一、glibc安装
mysql
清空/etc/目录下的my.cnf
ls -l /etc/my.cnf
rm -rf /etc/my.cnf
yum -y remove mariadb
find / -name "*mysql*" -exec rm -rf {} \;
安装mysql软件包
wget https://downloads.mysql.com/archives/get/p/23/file/mysql-8.0.33-li
nux-glibc2.12-x86_64.tar解压
[root@Mysql-001 ~]# ls
mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@Mysql-001 ~]# tar -xvf mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@Mysql-001 ~]# tar -xf mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz
[root@Mysql-001 ~]# ls mysql-8.0.33-linux-glibc2.12-x86_64
bin docs include lib LICENSE man README share support-files将项目文件移动到/usr/local/mysql/
cp -r mysql-8.0.33-linux-glibc2.12-x86_64/ /usr/local/mysql/
yum list installed | grep libaio #检查是否有libaio
libaio.x86_64 0.3.109-13.el7 @anaconda
[root@Mysql-001 ~]# useradd -r -s /sbin/nologin mysql
[root@Mysql-001 ~]# id mysql
uid=997(mysql) gid=995(mysql) 组=995(mysql)在/usr/local/mysql/目录下创建mysql-files目录
mkdir /usr/local/mysql/mysql-files
修改mysql-files的权限为750 所属的组和属主都是mysqlchown mysql:mysql /usr/local/mysql/mysql-files/
chmod 750 /usr/local/mysql/mysql-files/
ll /usr/local/mysql/
总用量 292
drwxr-xr-x 2 root root 4096 8月 5 09:48 bin
drwxr-xr-x 2 root root 38 8月 5 09:48 docs
drwxr-xr-x 3 root root 282 8月 5 09:48 include
drwxr-xr-x 6 root root 201 8月 5 09:48 lib
-rw-r--r-- 1 root root 284945 8月 5 09:48 LICENSE
drwxr-xr-x 4 root root 30 8月 5 09:48 man
drwxr-x--- 2 mysql mysql 6 8月 5 09:55 mysql-files
-rw-r--r-- 1 root root 666 8月 5 09:48 README
drwxr-xr-x 28 root root 4096 8月 5 09:48 share
drwxr-xr-x 2 root root 77 8月 5 09:48 support-files
初始化数据库/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/
2024-08-05T02:02:01.330394Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.33) initializing of server in progress as process 2825
2024-08-05T02:02:01.345707Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2024-08-05T02:02:02.337448Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2024-08-05T02:02:04.033580Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: ax8c5SwT(p/u(mysql密码)
判断是否生成了data目录ls /usr/local/mysql #有data目录就是初始化成功了
把mysql.server文件放到/etc/init.d/目录下(方便启动mysql服务 service mysql start)
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8
service mysqld8 start
#修改密码
usr/local/mysql/bin/mysql -uroot -p
alter usr 'root@localhost' identified with mysql_native_password BY 'Zhang@2002';
二、远程连接登陆MySQL
1、远程登陆前提条件是mysql。user表中的host属性为%。如果是localhost就不允许远程登陆,
2、update mysql.user set host="%" where user="root",flush privilefes;
3、远程管理,可以使用图形化工具,sqlyog,navicat,掌握命令工具,客户端工具mysql
4、mysql -h 192.168.1.10 -P3306 -uxiaojiang -pZhang@2002
-h 主机IP或者域名如果是localhost或者是127.0.0.1可省略
-P 端口 默认是3306如果是默认的可以省略
-u 用户名
-p 密码,可以不换行直接输入,也可以换行 不回显输入密码
(1)创建账户
create user 'xiaojiang'@'%' identified by 'Zhang@2002';
eg:创建三个账号,abc[abcd] , ccc[a1b2c3] ,ddd[231343]
(2)给权限
grant all on *.* to 'xiaojiang'
(3)创建库
create database if not exists test;
(4)创建表
use test;
create table user(id int primary key,username varchar(45) not null,password varchar(45) not null
);
(5)添加数据
insert into test.user values(1,"zhangsan","123");
insert into test.user values(2,"lisi","456");
insert into test.user values(3,"wangwu","789");
insert into test.user values(4,"zhaoliu","aaa");
添加lilaosi账号,修改密码,查看mysql.user中的lilaosi的信息
create user 'lilaosi'@'%' identified by 'lilaoshi_123';
alter user 'lilaosi'@'%' identified by 'Lilaosi_123';
select host,user from mysql.user;
使用root账号,为lilaosi账号添加test库存中所有的表的所有权限
mysql -uroot -pZhang@2002
grant all on test.* to 'lilaosi';
#lilaosi就获得了test库中所有表的操作权限;但是由于root没有个lilaosimysql库的
权限,所以lilaosi账号无法查看mysql库
三、mysql环境部署脚本
vim mysql.sh
#!/bin/bash
cp $1 /usr/local/mysql/
mkdir /usr/local/mysql/mysql-files/
grep /mysql/ /etc/password
if [ $i ne 0 ]; then
useradd -r -s /sbin/nologin mysql
fi
chown mysql:mysql /usr/local/mysql/mysql-files
chmod 750 /usr/local/mysql/mysql-files
#初始化
/usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/
#password
#service
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8
#start server
service mysql8 start
四、安全用户角色权限
(一)密码安全策略
1、查看密码策略
mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
2、 修改策略
mysql>setglobal validate_password.length=0;
mysql>setglobal validate_password.policy=LOW;
mysql>showvariableslike'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 4 |
| validate_password.mixed_case_count | 0 |
| validate_password.number_count | 0 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 0 |
+--------------------------------------+--------+
(二)用户
1、创建用户
mysql>create user'efgh'@'%' identified by 'efgh';
Query OK,0 rows affected (0.01 sec)
mysql>select host,user from mysql.user;
+-----------+------------------+
| host |user |
+-----------+------------------+
|% | efgh |
|% | root |
|% | zhangmin |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | test1 |
+-----------+------------------+
2、删除用户
mysql>drop user'xiaojiang';
Query OK,0 rows affected (0.02 sec)
3、修改用户
mysql>alter user'zhangmin' identified by 'abc123';
Query OK,0 rows affected (0.01 sec)
(三)角色
1、创建角色
mysql>create role 'jingli';
Query OK,0 rows affected (0.00 sec)
2、查看角色
mysql> select host,user from mysql.user;
3、修改角色
ALTER ROLE 'role_name' [...属性...];
4、删除角色
DROP ROLE 'role_name';
(四)权限
1、刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
2、为root账号添加权限
mysql> grant system_user on *.* to "root";
3、新增权限
mysql> grant insert,delete,update,select on test.user to 'jingli';
4、修改权限
mysql> show grants for "efgh";
+----------------------------------+
| Grants for efgh@% |
+----------------------------------+
| GRANT USAGE ON *.* TO `efgh`@`%` |
+----------------------------------+
1 row in set (0.00 sec)
5、查看权限
mysql> show grants for 'bbb';
6、删除权限
mysql>revoke all on*.* from "efgh";
Query OK,0 rows affected (0.00 sec)
练习1
1.添加aaa账户,设置密码aaaa
drop user aaa;
create user 'aaa'@'%' identified by 'aaaa';
2.使用aaa账户访问mysql服务
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
3.查看test数据库发现么有权限
show databases;
4.退出并使用root账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
5.为aaa账户添加查看test.user表的权限
grant select on test.user to 'aaa';
6.退出root,使用aaa账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
7.查看数据库,查看表,查看表内容 能够正常查看
show databases;
user test;
show tables;
select * from user;
8.输入数据,没有权限
insert into user values(5,"ermazi","ermazi");####
9.退出aaa使用root登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
10.为aaa添加insert权限
grant insert on test.user to 'aaa';
11.退出root使用aaa登录
exit|quit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
12.向user表添加一行新的数据
insert into test.user values(6,"zhangsanfeng","zhangsanfen");
13.修改user中一行的数据的password(密码)为111,没有update权限
update test.user set password='zsf' where username-'zhangsanfeng';
练习2
mysql> create role 'jingli';
Query OK, 0 rows affected (0.02 sec)mysql> create role 'yuangong';
Query OK, 0 rows affected (0.02 sec)
#添加jingli,yuangong角色mysql> grant insert,delete,update,select on test.user to 'jingli';
Query OK, 0 rows affected (0.00 sec)
#给jingli角色设置权限mysql> show grants for 'jingli';
#查看jingli权限
+-----------------------------------------------------------------------+
| Grants for jingli@% |
+-----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `jingli`@`%` |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.`user` TO `jingli`@`%` |
+-----------------------------------------------------------------------+
2 rows in set (0.00 sec)mysql> grant select,insert on test.user to 'yuangong';
Query OK, 0 rows affected (0.01 sec)mysql> show grants for 'yuangong';
+---------------------------------------------------------+
| Grants for yuangong@% |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO `yuangong`@`%` |
| GRANT SELECT, INSERT ON `test`.`user` TO `yuangong`@`%` |
+---------------------------------------------------------+
2 rows in set (0.00 sec)mysql> select host,user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | aaa |
| % | efgh |
| % | jingli |
| % | xiaojiang |
| % | yuangong |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+------------------+
9 rows in set (0.00 sec)
#新增bbb和ccc两个用户,bbb是经理需要增删改查权限,ccc是员工,只需要新增和查看的权限
mysql> create user 'bbb'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)mysql> create user 'ccc'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)mysql> grant jingli to 'bbb';
Query OK, 0 rows affected (0.01 sec)mysql> grant yuangong to 'ccc';
Query OK, 0 rows affected (0.01 sec)mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)mysql> show grants for 'bbb';
+---------------------------------+
| Grants for bbb@% |
+---------------------------------+
| GRANT USAGE ON *.* TO `bbb`@`%` |
| GRANT `jingli`@`%` TO `bbb`@`%` |
+---------------------------------+
2 rows in set (0.00 sec)mysql> show grants for 'ccc';
+-----------------------------------+
| Grants for ccc@% |
+-----------------------------------+
| GRANT USAGE ON *.* TO `ccc`@`%` |
| GRANT `yuangong`@`%` TO `ccc`@`%` |
+-----------------------------------+
2 rows in set (0.00 sec)