Skip to content
On this page

MySQL Auth CLI

查看用户权限

查看有哪些用户:

mysql> select user,host,authentication_string from mysql.user; -- authentication_string与password等效
mysql> select user,host,authentication_string from mysql.user; -- authentication_string与password等效

查看root@'localhost'用户的权限:

mysql> show grants for root@localhost;
mysql> show grants for root@localhost;

赋予用户权限

创建 mysql 授权用户:

-- 创建suofeiya 这只是创建用户并没有权限
mysql> CREATE USER 'suofeiya'@'localhost' IDENTIFIED BY '123456';
-- 把suofeiya 变成管理员用户,即赋予所有权限
mysql> GRANT ALL PRIVILEGES ON *.* TO 'suofeiya'@'localhost' WITH GRANT OPTION;

-- 创建用户并赋予RELOAD,PROCESS权限 ,在所有的库和表上
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost' identified by '123456';

-- 创建test用户,在test库,temp表, 上的id列只有select权限
mysql> grant select(id) on test.temp to test@'localhost' identified by '123456';
-- 创建suofeiya 这只是创建用户并没有权限
mysql> CREATE USER 'suofeiya'@'localhost' IDENTIFIED BY '123456';
-- 把suofeiya 变成管理员用户,即赋予所有权限
mysql> GRANT ALL PRIVILEGES ON *.* TO 'suofeiya'@'localhost' WITH GRANT OPTION;

-- 创建用户并赋予RELOAD,PROCESS权限 ,在所有的库和表上
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost' identified by '123456';

-- 创建test用户,在test库,temp表, 上的id列只有select权限
mysql> grant select(id) on test.temp to test@'localhost' identified by '123456';

限制用户资源使用:

GRANT OPTION-- 授权选项
    MAX_QUERIES_PER_HOUR:                        -- 定义每小时允许执行的查询数
    MAX_UPDATES_PER_HOUR:                        -- 定义每小时允许执行的更新数
    MAX_CONNECTIONS_PER_HOUR:                    -- 定义每小时可以建立的连接数
    MAX_USER_CONNECTIONS:                        -- 定义单个用户同时可以建立的连接数

-- 例子:限制用户每小时的查询数量
mysql> grant select on *.* to '用户名'@'IP地址' identified by '123456' with max_queries_per_hour 5;
GRANT OPTION-- 授权选项
    MAX_QUERIES_PER_HOUR:                        -- 定义每小时允许执行的查询数
    MAX_UPDATES_PER_HOUR:                        -- 定义每小时允许执行的更新数
    MAX_CONNECTIONS_PER_HOUR:                    -- 定义每小时可以建立的连接数
    MAX_USER_CONNECTIONS:                        -- 定义单个用户同时可以建立的连接数

-- 例子:限制用户每小时的查询数量
mysql> grant select on *.* to '用户名'@'IP地址' identified by '123456' with max_queries_per_hour 5;

删除用户

mysql> DROP USER admin@'localhost';
-- 通过修改数据表来删除用户时,需要刷新权限
mysql> DELETE FROM mysql.user WHERE user='admin' AND host='localhost';
mysql> FLUSH PRIVILEGES;
mysql> DROP USER admin@'localhost';
-- 通过修改数据表来删除用户时,需要刷新权限
mysql> DELETE FROM mysql.user WHERE user='admin' AND host='localhost';
mysql> FLUSH PRIVILEGES;

修改用户权限或密码

修改用户密码的几种方式:

mysql> ALTER USER 'suofeiya'@'localhost' IDENTIFIED BY 'mypass';
-- 设置随机密码
mysql> ALTER USER 'suofeiya'@'localhost' IDENTIFIED BY RANDOM PASSWORD; -- MariaDB中似乎没有这个功能
mysql> SET PASSWORD FOR 'suofeiya'@'localhost' = PASSWORD('mypass');
mysql> SET PASSWORD FOR 'jeffrey'@'localhost' = 'auth_string';
mysql> GRANT USAGE ON *.* TO 'suofeiya'@'localhost' IDENTIFIED BY 'mypass';
-- 用UPDATE直接编辑user表,不太推荐,修改完密码之后要flush privileges
mysql> USE mysql;
mysql> update user set password=password('123') where user='root' and host='localhost';
mysql> FLUSH PRIVILEGES;
-- 修改当前用户密码
mysql> SET PASSWORD=password('new_password');
mysql> SET PASSWORD='auth_string';		-- 与上面命令等效,都是修改当前用户的密码

