有時候需要使用root用戶遠程連接數據庫,MySql默認是不允許root用戶遠程連接的,需要設置
1、查看用戶和用戶的權限
[mysql]> select user, authentication_string, password, host from user; +---------+-----------------------+-------------------------------------------+---------------+ | user | authentication_string | password | host | +---------+-----------------------+-------------------------------------------+---------------+ | root | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | localhost | | root | | | 127.0.0.1 | | root | | | ::1 | | | | | localhost | | sst | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | % | | haproxy | | | % | | root | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | 10.110.30.170 | | sst | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | localhost | +---------+-----------------------+-------------------------------------------+---------------+
可以看到上面的root用戶的host只有本機,只能本機訪問不能遠程訪問
2、配置遠程訪問權限,登錄數據庫后執行
# 配置root允許所有連接(%),密碼是XXXXX GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'XXXXX' WITH GRANT OPTION; # 如果只方形某個IP,可以直接指定IP GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.110.30.60' IDENTIFIED BY 'XXXXX' WITH GRANT OPTION; # 刷新使權限生效 flush privileges; # 再次查看權限,可以看到已經生效了 [mysql]> select user, authentication_string, password, host from user; +---------+-----------------------+-------------------------------------------+---------------+ | user | authentication_string | password | host | +---------+-----------------------+-------------------------------------------+---------------+ | root | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | localhost | | root | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | % | | root | | | 127.0.0.1 | | root | | | ::1 | | | | | localhost | | sst | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | % | | haproxy | | | % | | root | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | 10.110.30.170 | | sst | | *B5363C68BA208552A8F8AB110809DC2483BACE05 | localhost | | root | | *03A59A80F51CC4F34A7939EABAB38AC65043E2EB | 10.110.30.60 | +---------+-----------------------+-------------------------------------------+---------------+ 10 rows in set (0.00 sec)
--------------------------------------------------------------------------------------
后來裝MariaDB10.0.21的時候,只執行上面的初始化密碼命令不太好使了,又加了一條更新authentication_string的操作,例如下面是將root的密碼改成xxxxx,測試是能成功的
如果執行上面的方法不好使,可以再嘗試一下這個
mysql -uroot -pxxxxx <<EOF USE mysql; UPDATE user SET authentication_string=password('xxxxx'),plugin='mysql_native_password' WHERE user='root'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'xxxxx' WITH GRANT OPTION; FLUSH PRIVILEGES; EOF
用戶權限相關的常用命令
## 1、創建db1數據庫 CREATE database if NOT EXISTS db1 default character set utf8 collate utf8_general_ci; ## 2、創建用戶 # 指定ip:10.110.30.2用testuser用戶登錄 create user 'testuser'@'10.110.30.2' identified by 'xxxxx'; # 指定ip:192.118.1.開頭的用testuser用戶登錄 create user 'testuser'@'10.110.30.%' identified by 'xxxxx'; # 指定任何ip用testuser用戶登錄 create user 'testuser'@'%' identified by 'xxxxx'; ## 3、刪除用戶 drop user '用戶名'@'IP地址'; ## 4、修改密碼 set password for '用戶名'@'IP地址'=Password('新密碼'); ## 5、查看用戶權限 show grants for '用戶' ## 6、授權testuser用戶僅對db1.t1有查詢、插入和更新的操作 grant select, insert, update on db1.t1 to 'testuser'@'%'; ## 7、授權testuser用戶對db1數據庫中的文件執行任何操作 grant all privileges on db1.* to 'testuser'@'%'; ## 8、授權testuser用戶對所有數據庫中的文件執行任何操作 grant all privileges on *.* to 'testuser'@'%'; # 授權同時修改密碼 GRANT ALL PRIVILEGES ON *.* TO 'testuser'@'%' IDENTIFIED BY 'xxxxxx' WITH GRANT OPTION; ## 9、取消testuser用戶對數據庫db1所有表的所有權限 revoke all on db1.* from 'testuser'@"%"; ## 10、取消testuser用戶對所有數據庫的所有權限 revoke all privileges on *.* from 'testuser'@'%';
testuser