• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    MySQL用户和权限及破解root口令的方法示例

    MySQL用户和权限

    在MySQL中有一个系统自身就带有的数据库叫MySQL,数据库装好以后系统自带了好几个数据库MySQL就是其中过一个,MySQL数据库有个用户账户权限相关的表叫user表,在其中就有创建的用户。

    MySQL中完整的用户名是由用户+主机名形成,主机名决定了这个用户在哪个主机上能登陆。

    一、用户的创建和密码修改

    1.用户的创建

    create user 'USERNAME'@'HOST' identified by 'PASSWORD';

    USERNAME:用户名
    HOST:主机地址
    PASSWORD:密码

    示例:

    MariaDB [(none)]> create user masuri@192.168.73.133 identified by 'centos';
    Query OK, 0 rows affected (0.01 sec)
    
    MariaDB [(none)]> select user,host,password from mysql.user;
    +--------+-----------------------+-------------------------------------------+
    | user | host     | password         |
    +--------+-----------------------+-------------------------------------------+
    | root | localhost    |           |
    | root | localhost.localdomain |           |
    | root | 127.0.0.1    |           |
    | root | ::1     |           |
    |  | localhost    |           |
    |  | localhost.localdomain |           |
    | masuri | 192.168.73.133  | *128977E278358FF80A246B5046F51043A2B1FCED |
    +--------+-----------------------+-------------------------------------------+
    7 rows in set (0.00 sec)
    

    MySQL中有匿名账户,可以通过跑安全加固脚本mysql_secure_installation来进行删除,也可以手动将其删除。

    删除用户:

    DROP USER 'USERNAME'@'HOST';

    示例:

    MariaDB [(none)]> select user,host,password from mysql.user;
    +--------+-----------------------+-------------------------------------------+
    | user | host     | password         |
    +--------+-----------------------+-------------------------------------------+
    | root | localhost    |           |
    | root | localhost.localdomain |           |
    | root | 127.0.0.1    |           |
    | root | ::1     |           |
    |  | localhost    |           |
    |  | localhost.localdomain |           |
    | masuri | 192.168.73.133  | *128977E278358FF80A246B5046F51043A2B1FCED |
    +--------+-----------------------+-------------------------------------------+
    7 rows in set (0.00 sec)
    
    MariaDB [(none)]> DROP USER ''@'localhost';
    Query OK, 0 rows affected (0.00 sec)
    
    MariaDB [(none)]> DROP USER ''@'localhost.localdomain';
    Query OK, 0 rows affected (0.00 sec)
    
    MariaDB [(none)]> select user,host,password from mysql.user;
    +--------+-----------------------+-------------------------------------------+
    | user | host     | password         |
    +--------+-----------------------+-------------------------------------------+
    | root | localhost    |           |
    | root | localhost.localdomain |           |
    | root | 127.0.0.1    |           |
    | root | ::1     |           |
    | masuri | 192.168.73.133  | *128977E278358FF80A246B5046F51043A2B1FCED |
    +--------+-----------------------+-------------------------------------------+
    5 rows in set (0.00 sec)
    
    

    2.密码的修改

    mysql密码的修改

    SET PASSWORD FOR user = PASSWORD('cleartext password')
    UPDATE table SET password = password('cleartext password')
    

    示例:

    对masuri用户做密码的修改

    MariaDB [(none)]> SET PASSWORD FOR masuri@192.168.73.133 = PASSWORD ('magedu');
    Query OK, 0 rows affected (0.00 sec)
    
    MariaDB [(none)]> select user,host,password from mysql.user;
    +--------+-----------------------+-------------------------------------------+
    | user | host     | password         |
    +--------+-----------------------+-------------------------------------------+
    | root | localhost    |           |
    | root | localhost.localdomain |           |
    | root | 127.0.0.1    |           |
    | root | ::1     |           |
    | masuri | 192.168.73.133  | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
    +--------+-----------------------+-------------------------------------------+
    #此时密码已经发生改变
    
    

    root账号口令为空,为root口令设置口令,由于一条一条的设置太过麻烦也可以使用修改表的操作来修改密码

    MariaDB [(none)]> update mysql.user set password=password('centos') where user='root';
    Query OK, 4 rows affected (0.01 sec)
    Rows matched: 4 Changed: 4 Warnings: 0
    
    MariaDB [(none)]> select user,host,password from mysql.user;
    +--------+-----------------------+-------------------------------------------+
    | user | host     | password         |
    +--------+-----------------------+-------------------------------------------+
    | root | localhost    | *128977E278358FF80A246B5046F51043A2B1FCED |
    | root | localhost.localdomain | *128977E278358FF80A246B5046F51043A2B1FCED |
    | root | 127.0.0.1    | *128977E278358FF80A246B5046F51043A2B1FCED |
    | root | ::1     | *128977E278358FF80A246B5046F51043A2B1FCED |
    | masuri | 192.168.73.133  | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
    +--------+-----------------------+-------------------------------------------+
    5 rows in set (0.00 sec)
    
    

    此时密码已经修改但依旧无法登陆,需要将权限刷新

    MariaDB [(none)]> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)
    

    二、MySQL权限管理

    权限管理涉及到多种权限的类别,比如说有管理类、程序类、数据库级别、表级别和字段级别

    管理类:能否创建用户,能否显示数据库列表,能否重新加载配置文件,能否关闭数据库,和复制相关的能否执行,能否管理进程,能否创建临时表,能否创建数据库中的文件。

    程序类主要涉及3个程序,函数,存储过程和触发器,例如能否创建,修改,删除和执行这些程序库,表和字段级别的权限:比如能否在库,表字段里进行增、删、查、改等操作

    1.授权GRANT

    授权用户时如果用户不存在可以将其创建出来,在授权前首先要确认自己是管理员有授权的权限。

    GRANT 
     priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
     ON [object_type] priv_level
     TO user_specification [, user_specification] ...
     [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
     [WITH with_option ...]
    

