glibc的安装及MySQL的安全用户角色权限（twenty-one day）

一、glibc安装

mysql

清空/etc/目录下的my.cnf

ls -l /etc/my.cnf

rm -rf /etc/my.cnf

yum -y remove mariadb

find / -name "*mysql*" -exec rm -rf {} \;

安装mysql软件包

wget https://downloads.mysql.com/archives/get/p/23/file/mysql-8.0.33-li

nux-glibc2.12-x86_64.tar

解压

[root@Mysql-001 ~]# ls
mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@Mysql-001 ~]# tar -xvf mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@Mysql-001 ~]# tar -xf mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
[root@Mysql-001 ~]# ls mysql-8.0.33-linux-glibc2.12-x86_64
bin docs include lib LICENSE man README share support-files

将项目文件移动到/usr/local/mysql/

cp -r mysql-8.0.33-linux-glibc2.12-x86_64/ /usr/local/mysql/
yum list installed | grep libaio #检查是否有libaio
libaio.x86_64 0.3.109-13.el7 @anaconda
[root@Mysql-001 ~]# useradd -r -s /sbin/nologin mysql
[root@Mysql-001 ~]# id mysql
uid=997(mysql) gid=995(mysql) 组=995(mysql)

在/usr/local/mysql/目录下创建mysql-files目录

mkdir /usr/local/mysql/mysql-files
修改mysql-files的权限为750 所属的组和属主都是mysql

chown mysql:mysql /usr/local/mysql/mysql-files/
chmod 750 /usr/local/mysql/mysql-files/
ll /usr/local/mysql/
总用量 292
drwxr-xr-x 2 root root 4096 8月 5 09:48 bin
drwxr-xr-x 2 root root 38 8月 5 09:48 docs
drwxr-xr-x 3 root root 282 8月 5 09:48 include
drwxr-xr-x 6 root root 201 8月 5 09:48 lib
-rw-r--r-- 1 root root 284945 8月 5 09:48 LICENSE
drwxr-xr-x 4 root root 30 8月 5 09:48 man
drwxr-x--- 2 mysql mysql 6 8月 5 09:55 mysql-files
-rw-r--r-- 1 root root 666 8月 5 09:48 README
drwxr-xr-x 28 root root 4096 8月 5 09:48 share
drwxr-xr-x 2 root root 77 8月 5 09:48 support-files
初始化数据库

/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/
2024-08-05T02:02:01.330394Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.33) initializing of server in progress as process 2825
2024-08-05T02:02:01.345707Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2024-08-05T02:02:02.337448Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2024-08-05T02:02:04.033580Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: ax8c5SwT(p/u（mysql密码）
判断是否生成了data目录

ls /usr/local/mysql #有data目录就是初始化成功了

把mysql.server文件放到/etc/init.d/目录下(方便启动mysql服务 service mysql start)

cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8

service mysqld8 start

#修改密码

usr/local/mysql/bin/mysql -uroot -p

alter usr 'root@localhost' identified with mysql_native_password BY 'Zhang@2002';

二、远程连接登陆MySQL

1、远程登陆前提条件是mysql。user表中的host属性为%。如果是localhost就不允许远程登陆，

2、update mysql.user set host="%" where user="root",flush privilefes;

3、远程管理，可以使用图形化工具，sqlyog，navicat，掌握命令工具，客户端工具mysql

4、mysql -h 192.168.1.10 -P3306 -uxiaojiang -pZhang@2002

        -h 主机IP或者域名如果是localhost或者是127.0.0.1可省略

        -P 端口默认是3306如果是默认的可以省略

        -u 用户名

        -p 密码，可以不换行直接输入，也可以换行不回显输入密码

（1）创建账户

create user 'xiaojiang'@'%' identified by 'Zhang@2002';

eg:创建三个账号，abc[abcd] , ccc[a1b2c3] ,ddd[231343]

（2）给权限

grant all on *.* to 'xiaojiang'

（3）创建库

create database if not exists test;

（4）创建表

use test;
create table user(id int primary key,username varchar(45) not null,password varchar(45) not null
);

（5）添加数据

insert into test.user values(1,"zhangsan","123");
insert into test.user values(2,"lisi","456");
insert into test.user values(3,"wangwu","789");
insert into test.user values(4,"zhaoliu","aaa");

添加lilaosi账号，修改密码，查看mysql.user中的lilaosi的信息

create user 'lilaosi'@'%' identified by 'lilaoshi_123';
alter user 'lilaosi'@'%' identified by 'Lilaosi_123';
select host,user from mysql.user;

使用root账号，为lilaosi账号添加test库存中所有的表的所有权限

mysql -uroot -pZhang@2002

grant all on test.* to 'lilaosi';
#lilaosi就获得了test库中所有表的操作权限；但是由于root没有个lilaosimysql库的
权限，所以lilaosi账号无法查看mysql库

三、mysql环境部署脚本

vim mysql.sh

#!/bin/bash

cp $1 /usr/local/mysql/

mkdir /usr/local/mysql/mysql-files/

grep /mysql/ /etc/password

if [ $i ne 0 ]; then

useradd -r -s /sbin/nologin mysql

fi

chown mysql:mysql /usr/local/mysql/mysql-files

chmod 750 /usr/local/mysql/mysql-files

#初始化

/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/

#password

#service

cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8

#start server

service mysql8 start

四、安全用户角色权限

（一）密码安全策略

1、查看密码策略

mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+

2、修改策略

mysql>setglobal validate_password.length=0;
mysql>setglobal validate_password.policy=LOW;
mysql>showvariableslike'validate%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 4      |
| validate_password.mixed_case_count   | 0      |
| validate_password.number_count       | 0      |
| validate_password.policy             | LOW    |
| validate_password.special_char_count | 0      |
+--------------------------------------+--------+

