Mysql 8.0.19：skip-grant-table：新变化：坑

• --skip-grant-tables

  Property	Value
  Command-Line Format	--skip-grant-tables[={OFF|ON}]
  Type	Boolean
  Default Value	OFF

  This option affects the server startup sequence:

  • --skip-grant-tables causes the server not to read the grant tables in the mysql system schema, and thus to start without using the privilege system at all. This gives anyone with access to the server unrestricted access to all databases.

    To cause a server started with --skip-grant-tables to load the grant tables at runtime, perform a privilege-flushing operation, which can be done in these ways:

    • Issue a MySQL FLUSH PRIVILEGES statement after connecting to the server.

    • Execute a mysqladmin flush-privileges or mysqladmin reload command from the command line.

    Privilege flushing might also occur implicitly as a result of other actions performed after startup, thus causing the server to start using the grant tables. For example, mysql_upgrade flushes the privileges during the upgrade procedure.

  • In addition to causing the startup sequence not to load the grant tables, --skip-grant-tables causes the server not to load certain other objects stored in the mysql system schema: plugins that were installed with the INSTALL PLUGIN statement, scheduled events, and user-defined functions (UDFs). To cause plugins to be loaded anyway, use the --plugin-load or --plugin-load-add option.

    --skip-grant-tables does not suppress loading of server components during startup.

  • --skip-grant-tables disables failed-login tracking and temporary account locking because those capabilities depend on the grant tables. See Section 6.2.15, “Password Management”.

  • --skip-grant-tables causes the disabled_storage_engines system variable to have no effect.

  Because starting the server with --skip-grant-tables disables authentication checks, the server also disables remote connections in that case by enabling skip_networking.

 

 

• skip_networking

  Property	Value
  Command-Line Format	--skip-networking[={OFF|ON}]
  System Variable	skip_networking
  Scope	Global
  Dynamic	No
  SET_VAR Hint Applies	No
  Type	Boolean
  Default Value	OFF

  This variable controls whether the server permits TCP/IP connections. By default, it is disabled (permit TCP connections). If enabled, the server permits only local (non-TCP/IP) connections and all interaction with mysqld must be made using named pipes or shared memory (on Windows) or Unix socket files (on Unix). This option is highly recommended for systems where only local clients are permitted. See Section 8.12.4.2, “DNS Lookup Optimization and the Host Cache”.

  Because starting the server with --skip-grant-tables disables authentication checks, the server also disables remote connections in that case by enabling skip_networking.

 

----------------------------------------------------------------------------------------------------------------------------------------------------------

大意：skip-grant-tables 启用后有几个后果：

1. 权限系统没了，任何人都是最高权限！
2. 插件系统没了
3. 计划调度没了
4. 用户定义函数没了
5. 失败登录跟踪没了
6. 临时账号锁定没了
7. disabled-storage-engines系统变量失效了
8. TCP/IP网络访问没了！相当于强制实施skip-networking！ 坑！坑！坑！

----------------------------------------------------------------------------------------------------------------------------------------------------------

万一你使用了skip-grant-tables，怎么在不重启mysqld的情况下，立即使用权限系统呢？

1. 直接执行flush privileges这个sql语句
2. 通过管理工具 mysqladmin flush-privileges
3. 通过管理工具mysqladmin reload
4. 通过升级工具mysql_upgrade

 

----------------------------------------------------------------------------------------------------------------------------------------------------------

如何在使用了skip-grant-tablesd的情况下，使用插件系统呢？

1. plugin-load选项
2. plugin-load-add选项