跳转至

mysql

改密码:

mysql> Update user set password=password(‘xxxxxx’) where user=‘root’;

mysql> Flush privileges;

//强制刷新内存授权表,否则用的还是在内存缓冲的口令

忘了密码情况下:

vim /etc/my.cnf

在[mysqld]内添加skip-grant-tables

![[my sq I d] i b/mysql socket=/var/l ib/mysql/mysql . sock user=mysql g Disabling symbolic-links is recommended to prevent assorted security risks symbol i c- I i nks—Ø skip-grant-tables [mysqld_safe] log-error=/var/log/mysqld. log pi d- fi I e=/var/run/mysql d/mysql d. pi d ](img/59a2f5121d41c863e6000114.png)

service mysqld restart

查看密码:

mysql> select host,user,password from user ;

mysql>  host  select host,user,password from user;  localhost  user  root  password  *81F5E21E354Ø7D884A6CD4A731AEBFB6AF2Ø9EIB

更改密码:

mysql> update user set password=password('root') where user = 'root';

之后记得在my.cnf中将skip-grant-tables注释,重启服务

添、删用户,赋权:

添加用户:

mysql> insert into mysql.user(Host,User,Password) values ("localhost","test",password("test"));

//或者 create user test@localhost identified by 'test';

mysql> flush privileges;

mysql> insert into mysql values ("localhost" , "test" , password("test"));  Query OK, 1 row affected, 3 warnings (0.00 sec)  mysql> flush privileges;  Query 0K, 0 rows affected (0.00 sec)

mysql> create user test@loaclhost identified by 'test' ;  Query OK, rows affected (0.07 sec)

创建数据库:

mysql>create database testDB;

赋权:

testDB.表示所testDB的所有表,用.*表示所有数据库所有表

mysql> grant all privileges on testDB.* to test@localhost identified by 'test';

删除用户:

mysql> delete from user where user = "test";

删除数据库:

mysql>drop database testDB;

mysql> flush privileges;

设置远程连接权限:

1.更改host值:

%表示任意地址,localhost表示本地,也可指定IP地址x.x.x.x

mysql> update user set host="%" where user ="root";

mysql> flush privileges;

mysql> update user set where  Query OK, 1 row affected (0.00 sec)  Rows rrxltched: 1 Changed: 1  Warnings:  mysql> flush privileges;  Query 0K, rows affected (Ø.øø sec)  user  root";  mysql> select host, user, password from user;  host I  user I  I root I  1 row In  set (0.  password  *81F5E21E354Ø7D884A6CD4A731AEBFB6AF2Ø9EIB I  00 sec)

2.vim /etc/my.cnf

在[mysqld]中添加skip-networking即可禁止远程访问

指定ip则使用:bind-address=x.x.x.x,同时注释掉skip-networking

![[mysqld] data dir—/var/l ib/mysql socket=/var/l i b/mysql/mysql . sock user—mysql it Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=ø skip-networking *skip-grant-tables [mysqld_safe] log-error=/var/log/mysqld. log pi d-fi I e—/var/run/mysql d/mysqld. pid ](img/59a2f5121d41c863e6000112.png)

各种安全配置:

vim /etc/my.cnf:

port=3333 #更改端口

local-infile=0 #禁用读取本地文件

max_user_connections 2 #限制连接用户数量

skip-networking #禁用远程连接

![[mysqld] datadi i b/mysqi I socket—/var/l ib/mysql/mysql. sock us er=mysql g Disabling symbolic-links is reconnended to prevent assorted security risks symbol i c- I i nks—Ø port-3333 max_user_connections 2Ø local-infile=Ø skip-networking [mysqld_safe] log-error=/var/log/mysqld. log pi d-fi I e—/var/run/mysql d/mysql d. pi d ](img/59a2f5121d41c863e6000117.png)

用户目录权限限制:

默认的mysql是安装在/usr/local/mysql,而对应的数据库文件在/usr/local/mysql/var目录下,因此,必须保证该目录不能让未经授权的用户访问后把数据库打包拷贝走了,所以要限制对该目录的访问。确保mysqld运行时,只使用对数据库目录具有读或写权限的linux用户来运行。

# chown -R root /usr/local/mysql/ //mysql主目录给root

# chown -R mysql.mysql /usr/local/mysql/var //确保数据库目录权限所属mysql用户

清空命令历史记录:

数据库相关的shell操作命令都会分别记录在.bash_history,如果这些文件不慎被读取,会导致数据库密码和数据库结构等信息泄露,而登陆数据库后的操作将记录在.mysql_history文件中,如果使用update表信息来修改数据库用户密码的话,也会被读取密码,因此需要删除这两个文件,同时在进行登陆或备份数据库等与密码相关操作时,应该使用-p参数加入提示输入密码后,隐式输入密码,建议将以上文件置空。

# rm .bash_history .mysql_history //删除历史记录

# ln -s /dev/null .bash_history //将shell记录文件置空

# ln -s /dev/null .mysql_history //将mysql记录文件置空