本文详细介绍如何在MySQL中创建用户、授权、修改密码及删除用户等基本操作,并通过实例解释常见误解。
来源:http://www.cnblogs.com/analyzer/articles/1045072.html
首先要声明一下:一般情况下,修改MySQL密码,授权,是需要有mysql里的root权限的。
注:本操作是在WIN命令提示符下,phpMyAdmin同样适用。
用户:phplamp 用户数据库:phplampDB
1.新建用户。
//登录MYSQL
@>mysql -u root -p
@>密码
//创建用户
mysql> insert into mysql.user(Host,User,Password) values("localhost","phplamp",password("1234"));
//刷新系统权限表
mysql>flush privileges;
这样就创建了一个名为:phplamp 密码为:1234 的用户。
然后登录一下。
mysql>exit;
@>mysql -u phplamp -p
@>输入密码
mysql>登录成功
2.为用户授权。
//登录MYSQL(有ROOT权限)。我里我以ROOT身份登录.
@>mysql -u root -p
@>密码
//首先为用户创建一个数据库(phplampDB)
mysql>create database phplampDB;
//授权phplamp用户拥有phplamp数据库的所有权限。
>grant all privileges on phplampDB.* to phplamp@localhost identified by '1234';
//刷新系统权限表
mysql>flush privileges;
mysql>其它操作
/*
如果想指定部分权限给一用户,可以这样来写:
mysql>grant select,update on phplampDB.* to phplamp@localhost identified by '1234';
//刷新系统权限表。
mysql>flush privileges;
*/
3.删除用户。
@>mysql -u root -p
@>密码
mysql>DELETE FROM user WHERE User="phplamp" and Host="localhost";
mysql>flush privileges;
//删除用户的数据库
mysql>drop database phplampDB;
4.修改指定用户密码。
@>mysql -u root -p
@>密码
mysql>update mysql.user set password=password('新密码') where User="phplamp" and Host="localhost";
mysql>flush privileges;
误解:
在做 dvwa 的 SQL 入侵演练时,通过如下 grant 语句后依然没有权限,以至于以为 grant 语句失效。
先新建一个用户,用户名和密码都是 gqltt
@>mysql -u root
mysql>grant all privileges on dvwa.* to gqltt@localhost identified by 'gqltt' with grant option;
mysql>flush privileges;
如下表明 grant 已经成功:
mysql> select * from mysql.user where user='gqltt' \G;
*************************** 1. row ***************************
Host: localhost
User: gqltt
Password: *1A1A4491309AD204398CD4AA6FD550C1799D3403
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string:
1 row in set (0.00 sec)
mysql> show grants for gqltt@localhost;
+-------------------------------------------------------------------------------
-------------------------------+
| Grants for gqltt@localhost
|
+-------------------------------------------------------------------------------
-------------------------------+
| GRANT USAGE ON *.* TO 'gqltt'@'localhost' IDENTIFIED BY PASSWORD '*1A1A4491309
AD204398CD4AA6FD550C1799D3403' |
| GRANT ALL PRIVILEGES ON `dvwa`.* TO 'gqltt'@'localhost' WITH GRANT OPTION
|
+-------------------------------------------------------------------------------
-------------------------------+
2 rows in set (0.01 sec)
mysql> select * from information_schema.schema_privileges where grantee="'gqltt'
@'localhost'";
+---------------------+---------------+--------------+-------------------------+
--------------+
| GRANTEE | TABLE_CATALOG | TABLE_SCHEMA | PRIVILEGE_TYPE |
IS_GRANTABLE |
+---------------------+---------------+--------------+-------------------------+
--------------+
| 'gqltt'@'localhost' | def | dvwa | SELECT |
YES |
| 'gqltt'@'localhost' | def | dvwa | INSERT |
YES |
| 'gqltt'@'localhost' | def | dvwa | UPDATE |
YES |
| 'gqltt'@'localhost' | def | dvwa | DELETE |
YES |
| 'gqltt'@'localhost' | def | dvwa | CREATE |
YES |
| 'gqltt'@'localhost' | def | dvwa | DROP |
YES |
| 'gqltt'@'localhost' | def | dvwa | REFERENCES |
YES |
| 'gqltt'@'localhost' | def | dvwa | INDEX |
YES |
| 'gqltt'@'localhost' | def | dvwa | ALTER |
YES |
| 'gqltt'@'localhost' | def | dvwa | CREATE TEMPORARY TABLES |
YES |
| 'gqltt'@'localhost' | def | dvwa | LOCK TABLES |
YES |
| 'gqltt'@'localhost' | def | dvwa | EXECUTE |
YES |
| 'gqltt'@'localhost' | def | dvwa | CREATE VIEW |
YES |
| 'gqltt'@'localhost' | def | dvwa | SHOW VIEW |
YES |
| 'gqltt'@'localhost' | def | dvwa | CREATE ROUTINE |
YES |
| 'gqltt'@'localhost' | def | dvwa | ALTER ROUTINE |
YES |
| 'gqltt'@'localhost' | def | dvwa | EVENT |
YES |
| 'gqltt'@'localhost' | def | dvwa | TRIGGER |
YES |
+---------------------+---------------+--------------+-------------------------+
--------------+
18 rows in set (0.00 sec)
如果在 dvwa 演示程序中,用 gqltt 连接 DB ,则如下 sql 注入无法操作:
http://localhost:8081/dvwa/vulnerabilities/sqli/?id=1' union select user, password from mysql.user -- &Submit=Submit#
认真想想也是 gqltt 用户只有数据库 dvwa 的所有权限,当然无法查询数据库 mysql 的 user 表。
如果想让一个用户有像 root 一样的权限,如下操作
mysql> grant all privileges on *.* to gqltt@localhost identified by 'gqltt' with
grant option;这样再次查询 mysql.user 时候,就有所有的权限了。
mysql> select * from mysql.user where user='gqltt' \G;
*************************** 1. row ***************************
Host: localhost
User: gqltt
Password: *1A1A4491309AD204398CD4AA6FD550C1799D3403
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string:
1 row in set (0.00 sec)
扫一扫
2376
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
