mysql all_同样是MySQL的all privileges有啥不同?
db.* 和 . 上面的all privileges 有啥不一樣。
咱當兵的人,有啥不一樣...(一起唱)
首先安裝MySQL啟動
root@pts/0 $ wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
--2018-08-02 18:13:58-- http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
Resolving repo.mysql.com (repo.mysql.com)... 23.36.193.224
Connecting to repo.mysql.com (repo.mysql.com)|23.36.193.224|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6140 (6.0K) [application/x-redhat-package-manager]
Saving to: ‘mysql-community-release-el7-5.noarch.rpm’
100%[====================================================================================================================================================================================================================================>] 6,140 16.6KB/s in 0.4s r
2018-08-02 18:13:59 (16.6 KB/s) - ‘mysql-community-release-el7-5.noarch.rpm’ saved [6140/6140]
vpc-devops-ossimport [~] 2018-08-02 18:13:59
root@pts/0 $ rpm -ivh mysql-community-release-el7-5.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:mysql-community-release-el7-5 ################################# [100%]
vpc-devops-ossimport [~] 2018-08-02 18:14:04
root@pts/0 $ yum install mysql-community-server mysql-community-client mysql-community-devel
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
mysql-connectors-community | 2.5 kB 00:00:00
mysql-tools-community | 2.5 kB 00:00:00
mysql56-community
root@pts/0 $ systemctl enable mysqld
vpc-devops-ossimport [~] 2018-08-02 18:15:18
root@pts/0 $ systemctl start mysqld
vpc-devops-ossimport [~] 2018-08-02 18:15:30
root@pts/0 $ ps -ef|grep msyql
root 1112 630 0 18:15 pts/0 00:00:00 grep --color msyql
vpc-devops-ossimport [~] 2018-08-02 18:15:44
root@pts/0 $ ps -ef|grep mysql
mysql 898 1 0 18:15 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 1079 898 1 18:15 ? 00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root 1120 630 0 18:15 pts/0 00:00:00 grep --color mysql
初始化數據庫登錄。看到三個系統默認的數據庫 和 初始的賬號情況
mysql> show databases ;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select user,host from mysql.user ;
+------+----------------------+
| user | host |
+------+----------------------+
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| root | localhost |
| | vpc-devops-ossimport |
| root | vpc-devops-ossimport |
+------+----------------------+
6 rows in set (0.00 sec)
驗證過程
平時創建賬號的時候,可以分為兩大類,一類是業務系統的賬號,基于具體的數據庫上面做的操作。一類是管理員賬號,會涉及到 像 mysql、information_schema、performance_schema 用戶做統計、分析等
所以創建一個新的數據庫。模擬業務數據庫。
mysql> create database devops ;
Query OK, 1 row affected (0.00 sec)
分別創建基于“業務”和基于“管理員”的所有權限“all privileges”
grant all privileges
mysql> grant all privileges on devops.* to ops1@'%' identified by 'devops1';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on devops.* to ops2@'%' identified by 'devops2' with grant option;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on *.* to ops3@'%' identified by 'devops3';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on *.* to ops4@'%' identified by 'devops4' with grant option ;
Query OK, 0 rows affected (0.00 sec)
check all privileges
mysql> show grants for ops1;
+-----------------------------------------------------------------------------------------------------+
| Grants for ops1@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913' |
| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops1'@'%' |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for ops2;
+-----------------------------------------------------------------------------------------------------+
| Grants for ops2@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4' |
| GRANT ALL PRIVILEGES ON `devops`.* TO 'ops2'@'%' WITH GRANT OPTION |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for ops3;
+--------------------------------------------------------------------------------------------------------------+
| Grants for ops3@% |
+--------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for ops4;
+--------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops4@% |
+--------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
分析
從上面看到大家顯示的都會all privilges,實際看不出來什么,所以我們可以反向考慮。我回收一個基本的select 權限。看看剩余的權限都有哪些。
為啥這樣呢。可以把all privileges 看成一個整體,拿走一個就不是整體了那就會把其余的全部列出來展現。
revoke select
mysql> revoke select on devops.* from 'ops1'@'%' ;
Query OK, 0 rows affected (0.00 sec)
mysql> revoke select on devops.* from 'ops2'@'%' ;
Query OK, 0 rows affected (0.00 sec)
mysql> revoke select on *.* from 'ops3'@'%' ;
Query OK, 0 rows affected (0.00 sec)
mysql> revoke select on *.* from 'ops4'@'%' ;
Query OK, 0 rows affected (0.00 sec)
check all privileges again
mysql> show grants for ops1;
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops1@% |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops1'@'%' IDENTIFIED BY PASSWORD '*52048CCECC477DB7138C2CBCF04AAD3E0397A913' |
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `devops`.* TO 'ops1'@'%' |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for ops2;
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops2@% |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ops2'@'%' IDENTIFIED BY PASSWORD '*C6ADDF202AF316082C3193C296860A468B4B87B4' |
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `devops`.* TO 'ops2'@'%' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for ops3;
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops3@% |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops3'@'%' IDENTIFIED BY PASSWORD '*8FE43EF11171F6BD1E6B6DEF0B70B72B40698D43' |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for ops4;
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for ops4@% |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'ops4'@'%' IDENTIFIED BY PASSWORD '*A5CC13BEC1112C49147BE1FABD75849ECD2647A4' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
整理對比
因為上面四種情況最終的顯示不是很對應。這里認為整理下如下
## 基于業務的 all privileges
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER
## 基于管理員的all privileges
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE
結論
對比之后發現,基于管理員(.) 的所有權限比基于業務庫(somedb.*) 上的所有權限多出了一下權限
RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER, CREATE TABLESPACE
總結
以上是生活随笔為你收集整理的mysql all_同样是MySQL的all privileges有啥不同?的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: mysql log_来吧,了解下mysq
- 下一篇: iOS 16 小技巧:可通过“家人共享”