51工具盒子mysql数据库指定ip远程访问(设置远程连接),赋权操作{#cb_post_title_url}
mysql数据库指定ip远程访问(设置远程连接)
远程访问mysql报错,ip不允许链接的情况:
错误号码1045
Access denied for user '用户名' @'数据库地址' (using password:YES)
1.登录
# 连接格式
mysql -h数据库服务器地址 -P端口 -u用户名 -p"密码";
# 示例
mysql -h127.0.0.1 -P3306 -uroot -p"密码";
# 简写(数据库服务器地址默认,一般是指直接在数据库服务上操作)
mysql -uroot -p"密码";
之后输入密码进行登录。
2.设置远程访问,及权限设置明
2.1,创建用户,并设置允许的远程ip访问权限
# 创建用户create user '新用户名'@'允许的来源ip' identified by '新用户的密码';
# 查看是否创建成功select Host,User from mysql.user;
# 删除用户drop user '用户名'@'主机';
2.2,命令解释
第一行是创建新用户(如果您想直接开放root用户则不需要新创建),其中密码是新用户的密码, 其中ip是允许远程访问的IP的值。
第二行是查看mysql系统用户表,检查新建用户是否成功。
mysql赋权操作
v8及以前:
# mysql的赋权操作(适用v8以前版本):GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘%‘ IDENTIFIED BY ‘密码‘ WITH GRANT OPTION;
# 变更权限后执行刷新权限才能生效
flush privileges;
with grant option是指允许用户dba,传递其拥有的权限给其他的用户。
mysql8中应该使用:
#mysql8中应该使用:grant all privileges on *.* to 'root'@'%' ;
【赋权命令格式解释】
GRANT:赋权命令
ALL PRIVILEGES:当前用户的所有权限
ON:介词
*.*:当前用户对所有数据库和表的相应操作权限
TO:介词
'root'@'%':权限赋给root用户,所有ip都能连接
IDENTIFIED BY '123456':连接时输入密码,密码为123456
WITH GRANT OPTION:允许级联赋权
# 设置用户授权格式grant 权限 on *.* to '新用户名'@'允许的来源ip';
# 示例一:指定【db_DeviceRepairMS】数据库【所有权限】给xxh用户grant all privileges on db_DeviceRepairMS.* to xxh;
# 示例二:指定【db_DeviceRepairMS】数据库【某些权限】给xxh用户grant select,insert,update,delete,create,execute,index,alter on db_DeviceRepairMS.* to xxh@'%';
# 设置用户授权(该示例只有“select,execute,index”这3个权限哦)grant select,execute,index on *.* to '新用户名'@'允许的来源ip';
#刷新权限
flush privileges;
收回权限
# 收回用户someone的所有库和表的“insert”权限revoke insert on *.* from 'someone'@'%';
# 收回用户somebody已经拥有的with grant option权限revoke grant option on *.* from somebody;
revoke跟grant语法差不多,只需要把关键字 "to" 换成 "from" 即可,并且revoke语句中不需要跟密码设置。
注意:revoke可以回收所有权限,也可以回收部分权限。
查看权限
# 查看mysql系统所有权限
show privileges;
# 查看当前用户权限
SHOW GRANTS;
# 或
SHOW GRANTS FOR CURRENT_USER;
# 或
SHOW GRANTS FOR CURRENT_USER();
# 查看某用户的全局权限
SHOW GRANTS FOR 'user'@'主机地址' ;
权限列表:
mysql> show privileges;+-------------------------+---------------------------------------+-------------------------------------------------------+| Privilege | Context | Comment |+-------------------------+---------------------------------------+-------------------------------------------------------+| Alter | Tables | To alter the table || Alter routine | Functions,Procedures | To alter or drop stored functions/procedures || Create | Databases,Tables,Indexes | To create new databases and tables || Create routine | Databases | To use CREATE FUNCTION/PROCEDURE || Create temporary tables | Databases | To use CREATE TEMPORARY TABLE || Create view | Tables | To create new views || Create user | Server Admin | To create new users || Delete | Tables | To delete existing rows || Drop | Databases,Tables | To drop databases, tables, and views || Event | Server Admin | To create, alter, drop and execute events || Execute | Functions,Procedures | To execute stored routines || File | File access on server | To read and write files on the server || Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess || Index | Tables | To create or drop indexes || Insert | Tables | To insert data into tables || Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) || Process | Server Admin | To view the plain text of currently executing queries || Proxy | Server Admin | To make proxy user possible || References | Databases,Tables | To have references on tables || Reload | Server Admin | To reload or refresh tables, logs and privileges || Replication client | Server Admin | To ask where the slave or master servers are || Replication slave | Server Admin | To read binary log events from the master || Select | Tables | To retrieve rows from table || Show databases | Server Admin | To see all databases with SHOW DATABASES || Show view | Tables | To see views with SHOW CREATE VIEW || Shutdown | Server Admin | To shut down the server || Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. || Trigger | Tables | To use triggers || Create tablespace | Server Admin | To create/alter/drop tablespaces || Update | Tables | To update existing rows || Usage | Server Admin | No privileges - allow connect only |+-------------------------+---------------------------------------+-------------------------------------------------------+31 rows in set (0.00 sec)
注:以上结果查看自 Server version: 5.7.35-log MySQL Community Server (GPL)
更新授权时忘记密码怎么办?
授权后的密码是密文形式保存的,如果记不住之前授权时的密码,那么怎样保证覆盖后的权限跟之前的权限一致?
grant授权操作中其实不仅可以设置明文密码,也可以设置密文密码,如下:
1)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by "明文密码 "
2)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by password "密文密码"
也就是说,在grant重置权限的时候可以用查看的密文密码当做新的密码,然后去覆盖之前的权限,这就保证了修改前后的密码一致!
参考:
