Tip:
在MySQL中,我們經常需要創建用戶和刪除用戶,創建用戶時,我們一般使用create user或者grant語句來創建,create語法創建的用戶沒有任何權限,需要再使用grant語法來分配權限,而grant語法創建的用戶直接擁有所分配的權限。在一些測試用戶創建完成之后,做完測試,可能用戶的生命周期就結束了,需要將用戶刪除,而刪除用戶在MySQL中一般有兩種方法,一種是drop user,另外一種是delete from mysql.user,那么這兩種方法有什么區別呢?我們這里通過例子演示。
delete from mysql.user
首先,我們看看delete from mysql.user的方法。我們創建兩個用戶用來測試,測試環境是MySQL5.5版本,用戶名分別為yeyz@'%'和yeyz@'localhost',創建用戶的語法如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
mysql 15:13:12>>create user yeyz@'%' identified by '123456';Query OK, rows affected (. sec)mysql 15:20:01>>grant select,create,update,delete on yeyz.yeyz to yeyz@'%';Query OK, rows affected (. sec)mysql 15:29:48>>GRANT USAGE ON yeyz.yeyz TO 'yeyz'@localhost IDENTIFIED BY '123456';Query OK, rows affected (. sec)mysql--dba_admin@127...1:(none) 15:20:39>>show grants for yeyz@'%';+-----------------------------------------------------------------------------------------------------+| Grants for yeyz@% |+-----------------------------------------------------------------------------------------------------+| GRANT USAGE ON *.* TO 'yeyz'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' || GRANT SELECT, UPDATE, DELETE, CREATE ON `yeyz`.`yeyz` TO 'yeyz'@'%' |+-----------------------------------------------------------------------------------------------------+ |
此時我們通過delete的方法手動刪除mysql.user表中的這兩個用戶,在去查看用戶表,我們發現:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
mysql 15:20:43>>delete from mysql.user where user='yeyz';Query OK, rows affected (. sec)mysql 15:21:40>>select user,host from mysql.user;+------------------+-----------------+| user | host |+------------------+-----------------+| dba_yeyz | localhost || root | localhost || tkadmin | localhost |+------------------+-----------------+ rows in set (. sec) |
已經沒有這兩個yeyz的用戶了,此時我們使用show grants for命令查看剛才刪除的用戶,我們發現依舊是存在這個用戶的權限說明的:
|
1
2
3
4
5
6
7
8
|
mysql 15:24:21>>show grants for yeyz@'%';+-----------------------------------------------------------------------------------------------------+| Grants for yeyz@% |+-----------------------------------------------------------------------------------------------------+| GRANT USAGE ON *.* TO 'yeyz'@'%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' || GRANT SELECT, UPDATE, DELETE, CREATE ON `yeyz`.`yeyz` TO 'yeyz'@'%' |+-----------------------------------------------------------------------------------------------------+ rows in set (0.00 sec) |
說明我們雖然從mysql.user表里面刪除了這個用戶,但是在db表和權限表里面這個用戶還是存在的,為了驗證這個結論,我們重新創建一個yeyz@localhost的用戶,這個用戶我們只給它usage權限,其他的權限我們不配置,如下:
|
1
2
|
mysql ::>>GRANT USAGE ON yeyz.yeyz TO 'yeyz'@localhost IDENTIFIED BY '123456';Query OK, rows affected (. sec) |
這個時候,我們使用yeyz@localhost這個用戶去登陸數據庫服務,然后進行相關的update操作,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[dba_mysql@tk-dba-mysql-stat-- ~]$ /usr/local/mysql/bin/mysql -uyeyz --socket=/data/mysql_4306/tmp/mysql.sock --port= -p -hlocalhostEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id isServer version: 5.5.-log MySQL Community Server (GPL)Copyright (c) , , Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql--yeyz@localhost:(none) 15:31:05>>select * from yeyz.yeyz;+------+| id |+------+| 3 || 4 || 5 |+------+ rows in set (. sec)mysql--yeyz@localhost:(none) 15:31:16>>delete from yeyz.yeyz where id=;Query OK, row affected (. sec)mysql--yeyz@localhost:(none) 15:31:32>>select * from yeyz.yeyz;+------+| id |+------+| 3 || 4 |+------+ rows in set (. sec) |
最終出現的結果可想而知,一個usage權限的用戶,對數據庫總的表進行了update操作,而且還成功了。這一切得益于我們delete from mysql.user的操作,這種操作雖然從user表里面刪除了記錄,但是當這條記錄的host是%時,如果重新創建一個同名的新用戶,此時新用戶將會繼承以前的用戶權限,從而使得用戶權限控制失效,這是很危險的操作,盡量不要執行。
再開看看drop的方法刪除用戶
首先,我們刪除掉剛才的那兩個用戶,然后使用show grants for語句查看他們的權限:
|
1
2
3
4
5
6
7
8
9
|
mysql ::>>drop user yeyz@'%';Query OK, rows affected (0.00 sec)mysql ::>>drop user yeyz@'localhost';Query OK, rows affected (0.00 sec)mysql ::>>mysql ::>>show grants for yeyz@'%';ERROR (): There is no such grant defined for user 'yeyz' on host '%'mysql ::>>show grants for yeyz@'localhost';ERROR (): There is no such grant defined for user 'yeyz' on host '192.168.18.%' |
可以看到,權限已經完全刪除了,此時我們重新創建一個只有select權限的用戶:
|
1
2
|
mysql ::>>GRANT SELECT ON *.* TO 'yeyz'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9';Query OK, rows affected (. sec) |
我們使用這個用戶登錄到數據庫服務,然后嘗試進行select、update以及create操作,結果如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
[dba_mysql@tk-dba-mysql-stat-10-104 ~]$ /usr/local/mysql/bin/mysql -uyeyz --socket=/data/mysql_4306/tmp/mysql.sock --port=4306 -p -hlocalhostEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id isServer version: 5.5.19-log MySQL Community Server (GPL)Copyright (c) , , Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql ::>>select * from yeyz.yeyz;+------+| id |+------+| || || |+------+ rows in set (0.00 sec)mysql ::>>update yeyz.yeyz set id= where id=;ERROR (): UPDATE command denied to user 'yeyz'@'localhost' for table 'yeyz'mysql ::>>create table test (id int);ERROR (D000): No database selectedmysql ::>>create table yeyz.test (id int);ERROR (): CREATE command denied to user 'yeyz'@'localhost' for table 'test' |
可以發現,這個用戶只可以進行select操作,當我們嘗試進行update操作和create操作的時候,系統判定這種操作沒有權限,直接拒絕了,這就說明使用drop user方法刪除用戶的時候,會連通db表和權限表一起清除,也就是說刪的比較干凈,不會對以后的用戶產生任何影響。
結論:
當我們想要刪除一個用戶的時候,盡量使用drop user的方法刪除,使用delete方法可能埋下隱患,下次如果創建同名的用戶名時,權限控制方面存在一定的問題。
這個演示也解決了一些新手朋友們的一個疑問:為什么我的用戶只有usage權限,卻能訪問所有數據庫,并對數據庫進行操作?這個時候,你需要看看日志,查詢自己有沒有進行過delete from mysql.user的操作,如果有,這個問題就很好解釋了。
以上就是MySQL兩種刪除用戶語句的區別(delete user和drop user)的詳細內容,更多關于MySQL 刪除用戶的資料請關注服務器之家其它相關文章!
原文鏈接:https://cloud.tencent.com/developer/article/1533576
