Tip:
在MySQL中,我們經(jīng)常需要?jiǎng)?chuàng)建用戶和刪除用戶,創(chuàng)建用戶時(shí),我們一般使用create user或者grant語(yǔ)句來(lái)創(chuàng)建,create語(yǔ)法創(chuàng)建的用戶沒(méi)有任何權(quán)限,需要再使用grant語(yǔ)法來(lái)分配權(quán)限,而grant語(yǔ)法創(chuàng)建的用戶直接擁有所分配的權(quán)限。在一些測(cè)試用戶創(chuàng)建完成之后,做完測(cè)試,可能用戶的生命周期就結(jié)束了,需要將用戶刪除,而刪除用戶在MySQL中一般有兩種方法,一種是drop user
,另外一種是delete from mysql.user
,那么這兩種方法有什么區(qū)別呢?我們這里通過(guò)例子演示。
delete from mysql.user
首先,我們看看delete from mysql.user
的方法。我們創(chuàng)建兩個(gè)用戶用來(lái)測(cè)試,測(cè)試環(huán)境是MySQL5.5版本,用戶名分別為yeyz@'%'和yeyz@'localhost',創(chuàng)建用戶的語(yǔ)法如下:
mysql 15:13:12>>create user yeyz@'%' identified by '123456';
Query OK, rows affected (. sec)
mysql 15:20:01>>grant select,create,update,delete on yeyz.yeyz to yeyz@'%';
Query OK, rows affected (. sec)
mysql 15:29:48>>GRANT USAGE ON yeyz.yeyz TO 'yeyz'@localhost IDENTIFIED BY '123456';
Query OK, rows affected (. sec)
mysql--dba_admin@127...1:(none) 15:20:39>>show grants for yeyz@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for yeyz@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'yeyz'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, UPDATE, DELETE, CREATE ON `yeyz`.`yeyz` TO 'yeyz'@'%' |
+-----------------------------------------------------------------------------------------------------+
此時(shí)我們通過(guò)delete的方法手動(dòng)刪除mysql.user表中的這兩個(gè)用戶,在去查看用戶表,我們發(fā)現(xiàn):
mysql 15:20:43>>delete from mysql.user where user='yeyz';
Query OK, rows affected (. sec)
mysql 15:21:40>>select user,host from mysql.user;
+------------------+-----------------+
| user | host |
+------------------+-----------------+
| dba_yeyz | localhost |
| root | localhost |
| tkadmin | localhost |
+------------------+-----------------+
rows in set (. sec)
已經(jīng)沒(méi)有這兩個(gè)yeyz的用戶了,此時(shí)我們使用show grants for命令查看剛才刪除的用戶,我們發(fā)現(xiàn)依舊是存在這個(gè)用戶的權(quán)限說(shuō)明的:
mysql 15:24:21>>show grants for yeyz@'%';
+-----------------------------------------------------------------------------------------------------+
| Grants for yeyz@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'yeyz'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, UPDATE, DELETE, CREATE ON `yeyz`.`yeyz` TO 'yeyz'@'%' |
+-----------------------------------------------------------------------------------------------------+
rows in set (0.00 sec)
說(shuō)明我們雖然從mysql.user表里面刪除了這個(gè)用戶,但是在db表和權(quán)限表里面這個(gè)用戶還是存在的,為了驗(yàn)證這個(gè)結(jié)論,我們重新創(chuàng)建一個(gè)yeyz@localhost的用戶,這個(gè)用戶我們只給它usage權(quán)限,其他的權(quán)限我們不配置,如下:
mysql ::>>GRANT USAGE ON yeyz.yeyz TO 'yeyz'@localhost IDENTIFIED BY '123456';
Query OK, rows affected (. sec)
這個(gè)時(shí)候,我們使用yeyz@localhost這個(gè)用戶去登陸數(shù)據(jù)庫(kù)服務(wù),然后進(jìn)行相關(guān)的update操作,如下:
[dba_mysql@tk-dba-mysql-stat-- ~]$ /usr/local/mysql/bin/mysql -uyeyz --socket=/data/mysql_4306/tmp/mysql.sock --port= -p -hlocalhost
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is
Server version: 5.5.-log MySQL Community Server (GPL)
Copyright (c) , , Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql--yeyz@localhost:(none) 15:31:05>>select * from yeyz.yeyz;
+------+
| id |
+------+
| 3 |
| 4 |
| 5 |
+------+
rows in set (. sec)
mysql--yeyz@localhost:(none) 15:31:16>>delete from yeyz.yeyz where id=;
Query OK, row affected (. sec)
mysql--yeyz@localhost:(none) 15:31:32>>select * from yeyz.yeyz;
+------+
| id |
+------+
| 3 |
| 4 |
+------+
rows in set (. sec)
最終出現(xiàn)的結(jié)果可想而知,一個(gè)usage權(quán)限的用戶,對(duì)數(shù)據(jù)庫(kù)總的表進(jìn)行了update操作,而且還成功了。這一切得益于我們delete from mysql.user的操作,這種操作雖然從user表里面刪除了記錄,但是當(dāng)這條記錄的host是%時(shí),如果重新創(chuàng)建一個(gè)同名的新用戶,此時(shí)新用戶將會(huì)繼承以前的用戶權(quán)限,從而使得用戶權(quán)限控制失效,這是很危險(xiǎn)的操作,盡量不要執(zhí)行。
再開(kāi)看看drop的方法刪除用戶
首先,我們刪除掉剛才的那兩個(gè)用戶,然后使用show grants for語(yǔ)句查看他們的權(quán)限:
mysql ::>>drop user yeyz@'%';
Query OK, rows affected (0.00 sec)
mysql ::>>drop user yeyz@'localhost';
Query OK, rows affected (0.00 sec)
mysql ::>>
mysql ::>>show grants for yeyz@'%';
ERROR (): There is no such grant defined for user 'yeyz' on host '%'
mysql ::>>show grants for yeyz@'localhost';
ERROR (): There is no such grant defined for user 'yeyz' on host '192.168.18.%'
可以看到,權(quán)限已經(jīng)完全刪除了,此時(shí)我們重新創(chuàng)建一個(gè)只有select權(quán)限的用戶:
mysql ::>>GRANT SELECT ON *.* TO 'yeyz'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9';
Query OK, rows affected (. sec)
我們使用這個(gè)用戶登錄到數(shù)據(jù)庫(kù)服務(wù),然后嘗試進(jìn)行select、update以及create操作,結(jié)果如下:
[dba_mysql@tk-dba-mysql-stat-10-104 ~]$ /usr/local/mysql/bin/mysql -uyeyz --socket=/data/mysql_4306/tmp/mysql.sock --port=4306 -p -hlocalhost
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is
Server version: 5.5.19-log MySQL Community Server (GPL)
Copyright (c) , , Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql ::>>select * from yeyz.yeyz;
+------+
| id |
+------+
| |
| |
| |
+------+
rows in set (0.00 sec)
mysql ::>>update yeyz.yeyz set id= where id=;
ERROR (): UPDATE command denied to user 'yeyz'@'localhost' for table 'yeyz'
mysql ::>>create table test (id int);
ERROR (D000): No database selected
mysql ::>>create table yeyz.test (id int);
ERROR (): CREATE command denied to user 'yeyz'@'localhost' for table 'test'
可以發(fā)現(xiàn),這個(gè)用戶只可以進(jìn)行select操作,當(dāng)我們嘗試進(jìn)行update操作和create操作的時(shí)候,系統(tǒng)判定這種操作沒(méi)有權(quán)限,直接拒絕了,這就說(shuō)明使用drop user方法刪除用戶的時(shí)候,會(huì)連通db表和權(quán)限表一起清除,也就是說(shuō)刪的比較干凈,不會(huì)對(duì)以后的用戶產(chǎn)生任何影響。
結(jié)論:
當(dāng)我們想要?jiǎng)h除一個(gè)用戶的時(shí)候,盡量使用drop user的方法刪除,使用delete方法可能埋下隱患,下次如果創(chuàng)建同名的用戶名時(shí),權(quán)限控制方面存在一定的問(wèn)題。
這個(gè)演示也解決了一些新手朋友們的一個(gè)疑問(wèn):為什么我的用戶只有usage權(quán)限,卻能訪問(wèn)所有數(shù)據(jù)庫(kù),并對(duì)數(shù)據(jù)庫(kù)進(jìn)行操作?這個(gè)時(shí)候,你需要看看日志,查詢自己有沒(méi)有進(jìn)行過(guò)delete from mysql.user的操作,如果有,這個(gè)問(wèn)題就很好解釋了。
以上就是MySQL兩種刪除用戶語(yǔ)句的區(qū)別(delete user和drop user)的詳細(xì)內(nèi)容,更多關(guān)于MySQL 刪除用戶的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章!
您可能感興趣的文章:- mysql 創(chuàng)建root用戶和普通用戶及修改刪除功能
- MySQL 創(chuàng)建用戶、授權(quán)用戶、撤銷(xiāo)用戶權(quán)限、更改用戶密碼、刪除用戶(實(shí)用技巧)
- mysql5.7創(chuàng)建用戶授權(quán)刪除用戶撤銷(xiāo)授權(quán)
- MySql安裝與配置方法(MySQL添加用戶、刪除用戶與授權(quán))
- 初始化MySQL用戶(刪除匿名用戶)
- MySQL中用戶授權(quán)以及刪除授權(quán)的方法
- 在WIN命令提示符下mysql 用戶新建、授權(quán)、刪除,密碼修改
- 解決mysql刪除用戶 bug的問(wèn)題