),INSERT(col1,col2) ON mydb.mytbl TO 'someuser'@'somehost';
#有指定库的所有权限
GRANT ALL ON wordpress.* TO wordpress '10.0.0.%';
#授予所有权限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.0.0.%' WITH GRANT OPTION;
#创建用户和授权同时执行的方式在MySQL8.0取消了
GRANT ALL ON wordpress.* TO wordpress@'192.168.108.%' IDENTIFIED BY 'huawei';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.108.%' IDENTIFIED BY 'huawei' WITH 
GRANT OPTION;

3.9.3 取消权限

格式

REVOKE
   priv_type [(column_list)]
     [, priv_type [(column_list)]] ...
   ON [object_type] priv_level
   FROM user_or_role [, user_or_role] ...

范例

REVOKE DELETE ON *.* FROM 'testuser'@'172.16.0.%';
REVOKE ALL ON *.* FROM'testuser'@'172.16.0.%';

3.9.4查看用户权限

#查看指定用户权限
SHOW GRANTS FOR 'user'@'host';
#查看当前使用中的用户的权限
SHOW GRANTS FOR CURRENT_USER[()];

注意

MariaDB服务进程启动时会读取mysql库中所有授权表至内存。

GRANT或REVOKE等执行权限操作会保存于系统表中，MariaDB的服务进程通常会自动重读授权 表，使之生效。

对于不能够或不能及时重读授权表的命令，可手动让MariaDB的服务进程重读授权表： mysql>FLUSH PRIVILEGES。

范例

#本地操作
#创建用户
mysql> create user 'root'@'192.168.108.%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> select host,user from mysql.user;
+---------------+------------------+
| host         | user             |
+---------------+------------------+
| 192.168.108.% | root             |
| localhost     | mysql.infoschema |
| localhost     | mysql.session   |
| localhost     | mysql.sys       |
| localhost     | root             |
+---------------+------------------+
5 rows in set (0.00 sec)
#查看新用户的权限，默认只有 USAGE 权限，只能连接
mysql> show grants for 'root'@'192.168.108.%';
+----------------------------------------------+
| Grants for root@192.168.108.%               |
+----------------------------------------------+
| GRANT USAGE ON *.* TO `root`@`192.168.108.%` |
+----------------------------------------------+
1 row in set (0.00 sec)
#远程连接，远程操作
[root@localhost ~]# mysql -uroot -p123456 -h192.168.108.128
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
#查看权限，远程操作
mysql> SHOW GRANTS FOR CURRENT_USER;
+----------------------------------------------+
| Grants for root@192.168.108.%               |
+----------------------------------------------+
| GRANT USAGE ON *.* TO `root`@`192.168.108.%` |
+----------------------------------------------+
1 row in set (0.00 sec)
#无权限创建，远程操作
mysql> create database db1;ERROR 1044 (42000): Access denied for user 'root'@'192.168.108.%' to database 
'db1'

开始本地操作

本地操作
mysql> create database db1;
mysql> create database db2;
mysql> use db1;
CREATE TABLE student (
id int UNSIGNED AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(20) NOT NULL,
age tinyint UNSIGNED,
#height DECIMAL(5,2),
gender ENUM('M','F') default 'M'
)ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8mb4;
mysql> insert student (name,age)values('xiaoming',20);
#授权能查看 mysql 中的 user 表，本地操作
mysql> grant select on db1.student to root@'192.168.108.%';
Query OK, 0 rows affected (0.00 sec)
#远程用户再次刷新，远程操作
mysql> SHOW GRANTS FOR CURRENT_USER;
+-----------------------------------------------------------+
| Grants for root@192.168.108.%                             |
+-----------------------------------------------------------+
| GRANT USAGE ON *.* TO `root`@`192.168.108.%`             |
| GRANT SELECT ON `db1`.`student` TO `root`@`192.168.108.%` |
+-----------------------------------------------------------+
2 rows in set (0.00 sec)
#能看到数据库，远程操作
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| db1               |
| information_schema |
+--------------------+
2 rows in set (0.00 sec)
#远程操作
mysql> use db1;     
Database changed
mysql> show tables;
+---------------+
| Tables_in_db1 |
+---------------+
| student       |
+---------------+
1 row in set (0.00 sec)

#远程操作
mysql> select * from student;范例
+----+----------+------+--------+
| id | name     | age | gender |
+----+----------+------+--------+
| 10 | xiaoming |   20 | M     |
+----+----------+------+--------+
1 row in set (0.00 sec)
#没有更新权限，远程操作
mysql> update student set age=25 where id=10;
ERROR 1142 (42000): UPDATE command denied to user 'root'@'192.168.108.1' for 
table 'student'
#没有删除权限，远程操作
mysql> delete from student where id=10;
ERROR 1142 (42000): DELETE command denied to user 'root'@'192.168.108.1' for 
table 'student'
#继续授权，本地操作
mysql> grant update,delete on db1.student to root@'192.168.108.%';
#再次查看，远程操作
mysql> SHOW GRANTS FOR CURRENT_USER;
+---------------------------------------------------------------------------+
| Grants for root@192.168.108.%                                             |
+---------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `root`@`192.168.108.%`                             |
| GRANT SELECT, UPDATE, DELETE ON `db1`.`student` TO `root`@`192.168.108.%` |
+---------------------------------------------------------------------------+
2 rows in set (0.00 sec)
#测试，远程操作
mysql> update student set age=25 where id=10;
mysql> select * from student;
+----+----------+------+--------+
| id | name     | age | gender |
+----+----------+------+--------+
| 10 | xiaoming |   25 | M     |
+----+----------+------+--------+
1 row in set (0.00 sec)
mysql> delete from student where id=10;
mysql> select * from student;
Empty set (0.00 sec)

