用户授权

用户授权

grant授权

  • 授权:添加用户并设置权限
  • 作用:在数据库服务器上添加用户,设置访问权限及登录密码,给客户端连
    接使用
  • 命令格式:

    mysql >grant  权限列表 on  库名  to   用户名@"客户端地址"  identified  by
      "密码"   with   grant  option ;            #with   grant  option ;让新添加的用户也有授权的权限,可选项

mysql> grant  all  on db4.*  to  yaya@"%"  identified  by  "123qqq...A";
Query OK, 0 rows affected, 1 warning (0.01 sec)[root@host52 ~]# mysql  -h192.168.4.51   -uyaya  -p123qqq...A
mysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db4                |
+--------------------+
2 rows in set (0.01 sec)[root@host53 ~]# mysql  -h192.168.4.51   -uyaya   -p123qqq...A
mysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db4                |
+--------------------+
2 rows in set (0.01 sec)在客户端host52(192.168.4.52)上面做测试创建表
mysql> create  table  db4.t1(id  int);
Query OK, 0 rows affected (0.07 sec)mysql> insert  into  db4.t1  values(100);
Query OK, 1 row affected (0.02 sec)mysql> desc  db4.t1;
+-------+---------+------+-----+---------+-------+
| Field | Type    | Null | Key | Default | Extra |
+-------+---------+------+-----+---------+-------+
| id    | int(11) | YES  |     | NULL    |       |
+-------+---------+------+-----+---------+-------+
1 row in set (0.00 sec)此时,在host51上面也可以看到新建的表
mysql> use  db4
Database changed
mysql> show  tables;
+---------------+
| Tables_in_db4 |
+---------------+
| student       |
| t1            |
+---------------+
2 rows in set (0.00 sec)mysql> desc  t1;
+-------+---------+------+-----+---------+-------+
| Field | Type    | Null | Key | Default | Extra |
+-------+---------+------+-----+---------+-------+
| id    | int(11) | YES  |     | NULL    |       |
+-------+---------+------+-----+---------+-------+
1 row in set (0.00 sec)但是此时在host51上面不能用yaya用户登录数据库(5.0版本以下登不上 ,此版本是5.7,可以登陆上)mysql> show  variables  like  "%version%";
+-------------------------+------------------------------+
| Variable_name           | Value                        |
+-------------------------+------------------------------+
| innodb_version          | 5.7.17                       |
| protocol_version        | 10                           |
| slave_type_conversions  |                              |
| tls_version             | TLSv1,TLSv1.1                |
| version                 | 5.7.17                       |
| version_comment         | MySQL Community Server (GPL) |
| version_compile_machine | x86_64                       |
| version_compile_os      | Linux                        |
+-------------------------+------------------------------+
8 rows in set (0.01 sec)mysql> grant  all  on  db4.*  to yaya@"localhost" identified  by "123qqq...A" ;
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host51 ~]# mysql  -uyaya   -p123qqq...Amysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db4                |
+--------------------+
2 rows in set (0.00 sec)
  • 权限列表

all                            //所有权限
usage                     //无权限
select,update,insert                                 //个别权限
select,update(字段1,……,字段N)  //指定字段

  • 库名

*.*                    代表所有库所有表
库名.*              代表一个库下的所有表
库名.表名        代表一个库下的一张表

  • 用户名

授权时自定义要有标识性

存储在mysql库里的user表中

  • 客户端地址

%                                       //所有主机

192.168.4.%                      //网段内所有主机

192.168.4.1                       //1台主机

localhost                            //数据库服务器本机

应用示例:

1.添加admin用户,允许从192.168.4.0/24网段连接,对db3库的user表有查询权限,密码为123qqq...A

2.添加admin2用户,允许从本机连接,允许对db3库的所有表有查询/更新/插入/删除记录权限,密码为123qqq...A

mysql> grant  select  on  db3.user  to admin@"192.168.4.%" identified  by  "123qqq...A";
Query OK, 0 rows affected, 1 warning (0.00 sec)在host52、53上面查看是否能连接数据库,以及权限[root@host52 ~]# mysql  -h192.168.4.51   -uadmin  -p123qqq...A
mysql> show  grants;
+-------------------------------------------------------+
| Grants for admin@192.168.4.%                          |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO 'admin'@'192.168.4.%'           |
| GRANT SELECT ON `db3`.`user` TO 'admin'@'192.168.4.%' |
+-------------------------------------------------------+
2 rows in set (0.00 sec)[root@host53 ~]#  mysql  -h192.168.4.51   -uadmin  -p123qqq...A
mysql> use  db3;
mysql> show  tables;
+---------------+
| Tables_in_db3 |
+---------------+
| user          |
+---------------+
1 row in set (0.00 sec)mysql> insert  into  db3.user(name)  values("haha");
ERROR 1142 (42000): INSERT command denied to user 'admin'@'192.168.4.53' for table 'user'mysql> grant   select  ,insert ,update ,delete  on  db3.*  to admin2@"localhost"  identified  by"123qqq...A";
Query OK, 0 rows affected, 1 warning (0.00 sec)在host51、52、53上面查看是否能连接数据库[root@host52 ~]# mysql  -h192.168.4.51   -uadmin2  -p123qqq...A
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'admin2'@'192.168.4.52' (using password: YES)[root@host53 ~]#  mysql  -h192.168.4.51   -uadmin2  -p123qqq...A
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'admin2'@'192.168.4.53' (using password: YES)[root@host51 ~]# mysql  -uadmin2   -p123qqq...A
mysql> select  user();
+------------------+
| user()           |
+------------------+
| admin2@localhost |
+------------------+
1 row in set (0.00 sec)
  • 相关命令:登录用户使用
命令 作用
select  user(); 显示登录用户名及客户端地址
show  grants; 用户显示自身访问权限
show grants   for   用户名@"客户端地址"; 管理员查看已有授权用户权限
set  password=password("密码"); 授权用户连接后修改连接密码
set  password  for  用户名@"客户端地址"  =password("密码"); 管理员重置授权用户连接密码
drop   user   用户名@"客户端地址"; 删除授权用户(必须有管理员权限) 
mysql> grant  all  on  db4.*  to yaya@"localhost" identified  by "123qqq...A" ;       #授权本机也可以登录yaya用户
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> grant  all  on  db5.*  to  jim@"192.168.4.53"  identified
by  "123qqq...A";        #授权jim用户在192.168.4.53主机上可以登录
数据库
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host52 ~]# mysql  -h192.168.4.51   -ujim  -p123qqq...A
mysql: [Warning] Using a password on the command line interface
can be insecure.    #在host52上jim用户无法登陆
ERROR 1045 (28000): Access denied for user 'jim'@'192.168.4.52'
(using password: YES)[root@host53 ~]#  mysql  -h192.168.4.51   -ujim  -p123qqq...A
mysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db5                |
+--------------------+
2 rows in set (0.00 sec)mysql> grant  all  on  *.*  to  admin@"localhost"  identified  by
"123qqq...A";
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host52 ~]# mysql  -h192.168.4.51   -uadmin  -p123qqq...A
mysql: [Warning] Using a password on the command line interface
can be insecure.
ERROR 1045 (28000): Access denied for user 'admin'@'192.168.4.52'
(using password: YES)[root@host53 ~]#  mysql  -h192.168.4.51   -uadmin  -p123qqq...A
mysql: [Warning] Using a password on the command line interface
can be insecure.
ERROR 1045 (28000): Access denied for user 'admin'@'192.168.4.53'
(using password: YES)[root@host51 ~]# mysql  -uadmin   -p123qqq...A
mysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db1                |
| db2                |
| db3                |
| db4                |
| db5                |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
9 rows in set (0.01 sec)mysql> select  host,user   from  mysql.user;     #查看数据库的授权
用户
+--------------+-----------+
| host         | user      |
+--------------+-----------+
| %            | yaya      |
| 192.168.4.53 | jim       |
| localhost    | admin     |
| localhost    | mysql.sys |
| localhost    | root      |
| localhost    | yaya      |
+--------------+-----------+
6 rows in set (0.01 sec)相关命令:
select  user();    //查看当前用户mysql> select  user();     //以host53为例
+-------------------+
| user()            |
+-------------------+
| yaya@192.168.4.53 |
+-------------------+
1 row in set (0.00 sec)mysql> show  variables  like   "%hostname%";     //查看当前主机名
+---------------+--------+
| Variable_name | Value  |
+---------------+--------+
| hostname      | host51 |
+---------------+--------+
1 row in set (0.01 sec)mysql> select  @@hostname;
+------------+
| @@hostname |
+------------+
| host51     |
+------------+
1 row in set (0.00 sec)mysql> show  grants;
+-----------------------------------------------+
| Grants for yaya@%                             |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'yaya'@'%'              |
| GRANT ALL PRIVILEGES ON `db4`.* TO 'yaya'@'%' |
+-----------------------------------------------+
2 rows in set (0.00 sec)在host51主机上面,管理员查看已授权用户的权限
mysql> show  grants  for  jim@"192.168.4.53" ;
+---------------------------------------------------------+
| Grants for jim@192.168.4.53                             |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jim'@'192.168.4.53'              |
| GRANT ALL PRIVILEGES ON `db5`.* TO 'jim'@'192.168.4.53' |
+---------------------------------------------------------+
2 rows in set (0.00 sec)授权用户可以登录后修改自己的密码,以host53为例mysql> set  password=password("A...qqq321");
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host53 ~]# mysql  -h192.168.4.51   -uyaya   -p123qqq...A
mysql: [Warning] Using a password on the command line interface
can be insecure.
ERROR 1045 (28000): Access denied for user 'yaya'@'192.168.4.53'
(using password: YES)[root@host53 ~]# mysql  -h192.168.4.51   -uyaya   -pA...qqq321管理员修改授权用户的密码:mysql> select  user ,host  from  mysql.user;
+-----------+--------------+
| user      | host         |
+-----------+--------------+
| yaya      | %            |
| jim       | 192.168.4.53 |
| admin     | localhost    |
| mysql.sys | localhost    |
| root      | localhost    |
| yaya      | localhost    |
+-----------+--------------+
6 rows in set (0.00 sec)mysql> set  password  for  yaya@"%"=password("123qqq...A");
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host53 ~]# mysql  -h192.168.4.51   -uyaya   -pA...qqq321删除授权mysql> drop  user  admin@localhost;
Query OK, 0 rows affected (0.00 sec)mysql> drop  user  jim@192.168.4.53;
Query OK, 0 rows affected (0.00 sec)mysql> drop  user  yaya@localhost;
Query OK, 0 rows affected (0.00 sec)mysql> drop  user  yaya@"%";
Query OK, 0 rows affected (0.00 sec)mysql> select  user ,host  from  mysql.user;
+-----------+-----------+
| user      | host      |
+-----------+-----------+
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+
2 rows in set (0.00 sec)

