Ubuntu下MySQL权限设置详细步骤
在Ubuntu终端中,使用root用户登录MySQL(需输入root用户的密码):
sudo mysql -u root -p
使用CREATE USER语句创建用户,格式为'用户名'@'主机'(主机决定用户可从哪些主机连接):
CREATE USER 'username'@'localhost' IDENTIFIED BY 'StrongPassword123!';
CREATE USER 'username'@'%' IDENTIFIED BY 'StrongPassword123!';
注:
%表示允许从任意IP连接,生产环境中建议替换为具体IP(如192.168.1.100)以提高安全性。
使用GRANT语句为用户分配权限,常见权限类型包括:
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'localhost';
SELECT):GRANT SELECT ON database_name.* TO 'username'@'localhost';
SELECT, INSERT, UPDATE, DELETE):GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'username'@'localhost';
ALL PRIVILEGES):GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'localhost';
*.*,仅用于管理员):GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
注:
WITH GRANT OPTION允许用户将自己的权限授予其他用户(仅管理员需要)。
执行FLUSH PRIVILEGES使权限变更立即生效:
FLUSH PRIVILEGES;
使用SHOW GRANTS语句验证用户权限:
SHOW GRANTS FOR 'username'@'localhost';
示例输出:
+---------------------------------------------------+
| Grants for username@localhost |
+---------------------------------------------------+
| GRANT USAGE ON *.* TO 'username'@'localhost' |
| GRANT SELECT, INSERT ON `database_name`.* TO 'username'@'localhost' |
+---------------------------------------------------+
使用ALTER USER语句修改用户密码(需root权限):
ALTER USER 'username'@'localhost' IDENTIFIED BY 'NewStrongPassword456!';
使用REVOKE语句撤销用户的特定权限(如撤销INSERT权限):
REVOKE INSERT ON database_name.* FROM 'username'@'localhost';
FLUSH PRIVILEGES;
使用DROP USER语句彻底删除用户(会同时移除其所有权限):
DROP USER 'username'@'localhost';
SELECT, INSERT,无需DROP)。/etc/mysql/mysql.conf.d/mysqld.cnf),将bind-address设置为0.0.0.0(允许所有IP)或具体IP,然后重启MySQL:sudo systemctl restart mysql
SELECT User, Host FROM mysql.user;查看所有用户,移除不必要的用户和权限。