-- 使用mysqladmin客户端工具进行修改
shell> mysqladmin -u suofeiya -h localhost password "new_password"
mysql> ALTER USER 'suofeiya'@'localhost' IDENTIFIED BY 'mypass';
-- 设置随机密码
mysql> ALTER USER 'suofeiya'@'localhost' IDENTIFIED BY RANDOM PASSWORD; -- MariaDB中似乎没有这个功能
mysql> SET PASSWORD FOR 'suofeiya'@'localhost' = PASSWORD('mypass');
mysql> SET PASSWORD FOR 'jeffrey'@'localhost' = 'auth_string';
mysql> GRANT USAGE ON *.* TO 'suofeiya'@'localhost' IDENTIFIED BY 'mypass';
-- 用UPDATE直接编辑user表,不太推荐,修改完密码之后要flush privileges
mysql> USE mysql;
mysql> update user set password=password('123') where user='root' and host='localhost';
mysql> FLUSH PRIVILEGES;
-- 修改当前用户密码
mysql> SET PASSWORD=password('new_password');
mysql> SET PASSWORD='auth_string';		-- 与上面命令等效,都是修改当前用户的密码

-- 使用mysqladmin客户端工具进行修改
shell> mysqladmin -u suofeiya -h localhost password "new_password"

修改用户名:

mysql> rename user '用户名'@'IP地址' to '新用户名'@'IP地址';
mysql> rename user '用户名'@'IP地址' to '新用户名'@'IP地址';

设置用户密码过期策略:

mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE NEVER; -- 密码不过期
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE DEFAULT; -- 默认过期策略

# 手动强制某个用户密码过期
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE;
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE NEVER; -- 密码不过期
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE DEFAULT; -- 默认过期策略

# 手动强制某个用户密码过期
mysql> ALTER USER 'suofeiya'@'localhost' PASSWORD EXPIRE;

回收用户权限

使用revoke命令回收用户权限:

mysql> SHOW GRANTS FOR admin@'localhost'; -- 查询用户所有权限

mysql> REVOKE DELETE ON *.* FROM admin@'localhost';	-- 回收部分权限
mysql> REVOKE ALL PRIVILEGES FROM `USER_NAME`@`%`;	 -- 回收所有权限
mysql> SHOW GRANTS FOR admin@'localhost'; -- 查询用户所有权限

mysql> REVOKE DELETE ON *.* FROM admin@'localhost';	-- 回收部分权限
mysql> REVOKE ALL PRIVILEGES FROM `USER_NAME`@`%`;	 -- 回收所有权限

忘记 root 密码?

首先关闭数据库service mysqld stop

# --skip-grant-tables 的意思是启动MySQL服务的时候跳过权限表认证。
mysqld_safe --skip-grant-table --user=mysql &
# 使用空密码登录MySQL
mysql -uroot
# --skip-grant-tables 的意思是启动MySQL服务的时候跳过权限表认证。
mysqld_safe --skip-grant-table --user=mysql &
# 使用空密码登录MySQL
mysql -uroot
# 5.7以下版本
mysql> update mysql.user set password=password('新密码') where user='root' and host='localhost';
# 5.7以上版本
mysql> update user set authentication_string=password('新密码') where user='root' and Host='localhost';

mysql> flush privileges;
# 5.7以下版本
mysql> update mysql.user set password=password('新密码') where user='root' and host='localhost';
# 5.7以上版本
mysql> update user set authentication_string=password('新密码') where user='root' and Host='localhost';

mysql> flush privileges;

最后启动数据库,使用新密码登录即可.