范例

创建数据库，继续操作

#创建数据库，本地操作
mysql> create database eshop;
Query OK, 1 row affected (0.00 sec)
#创建用户，本地操作
mysql> create user eshoper@'192.168.108.%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
#授权，本地操作
mysql> grant all on eshop.* to eshoper@'192.168.108.%';
Query OK, 0 rows affected (0.00 sec)
#远程测试
C:\Users\69466>mysql -ueshoper -p123456 -h192.168.108.128
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| eshop             |
| information_schema |
+--------------------+
2 rows in set (0.00 sec)
#创建表
mysql> use eshop;
Database changed
mysql> create table product (id int,name varchar(10));
Query OK, 0 rows affected (0.10 sec)
mysql> show tables;
+-----------------+
| Tables_in_eshop |
+-----------------+
| product         |
+-----------------+
1 row in set (0.00 sec)

3.10实现基于LAMP架构的开源网站

3.10.1LAMP 架构说明

LAMP是指一组通常一起使用来运行动态网站的自由软件名称首字母的缩写。

L是指Linux操作系统。A是指Apache，用来提供Web服务。

M指MySQL，用来提供数据库服务。 P指PHP，是动态网站的的一种开发语言。

/etc/php.ini配置文件格式

[foo]: Section Header
directive = value

php.ini 配置参考文档

php.ini的核心配置选项文档 http://php.net/manual/zh/ini.core.php
php.ini配置选项列表 http://php.net/manual/zh/ini.1ist.php

php常见配置项

expose_php=On #响应报文显示首部字段x-powered-by：PHP/x.y.z，暴露php
版本，建议为off
max_execution_time=30 #最长执行时间30s
memory_limit=128M #生产不够，可调大
display_errors=off #调试使用，不要打开，否则可能暴露重要信息
display_startup_errors=off #建议关闭
post_max_size=8M #最大上传数据大小，生产可能调大，比下面项大
upload_max_filesize=2M #最大上传文件，生产可能要调大
max_file_uploads=20 #同时上传最多文件数
date.timezone=Asia/shanghai #指定时区
short_open_tag=On #支持短标签

3.10.2实现博客项目

服务器配置

通过Centos-Stream8-template克隆2台

IP地址规划 主机名 作用 软件 192.168.108.100 web 提供WEB服务，PHP动态解析 Apache，PHP 192.168.108.101 mysql 提供数据库服务 MySQL

WordPress WordPress是使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设属于 自己的网站。也可以把WordPress当作一个内容管理系统（CMS）来使用。

具体实现

#在100上安装apapche和PHP
[root@web ~]# yum -y install httpd php php-mysqlnd php-json php-gd php-xml phpmbstring
 php-zip
[root@web ~]# php -v
PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
#关闭防火墙
[root@web ~]# systemctl disable --now firewalld
#启动WEB服务
[root@web ~]# systemctl start httpd.service
#添加php测试页面
[root@web ~]# vim /var/www/html/test.php
<?php
phpinfo();

可以通过浏览器访问页面

#下载wordpress 源码
[root@web ~]# cd /var/www/html/
[root@web html]# wget https://cn.wordpress.org/latest-zh_CN.zip
[root@web html]# unzip latest-zh_CN.zip
[root@web html]# ls
latest-zh_CN.zip test.php wordpress
#修改属主属组
[root@web html]# chown -R apache.apache wordpress/
#切换到101节点，创建数据库
[root@mysql ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database wordpress;
Query OK, 1 row affected (0.02 sec)
#创建用户
mysql> create user 'wordpresser'@'192.168.108.%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
#授权
mysql> grant all on wordpress.* to 'wordpresser'@'192.168.108.%';
Query OK, 0 rows affected (0.01 sec)

为项目配置域名

#在web服务器上配置域名指向的目录
[root@web ~]# vim /etc/httpd/conf.d/blog.gqd.cloud.conf
<VirtualHost *:80>
 ServerName blog.gqd.cloud
 DocumentRoot "/var/www/html/wordpress"
 <Directory "/var/www/html/wordpress">
   AllowOverride all
   Order allow,deny
   Allow from all
 </Directory>
</VirtualHost>
#重启httpd
[root@web ~]# systemctl restart httpd
#在物理机上为域名设置解析
#在C:\windows\System32\drivers\etc\hosts添中如下行
192.168.108.100 blog.gqd.cloud

接下来登录浏览器即可参看wordpress