mysql all_同样是MySQL的all privileges有啥不同？

db.* 和 . 上面的all privileges 有啥不一样。

咱当兵的人，有啥不一样...(一起唱)

首先安装MySQL启动

root@pts/0 $ wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

--2018-08-02 18:13:58-- http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

Resolving repo.mysql.com (repo.mysql.com)... 23.36.193.224

Connecting to repo.mysql.com (repo.mysql.com)|23.36.193.224|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 6140 (6.0K) [application/x-redhat-package-manager]

Saving to: ‘mysql-community-release-el7-5.noarch.rpm’

100%[====================================================================================================================================================================================================================================>] 6,140 16.6KB/s in 0.4s r

2018-08-02 18:13:59 (16.6 KB/s) - ‘mysql-community-release-el7-5.noarch.rpm’ saved [6140/6140]

vpc-devops-ossimport [~] 2018-08-02 18:13:59

root@pts/0 $ rpm -ivh mysql-community-release-el7-5.noarch.rpm

Preparing... ################################# [100%]

Updating / installing...

1:mysql-community-release-el7-5 ################################# [100%]

vpc-devops-ossimport [~] 2018-08-02 18:14:04

root@pts/0 $ yum install mysql-community-server mysql-community-client mysql-community-devel

Loaded plugins: fastestmirror, priorities

Loading mirror speeds from cached hostfile

mysql-connectors-community | 2.5 kB 00:00:00

mysql-tools-community | 2.5 kB 00:00:00

mysql56-community

root@pts/0 $ systemctl enable mysqld

vpc-devops-ossimport [~] 2018-08-02 18:15:18

root@pts/0 $ systemctl start mysqld

vpc-devops-ossimport [~] 2018-08-02 18:15:30

root@pts/0 $ ps -ef|grep msyql

root 1112 630 0 18:15 pts/0 00:00:00 grep --color msyql

vpc-devops-ossimport [~] 2018-08-02 18:15:44

root@pts/0 $ ps -ef|grep mysql

mysql 898 1 0 18:15 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr

mysql 1079 898 1 18:15 ? 00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock

root 1120 630 0 18:15 pts/0 00:00:00 grep --color mysql

初始化数据库登录。看到三个系统默认的数据库和初始的账号情况

mysql> show databases ;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

+--------------------+

3 rows in set (0.00 sec)

mysql> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select user,host from mysql.user ;

+------+----------------------+

| user | host |

+------+----------------------+

| root | 127.0.0.1 |

| root | ::1 |

| | localhost |

| root | localhost |

| | vpc-devops-ossimport |

| root | vpc-devops-ossimport |

+------+----------------------+

6 rows in set (0.00 sec)

验证过程

平时创建账号的时候，可以分为两大类，一类是业务系统的账号，基于具体的数据库上面做的操作。一类是管理员账号，会涉及到像 mysql、information_schema、performance_schema 用户做统计、分析等

所以创建一个新的数据库。模拟业务数据库。

mysql> create database devops ;

Query OK, 1 row affected (0.00 sec)

分别创建基于“业务”和基于“管理员”的所有权限“all privileges”

grant all privileges

mysql> grant all privileges on devops.* to ops1@'%' identified by 'devops1';

Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on devops.* to ops2@'%' identified by 'devops2' with grant option;

Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on *.* to ops3@'%' identified by 'devops3';

Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on *.* to ops4@'%' identified by 'devops4' with grant option ;

Query OK, 0 rows affected (0.00 sec)

check all privileges

mysql> show grants for ops1;

+-----------------------------------------------------------------------------------------------------+

| Grants for ops1@% |

+-----------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913' |

| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops1'@'%' |

+-----------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)

mysql> show grants for ops2;

+-----------------------------------------------------------------------------------------------------+

| Grants for ops2@% |

+-----------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4' |

| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops2'@'%' WITH GRANT OPTION |

+-----------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)

mysql> show grants for ops3;

+--------------------------------------------------------------------------------------------------------------+

| Grants for ops3@% |

+--------------------------------------------------------------------------------------------------------------+

| GRANT ALL PRIVILEGES ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |

+--------------------------------------------------------------------------------------------------------------+

1 row in set (0.00 sec)

mysql> show grants for ops4;