测试with   grant  option:

mysql> grant  all  on  *.* to root@"192.168.4.52"  identified  by  "123qqq...A"  with  grant  option;
Query OK, 0 rows affected, 1 warning (0.00 sec)用192.168.4.52测试,查看其权限
[root@host52 ~]# mysql  -h192.168.4.51   -uroot  -p123qqq...Amysql> show  grants;
+------------------------------------------------------------------------+
| Grants for root@192.168.4.52                                           |
+------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.4.52' WITH GRANT OPTION |
+------------------------------------------------------------------------+
1 row in set (0.01 sec)在host52主机上授权tian用户对tian库下可以进行任何操作mysql> grant  all  on  tian.*  to  tian@"localhost"   identified  by "123qqq...A";
Query OK, 0 rows affected, 1 warning (0.00 sec)[root@host51 ~]# mysql  -utian   -p123qqq...Amysql> show  grants;
+--------------------------------------------------------+
| Grants for tian@localhost                              |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tian'@'localhost'               |
| GRANT ALL PRIVILEGES ON `tian`.* TO 'tian'@'localhost' |
+--------------------------------------------------------+
2 rows in set (0.00 sec)mysql> show  databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)mysql> create  database  tian;    #如果没有tian库,可以创建
Query OK, 1 row affected (0.00 sec)mysql> create  database  aaa;     #该用户只能对tian库下进行操作
ERROR 1044 (42000): Access denied for user 'tian'@'localhost' to database 'aaa'

授权库

  • mysql库记录授权信息,主要表如下:

user表                                       记录已有的授权用户的权限

db表                                           记录已有授权用户对数据库的访问权限

tables_priv表                              记录已有授权用户对表的访问权限

columns_priv表                           记录已有授权用户对字段的访问权限

查看表记录可以获取用户权限,也可以通过更新记录,修改用户权限

查看本机上已有的授权用户,以host51为例
mysql> select  host ,user  from  mysql.user;
+--------------+-----------+
| host         | user      |
+--------------+-----------+
| 192.168.4.%  | admin     |
| 192.168.4.52 | root      |
| localhost    | admin2    |
| localhost    | mysql.sys |
| localhost    | root      |
| localhost    | tian      |
+--------------+-----------+
6 rows in set (0.00 sec)mysql> show  grants;
+---------------------------------------------------------------------+
| Grants for root@localhost                                           |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
#GRANT PROXY可以将自己的权限复制给其他用户 GRANT ALL PRIVILEGES,它的权限记录在mysql库下的user表mysql> select  *  from  mysql.user  where  host="localhost"  and  user="root" \G      #查看root用户的权限
*************************** 1. row ***************************Host: localhostUser: rootSelect_priv: YInsert_priv: YUpdate_priv: YDelete_priv: YCreate_priv: YDrop_priv: YReload_priv: YShutdown_priv: YProcess_priv: YFile_priv: YGrant_priv: YReferences_priv: YIndex_priv: YAlter_priv: YShow_db_priv: YSuper_priv: YCreate_tmp_table_priv: YLock_tables_priv: YExecute_priv: YRepl_slave_priv: YRepl_client_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YCreate_user_priv: YEvent_priv: YTrigger_priv: Y
Create_tablespace_priv: Yssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin: mysql_native_passwordauthentication_string: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9password_expired: Npassword_last_changed: 2020-02-13 17:06:50password_lifetime: NULLaccount_locked: N
1 row in set (0.06 sec)db表:
mysql> select  host ,user ,db  from  mysql.db;
+-----------+-----------+------+
| host      | user      | db   |
+-----------+-----------+------+
| localhost | admin2    | db3  |
| localhost | mysql.sys | sys  |
| localhost | tian      | tian |
+-----------+-----------+------+
3 rows in set (0.00 sec)mysql> show  grants  for  tian@"localhost";
+--------------------------------------------------------+
| Grants for tian@localhost                              |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tian'@'localhost'               |
| GRANT ALL PRIVILEGES ON `tian`.* TO 'tian'@'localhost' |
+--------------------------------------------------------+
2 rows in set (0.00 sec)mysql> select  *  from  mysql.db  where   db="tian"  \G
*************************** 1. row ***************************Host: localhostDb: tianUser: tianSelect_priv: YInsert_priv: YUpdate_priv: YDelete_priv: YCreate_priv: YDrop_priv: YGrant_priv: NReferences_priv: YIndex_priv: YAlter_priv: Y
Create_tmp_table_priv: YLock_tables_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YExecute_priv: YEvent_priv: YTrigger_priv: Y
1 row in set (0.00 sec)mysql> update  mysql.db  set insert_priv="N" ,delete_priv="N"  where  host="localhost" and  user="tian" and db="tian";
#修改授权,让tian用户取消修改和删除权限
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0mysql> select  *  from  mysql.db  where   db="tian"  \G     #查看权限
*************************** 1. row ***************************Host: localhostDb: tianUser: tianSelect_priv: YInsert_priv: NUpdate_priv: YDelete_priv: NCreate_priv: YDrop_priv: YGrant_priv: NReferences_priv: YIndex_priv: YAlter_priv: Y
Create_tmp_table_priv: YLock_tables_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YExecute_priv: YEvent_priv: YTrigger_priv: Y
1 row in set (0.00 sec)mysql> show  grants  for  tian@localhost;    #此事再次查看tian用户的权限,发现依旧没有变化
+--------------------------------------------------------+
| Grants for tian@localhost                              |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tian'@'localhost'               |
| GRANT ALL PRIVILEGES ON `tian`.* TO 'tian'@'localhost' |
+--------------------------------------------------------+
2 rows in set (0.00 sec)mysql> flush  privileges;    #刷新
Query OK, 0 rows affected (0.00 sec)mysql> show  grants  for  tian@localhost;    #再次查看,发现此时权限发生了变化
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for tian@localhost                                                                                                                                                                                            |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tian'@'localhost'                                                                                                                                                                             |
| GRANT SELECT, UPDATE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `tian`.* TO 'tian'@'localhost' |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)tables_priv表:mysql> select  *  from  mysql.tables_priv  \G
*************************** 1. row ***************************Host: localhostDb: sysUser: mysql.sysTable_name: sys_config             #授权时间Grantor: root@localhost         #授权用户Timestamp: 2020-02-13 17:01:31Table_priv: Select                 #对表的访问权限
Column_priv:
*************************** 2. row ***************************Host: 192.168.4.%Db: db3User: adminTable_name: userGrantor: root@localhostTimestamp: 0000-00-00 00:00:00Table_priv: Select
Column_priv:
2 rows in set (0.00 sec)mysql> show  grants  for  admin@"192.168.4.%";
+-------------------------------------------------------+
| Grants for admin@192.168.4.%                          |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO 'admin'@'192.168.4.%'           |
| GRANT SELECT ON `db3`.`user` TO 'admin'@'192.168.4.%' |
+-------------------------------------------------------+
2 rows in set (0.00 sec)mysql> update  mysql.tables_priv set  table_priv="select,update,insert"  where  host="192.168.4.%"  and  user="admin";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0
mysql> flush  privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show  grants  for  admin@"192.168.4.%";
+-----------------------------------------------------------------------+
| Grants for admin@192.168.4.%                                          |
+-----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'admin'@'192.168.4.%'                           |
| GRANT SELECT, INSERT, UPDATE ON `db3`.`user` TO 'admin'@'192.168.4.%' |
+-----------------------------------------------------------------------+
2 rows in set (0.00 sec)columns_priv表:mysql> select *  from  mysql.columns_priv;
Empty set (0.00 sec)mysql> grant  select  , update(name)  on db3.user  to  haha@"%"  identified  by "123qqq...A";     #授权haha用户对数据库有查看权限,对name字段有更新权限
Query OK, 0 rows affected, 1 warning (0.05 sec)mysql> select *  from  mysql.columns_priv;
+------+-----+------+------------+-------------+---------------------+-------------+
| Host | Db  | User | Table_name | Column_name | Timestamp           | Column_priv |
+------+-----+------+------------+-------------+---------------------+-------------+
| %    | db3 | haha | user       | name        | 0000-00-00 00:00:00 | Update      |
+------+-----+------+------------+-------------+---------------------+-------------+
1 row in set (0.00 sec)

撤销权限

命令格式:revoke  权限列表  on  库名.表  from   用户名@"客户端地址"

mysql> select  user ,host  from  mysql.user;
+-----------+--------------+
| user      | host         |
+-----------+--------------+
| haha      | %            |
| webadmin  | %            |
| admin     | 192.168.4.%  |
| root      | 192.168.4.52 |
| admin2    | localhost    |
| mysql.sys | localhost    |
| root      | localhost    |
| tian      | localhost    |
+-----------+--------------+
8 rows in set (0.00 sec)mysql> show  grants  for  webadmin@"%";
+-----------------------------------------------------------------------+
| Grants for webadmin@%                                                 |
+-----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'webadmin'@'%'                                  |
| GRANT ALL PRIVILEGES ON `bbsdb`.* TO 'webadmin'@'%' WITH GRANT OPTION |
+-----------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> revoke  grant  option on bbsdb.*  from  webadmin@"%";
Query OK, 0 rows affected (0.01 sec)mysql> show  grants  for  webadmin@"%";
+-----------------------------------------------------+
| Grants for webadmin@%                               |
+-----------------------------------------------------+
| GRANT USAGE ON *.* TO 'webadmin'@'%'                |
| GRANT ALL PRIVILEGES ON `bbsdb`.* TO 'webadmin'@'%' |
+-----------------------------------------------------+
2 rows in set (0.00 sec)mysql> revoke  update ,insert  on  bbsdb.*  from  webadmin@"%";
Query OK, 0 rows affected (0.00 sec)mysql> show  grants  for  webadmin@"%";
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for webadmin@%                                                                                                                                                                                             |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'webadmin'@'%'                                                                                                                                                                              |
| GRANT SELECT, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `bbsdb`.* TO 'webadmin'@'%' |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

root密码

  • root密码忘了怎么办?
  1. 停止MySQL服务程序
  2. 跳过授权表启动MySQL服务程序
  3. 修改root密码
  4. 以正常方式重新启动MySQL服务程序

(只适合线下修改)

[root@host51 ~]# systemctl  stop  mysqld[root@host51 ~]# vim  /etc/my.cnf
[mysqld]
#skip-grant-tables
secure_file_priv=/myload
#validate_password_policy=0
#validate_password_length=6[root@host51 ~]# systemctl  start  mysqld[root@host51 ~]# mysql
mysql> update  mysql.user set authentication_string=password("123qqq...A")  where  user="root"  and  host="localhost";
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 1mysql> flush  privileges;
Query OK, 0 rows affected (0.00 sec)[root@host51 ~]# vim  /etc/my.cnf
[mysqld]
#skip-grant-tables
secure_file_priv=/myload
validate_password_policy=0
validate_password_length=6[root@host51 ~]# systemctl  restart  mysqld[root@host51 ~]# mysql  -uroot  -p123qqq...A
mysql> alter user root@"localhost"  identified by "123456";
Query OK, 0 rows affected (0.01 sec)[root@host51 ~]# mysql  -uroot  -p123456

修改管理员root密码的其他方法

方法一:以root用户登录mysql后,使用set  password指令设置,这个与新安装MySQL-server后首次修改密码时的要求方式相同,平时也可以使用

mysql> SET PASSWORD FOR root@localhost=PASSWORD('123456');
Query OK, 0 rows affected, 1 warning (0.00 sec)

方法二:以root用户登录mysql后,使用grant授权工具的设置

mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '123456';
Query OK, 0 rows affected, 1 warning (0.00 sec)

方法三:以root登录后,使用update更新相应的表记录,这种方法与恢复密码时的操作相同

mysql> UPDATE mysql.user SET authentication_string=PASSWORD('123456')-> WHERE user='root' AND host='localhost';          //重设root的密码
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 0  Warnings: 1
mysql> FLUSH PRIVILEGES;                                  //刷新授权表
Query OK, 0 rows affected (0.00 sec)

在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:

mysql> SET PASSWORD FOR root@localhost=PASSWORD('123456');
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '123456';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
  • 重置root密码

在shell命令行修改登录密码,需要验证旧密码

[root@host51 ~]# mysqladmin  -uroot  -p"123456"  password  "tiantian"
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.  #此处警告,最好使用ssl服务更安全
[root@host51 ~]# mysql  -uroot  -p"tiantian"  #也可以-p之后回车交互式输入密码

