• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    MySQL如何修改账号的IP限制条件详解

    前言

    最近在工作中遇到一个需求:修改MySQL用户的权限,需要限制特定IP地址才能访问,第一次遇到这类需求,结果在测试过程,使用更新系统权限报发现出现了一些问题, 具体演示如下.

    注意:下面测试环境为MySQL 5.6.20. 如有其它版本与下面测试结果有出入,请以实际环境为准。

    我们先创建一个测试用户LimitIP,只允许192.168段的IP地址访问,具体权限如下所示:

    mysql> GRANT SELECT ON MyDB.* TO LimitIP@'192.168.%' IDENTIFIED BY 'LimitIP';
    Query OK, 0 rows affected (0.01 sec)
     
    mysql> GRANT INSERT ,UPDATE,DELETE ON MyDB.kkk TO LimitIP@'192.168.%';
    Query OK, 0 rows affected (0.00 sec)
     
    mysql> 
    mysql> flush privileges;
    Query OK, 0 rows affected (0.00 sec)
     
    mysql> 
     
    mysql> show grants for LimitIP@'192.168.%';
    +----------------------------------------------------------------------------------------------------------------+
    | Grants for LimitIP@192.168.%                     |
    +----------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'LimitIP'@'192.168.%' IDENTIFIED BY PASSWORD '*72DDE03E02CC55A9478A82F3F4EBE7F639249DEC' |
    | GRANT SELECT ON `MyDB`.* TO 'LimitIP'@'192.168.%'                |
    | GRANT INSERT, UPDATE, DELETE ON `MyDB`.`kkk` TO 'LimitIP'@'192.168.%'           |
    +----------------------------------------------------------------------------------------------------------------+
    3 rows in set (0.00 sec)
     
    mysql>

    假设现在收到需求:这个用户只允许这个IP地址192.168.103.17访问,于是我打算更新mysql.user表,如下所示:

    mysql> select user, host from mysql.user where user='LimitIP';
    +---------+-----------+
    | user | host  |
    +---------+-----------+
    | LimitIP | 192.168.% |
    +---------+-----------+
    1 row in set (0.00 sec)
     
    mysql> update mysql.user set host='192.168.103.17' where user='LimitIP';
    Query OK, 1 row affected (0.02 sec)
    Rows matched: 1 Changed: 1 Warnings: 0
     
    mysql> flush privileges;
    Query OK, 0 rows affected (0.01 sec)
     
    mysql> select user, host from user where user='LimitIP';
    ERROR 1046 (3D000): No database selected
    mysql> use mysql;
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
     
    Database changed
    mysql> select user, host from user where user='LimitIP';
    +---------+----------------+
    | user | host   |
    +---------+----------------+
    | LimitIP | 192.168.103.17 |
    +---------+----------------+
    1 row in set (0.00 sec)
     
    mysql> show grants for LimitIP@'192.168.103.17';
    +---------------------------------------------------------------------------------------------------------------------+
    | Grants for LimitIP@192.168.103.17                     |
    +---------------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'LimitIP'@'192.168.103.17' IDENTIFIED BY PASSWORD '*72DDE03E02CC55A9478A82F3F4EBE7F639249DEC' |
    +---------------------------------------------------------------------------------------------------------------------+
    1 row in set (0.00 sec)
     
    mysql> 

    上面测试发现,如果这样只修改mysql.user表, 那么之前的权限没有了,如下所示,如果你查询mysql.db、 mysql.tables_priv 发现Host的字段值依然为192.168.%

    mysql> select * from mysql.db where user='LimitIP'\G;
    *************************** 1. row ***************************
         Host: 192.168.%
         Db: MyDB
         User: LimitIP
       Select_priv: Y
       Insert_priv: N
       Update_priv: N
       Delete_priv: N
       Create_priv: N
       Drop_priv: N
       Grant_priv: N
      References_priv: N
       Index_priv: N
       Alter_priv: N
    Create_tmp_table_priv: N
      Lock_tables_priv: N
      Create_view_priv: N
      Show_view_priv: N
     Create_routine_priv: N
     Alter_routine_priv: N
       Execute_priv: N
       Event_priv: N
       Trigger_priv: N
    1 row in set (0.00 sec)
     