+--------------------------------------------------------------------------------------------------------------------------------+

| Grants for ops4@% |

+--------------------------------------------------------------------------------------------------------------------------------+

| GRANT ALL PRIVILEGES ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |

+--------------------------------------------------------------------------------------------------------------------------------+

1 row in set (0.00 sec)

分析

从上面看到大家显示的都会all privilges，实际看不出来什么，所以我们可以反向考虑。我回收一个基本的select 权限。看看剩余的权限都有哪些。

为啥这样呢。可以把all privileges 看成一个整体，拿走一个就不是整体了那就会把其余的全部列出来展现。

revoke select

mysql> revoke select on devops.* from 'ops1'@'%' ;

Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on devops.* from 'ops2'@'%' ;

Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on *.* from 'ops3'@'%' ;

Query OK, 0 rows affected (0.00 sec)

mysql> revoke select on *.* from 'ops4'@'%' ;

Query OK, 0 rows affected (0.00 sec)

check all privileges again

mysql> show grants for ops1;

| Grants for ops1@% |

| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913' |

| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `devops`.* TO 'ops1'@'%' |

2 rows in set (0.00 sec)

mysql> show grants for ops2;

| Grants for ops2@% |

| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4' |

2 rows in set (0.00 sec)

mysql> show grants for ops3;

+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| Grants for ops3@% |

| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |

1 row in set (0.00 sec)

mysql> show grants for ops4;

| Grants for ops4@% |

| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |

1 row in set (0.00 sec)

整理对比

因为上面四种情况最终的显示不是很对应。这里认为整理下如下

## 基于业务的 all privileges

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER

## 基于管理员的all privileges

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE

结论

对比之后发现，基于管理员(.) 的所有权限比基于业务库(somedb.*) 上的所有权限多出了一下权限

RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE

mysql all_同样是MySQL的all privileges有啥不同？相关推荐

mysql 授权 all,mysql 赋给用户权限 grant all privileges on mysql数据库授权问题
遇到了 SQLException: access denied for @'localhost' (using password: no) 解决办法 grant all privileges o ...
is this mysql server_远程连接MySQL数据库报错：is not allowed to connect to this MYSQL server的解决办法...
1. 改表法. 可能是你的帐号不允许从远程登陆,只能在localhost.这个时候只要在localhost的那台电脑,登入MySQL后,更改 "mysql" 数据库里的 " ...
linux 修改mysql root密码_Linux mysql如何更改root密码
说到root密码,很多人想到的是电脑系统的root账号密码,其实mysql也有root密码,那么在Linux系统中,mysql要如何修改root密码呢?特别是忘记了root密码要怎么办? 通过登录my ...
MYSQL添加新用户 MYSQL为用户创建数据库 MYSQL为新用户分配权限
2019独角兽企业重金招聘Python工程师标准>>> 1.新建用户 //登录MYSQL @>mysql -u root -p @>密码 //创建用户 mysql> ...
项目性能优化(MySQL读写分离、MySQL主从同步、Django实现MySQL读写分离)
当项目中数据库表越来越多,数据量也逐渐增多时,需要做数据库的安全和性能的优化.对于数据库的优化,可以选择使用MySQL读写分离实现. 1.MySQL主从同步 1.主从同步机制 1.1.主从同步介绍和优 ...
linux下mysql授权_linux下mysql命令(用户授权、数据导入导出)
1,linux下启动mysql的命令: 复制代码代码示例: mysqladmin start /ect/init.d/mysql start (前面为mysql的安装路径) 2,linux下重启my ...
远程连接docker中的mysql容器_docker构建mysql容器及Navicat 远程连接
1. MySQL部署 1.1拉取MySQL镜像 docker pull mysql 查看镜像 docker images 1.2创建MySQL容器首先建立所需要的文件夹: docker run - ...
centos6.5 mysql 远程访问_centos6.5 mysql 设置支持远程ip访问
# mysql -uroot -p mysql> use mysql; mysql> select Host,User from user; 只需要展示用户名和host即可 mysql&g ...
mysql优化零基础_MySQL8数据库 | MySQL调优｜MySQL底层原理｜MySQL零基础新手教程
MySQL8数据库安装一.Windows 环境下安装 Select Operating System: Microsoft Windows B.解压并配置MySQL环境变量 MYSQL_HOME: ...

mysql all_同样是MySQL的all privileges有啥不同？

mysql all_同样是MySQL的all privileges有啥不同？相关推荐

最新文章

热门文章