完全备份

备份概述

数据备份方式

  • 物理备份:冷备:cp、tar
  • 逻辑备份:根据备份时已有的数据生成的对应的SQL命令,保存到指定的文件里

也可以分为冷备和热备

  • 冷备:在进行备份时不允许做其他的任何操作
  • 热备:在服务器执行时可以同时进行备份

物理备份及恢复

备份操作

  • cp  -r   /var/lib/mysql   备份目录/mysql.bak
  • tar  -zcvf  /root/mysql.tar.gz     /var/lib/mysql/*

恢复操作

  • cp  -r   备份目录/mysql.bak   /var/lib/mysql
  • tar  -zxvf  /root/mysql.tar.gz   -C   /var/lib/mysql
  • chown  -R  mysql:mysql   /var/lib/mysql
[root@host51 ~]# cp  -r  /var/lib/mysql   /root[root@host51 ~]# ls  /root/mysql
auto.cnf         db1  ib_buffer_pool  mysql               public_key.pem
ca-key.pem       db2  ibdata1         mysql.sock          server-cert.pem
ca.pem           db3  ib_logfile0     mysql.sock.lock     server-key.pem
client-cert.pem  db4  ib_logfile1     performance_schema  sys
client-key.pem   db5  ibtmp1          private_key.pem     tian
[root@host51 ~]# scp  -r  /root/mysql   root@192.168.4.53:/root[root@host53 ~]# systemctl  stop  mysqld[root@host53 ~]# ls  /var/lib/mysql
auto.cnf    client-cert.pem  ibdata1      mysql               public_key.pem   sys
ca-key.pem  client-key.pem   ib_logfile0  performance_schema  server-cert.pem
ca.pem      ib_buffer_pool   ib_logfile1  private_key.pem     server-key.pem
[root@host53 ~]# rm  -rf  /var/lib/mysql[root@host53 ~]# ls
mysql
[root@host53 ~]# cp  -r  /root/mysql   /var/lib[root@host53 ~]# chown  -R  mysql:mysql   /var/lib/mysql[root@host53 ~]# ls  /var/lib/mysql
auto.cnf         db1  ib_buffer_pool  mysql               server-cert.pem
ca-key.pem       db2  ibdata1         mysql.sock.lock     server-key.pem
ca.pem           db3  ib_logfile0     performance_schema  sys
client-cert.pem  db4  ib_logfile1     private_key.pem     tian
client-key.pem   db5  ibtmp1          public_key.pem[root@host53 ~]# systemctl  start  mysqld[root@host53 ~]# mysql  -uroot   -p123456

逻辑备份策略

  • 完全备份:备份所有数据
  • 增量备份:备份上次备份后所有新产生的新数据
  • 差异备份:备份完全备份后所有新产生的数据

完全备份,完全备份+差异备份 ,完全备份+增量备份的区别

完全备份

假设,每天都把当天的内容全部备份一遍

完全备份+增量备份
                 18:00   user    文件      备份
1    完全                 10      1.sql        10
2    增量    18:00      5      2.sql          5
3    增量    18:00     10      3.sql       10
4    增量    18:00     20      4.sql       20  
5    增量    18:00       1      5.sql         1
6    增量    18:00     10      6.sql       10
7    增量    18:00       5      7.sql         5

完全备份+差异备份

18:00   user      文件      备份
1    完全                  10      1.sql        10
2    差异    18:00       5      2.sql          5
3    差异    18:00     10      3.sql        15
4    差异    18:00     20      4.sql        35  
5    差异    18:00       1      5.sql        36
6    差异    18:00     10      6.sql        46
7    差异    18:00      5       7.sql        51

完全备份及恢复

  • 完全备份:mysqldump  -uroot   -p密码  库名  >  目录/xxx.sql
  • 完全恢复:mysql     -uroot   -p密码  [库名]  <  目录/xxx.sql
  • 备份时库名的表示方式:

--all-databases  或  -A      //所有库
数据库名                           //单个库
数据库名 表名                   //单张表
-B  数据库1   数据库2       //多个库
注意事项:无论是备份还是恢复,都要验证用户权限!!!

应用示例:

将所有库备份为allbak.sql文件

将db3库备份为db3.user文件

[root@host51 ~]# mkdir  /mybak
[root@host51 ~]# mysqldump  -uroot  -p"123456"   -A > /mybak/fulldata.sql[root@host51 ~]# wc  -l  /mybak/fulldata.sql
1370 /mybak/fulldata.sql[root@host51 ~]# scp   /mybak/fulldata.sql  root@192.168.4.52:/opt[root@host52 ~]# ls  /opt
fulldata.sql
[root@host52 ~]# mysql  -uroot  -p123qqq...A  <  /opt/fulldata.sql
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@host52 ~]# mysql  -uroot  -p123qqq...A
[root@host52 ~]# ls  /var/lib/mysql
auto.cnf         db1  ib_buffer_pool  mysql               public_key.pem
ca-key.pem       db2  ibdata1         mysql.sock          server-cert.pem
ca.pem           db3  ib_logfile0     mysql.sock.lock     server-key.pem
client-cert.pem  db4  ib_logfile1     performance_schema  sys
client-key.pem   db5  ibtmp1          private_key.pem     tian
[root@host52 ~]# systemctl  stop  mysqld
[root@host52 ~]# systemctl  start  mysqld
[root@host52 ~]# mysql  -uroot  -p123qqq...A
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root@host52 ~]# mysql  -uroot  -p123456[root@host51 ~]# mysqldump  -uroot  -p"123456"   db1 > /mybak/db1.sql
[root@host51 ~]# mysqldump  -uroot  -p"123456"  -B db2  db3  db5 > /mybak/thdb.sql
[root@host51 ~]# mysqldump  -uroot  -p"123456"  -B db3  user > /mybak/db3_user.sql
[root@host51 ~]# ls   /mybak/
db1.sql  db3_user.sql  fulldata.sql  thdb.sql
[root@host52 ~]# mysql  -uroot  -p123456
mysql> drop database  db1;
[root@host51 ~]# scp  /mybak/db1.sql   root@192.168.4.52:/root
[root@host52 ~]# ls
db1.sql[root@host52 ~]# mysql  -uroot  -p123456 db1  <  /root/db1.sql    #一定要在数据库内创建新的db1库
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1049 (42000): Unknown database 'db1'
[root@host52 ~]# mysql  -uroot  -p123456
mysql> create  database  db1;
[root@host52 ~]# mysql  -uroot  -p123456 db1  <  /root/db1.sql
*********************************************************************
[root@host52 ~]# mysql  -uroot  -p123456
mysql> use  db3;
mysql> show  tables;
+---------------+
| Tables_in_db3 |
+---------------+
| user          |
+---------------+
1 row in set (0.00 sec)mysql> drop table  user;
mysql> show  tables;
Empty set (0.00 sec
[root@host51 ~]# scp  /mybak/db3_user.sql   root@192.168.4.52:/root
[root@host52 ~]# ls
db1.sql
db3_user.sql
[root@host52 ~]# mysql  -uroot  -p123456  db3  <  /root/db3_user.sql
[root@host52 ~]# mysql  -uroot  -p123456
mysql> use  db3;
mysql> show  tables;
+---------------+
| Tables_in_db3 |
+---------------+
| user          |
+---------------+
1 row in set (0.01 sec)mysql> select  count(*)  from  db3.user;
+----------+
| count(*) |
+----------+
|       26 |
+----------+
1 row in set (0.00 sec)备份单个表,单个库时要指定库名,多个库,所有库时不需要指定库名
如果导入的库名与现在数据库的库名重复,那么现在数据库该库的数据会被覆盖完全备份的缺点:如果一直每天用完全备份,在执行第一天和第二天的备份之间,如果不小心删除了数据,只能找前一天的数据进行恢复,但完全备份只备份了前一天的数据,新产生的数据恢复不了

