# MySQL5.6查看密码 mysql > select user,host,password from mysql.user;
2.查看用户的权限
1 2 3 4 5 6 7 8 9
# 查看指定用户的权限 mysql > show grants for'root'@'localhost';
# 查看当前登录用户拥有的权限 mysql > show grants; mysql > show grants for current_user();
# 查看连接源过来的账号,查看创建的账号 mysql > select user(),current_user();
三、mysql删除用户
1 2 3 4 5 6 7 8 9 10
# drop删除用户 mysql > DROP USER 'user_name'@'host'; mysql > flush privileges;
# REVOKE回收blog用户的INSERT权限 mysql > REVOKE INSERT ON *.* FROM 'blog'@'192.168.%.%'; mysql > FLUSH PRIVILEGES;
# 用户更名:更改用户名和主机名部分,保留权限 mysql > rename user 'opslook'@'%' to 'opslook'@'192.168.%.%';
四、迁移mysql.user用户权限表
方式一:物理迁移
mysql.user的引擎是MySIAM表,在同版本下可以直接cp到其他实例来完成用户权限迁移。
方式二:逻辑导出sql
MySQL5.6 用户权限导出到sql
1 2 3 4 5 6 7 8 9 10
$ cd /tmp/ $ mysql -B -N -uroot -p -S /data/mysql_data_3308/mysql_3308.sock -e "SELECT CONCAT('\'', user,'\'@\'', host, '\'') FROM user WHERE user NOT IN('root','','mysql.session','mysql.sys','checksum','mysqlbackup','mysqlcheck','opslook','zabbix')" mysql > mysql_all_users.txt
whileread line do mysql -B -N -uroot -pmypw.td...^@014 -S /data/mysql_data_3308/mysql_3308.sock -e "SHOW GRANTS FOR $line"; done < /tmp/mysql_all_users.txt > /tmp/mysql_all_users.sql
sed -i 's/$/;/' mysql_all_users.sql echo"flush privileges;" >> mysql_all_users_sql.sql
mysql > create user 'username'@'10.19.%.%' identified by '123456'; mysql > GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON *.* TO 'username'@'10.19.%.%'; mysql > flush privileges;
2.db.*:多个项目共享单实例
多个项目共享单实例:
各个项目创建独立的 user,切权限级别限制到 db.*,防止权限乱窜
另外建个admin用户用于部署 view, event, route, index 等。
1 2 3 4 5 6 7 8 9
# 创建app用的用户: mysql > create user 'username'@'10.19.%.%' identified by '123456'; mysql > GRANT SELECT, INSERT, UPDATE, DELETE, ALTER ON dbname.* TO 'username'@'10.19.%.%'; mysql > flush privileges;
# 创建管理用户 mysql > create user 'admin'@'10.19.%.%' identified by '123456'; mysql > GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON *.* TO 'admin'@'10.19.%.%'; mysql > flush privileges;