mysql数据库指定ip远程访问(设置远程连接),赋权操作
mysql数据库指定ip远程访问(设置远程连接)
远程访问mysql报错,ip不允许链接的情况:
错误号码1045
Access denied for user '用户名' @'数据库地址' (using password:YES)
1.登录
# 连接格式 mysql -h数据库服务器地址 -P端口 -u用户名 -p"密码"; # 示例 mysql -h127.0.0.1 -P3306 -uroot -p"密码"; # 简写(数据库服务器地址默认,一般是指直接在数据库服务上操作) mysql -uroot -p"密码";
之后输入密码进行登录。
2.设置远程访问,及权限设置明
2.1,创建用户,并设置允许的远程ip访问权限
# 创建用户 create user '新用户名'@'允许的来源ip' identified by '新用户的密码'; # 查看是否创建成功 select Host,User from mysql.user; # 删除用户 drop user '用户名'@'主机';
2.2,命令解释
第一行是创建新用户(如果您想直接开放root用户则不需要新创建),其中密码是新用户的密码, 其中ip是允许远程访问的IP的值。
第二行是查看mysql系统用户表,检查新建用户是否成功。
mysql赋权操作
v8及以前:
# mysql的赋权操作(适用v8以前版本): GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘%‘ IDENTIFIED BY ‘密码‘ WITH GRANT OPTION; # 变更权限后执行刷新权限才能生效 flush privileges;
with grant option是指允许用户dba,传递其拥有的权限给其他的用户。
mysql8中应该使用:
#mysql8中应该使用: grant all privileges on *.* to 'root'@'%' ;
【赋权命令格式解释】
GRANT:赋权命令
ALL PRIVILEGES:当前用户的所有权限
ON:介词
*.*:当前用户对所有数据库和表的相应操作权限
TO:介词
‘root’@’%’:权限赋给root用户,所有ip都能连接
IDENTIFIED BY ‘123456’:连接时输入密码,密码为123456
WITH GRANT OPTION:允许级联赋权
# 设置用户授权格式 grant 权限 on *.* to '新用户名'@'允许的来源ip'; # 示例一:指定【db_DeviceRepairMS】数据库【所有权限】给xxh用户 grant all privileges on db_DeviceRepairMS.* to xxh; # 示例二:指定【db_DeviceRepairMS】数据库【某些权限】给xxh用户 grant select,insert,update,delete,create,execute,index,alter on db_DeviceRepairMS.* to xxh@'%'; # 设置用户授权(该示例只有“select,execute,index”这3个权限哦) grant select,execute,index on *.* to '新用户名'@'允许的来源ip'; #刷新权限 flush privileges;
收回权限
# 收回用户someone的所有库和表的“insert”权限 revoke insert on *.* from 'someone'@'%'; # 收回用户somebody已经拥有的with grant option权限 revoke grant option on *.* from somebody;
revoke跟grant语法差不多,只需要把关键字 “to” 换成 “from” 即可,并且revoke语句中不需要跟密码设置。
注意:revoke可以回收所有权限,也可以回收部分权限。
查看权限
# 查看mysql系统所有权限
show privileges;
# 查看当前用户权限
SHOW GRANTS;
# 或
SHOW GRANTS FOR CURRENT_USER;
# 或
SHOW GRANTS FOR CURRENT_USER();
# 查看某用户的全局权限
SHOW GRANTS FOR 'user'@'主机地址' ;
权限列表:
mysql> show privileges; +-------------------------+---------------------------------------+-------------------------------------------------------+ | Privilege | Context | Comment | +-------------------------+---------------------------------------+-------------------------------------------------------+ | Alter | Tables | To alter the table | | Alter routine | Functions,Procedures | To alter or drop stored functions/procedures | | Create | Databases,Tables,Indexes | To create new databases and tables | | Create routine | Databases | To use CREATE FUNCTION/PROCEDURE | | Create temporary tables | Databases | To use CREATE TEMPORARY TABLE | | Create view | Tables | To create new views | | Create user | Server Admin | To create new users | | Delete | Tables | To delete existing rows | | Drop | Databases,Tables | To drop databases, tables, and views | | Event | Server Admin | To create, alter, drop and execute events | | Execute | Functions,Procedures | To execute stored routines | | File | File access on server | To read and write files on the server | | Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess | | Index | Tables | To create or drop indexes | | Insert | Tables | To insert data into tables | | Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) | | Process | Server Admin | To view the plain text of currently executing queries | | Proxy | Server Admin | To make proxy user possible | | References | Databases,Tables | To have references on tables | | Reload | Server Admin | To reload or refresh tables, logs and privileges | | Replication client | Server Admin | To ask where the slave or master servers are | | Replication slave | Server Admin | To read binary log events from the master | | Select | Tables | To retrieve rows from table | | Show databases | Server Admin | To see all databases with SHOW DATABASES | | Show view | Tables | To see views with SHOW CREATE VIEW | | Shutdown | Server Admin | To shut down the server | | Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. | | Trigger | Tables | To use triggers | | Create tablespace | Server Admin | To create/alter/drop tablespaces | | Update | Tables | To update existing rows | | Usage | Server Admin | No privileges - allow connect only | +-------------------------+---------------------------------------+-------------------------------------------------------+ 31 rows in set (0.00 sec)
注:以上结果查看自 Server version: 5.7.35-log MySQL Community Server (GPL)
更新授权时忘记密码怎么办?
授权后的密码是密文形式保存的,如果记不住之前授权时的密码,那么怎样保证覆盖后的权限跟之前的权限一致?
grant授权操作中其实不仅可以设置明文密码,也可以设置密文密码,如下:
1)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by "明文密码"
2)grant 权限列表 on 库.表.* to '用户名'@'ip' identified by password "密文密码"
也就是说,在grant重置权限的时候可以用查看的密文密码当做新的密码,然后去覆盖之前的权限,这就保证了修改前后的密码一致!
参考:
