MySQL Set account permissions

after installing Mysql-server
you will be prompted to run mysql_secure_installation. Running Mysql_secure_installation will perform several settings:

a) Set a password for the root user
b) Delete Anonymous account
c) Remove the root user from remote login
d) Delete the test library and access to the test library

e) Refresh the authorization form for the changes to take effect

These settings can improve the security of the MySQL library. Recommended MySQL installation in a production environment when this is done, be sure to run the mysql_secure_installation once, and see the following command for detailed steps:

Copy Code
The code is as follows:

[email protected] ~]#
mysql_secure_installation
note:running All PARTS of this SCRIPT is
RECOMMENDED for all MySQL
SERVERS in PRODUCTION use! Please READ each STEP
carefully!
in order to log into MySQL to secure it, we ll need the
Current
password for the root user. If you ' ve just installed MySQL,
and
You haven "" t set the root password yet, the password would be blank,
So
You should just press ENTER here.
enter current password to root (enter for
None): <– First run direct return
OK, successfully used
password, moving on ...
Setting The root password ensures that nobody can log
Into the MySQL
root user without the proper authorisation.
Set Root
password? [y/n] <–
whether to set the root user password, enter Y and return or direct enter
New Password: <– Set the root user's password
Re-enter New password: <– Enter the password you set again
Password Updated
successfully!
reloading privilege tables.
..... Success!
by default, a
MySQL installation have an anonymous user, allowing anyone
To log into MySQL
Without has to has a user account created for
them. this was intended only
for testing, and to make the installation
go a bit smoother. You should
remove them before moving into a
production environment.
Remove Anonymous
users? [y/n] <–
whether to delete anonymous users, the production environment is recommended to delete, so direct carriage
..... Success!
normally, Root should only be
allowed to connect from ' localhost '. this
ensures that someone cannot guess
At the root password from the network.
Disallow root login remotely?
[y/n]
<– Whether root login is forbidden, choose y/n and enter according to your own needs, recommend prohibit
..... Success!
by default, MySQL
comes with a database named ' test ' that anyone can
access. This is also
intended testing, and should be removed
before moving into a
production environment.
Remove test database and access to it? [y/n] <– whether to delete the test database, directly enter
-Dropping test
Database ...
..... success!

View User Tables
mysql> Select Host,user,password from Mysql.user;
+---------------+-------+-------------------------------------------+
| host | user | password |
+---------------+-------+-------------------------------------------+
| localhost | root | *c9a034778fb438cdecd150408139516febc8fa5b |
| 127.0.0.1 | root | *c9a034778fb438cdecd150408139516febc8fa5b |
|:: 1 | root | *c9a034778fb438cdecd150408139516febc8fa5b |
| 192.168.1.104 | slave | *e56a114692fe0de073f9a1dd68a00eeb9703f3f1 |
+---------------+-------+-------------------------------------------+


in the MySQL library
mysql> use MySQL
Database changed;
change the root user login password
mysql> Update mysql.user Set password = password (' Gaofei ') where user= ' root ';
Refresh the Authorization form or quit MySQL restart
mysql> flush Privileges;

If you forget your password, you can:
Modifying a configuration file
vi/etc/my.cnf
Search:/mysqld in his next line add skip-grant-tables skip permission validation
[Mysqld]
Skip-grant-tables
Restart MYSLQ
Service MySQL Restart
when you enter MySQL, you do not have to lose the password at this time in the implementation of the password just changed so that the password can be modified to remove the Skip-.. command that you just added in the configuration item or the cipher is not a dummy


Add a user
All represents an executable operation such as Delete/alter/insert. * * is the execution scope ' all tables. All databases ' Lisi ' is the account ' localhost ' is the IP last one is the login password
mysql> Grant All on * * to ' lisi ' @ ' localhost ' identified by ' 123123 ';
Refresh the authorization table or restart MySQL
mysql> flush Privileges;


Create a test database and add data to a table
mysql> CREATE database HD charset UTF8;
mysql> use HD;
mysql> CREATE TABLE stu (ID int,name char);
mysql> INSERT into Stu set id=1,name=12123;

Add a user who only has permission to view
mysql> Grant Select on hd.* to ' Wangwu ' @ ' localhost ' identified by ' 123123 ';
When you are done, you must refresh the permissions table so that the account that you just added takes effect immediately and then when you log in with Wangwu, only the view of all the tables in the HD library is ' localhost ' on behalf of the local host can be set to the other IP can also be set to any IP '% ' Wangwu ' @ ' % ' This means that as long as it's called Wangwu, only the permission is checked.
so you can also see that the account name and password can be because the address of the crawl is different then he has the permissions will be different as follows:
mysql> Grant Select on hd.* to ' Wangwu ' @ ' 192.168.1.1 ' identified by ' 123123 ';
mysql> Grant Delete on hd.* to ' Wangwu ' @ ' 192.168.1.2 ' identified by ' 123123 ';

MySQL Set account permissions