（二）用户

1、创建用户

mysql>create user'efgh'@'%' identified by 'efgh';
Query OK,0 rows affected (0.01 sec)
mysql>select host,user from mysql.user;
+-----------+------------------+
| host      |user              |
+-----------+------------------+
|%          | efgh             |
|%          | root             |
|%          | zhangmin         |
| localhost | mysql.infoschema |
| localhost | mysql.session    |
| localhost | mysql.sys        |
| localhost | test1            |
+-----------+------------------+

2、删除用户

mysql>drop user'xiaojiang';
Query OK,0 rows affected (0.02 sec)

3、修改用户

mysql>alter user'zhangmin' identified by 'abc123';
Query OK,0 rows affected (0.01 sec)

（三）角色

1、创建角色

mysql>create role 'jingli';
Query OK,0 rows affected (0.00 sec)

2、查看角色

mysql> select host,user from mysql.user;

3、修改角色

ALTER ROLE 'role_name' [...属性...];

4、删除角色

DROP ROLE 'role_name';

（四）权限

1、刷新权限

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

2、为root账号添加权限

mysql> grant system_user on *.* to "root";

3、新增权限

mysql> grant insert,delete,update,select on test.user to 'jingli';

4、修改权限

mysql> show grants for "efgh";
+----------------------------------+
| Grants for efgh@%                |
+----------------------------------+
| GRANT USAGE ON *.* TO `efgh`@`%` |
+----------------------------------+
1 row in set (0.00 sec)

5、查看权限

mysql> show grants for 'bbb';

6、删除权限

mysql>revoke all on*.* from "efgh";
Query OK,0 rows affected (0.00 sec)

练习1

1.添加aaa账户，设置密码aaaa
drop user aaa;
create user 'aaa'@'%' identified by 'aaaa';
2.使用aaa账户访问mysql服务
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
3.查看test数据库发现么有权限
show databases;
4.退出并使用root账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
5.为aaa账户添加查看test.user表的权限
grant select on test.user to 'aaa';
6.退出root，使用aaa账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
7.查看数据库，查看表，查看表内容 能够正常查看
show databases;
user test;
show tables;
select * from user;
8.输入数据，没有权限
insert into user values(5,"ermazi","ermazi");####
9.退出aaa使用root登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
10.为aaa添加insert权限
grant insert on test.user to 'aaa';
11.退出root使用aaa登录
exit|quit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
12.向user表添加一行新的数据
insert into test.user values(6,"zhangsanfeng","zhangsanfen");
13.修改user中一行的数据的password（密码）为111，没有update权限
update test.user set password='zsf' where username-'zhangsanfeng';

练习2

mysql> create role 'jingli';
Query OK, 0 rows affected (0.02 sec)mysql> create role 'yuangong';
Query OK, 0 rows affected (0.02 sec)
#添加jingli，yuangong角色mysql> grant insert,delete,update,select on test.user to 'jingli';
Query OK, 0 rows affected (0.00 sec)
#给jingli角色设置权限mysql> show grants for 'jingli';
#查看jingli权限
+-----------------------------------------------------------------------+
| Grants for jingli@%                                                   |
+-----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `jingli`@`%`                                    |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.`user` TO `jingli`@`%` |
+-----------------------------------------------------------------------+
2 rows in set (0.00 sec)mysql> grant select,insert on test.user to 'yuangong';
Query OK, 0 rows affected (0.01 sec)mysql> show grants for 'yuangong';
+---------------------------------------------------------+
| Grants for yuangong@%                                   |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO `yuangong`@`%`                    |
| GRANT SELECT, INSERT ON `test`.`user` TO `yuangong`@`%` |
+---------------------------------------------------------+
2 rows in set (0.00 sec)mysql> select host,user from mysql.user;
+-----------+------------------+
| host      | user             |
+-----------+------------------+
| %         | aaa              |
| %         | efgh             |
| %         | jingli           |
| %         | xiaojiang        |
| %         | yuangong         |
| localhost | mysql.infoschema |
| localhost | mysql.session    |
| localhost | mysql.sys        |
| localhost | root             |
+-----------+------------------+
9 rows in set (0.00 sec)
#新增bbb和ccc两个用户，bbb是经理需要增删改查权限，ccc是员工，只需要新增和查看的权限
mysql> create user 'bbb'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)mysql> create user 'ccc'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)mysql> grant jingli to 'bbb';
Query OK, 0 rows affected (0.01 sec)mysql> grant yuangong to 'ccc';
Query OK, 0 rows affected (0.01 sec)mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)mysql> show grants for 'bbb';
+---------------------------------+
| Grants for bbb@%                |
+---------------------------------+
| GRANT USAGE ON *.* TO `bbb`@`%` |
| GRANT `jingli`@`%` TO `bbb`@`%` |
+---------------------------------+
2 rows in set (0.00 sec)mysql> show grants for 'ccc';
+-----------------------------------+
| Grants for ccc@%                  |
+-----------------------------------+
| GRANT USAGE ON *.* TO `ccc`@`%`   |
| GRANT `yuangong`@`%` TO `ccc`@`%` |
+-----------------------------------+
2 rows in set (0.00 sec)