May 24, 2021 That's what Linux should learn
Root administrators cannot always be "dead-bite" in a production environment. T o secure the database system and allow other users to co-manage the database, we can create multiple dedicated database management accounts for them in the MariaDB database management system, and then assign them reasonable permissions to meet their work needs. T o do this, you can log into the database management system using the root administrator, and then follow the "CREATE USER user name , host name IDENTIFIED BY 'password';" " Create a database management account in the format. A gain, don't forget the sign after each database command (; )。
MariaDB [(none)]> CREATE USER luke@localhost IDENTIFIED BY 'linuxprobe'; Q uery OK, account information created by 0 rows affected (0.00 sec) can be queried using the select command statement. The following command queries the host name of the account luke, the account name, and encrypted password value information:
MariaDB [(none)]> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [mysql] & gt; SELECT HOST,USER,PASSWORD FROM user WHERE USER="luke"; + -----------+------+-------------------------------------------+ | h ost | u ser | p assword | + -----------+------+-------------------------------------------+ | l ocalhost | l uke | * 55D9962586BE75F4B7D421E6655973DB07D6869F | H owever----------- user ------ is ------------------------------------------- a regular account and does not have any operational rights to the database. I f you don't believe it, you can switch to a luke account to find out what databases are currently in the database management system. As you can see, the account can't even see the full database list (you can see 3 database lists when you just used the root account):
MariaDB (mysql) and exit Bye (root@linuxprobe) - mysql -u luke -p Enter password: Enter the database password for the luke account here, Welcome to the MariaDB monitor. C ommands end with ; o r \g. Your MariaDB connection id is 6 Server version: 5.5.35-MariaDB MariaDB Server Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others. T ype 'help; ' or '\h' for help. T ype '\c' to clear the current input statement. M ariaDB [(none)]> show databases; + --------------------+ | D atabase | + --------------------+ | i nformation_schema | T he -------------------- used by the 1 row in set (0.03 sec) database management system are generally complex. L et's take the grant command as an example. G rant commands are used to authorize accounts in a common format, as shown in Table 18-1. W hen using grant commands, you need to write the permissions you want to give, the database and form names, and the corresponding account and host information. In fact, as long as you understand the functional meaning of each field in the command, you do not find the command complex and difficult to understand.
Table 18-1 The common format and interpretation of grant commands
Command Act GRANT permission ON database. F orm Name TO User Name - Host Name Gives grant GRANT permissions to a particular form in a particular database to the ON database. ase . rms. . T O User Name - Host Name Give multiple authorizations to all forms in a database GRANT ALL PRIVILEGES . TO username , host name All databases and all forms are fully authorized (with caution) Of course, the authorization of the account must be performed by the database administrator. The following logs into the database management system as a root administrator, granting accountluke access to queries, updates, deletions, and insertions for user forms in the mysql database.
Liu Wei teacher in particular understand what the students are thinking now - haha, I also felt at first after each database command to add; ( the sign) to end the special inconvenient, often will forget, but knock more commands will naturally get used to. Authorize the action to perform and then view the permissions of the next luke user:
(root@linuxprobe. s. R eading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [mysql]> GRANT SELECT,UPDATE,DELETE,INSERT ON mysql.user TO luke@localhost; Query OK, 0 rows affected (0.00 sec) After performing the authorization above, let's look at the permissions of the account luke again:
MariaDB [(none)]> SHOW GRANTS FOR luke@localhost; +
-------------------------------------------------------------------------------------------------------------+ | G
rants for luke@localhost | +
-------------------------------------------------------------------------------------------------------------+ | G
RANT USAGE ON
.
T
O 'luke'@'localhost' IDENTIFIED BY PASSWORD '*55D9962586BE75F4B7D421E6655973DB07D6869F' | | G
RANT SELECT, INSERT, UPDATE, DELETE ON
mysql
.
user
T
O 'luke'@'localhost' | T
he ------------------------------------------------------------------------------------------------------------- in the output information above the 2 rows in set (0.00 sec) shows that accountluke already has a series of permissions for user forms in the mysql database.
Then we switch to accountluke, and we'll see the mysql database, and we'll see the form user (the rest of the form will continue to be hidden because it doesn't have permissions):
(root@linuxprobe) - mysql -u luke -p Enter password: enter the password of the luke user in the database here, MariaDB (none) . + --------------------+ | D atabase | + --------------------+ | i nformation_schema | | m ysql | + --------------------+ 2 rows in set (0.01 sec) MariaDB [(none)]> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [mysql]> SHOW TABLES; + -----------------+ | T ables_in_mysql | + -----------------+ | u ser | D on----------------- worry about the 1 row in set (0.01 sec) MariaDB (mysql) and exit Bye, and we'll take a slow look at how to modify the contents of the database. Currently, switch back to the root account and remove the authorization you just had.
(root@linuxprobe. s. R eading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [(none)]> REVOKE SELECT,UPDATE,DELETE,INSERT ON mysql.user FROM luke@localhost; Q uery OK, 0 rows affected (0.00 sec) can see that the other parts are consistent except that the command to remove authorization (revoke) is different from the grant to grant. T his is not only easy to remember but also easy to understand. After executing the removal authorization command, check the account luke's information:
MariaDB [(none)]> SHOW GRANTS FOR luke@localhost; +-------------------------------------------------------------------------------------------------------------+ | Grants for luke@localhost | +-------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON . TO 'luke'@'localhost' IDENTIFIED BY PASSWORD '*55D9962586BE75F4B7D421E6655973DB07D6869F' | +----------------------------------------------------------------------------------------------- + 1 ROW IN SET (0.00 sec) problem? Bold question!
Because readers have different hardware or operation errors may lead to experimental configuration errors, please be patient and take a closer look at the operation steps, do not be discouraged
Linux technical exchange please add Group A: 560843 (full), Group B: 340829 (recommended), Group C: 463590 (recommended), click here to view the national group.
This group features: through password verification to ensure that each group member is "Linux should learn" readers, more targeted, from time to time free to receive customized gifts.