增量备份

binlog日志

  • 什么是binlog日志?
  1. 也称作二进制日志
  2. MySQL服务日志文件的一种
  3. 记录除查询(show,select,desc)之外的所有SQL命令
  4. 可用于数据备份与恢复
  5. 配置mysql主从同步的必要条件
  • 启用日志
配置项 用途
server_id=数字 指定id值(1-255)
log_bin=[目录名/文件名] 启用binlog日志
max_binlog_size=数值m 指定日志文件容量,默认1G 
修改主配置文件
[root@host51 ~]# vim  /etc/my.cnf      #修改配置文件,可以将17行的注释打开,也可以在[mysql]下面添加log_bin以及server_id号4 [mysqld]5 #skip-grant-tables6 secure_file_priv=/myload7 validate_password_policy=08 validate_password_length=69 server_id=5117  log_bin
[root@host51 ~]# ls  /var/lib/mysql      #修改完之后查看主目录,没有任何变化
auto.cnf         db1  ib_buffer_pool  mysql               public_key.pem
ca-key.pem       db2  ibdata1         mysql.sock          server-cert.pem
ca.pem           db3  ib_logfile0     mysql.sock.lock     server-key.pem
client-cert.pem  db4  ib_logfile1     performance_schema  sys
client-key.pem   db5  ibtmp1          private_key.pem     tian
[root@host51 ~]# systemctl  restart  mysqld    #重新起服务
[root@host51 ~]# ls  /var/lib/mysql        #此时,目录中多了两个以host51开头的二进制文件
auto.cnf         db1  host51-bin.000001  ib_logfile1      performance_schema  sys
ca-key.pem       db2  host51-bin.index   ibtmp1           private_key.pem     tian
ca.pem           db3  ib_buffer_pool     mysql            public_key.pem
client-cert.pem  db4  ibdata1            mysql.sock       server-cert.pem
client-key.pem   db5  ib_logfile0        mysql.sock.lock  server-key.pem
#host51-bin.000001为第一个日志文件  host51-bin.index为索引文件
[root@host51 ~]# cd /var/lib/mysql
[root@host51 mysql]# cat  host51-bin.index
./host51-bin.000001[root@host51 ~]# mysql  -uroot  -p123456
mysql> show  master   status;      #查看日志文件大小,初始为154
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| host51-bin.000001 |      154 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.01 sec)mysql> show  databases;       #查看库
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db1                |
| db2                |
| db3                |
| db4                |
| db5                |
| mysql              |
| performance_schema |
| sys                |
| tian               |
+--------------------+
10 rows in set (0.00 sec)mysql> show  master   status;      #查询命令不会记录在日志文件
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| host51-bin.000001 |      154 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> select  user();
+----------------+
| user()         |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
mysql> show  master   status;
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| host51-bin.000001 |      154 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)
mysql> insert  into  db3.user(name)  values("haha");    #插入数据
Query OK, 1 row affected (0.06 sec)mysql> show  master   status;    #此时再次查看日志,日志文件大小发生了改变
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| host51-bin.000001 |      431 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)
  • binlog相关文件

主机名-bin.index                         索引文件

主机名-bin.000001                      第一个二进制文件

主机名-bin.000002                      第二个二进制文件

  • 手动生成新的日志文件
  • 只有当文件大于1G才会自动生成,默认数据都会写在新生成的日志文件中,初始的日志文件大小为15mysql> flush  logs;

第一种方法:进入数据库,输入flush  logs命令

ysql> flush  logs;    #进入数据库,输入flush  logs命令
Query OK, 0 rows affected (0.01 sec)mysql> show  master   status;     #查看,此时生成了一个新的日志文件
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| host51-bin.000002 |      154 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)
[root@host51 lib]# ls  /var/lib/mysql    #再次查看数据库主目录,此时多出了一个002的新的二进制文件
auto.cnf         db1  host51-bin.000001  ib_logfile0  mysql.sock.lock     server-key.pem
ca-key.pem       db2  host51-bin.000002  ib_logfile1  performance_schema  sys
ca.pem           db3  host51-bin.index   ibtmp1       private_key.pem     tian
client-cert.pem  db4  ib_buffer_pool     mysql        public_key.pem
client-key.pem   db5  ibdata1            mysql.sock   server-cert.pem

第二种方法:

[root@host51 ~]# mysql  -uroot  -p123456  -e"flush  logs"[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db4                ib_logfile0         public_key.pem
ca-key.pem       db5                ib_logfile1         server-cert.pem
ca.pem           host51-bin.000001  ibtmp1              server-key.pem
client-cert.pem  host51-bin.000002  mysql               sys
client-key.pem   host51-bin.000003  mysql.sock          tian
db1              host51-bin.index   mysql.sock.lock
db2              ib_buffer_pool     performance_schema
db3              ibdata1            private_key.pem

第三种方法:

[root@host51 ~]# mysqldump  -uroot  -p123456  --flush-logs  db1  >  /mybak/db1.sql[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db4                ibdata1             private_key.pem
ca-key.pem       db5                ib_logfile0         public_key.pem
ca.pem           host51-bin.000001  ib_logfile1         server-cert.pem
client-cert.pem  host51-bin.000002  ibtmp1              server-key.pem
client-key.pem   host51-bin.000003  mysql               sys
db1              host51-bin.000004  mysql.sock          tian
db2              host51-bin.index   mysql.sock.lock
db3              ib_buffer_pool     performance_schema
[root@host51 ~]# mysqldump  -uroot  -p123456  --flush-logs -B db2  db3  >  /mybak/db1.sql    #导出多个数据库,会自动生成相对应的新的日志文件[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db4                host51-bin.index  mysql.sock.lock
ca-key.pem       db5                ib_buffer_pool    performance_schema
ca.pem           host51-bin.000001  ibdata1           private_key.pem
client-cert.pem  host51-bin.000002  ib_logfile0       public_key.pem
client-key.pem   host51-bin.000003  ib_logfile1       server-cert.pem
db1              host51-bin.000004  ibtmp1            server-key.pem
db2              host51-bin.000005  mysql             sys
db3              host51-bin.000006  mysql.sock        tian

第四种方法:

[root@host51 ~]# systemctl  restart  mysqld
[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db5                ib_buffer_pool      private_key.pem
ca-key.pem       host51-bin.000001  ibdata1             public_key.pem
ca.pem           host51-bin.000002  ib_logfile0         server-cert.pem
client-cert.pem  host51-bin.000003  ib_logfile1         server-key.pem
client-key.pem   host51-bin.000004  ibtmp1              sys
db1              host51-bin.000005  mysql               tian
db2              host51-bin.000006  mysql.sock
db3              host51-bin.000007  mysql.sock.lock
db4              host51-bin.index   performance_schema

清理日志

删除指定编号之前的binlog日志文件

Mysql  >  purge  master  logs  to "binlog文件名";

删除所有binlog日志,重新建日志

Mysql  >  reset  master;

[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db5                ib_buffer_pool      private_key.pem
ca-key.pem       host51-bin.000001  ibdata1             public_key.pem
ca.pem           host51-bin.000002  ib_logfile0         server-cert.pem
client-cert.pem  host51-bin.000003  ib_logfile1         server-key.pem
client-key.pem   host51-bin.000004  ibtmp1              sys
db1              host51-bin.000005  mysql               tian
db2              host51-bin.000006  mysql.sock
db3              host51-bin.000007  mysql.sock.lock
db4              host51-bin.index   performance_schema
[root@host51 ~]# mysql  -uroot  -p123456
mysql> purge  master  logs  to  "host51-bin.000003";      #删除编号是000003之前的binlog日志
[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db4                ib_buffer_pool   performance_schema
ca-key.pem       db5                ibdata1          private_key.pem
ca.pem           host51-bin.000003  ib_logfile0      public_key.pem
client-cert.pem  host51-bin.000004  ib_logfile1      server-cert.pem
client-key.pem   host51-bin.000005  ibtmp1           server-key.pem
db1              host51-bin.000006  mysql            sys
db2              host51-bin.000007  mysql.sock       tian
db3              host51-bin.index   mysql.sock.lock
mysql> reset  master;              #删除所有binlog日志,重建新的日志
Query OK, 0 rows affected (0.01 sec)
[root@host51 ~]# ls  /var/lib/mysql
auto.cnf         db1  host51-bin.000001  ib_logfile1      performance_schema  sys
ca-key.pem       db2  host51-bin.index   ibtmp1           private_key.pem     tian
ca.pem           db3  ib_buffer_pool     mysql            public_key.pem
client-cert.pem  db4  ibdata1            mysql.sock       server-cert.pem
client-key.pem   db5  ib_logfile0        mysql.sock.lock  server-key.pem

自定义日志目录和名称    

[root@host51 ~]# vim  /etc/my.cnf
17 log_bin=/mylog/tian
[root@host51 ~]# mkdir  /mylog
[root@host51 ~]# chown  mysql   /mylog
[root@host51 ~]# ls  -ld  /mylog
drwxr-xr-x. 2 mysql root 6 2月  18 14:10 /mylog
[root@host51 ~]# systemctl  restart  mysqld
[root@host51 ~]# ls  /mylog
tian.000001  tian.index
[root@host51 ~]# mysql  -uroot  -p123456  -e"flush  logs"
[root@host51 ~]# ls  /mylog
tian.000001  tian.000002  tian.index
[root@host51 ~]# mysql  -uroot  -p123456
mysql> show  master  status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000002 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> flush  logs;       mysql> show  master status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000003 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> flush  logs;mysql> show  master status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000004 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> purge  master  logs  to  "tian.000004";[root@host51 ~]# ls  /mylog
tian.000004  tian.index当想用某个日志文件只记录某个库下的数据,可以使用生成日志文件

恢复数据

分析日志

  • 查看日志当前的记录格式

mysql   >  show   variables  like  "binlog_format"

  • 日志的三种记录方式

1.statement                               报表模式

2.row                                         行模式(默认)

3.mixed                                      混合模式

  • 修改日志记录格式

[root@localhost ~]#   vim   /etc/my.cnf

[mysqld]

....

binlog_format="记录方式名"

[root@localhost ~]# systemctl  restart   mysqld

  • 查看日志内容

mysqlbinlog    [选项]     binlog日志文件名

选项 用途
--strat-datetime="yyyy-mm-dd  hh:mm:ss" 起始时间
--stop-datetime="yyyy-mm-dd  hh:mm:ss" 结束时间
--start-position 起始偏移量
--stop-postion 结束偏移量 
mysql> show  variables  like  "%binlog%";
+-----------------------------------------+----------------------+
| Variable_name                           | Value                |
+-----------------------------------------+----------------------+
| binlog_cache_size                       | 32768                |
| binlog_checksum                         | CRC32                |
| binlog_direct_non_transactional_updates | OFF                  |
| binlog_error_action                     | ABORT_SERVER         |
| binlog_format                           | ROW                  |
| binlog_group_commit_sync_delay          | 0                    |
| binlog_group_commit_sync_no_delay_count | 0                    |
| binlog_gtid_simple_recovery             | ON                   |
| binlog_max_flush_queue_time             | 0                    |
| binlog_order_commits                    | ON                   |
| binlog_row_image                        | FULL                 |
| binlog_rows_query_log_events            | OFF                  |
| binlog_stmt_cache_size                  | 32768                |
| innodb_api_enable_binlog                | OFF                  |
| innodb_locks_unsafe_for_binlog          | OFF                  |
| log_statements_unsafe_for_binlog        | ON                   |
| max_binlog_cache_size                   | 18446744073709547520 |
| max_binlog_size                         | 1073741824           |
| max_binlog_stmt_cache_size              | 18446744073709547520 |
| sync_binlog                             | 1                    |
+-----------------------------------------+----------------------+
20 rows in set (0.02 sec)[root@host51 ~]# vim  /etc/my.cnf
4 [mysqld]5 #skip-grant-tables6 secure_file_priv=/myload7 validate_password_policy=08 validate_password_length=69 server_id=5110 binlog_format="mixed"[root@host51 ~]# systemctl  restart mysqld
[root@host51 ~]# mysql  -uroot  -p123456
mysql> show  master  status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000006 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> show  variables  like   "%binlog%";
+-----------------------------------------+----------------------+
| Variable_name                           | Value                |
+-----------------------------------------+----------------------+
| binlog_cache_size                       | 32768                |
| binlog_checksum                         | CRC32                |
| binlog_direct_non_transactional_updates | OFF                  |
| binlog_error_action                     | ABORT_SERVER         |
| binlog_format                           | MIXED                |
| binlog_group_commit_sync_delay          | 0                    |
| binlog_group_commit_sync_no_delay_count | 0                    |
| binlog_gtid_simple_recovery             | ON                   |
| binlog_max_flush_queue_time             | 0                    |
| binlog_order_commits                    | ON                   |
| binlog_row_image                        | FULL                 |
| binlog_rows_query_log_events            | OFF                  |
| binlog_stmt_cache_size                  | 32768                |
| innodb_api_enable_binlog                | OFF                  |
| innodb_locks_unsafe_for_binlog          | OFF                  |
| log_statements_unsafe_for_binlog        | ON                   |
| max_binlog_cache_size                   | 18446744073709547520 |
| max_binlog_size                         | 1073741824           |
| max_binlog_stmt_cache_size              | 18446744073709547520 |
| sync_binlog                             | 1                    |
+-----------------------------------------+----------------------+
20 rows in set (0.00 sec)mysql> show  variables  like  "binlog_format";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| binlog_format | MIXED |
+---------------+-------+
1 row in set (0.03 sec)

恢复数据

  • 基本思路

使用mysqlbinlog提取历史SQL操作

通过管道交给mysql命令执行

  • 命令格式

mysqlbinlog     日志文件     |  mysql  -uroot  -p密码

  • 恢复所有数据
[root@host51 ~]# ls  /mylog
tian.000004  tian.index
[root@host51 ~]# mysqldump  -uroot  -p123456 --flush-logs  db3  user  >  /root/db3_user.sql
[root@host51 ~]# ls -l /root/db3_user.sql
-rw-r--r--. 1 root root 3699 2月  18 14:31 /root/db3_user.sql
[root@host51 ~]# ls
db3_user.sql
[root@host51 ~]# mysql  -uroot  -p123456
mysql> show  master status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000005 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)
mysql> select count(*)  from  db3.user;
+----------+
| count(*) |
+----------+
|       28 |
+----------+
1 row in set (0.00 sec)
mysql> insert  into  db3.user(name,uid)  values("aaaa",1);
Query OK, 1 row affected (0.00 sec)
...
mysql> show  master status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000005 |     3529 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> select count(*)  from  db3.user;
+----------+
| count(*) |
+----------+
|       40 |
+----------+
1 row in set (0.00 sec)
[root@host51 ~]# scp  /root/db3_user.sql  root@192.168.4.52:/root
[root@host51 ~]# scp  /mylog/tian.000005   root@192.168.4.52:/root[root@host52 ~]# ls
db3_user.sql  tian.000005
[root@host52 ~]# mysql  -uroot  -p123456
mysql> drop  database  db3;
[root@host52 ~]# mysql  -uroot  -p123456  -e  "show  databases"
mysql: [Warning] Using a password on the command line interface can be insecure.
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db1                |
| db2                |
| db4                |
| db5                |
| mysql              |
| performance_schema |
| sys                |
| tian               |
+--------------------+
[root@host52 ~]# mysql  -uroot  -p123456  -e  "create  database  db3"
[root@host52 ~]# mysql  -uroot  -p123456  db3  <  /root/db3_user.sql
[root@host52 ~]# mysql  -uroot  -p123456  -e  "select  count(*)  from  db3.user"
+----------+
| count(*) |
+----------+
|       28 |
+----------+
[root@host52 ~]# mysqlbinlog    /root/tian.000005   |  mysql  -uroot  -p123456
[root@host52 ~]# mysql  -uroot  -p123456  -e  "select  count(*)  from  db3.user"
+----------+
| count(*) |
+----------+
|       40 |
+----------+
  • 恢复部分新产生的数据

