1.4 创建用户、库、表、数据

不要直接使用DML语句操作mysql.user表,而是要使用grant、revoke或者create user、drop user语句。如果必须要使用DML语句操作mysql.user表,那么请注意,在MySQL 5.7.x中password字段名称变更为了authentication_string。

1.4.1 创建管理用户并授权

创建管理用户,并为这个管理用户授予任意地址访问的所有权限(包括with grant option权限)。

# 创建管理用户
mysql> create user 'gangshen'@'%' identified by 'admin';
Query OK, 0 rows affected(0.01 sec)
mysql> create user 'gangshen'@'localhost' identified by 'admin';
Query OK, 0 rows affected(0.00 sec)
mysql> grant all on *.* to 'gangshen'@'%' with grant option;
Query OK, 0 rows affected(0.00 sec)
# 注:在MySQL 5.7.x较新的版本及其8.0.x版本中,在授予%号地址来源时也同时包含了localhost,不再单独区分
mysql> grant all on *.* to 'gangshen'@'localhost' with grant option;
Query OK, 0 rows affected(0.00 sec)
# 使用新创建的管理账号重新登录MySQL,验证这个管理账号是否可用
[root@localhost mysql]# mysql -ugangshen -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.35-log MySQL Community Server(GPL)
Copyright(c)2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help; ' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show grants;
+--------------------------------------------------------------------+
| Grants for gangshen@localhost                                      |
+--------------------------------------------------------------------+
|  GRANT  ALL  PRIVILEGES  ON  *.*  TO  'gangshen'@'localhost'  IDENTIFIED  BY  PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' WITH GRANT OPTION |
+--------------------------------------------------------------------+
1 row in set(0.00 sec)

1.4.2 创建库、表、程序账号

创建程序账号(在生产环境中不建议直接使用root账号,所以这里新建一个管理员账号,一个程序账号)。

程序账号一般给开发人员使用,给定权限推荐:create routine、alter routine、execute、select、delete、insert、update。

程序账号需要指定具体的库或表,且指定具体的访问来源。

# 使用管理员账号创建库、表
mysql> create database shengang_db;
Query OK, 1 row affected(0.00 sec)
mysql> use shengang_db
Database changed
mysql> create table shengang_table(id int primary key auto_increment, shengang_test varchar(50), datetime_current datetime);
Query OK, 0 rows affected(0.02 sec)
# 创建程序账号并赋予权限
mysql> create user 'program'@'192.168.2.105' identified by 'admin';
Query OK, 0 rows affected(0.00 sec)
mysql> create user 'program'@'localhost' identified by 'admin';
Query OK, 0 rows affected(0.00 sec)
mysql>  grant  create  routine, alter  routine, execute, select, delete,  insert, update  on shengang_db.* to 'program'@'localhost';
Query OK, 0 rows affected(0.00 sec)
mysql>  grant  create  routine, alter  routine, execute, select, delete, insert,  update  on shengang_db.* to 'program'@'192.168.2.105';
Query OK, 0 rows affected(0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected(0.00 sec)

1.4.3 插入数据

使用程序账号登录MySQL,并插入数据。

[root@localhost mysql]# mysql -uprogram -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.6.35-log MySQL Community Server(GPL)
Copyright(c)2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help; ' or '\h' for help. Type '\c' to clear the current input statement.
mysql> select user();
+-------------------+
| user()           |
+-------------------+
| program@localhost |
+-------------------+
1 row in set(0.00 sec)
# 查看程序账号的权限是否正确
mysql> show grants;
+------------------------------------------------------------------+
| Grants for program@localhost       |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'program'@'localhost' IDENTIFIED BY PASSWORD <secret>|
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, CREATE ROUTINE, ALTER ROUTINE ON`shengang_db`.* TO 'program'@'localhost' |
+------------------------------------------------------------------+
2 rows in set(0.00 sec)
mysql> show databases;
+--------------------+
| Database            |
+--------------------+
| information_schema |
| shengang_db         |
+--------------------+
2 rows in set(0.00 sec)
mysql> use shengang_db
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_shengang_db |
+-----------------------+
| shengang_table        |
+-----------------------+
1 row in set(0.00 sec)
# 查看表结构是否创建正确
mysql> show create table shengang_table;
+----------------+-------------------------------------------------+
| Table          | Create Table                                     |
+----------------+-------------------------------------------------+
| shengang_table | CREATE TABLE `shengang_table`(
  `id` int(11)NOT NULL AUTO_INCREMENT,
  `shengang_test` varchar(50)DEFAULT NULL,
  `datetime_current` datetime DEFAULT NULL,
  PRIMARY KEY(`id`)
)ENGINE=InnoDB DEFAULT CHARSET=latin1                              |
+----------------+-------------------------------------------------+
1 row in set(0.00 sec)
mysql> insert into shengang_table(`shengang_test`, `datetime_current`)values('shengang', now());
Query OK, 1 row affected(0.00 sec)
# 查看插入数据是否正确
mysql> select * from shengang_table;
+----+---------------+---------------------+
| id | shengang_test | datetime_current    |
+----+---------------+---------------------+
|  1 | shengang      | 2017-02-13 00:21:37 |
+----+---------------+---------------------+
1 row in set(0.00 sec)
mysql>