全部博文(137)
分类: Mysql/postgreSQL
2010-02-23 11:21:28
mk-show-grants - 顾名思义,查看和复制mysql权限。安装方法可以参考。
比如我查看用户名为sg的权限:
mk-show-grants -u sg -p'xxxx' -h localhost |grep sg -- Grants for 'sg'@'localhost' GRANT ALL PRIVILEGES ON *.* TO 'sg'@'localhost' IDENTIFIED BY PASSWORD '*8A85934FFBB0E2A8B4A14B18133B4619A86E44F5' WITH GRANT OPTION;
我想复制一个同样权限的的用户,只需要修改下用户名和IP就可。如果想给出删除的语法,加上 -d参数
mk-show-grants -u sg -p'xxxx' -h localhost -d|grep sg DROP USER 'sg'@'localhost'; DELETE FROM `mysql`.`user` WHERE `User`='sg' AND `Host`='localhost'; -- Grants for 'sg'@'localhost' GRANT ALL PRIVILEGES ON *.* TO 'sg'@'localhost' IDENTIFIED BY PASSWORD '*8A85934FFBB0E2A8B4A14B18133B4619A86E44F5' WITH GRANT OPTION;
注意,只是给出删除用户的语法,并没有执行,要执行须登录到mysql执行。
在实际的应用中,我需要对比2个数据库的权限,可能是一件很麻烦的事情,那么我可以这样简单实现:
mk-show-grants -u sg -pxxxx -h localhost -i sg@localhost -s > 333.sql
忽略sg@localhost这个用户,OK,那么我们在对比下2次的权限:
mk-show-grants -u sg -pxxxx -h localhost -s |diff 333.sql - 2c2 < -- Dumped from server Localhost via UNIX socket, MySQL 5.0.21-standard at 2008-08-07 16:07:45 --- > -- Dumped from server Localhost via UNIX socket, MySQL 5.0.21-standard at 2008-08-07 16:07:55 276a277,278 > -- Grants for 'sg'@'localhost' > GRANT ALL PRIVILEGES ON *.* TO 'sg'@'localhost' IDENTIFIED BY PASSWORD '*8A85934FFBB0E2A8B4A14B18133B4619A86E44F5' WITH GRANT OPTION;
很显然,不同之处已经显示出来。
在一主多从的环境下,用这个工具来创建新的slave的权限是个很不错的方法,你只需要把打印出老的slave的权限,在复制到新的slave就可。
OK,还有其他的一些参数,可以看下帮助文件。
mk-show-grants --help mk-show-grants shows grants (user privileges) from a MySQL server. For more details, please use the --help option, or try 'perldoc mk-show-grants' for complete documentation. Usage: mk-show-grants <options> Options: --askpass Prompt for a password when connecting to MySQL --charset -A Default character set --database -D The database to use for the connection --defaults-file -F Only read mysql options from the given file. You must give an absolute pathname. --drop -d Add DROP USER before each user in the output --flush -f Add FLUSH PRIVILEGES after output --help Show this help message --host -h Connect to host --ignore -i Ignore this comma-separated list of users --only -o Only show grants for this comma-separated list of users --password -p Password to use when connecting --port -P Port number to use for connection --revoke -r Add REVOKE statements for each GRANT statement --separate -s List each GRANT or REVOKE separately --setvars Set these MySQL variables (default wait_timeout=10000) --socket -S Socket file to use for connection --[no]timestamp -t Show dump timestamp (default yes) --user -u User for login if not current user --version Output version information and exit Options and values after processing arguments: --askpass FALSE --charset (No value) --database (No value) --defaults-file (No value) --drop FALSE --flush FALSE --help TRUE --host (No value) --ignore (No value) --only (No value) --password (No value) --port (No value) --revoke FALSE --separate FALSE --setvars wait_timeout=10000 --socket (No value) --timestamp TRUE --user (No value) --version FALSE