查看和修改日志文件记录的命令格式

区分记录的多条SQL命令:偏移量,binlog日志文件的默认初始偏移量为154;时间

mysql> show  variables  like  "%binlog%";
+-----------------------------------------+----------------------+
| Variable_name                           | Value                |
+-----------------------------------------+----------------------+
| binlog_cache_size                       | 32768                |
| binlog_checksum                         | CRC32                |
| binlog_direct_non_transactional_updates | OFF                  |
| binlog_error_action                     | ABORT_SERVER         |
| binlog_format                           | ROW                  |
| binlog_group_commit_sync_delay          | 0                    |
| binlog_group_commit_sync_no_delay_count | 0                    |
| binlog_gtid_simple_recovery             | ON                   |
| binlog_max_flush_queue_time             | 0                    |
| binlog_order_commits                    | ON                   |
| binlog_row_image                        | FULL                 |
| binlog_rows_query_log_events            | OFF                  |
| binlog_stmt_cache_size                  | 32768                |
| innodb_api_enable_binlog                | OFF                  |
| innodb_locks_unsafe_for_binlog          | OFF                  |
| log_statements_unsafe_for_binlog        | ON                   |
| max_binlog_cache_size                   | 18446744073709547520 |
| max_binlog_size                         | 1073741824           |
| max_binlog_stmt_cache_size              | 18446744073709547520 |
| sync_binlog                             | 1                    |
+-----------------------------------------+----------------------+
20 rows in set (0.02 sec)[root@host51 ~]# vim  /etc/my.cnf4 [mysqld]5 #skip-grant-tables6 secure_file_priv=/myload7 validate_password_policy=08 validate_password_length=69 server_id=5110 binlog_format="mixed"[root@host51 ~]# systemctl  restart mysqld
[root@host51 ~]# mysql  -uroot  -p123456
mysql> show  master  status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000006 |      154 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)mysql> show  variables  like  "binlog_format";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| binlog_format | MIXED |
+---------------+-------+
1 row in set (0.03 sec)mysql> insert  into  db3.user(name,uid)  values("bob" ,888);
mysql> insert  into  db3.user(name,uid)  values("bob" ,888);
mysql> insert  into  db3.user(name,uid)  values("bob" ,888);mysql> delete  from  db3.user  where  name  like  "aaa%";
Query OK, 5 rows affected (0.03 sec)mysql> update  db3.user  set  gid=2020  where  id<=10;
Query OK, 10 rows affected (0.02 sec)
Rows matched: 10  Changed: 10  Warnings: 0mysql> show  master  status;
+-------------+----------+--------------+------------------+-------------------+
| File        | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------+----------+--------------+------------------+-------------------+
| tian.000006 |     1696 |              |                  |                   |
+-------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)[root@host51 ~]# ls  /mylog
tian.000004  tian.000005  tian.000006  tian.index
[root@host51 ~]# scp   /mylog/tian.000006   root@192.168.4.52:/root#######在host52(192.168.4.52)主机上读取日志内容恢复数据
[root@host52 ~]# mysqlbinlog   /root/tian.000006     #读取日志文件内容,查看其起始偏移量以及结束偏移量
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
DELIMITER /*!*/;
# at 4
#200218 15:23:44 server id 51  end_log_pos 123 CRC32 0x5e885f9a     Start: binlog v 4, server v 5.7.17-log created 200218 15:23:44 at startup
# Warning: this binlog is either in use or was not closed properly.
ROLLBACK/*!*/;
BINLOG '
AJFLXg8zAAAAdwAAAHsAAAABAAQANS43LjE3LWxvZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAkUteEzgNAAgAEgAEBAQEEgAAXwAEGggAAAAICAgCAAAACgoKKioAEjQA
AZpfiF4=
'/*!*/;
# at 123
#200218 15:23:44 server id 51  end_log_pos 154 CRC32 0xf9838a23     Previous-GTIDs
# [empty]
# at 154
#200218 15:26:17 server id 51  end_log_pos 219 CRC32 0x4aecb3cc     Anonymous_GTID  last_committed=0   sequence_number=1
SET @@SESSION.GTID_NEXT= 'ANONYMOUS'/*!*/;
# at 219
#200218 15:26:17 server id 51  end_log_pos 293 CRC32 0xde3a9032     Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010777/*!*/;
SET @@session.pseudo_thread_id=3/*!*/;
SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=0, @@session.unique_checks=1, @@session.autocommit=1/*!*/;
SET @@session.sql_mode=1436549152/*!*/;
SET @@session.auto_increment_increment=1, @@session.auto_increment_offset=1/*!*/;
/*!\C utf8 *//*!*/;
SET @@session.character_set_client=33,@@session.collation_connection=33,@@session.collation_server=8/*!*/;
SET @@session.lc_time_names=0/*!*/;
SET @@session.collation_database=DEFAULT/*!*/;
BEGIN
/*!*/;
# at 293
# at 325
#200218 15:26:17 server id 51  end_log_pos 325 CRC32 0xa1ecd5ea     Intvar
SET INSERT_ID=75/*!*/;
#200218 15:26:17 server id 51  end_log_pos 446 CRC32 0xf0564a48     Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010777/*!*/;
insert  into  db3.user(name,uid)  values("bob" ,888)
/*!*/;
# at 446
#200218 15:26:17 server id 51  end_log_pos 477 CRC32 0x39358b0d     Xid = 6
COMMIT/*!*/;
# at 477
#200218 15:26:18 server id 51  end_log_pos 542 CRC32 0x405ebe42     Anonymous_GTID  last_committed=1   sequence_number=2
SET @@SESSION.GTID_NEXT= 'ANONYMOUS'/*!*/;
# at 542
#200218 15:26:18 server id 51  end_log_pos 616 CRC32 0x30796267     Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010778/*!*/;
BEGIN
/*!*/;
# at 616
# at 648
#200218 15:26:18 server id 51  end_log_pos 648 CRC32 0xade407c5     Intvar
SET INSERT_ID=76/*!*/;
#200218 15:26:18 server id 51  end_log_pos 769 CRC32 0xe5bfc8f4     Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010778/*!*/;
insert  into  db3.user(name,uid)  values("bob" ,888)
/*!*/;
# at 769
#200218 15:26:18 server id 51  end_log_pos 800 CRC32 0xf8b13fe7     Xid = 7
COMMIT/*!*/;
# at 800
#200218 15:26:18 server id 51  end_log_pos 865 CRC32 0x9029a771     Anonymous_GTID  last_committed=2   sequence_number=3
SET @@SESSION.GTID_NEXT= 'ANONYMOUS'/*!*/;
# at 865
#200218 15:26:18 server id 51  end_log_pos 939 CRC32 0x7b608b92     Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010778/*!*/;
BEGIN
/*!*/;
# at 939
# at 971
#200218 15:26:18 server id 51  end_log_pos 971 CRC32 0x27c7f729     Intvar
SET INSERT_ID=77/*!*/;
#200218 15:26:18 server id 51  end_log_pos 1092 CRC32 0x78ab151e    Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010778/*!*/;
insert  into  db3.user(name,uid)  values("bob" ,888)
/*!*/;
# at 1092
#200218 15:26:18 server id 51  end_log_pos 1123 CRC32 0x613af939    Xid = 8
COMMIT/*!*/;
# at 1123
#200218 15:26:59 server id 51  end_log_pos 1188 CRC32 0xb2ef9056    Anonymous_GTID  last_committed=3   sequence_number=4
SET @@SESSION.GTID_NEXT= 'ANONYMOUS'/*!*/;
# at 1188
#200218 15:26:59 server id 51  end_log_pos 1262 CRC32 0x913ad69e    Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010819/*!*/;
BEGIN
/*!*/;
# at 1262
#200218 15:26:59 server id 51  end_log_pos 1380 CRC32 0xeb0f4e12    Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010819/*!*/;
delete  from  db3.user  where  name  like  "aaa%"
/*!*/;
# at 1380
#200218 15:26:59 server id 51  end_log_pos 1411 CRC32 0x2f718d62    Xid = 9
COMMIT/*!*/;
# at 1411
#200218 15:27:43 server id 51  end_log_pos 1476 CRC32 0x9022267b    Anonymous_GTID  last_committed=4   sequence_number=5
SET @@SESSION.GTID_NEXT= 'ANONYMOUS'/*!*/;
# at 1476
#200218 15:27:43 server id 51  end_log_pos 1550 CRC32 0x99883f65    Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010863/*!*/;
BEGIN
/*!*/;
# at 1550
#200218 15:27:43 server id 51  end_log_pos 1665 CRC32 0xb4a84776    Query   thread_id=3    exec_time=0    error_code=0
SET TIMESTAMP=1582010863/*!*/;
update  db3.user  set  gid=2020  where  id<=10
/*!*/;
# at 1665
#200218 15:27:43 server id 51  end_log_pos 1696 CRC32 0xb21b5029    Xid = 10
COMMIT/*!*/;
SET @@SESSION.GTID_NEXT= 'AUTOMATIC' /* added by mysqlbinlog */ /*!*/;
DELIMITER ;
# End of log file
/*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=0*/;[root@host52 ~]# mysqlbinlog   --start-position=325   --stop-position=1123   /root/tian.000006    |  mysql  -uroot  -p123456[root@host52 ~]# mysql  -uroot  -p123456mysql> select  *  from  db3.user  where  name regexp  "^bob";
+----+------+------+----------+------+------+---------+---------+-------+
| id | name | age  | password | uid  | gid  | comment | homedir | shell |
+----+------+------+----------+------+------+---------+---------+-------+
| 55 | bob  |   20 | NULL     | NULL | NULL | NULL    | NULL    | NULL  |
| 75 | bob  |   20 | NULL     |  888 | NULL | NULL    | NULL    | NULL  |
| 76 | bob  |   20 | NULL     |  888 | NULL | NULL    | NULL    | NULL  |
| 77 | bob  |   20 | NULL     |  888 | NULL | NULL    | NULL    | NULL  |
+----+------+------+----------+------+------+---------+---------+-------+
4 rows in set (0.00 sec)