    ERROR: 
    No query specified
     
    mysql> select * from mysql.tables_priv where user='LimitIP'\G;
    *************************** 1. row ***************************
      Host: 192.168.%
       Db: MyDB
      User: LimitIP
     Table_name: kkk
     Grantor: root@localhost
     Timestamp: 0000-00-00 00:00:00
     Table_priv: Insert,Update,Delete
    Column_priv: 
    1 row in set (0.00 sec)
     
    ERROR: 
    No query specified

    所以我继续修改 mysql.db、 mysql.tables_priv 表,然后测试验证终于OK了(请见下面测试步骤),当然如果账户的权限不止这几个层面,你可能还必须修改例如mysql.columns_priv、mysql.procs_priv等表

    mysql> show grants for LimitIP@'192.168.%';
    ERROR 1141 (42000): There is no such grant defined for user 'LimitIP' on host '192.168.%'
    mysql> 
    mysql> 
    mysql> update mysql.db set host='192.168.103.17' where user='LimitIP';
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0
     
    mysql> update mysql.tables_priv set host='192.168.103.17' where user='LimitIP';
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0
     
    mysql> flush privileges;
    Query OK, 0 rows affected (0.00 sec)
     
    mysql> show grants for LimitIP@'192.168.103.17';
    +---------------------------------------------------------------------------------------------------------------------+
    | Grants for LimitIP@192.168.103.17                     |
    +---------------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'LimitIP'@'192.168.103.17' IDENTIFIED BY PASSWORD '*72DDE03E02CC55A9478A82F3F4EBE7F639249DEC' |
    | GRANT SELECT ON `MyDB`.* TO 'LimitIP'@'192.168.103.17'                |
    | GRANT INSERT, UPDATE, DELETE ON `MyDB`.`kkk` TO 'LimitIP'@'192.168.103.17'           |
    +---------------------------------------------------------------------------------------------------------------------+
    3 rows in set (0.00 sec)
     
    mysql> 

    如果需要修改用户的IP限制,其实更新mysql相关权限表不是上上策,其实有更好的方法,那就是RENAME USER Syntax

    mysql> RENAME USER 'LimitIP'@'192.168.103.17' TO 'LimitIP'@'192.168.103.18';
    Query OK, 0 rows affected (0.00 sec)
     
    mysql> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)
     
    mysql> show grants for 'LimitIP'@'192.168.103.18';
    +---------------------------------------------------------------------------------------------------------------------+
    | Grants for LimitIP@192.168.103.18                     |
    +---------------------------------------------------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'LimitIP'@'192.168.103.18' IDENTIFIED BY PASSWORD '*72DDE03E02CC55A9478A82F3F4EBE7F639249DEC' |
    | GRANT SELECT ON `MyDB`.* TO 'LimitIP'@'192.168.103.18'                |
    | GRANT INSERT, UPDATE, DELETE ON `MyDB`.`kkk` TO 'LimitIP'@'192.168.103.18'           |
    +---------------------------------------------------------------------------------------------------------------------+
    3 rows in set (0.00 sec)
     
    mysql> 

    总结

    以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对脚本之家的支持。

    您可能感兴趣的文章:
    • mysql索引使用率监控技巧(值得收藏!)
    • 当Mysql行锁遇到复合主键与多列索引详解
    • MySQL索引不会被用到的情况汇总
    • MySQL查询条件中in会用到索引吗
    • mysql索引对排序的影响实例分析
    • MySQL分区表的局限和限制详解
    • mysql查询语句通过limit来限制查询的行数
    • MySQL连接数超过限制的解决方法
    • MySQL索引长度限制原理解析
    上一篇:centos 6.4下使用rpm离线安装mysql
    下一篇:Linux下Centos7安装Mysql5.7.19的详细教程
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    MySQL如何修改账号的IP限制条件详解 MySQL,如何,修改,账,号的,