    示例:

    创建一个wordpress的用户,并授权。

    MariaDB [(none)]> CREATE DATABASE wordpress;
    Query OK, 1 row affected (0.02 sec)
    
    MariaDB [(none)]> GRANT ALL ON wordpress.* TO wpuser@'192.168.73.%' identified by 'mylinuxops';
    Query OK, 0 rows affected (0.00 sec)
    
    

    2.查看用户的权限

    MariaDB [(none)]> show grants for wpuser@'192.168.73.%';
    +------------------------------------------------------------------------------------------------------------------+
    | Grants for wpuser@192.168.73.%                     |
    +------------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406' |
    | GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wpuser'@'192.168.73.%'             |
    +------------------------------------------------------------------------------------------------------------------+
    2 rows in set (0.00 sec)
    

    3.授权的其他选项

    MAX_QUESRIES_PER_HOUR count #每小时最多查多少次
    MAX_UPDATES_PER_HOUR count #每小时最多改多少次
    MAX_CONNECTIONS_PER_HOUR count #每小时最多连多少次
    MAX_USER_CONNECTIONS count #用户的最大数连接数

    取消权限

    REVOKE
     priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
     ON [object_type] priv_level
     FROM user [, user] ...
    

    示例:

    MariaDB [(none)]> revoke delete on wordpress.* from wpuser@'192.168.73.%';
    Query OK, 0 rows affected (0.00 sec)
    
    MariaDB [(none)]> show grants for wpuser@'192.168.73.%';
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | Grants for wpuser@192.168.73.%                                                   |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406'                              |
    | GRANT SELECT, INSERT, UPDATE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `wordpress`.* TO 'wpuser'@'192.168.73.%' |
    +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    2 rows in set (0.00 sec)
    # 此时wpuser@'192.168.73.%'已经没有了delete权限
    
    

    MySQL的root口令破解

    工作中有时候可能会遇到root口令丢失的情况,此时可以通过以下方法进行找回root口令

    以下为示范如何破解root口令

    一、密码未知无法登陆MySQL

    [root@localhost ~]# mysql
    ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
    

    二、破解

    1.修改配置文件/etc/my.cnf,添加两行参数

    skip_grant_tables:跳过授权表信息,此项生效后再次使用MySQL就无需使用密码了,但是远程的其他用户也可以不使用密码登陆,有一定的风险性

    skip_networking:关闭网路功能,由于光启用skip_grant_tables选项,其他用户也可以无需密码登陆MySQL非常危险,所以需要关闭网路功能只允许本地的用户进行操作。

    [root@localhost ~]# vim /etc/my.cnf
    [mysqld]
    skip_networking=on   #不启用网络功能
    skip_grant_tables=on   #跳过授权表
    
    [root@localhost ~]# service mysqld restart       #对位置文件修改后需要重新启动服务
    Restarting mysqld (via systemctl):       [ OK ]
    

    2.登陆MySQL,进行密码修改

    [root@localhost ~]# mysql           #此时已经无需输入密码就能登陆
    Welcome to the MariaDB monitor. Commands end with ; or \g.
    Your MariaDB connection id is 11
    Server version: 10.2.23-MariaDB-log Source distribution
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> UPDATE mysql.user SET password=PASSWORD('123456') where user='root';  #对root的口令进行修改
    Query OK, 4 rows affected (0.01 sec)
    Rows matched: 4 Changed: 4 Warnings: 0
    
    

    3.口令修改完毕后,需要将配置文件恢复

    将刚才启用的两个选项进行注销或者删除,然后重启服务

    [root@localhost ~]# vim /etc/my.cnf
    [mysqld]
    #skip_networking=on   
    #skip_grant_tables=on   
    
    [root@localhost ~]# service mysqld restart
    Restarting mysqld (via systemctl):       [ OK ]
    
    

    4.使用新口令登陆MySQL

    [root@localhost ~]# mysql -uroot -p123456 
    Welcome to the MariaDB monitor. Commands end with ; or \g.
    Your MariaDB connection id is 10
    Server version: 10.2.23-MariaDB-log Source distribution
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> 
    
    

    以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家。

    您可能感兴趣的文章:
    • MySQL查询用户权限的方法总结
    • MySQL给新建用户并赋予权限最简单的方法
    • MySQL用户与权限的管理详解
    • mysql语句查询用户权限过程详解
    • MySQL用户账户管理和权限管理深入讲解
    • 详解mysql8.0创建用户授予权限报错解决方法
    • MySQL用户权限验证与管理方法详解
    • mysql创建本地用户及赋予数据库权限的方法示例
    • MySQL用户权限管理详解
    • MySql设置指定用户数据库查看查询权限
    上一篇:详解如何利用amoeba(变形虫)实现mysql数据库读写分离
    下一篇:实现mysql级联复制的方法示例
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    MySQL用户和权限及破解root口令的方法示例 MySQL,用户,和,权限,及,破解,