DBA基础(一)用户授权相关推荐

  1. k8s基础11——安全控制之RBAC用户授权、RBAC用户组授权、SA程序授权

    文章目录 一.K8s安全框架 1.1 鉴权 1.1.1 HTTPS证书认证 1.1.2 HTTP Token认证 1.2 授权 1.3 准入控制 1.4 集群四大角色 二.RBAC给用户授权(TLS) ...

  2. 新浪微博开发平台基于php的sdk包(包含demo程序),新浪微博API开发简介之用户授权(PHP基础篇)...

    现在玩微博的人越来越多了,而关于微博的第三方应用开发也越来越多,自己在偶然间开始接触了新浪微博API开发,新浪微博API开发的资源比较多,新浪微博提供了一个开发者的平台,网址是:http://open ...

  3. SQL语言基础:SQL授权相关知识笔记​

    1.数据控制 数据控制是控制对用户存取的权力,由DBA来决定.DBMS数据控制与功能: 1.通过GRANT和REVOKE将授权通知系统,并存入数据字典. 2.当用户发起请求时,根据授权情况检查是否执行 ...

  4. MySQL基本用户授权步骤

    1.MySQL用户授权步骤: select distinct concat('user: ''',user,'''@''',host,''';') as query from mysql.user; ...

  5. Oracle创建用户,创建表空间,将空间分配给用户,给用户授权

    新建一个表空间,并把它分配给一个用户就可以了. 以管理员身份登录的: 查询当前用户: show user; 1.首先,创建(新)用户:     create user username identif ...

  6. 创建表空间创建用户以及用户授权

    --创建表空间 create tablespace leon datafile 'c:\leon.dbf' size 100m autoextend on next 10m; --删除表空间 drop ...

  7. Oracle教程之oracle 给用户授权

    oracle 给用户授权_oracle 用户授权_oracle用户授权 grant(授权)命令 下面对创建的用户user01授权,命令如下: grant connect, resource to us ...

  8. 用命令创建表空间、用户,并为用户授权、收回权限。

    oracle中如何删除用户? Oracle中使用DROP USER来删除用户,如果使用DROP USER CASCADE那么用户的对象也同时被删除掉.为了达到删除用户的效果而又不影响对用户下的对象的使 ...

  9. oracle用户新增数据文件,[数据库]20200722_Oracle添加表空间、用户,用户授权

    [数据库]20200722_Oracle添加表空间.用户,用户授权 0 2020-07-25 17:00:30 --创建表空间CREATE TABLESPACE aifu --表空间名 aifu LO ...

最新文章

  1. vue 循环tabs 标签页 组件_vue学习笔记--v-for循环标签页label并实现根据不同label表格切换...
  2. 谷歌提出“T5” 新NLP模型,突破迁移学习局限,多基准测试达SOTA!
  3. 当DiscuzNT遇上了Loadrunner(中)
  4. dubbo请求调用过程分析
  5. 成功解决Runtime Error Selected KDE bandwidth is 0. Cannot estiam
  6. UNITY IMGUI
  7. Node.js中的常用工具类util
  8. 分析一周后终于明白,为什么说不注重数据的企业会被时代淘汰?
  9. JQuery1.11版本对prop和attr接口的含义分离导致问题分析
  10. java a =a-=aa_java 初学 :求 s=a+aa+aaa+aaaa+aa...a 的值,其中 a 是一个数字。几个 数相加由键盘控制。...
  11. JAVA环境变量安装
  12. 【渝粤教育】国家开放大学2018年秋季 0179-21T数据库基础与应用 参考试题
  13. ubuntu编译linux kernel v2.6.30 各种错误排除
  14. iGoogle创新设计大赛
  15. Toy例程导读(三).高级语言分析和转换
  16. 10G 网络变压器 10GBASE-T与1000Base-T区别
  17. 【矩阵论】矩阵的相似标准型(3)
  18. 反相器 CMOS制造(Fabrication)与布局(Layout)
  19. macbook如何使用visual studio code进行c语言编程
  20. 高斯判别分析(GDA)

热门文章

  1. 上古时期的 TeX Users 都有哪些当今 TeX Users 无法想象的神级操作?
  2. 深度学习 Deep Learning with MATLAB(懒人版)
  3. 图形处理(四)基于梯度场的网格编辑-Siggraph 2004
  4. 如何快速研究透一篇 Paper 并提出有价值的问题?
  5. SIFT特征及特征匹配:SIFT and feature matching
  6. 【caffe】windows下caffe+vs2013+python2.7+cuda8.0+cmake3.8编译与配置
  7. Centos7 配置静态ip地址
  8. GDI绘制时钟效果,与系统时间保持同步,基于Winform
  9. BZOJ 1001: [BeiJing2006]狼抓兔子【最大流/SPFA+最小割,多解】
  10. 《Cisco IOS XR技术精要》一4.4 理解二级提交模型