五.MySQL的权限管理
MySQL的权限管理非常复杂,可以说这是它的得意之处,安全的管理有利于系统的稳抖?
基本原则: [user] from [host] to [db] (of localhost)
系统数据库中有四个分区:func,user,db,host.其中后三个有关权限管理.
它们的结构如下:
Database: mysql Table: user Rows: 3
+---------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------------+----------+------+-----+---------+-------+
| Host | char(60) | | PRI | | |
| User | char(16) | | PRI | | |
| password | char(16) | | | | |
| ......_priv | char(1) | | | N | |
+---------------+----------+------+-----+---------+-------+
Database: mysql Table: db Rows: 3
+-------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+----------+------+-----+---------+-------+
| Host | char(60) | | PRI | | |
| Db | char(32) | | PRI | | |
| User | char(16) | | PRI | | |
| ......_priv | char(1) | | | N | |
+-------------+----------+------+-----+---------+-------+
Database: mysql Table: host Rows: 0
+-------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+----------+------+-----+---------+-------+
| Host | char(60) | | PRI | | |
| Db | char(32) | | PRI | | |
| ......_priv | char(1) | | | N | |
+-------------+----------+------+-----+---------+-------+
1.未在db表中列出的任意数据库,user表中的权限都为有效.
可只在user表中设置某些superuser的权限,而在db表中不涉及.
2.host只用来维护有效的server,缺省为空表,即为局域网内
的所有机器.
3.可用mysql -u root mysql命令修改权限.
4.权限匹配时遵循的原则是:
a. 表顺序: host -> db -> user;
b. host和db域可有通配符%和_,表示所有和单个字符;
c. 同一表中,也是 host->db->user域的顺序,无通配符优
于有通配符;
d. user域为空(''),表示匹配所有其他的用户;
e. host可为机器名,localhost,IP,或通配符(如192.10.10.%),
但不允许用数字和点号开头(如123.321.1.edu.cn);
f. 各表中的权限最后相"或";
5.修改完之后,执行mysqladmin -u root reload更新.
阅读(579) | 评论(0) | 转发(0) |