mysql数据库指定ip远程访问(设置远程连接),赋权操作

mysql数据库指定ip远程访问(设置远程连接)

远程访问mysql报错,ip不允许链接的情况:
错误号码1045
Access denied for user '用户名' @'数据库地址' (using password:YES)

 

1.登录

# 连接格式
mysql -h数据库服务器地址 -P端口 -u用户名 -p"密码";

# 示例
mysql -h127.0.0.1 -P3306 -uroot -p"密码";

# 简写(数据库服务器地址默认,一般是指直接在数据库服务上操作)
mysql -uroot -p"密码";

之后输入密码进行登录。

2.设置远程访问,及权限设置明

2.1,创建用户,并设置允许的远程ip访问权限

# 创建用户
create user '新用户名'@'允许的来源ip' identified by '新用户的密码';
# 查看是否创建成功
select Host,User from mysql.user;

# 删除用户
drop user '用户名'@'主机';

 

2.2,命令解释

第一行是创建新用户(如果您想直接开放root用户则不需要新创建),其中密码是新用户的密码, 其中ip是允许远程访问的IP的值。
第二行是查看mysql系统用户表,检查新建用户是否成功。

 

mysql赋权操作

v8及以前:

# mysql的赋权操作(适用v8以前版本):
GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘%‘ IDENTIFIED BY ‘密码‘ WITH GRANT OPTION;
# 变更权限后执行刷新权限才能生效
flush privileges;

with grant option是指允许用户dba,传递其拥有的权限给其他的用户。

 

mysql8中应该使用:

#mysql8中应该使用:
grant all privileges on *.* to 'root'@'%' ;

【赋权命令格式解释】

GRANT:赋权命令
ALL PRIVILEGES:当前用户的所有权限
ON:介词
*.*:当前用户对所有数据库和表的相应操作权限
TO:介词
‘root’@’%’:权限赋给root用户,所有ip都能连接
IDENTIFIED BY ‘123456’:连接时输入密码,密码为123456
WITH GRANT OPTION:允许级联赋权

# 设置用户授权格式
grant 权限 on *.* to '新用户名'@'允许的来源ip';

# 示例一:指定【db_DeviceRepairMS】数据库【所有权限】给xxh用户
grant all privileges on db_DeviceRepairMS.* to xxh;
# 示例二:指定【db_DeviceRepairMS】数据库【某些权限】给xxh用户
grant select,insert,update,delete,create,execute,index,alter on db_DeviceRepairMS.* to xxh@'%';
# 设置用户授权(该示例只有“select,execute,index”这3个权限哦)
grant select,execute,index on *.* to '新用户名'@'允许的来源ip';

#刷新权限
flush privileges;

 

收回权限

# 收回用户someone的所有库和表的“insert”权限
revoke insert on *.* from 'someone'@'%';
# 收回用户somebody已经拥有的with grant option权限
revoke grant option on *.* from somebody;

revoke跟grant语法差不多,只需要把关键字 “to” 换成 “from” 即可,并且revoke语句中不需要跟密码设置。
注意:revoke可以回收所有权限,也可以回收部分权限。

 

查看权限

# 查看mysql系统所有权限
show privileges;
 
# 查看当前用户权限
SHOW GRANTS;
# 或
SHOW GRANTS FOR CURRENT_USER;
# 或
SHOW GRANTS FOR CURRENT_USER();

# 查看某用户的全局权限
SHOW GRANTS FOR 'user'@'主机地址' ;

 

权限列表:

mysql> show privileges;
+-------------------------+---------------------------------------+-------------------------------------------------------+
| Privilege               | Context                               | Comment                                               |
+-------------------------+---------------------------------------+-------------------------------------------------------+
| Alter                   | Tables                                | To alter the table                                    |
| Alter routine           | Functions,Procedures                  | To alter or drop stored functions/procedures          |
| Create                  | Databases,Tables,Indexes              | To create new databases and tables                    |
| Create routine          | Databases                             | To use CREATE FUNCTION/PROCEDURE                      |
| Create temporary tables | Databases                             | To use CREATE TEMPORARY TABLE                         |
| Create view             | Tables                                | To create new views                                   |
| Create user             | Server Admin                          | To create new users                                   |
| Delete                  | Tables                                | To delete existing rows                               |
| Drop                    | Databases,Tables                      | To drop databases, tables, and views                  |
| Event                   | Server Admin                          | To create, alter, drop and execute events             |
| Execute                 | Functions,Procedures                  | To execute stored routines                            |
| File                    | File access on server                 | To read and write files on the server                 |
| Grant option            | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess   |
| Index                   | Tables                                | To create or drop indexes                             |
| Insert                  | Tables                                | To insert data into tables                            |
| Lock tables             | Databases                             | To use LOCK TABLES (together with SELECT privilege)   |
| Process                 | Server Admin                          | To view the plain text of currently executing queries |
| Proxy                   | Server Admin                          | To make proxy user possible                           |
| References              | Databases,Tables                      | To have references on tables                          |
| Reload                  | Server Admin                          | To reload or refresh tables, logs and privileges      |
| Replication client      | Server Admin                          | To ask where the slave or master servers are          |
| Replication slave       | Server Admin                          | To read binary log events from the master             |
| Select                  | Tables                                | To retrieve rows from table                           |
| Show databases          | Server Admin                          | To see all databases with SHOW DATABASES              |
| Show view               | Tables                                | To see views with SHOW CREATE VIEW                    |
| Shutdown                | Server Admin                          | To shut down the server                               |
| Super                   | Server Admin                          | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc.   |
| Trigger                 | Tables                                | To use triggers                                       |
| Create tablespace       | Server Admin                          | To create/alter/drop tablespaces                      |
| Update                  | Tables                                | To update existing rows                               |
| Usage                   | Server Admin                          | No privileges - allow connect only                    |
+-------------------------+---------------------------------------+-------------------------------------------------------+
31 rows in set (0.00 sec)

 注:以上结果查看自 Server version:         5.7.35-log MySQL Community Server (GPL)

 

更新授权时忘记密码怎么办?

 授权后的密码是密文形式保存的,如果记不住之前授权时的密码,那么怎样保证覆盖后的权限跟之前的权限一致?

grant授权操作中其实不仅可以设置明文密码,也可以设置密文密码,如下:
    1)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by "明文密码"
    2)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by password "密文密码"

也就是说,在grant重置权限的时候可以用查看的密文密码当做新的密码,然后去覆盖之前的权限,这就保证了修改前后的密码一致!

 

参考:

《mysql用户、权限管理》

《MySQL权限管理》

《mysql 创建用户,指定数据库》

 

posted @ 2022-10-24 15:57  熊仔其人  阅读(10176)  评论(0编辑  收藏  举报