MySQL用戶和權(quán)限及破解root口令的示例分析-創(chuàng)新互聯(lián)
這篇文章將為大家詳細(xì)講解有關(guān)MySQL用戶和權(quán)限及破解root口令的示例分析,小編覺(jué)得挺實(shí)用的,因此分享給大家做個(gè)參考,希望大家閱讀完這篇文章后可以有所收獲。
MySQL用戶和權(quán)限
在MySQL中有一個(gè)系統(tǒng)自身就帶有的數(shù)據(jù)庫(kù)叫MySQL,數(shù)據(jù)庫(kù)裝好以后系統(tǒng)自帶了好幾個(gè)數(shù)據(jù)庫(kù)MySQL就是其中過(guò)一個(gè),MySQL數(shù)據(jù)庫(kù)有個(gè)用戶賬戶權(quán)限相關(guān)的表叫user表,在其中就有創(chuàng)建的用戶。
MySQL中完整的用戶名是由用戶+主機(jī)名形成,主機(jī)名決定了這個(gè)用戶在哪個(gè)主機(jī)上能登陸。
一、用戶的創(chuàng)建和密碼修改
1.用戶的創(chuàng)建
create user 'USERNAME'@'HOST' identified by 'PASSWORD';
USERNAME:用戶名
HOST:主機(jī)地址
PASSWORD:密碼
示例:
MariaDB [(none)]> create user masuri@192.168.73.133 identified by 'centos'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> select user,host,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | localhost.localdomain | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 7 rows in set (0.00 sec)
MySQL中有匿名賬戶,可以通過(guò)跑安全加固腳本mysql_secure_installation來(lái)進(jìn)行刪除,也可以手動(dòng)將其刪除。
刪除用戶:
DROP USER 'USERNAME'@'HOST';
示例:
MariaDB [(none)]> select user,host,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | localhost.localdomain | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 7 rows in set (0.00 sec) MariaDB [(none)]> DROP USER ''@'localhost'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> DROP USER ''@'localhost.localdomain'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> select user,host,password from mysql.user; +--------+-----------------------+-------------------------------------------+ | user | host | password | +--------+-----------------------+-------------------------------------------+ | root | localhost | | | root | localhost.localdomain | | | root | 127.0.0.1 | | | root | ::1 | | | masuri | 192.168.73.133 | *128977E278358FF80A246B5046F51043A2B1FCED | +--------+-----------------------+-------------------------------------------+ 5 rows in set (0.00 sec)
2.密碼的修改
mysql密碼的修改
SET PASSWORD FOR user = PASSWORD('cleartext password')
UPDATE table SET password = password('cleartext password')示例:
對(duì)masuri用戶做密碼的修改
MariaDB [(none)]> SET PASSWORD FOR masuri@192.168.73.133 = PASSWORD ('magedu');
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user;
+--------+-----------------------+-------------------------------------------+
| user | host | password |
+--------+-----------------------+-------------------------------------------+
| root | localhost | |
| root | localhost.localdomain | |
| root | 127.0.0.1 | |
| root | ::1 | |
| masuri | 192.168.73.133 | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
+--------+-----------------------+-------------------------------------------+
#此時(shí)密碼已經(jīng)發(fā)生改變root賬號(hào)口令為空,為root口令設(shè)置口令,由于一條一條的設(shè)置太過(guò)麻煩也可以使用修改表的操作來(lái)修改密碼
MariaDB [(none)]> update mysql.user set password=password('centos') where user='root';
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4 Changed: 4 Warnings: 0
MariaDB [(none)]> select user,host,password from mysql.user;
+--------+-----------------------+-------------------------------------------+
| user | host | password |
+--------+-----------------------+-------------------------------------------+
| root | localhost | *128977E278358FF80A246B5046F51043A2B1FCED |
| root | localhost.localdomain | *128977E278358FF80A246B5046F51043A2B1FCED |
| root | 127.0.0.1 | *128977E278358FF80A246B5046F51043A2B1FCED |
| root | ::1 | *128977E278358FF80A246B5046F51043A2B1FCED |
| masuri | 192.168.73.133 | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
+--------+-----------------------+-------------------------------------------+
5 rows in set (0.00 sec)此時(shí)密碼已經(jīng)修改但依舊無(wú)法登陸,需要將權(quán)限刷新
MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
二、MySQL權(quán)限管理
權(quán)限管理涉及到多種權(quán)限的類別,比如說(shuō)有管理類、程序類、數(shù)據(jù)庫(kù)級(jí)別、表級(jí)別和字段級(jí)別
管理類:能否創(chuàng)建用戶,能否顯示數(shù)據(jù)庫(kù)列表,能否重新加載配置文件,能否關(guān)閉數(shù)據(jù)庫(kù),和復(fù)制相關(guān)的能否執(zhí)行,能否管理進(jìn)程,能否創(chuàng)建臨時(shí)表,能否創(chuàng)建數(shù)據(jù)庫(kù)中的文件。
程序類主要涉及3個(gè)程序,函數(shù),存儲(chǔ)過(guò)程和觸發(fā)器,例如能否創(chuàng)建,修改,刪除和執(zhí)行這些程序庫(kù),表和字段級(jí)別的權(quán)限:比如能否在庫(kù),表字段里進(jìn)行增、刪、查、改等操作
1.授權(quán)GRANT
授權(quán)用戶時(shí)如果用戶不存在可以將其創(chuàng)建出來(lái),在授權(quán)前首先要確認(rèn)自己是管理員有授權(quán)的權(quán)限。
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]示例:
創(chuàng)建一個(gè)wordpress的用戶,并授權(quán)。
MariaDB [(none)]> CREATE DATABASE wordpress; Query OK, 1 row affected (0.02 sec) MariaDB [(none)]> GRANT ALL ON wordpress.* TO wpuser@'192.168.73.%' identified by 'mylinuxops'; Query OK, 0 rows affected (0.00 sec)
2.查看用戶的權(quán)限
MariaDB [(none)]> show grants for wpuser@'192.168.73.%'; +------------------------------------------------------------------------------------------------------------------+ | Grants for wpuser@192.168.73.% | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406' | | GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wpuser'@'192.168.73.%' | +------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
3.授權(quán)的其他選項(xiàng)
MAX_QUESRIES_PER_HOUR count #每小時(shí)最多查多少次 MAX_UPDATES_PER_HOUR count #每小時(shí)最多改多少次 MAX_CONNECTIONS_PER_HOUR count #每小時(shí)最多連多少次 MAX_USER_CONNECTIONS count #用戶的大數(shù)連接數(shù)
取消權(quán)限
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ...
示例:
MariaDB [(none)]> revoke delete on wordpress.* from wpuser@'192.168.73.%'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> show grants for wpuser@'192.168.73.%'; +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for wpuser@192.168.73.% | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wpuser'@'192.168.73.%' IDENTIFIED BY PASSWORD '*EC0DBFB480593BB6ED2EC028A4231A72D8137406' | | GRANT SELECT, INSERT, UPDATE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `wordpress`.* TO 'wpuser'@'192.168.73.%' | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) # 此時(shí)wpuser@'192.168.73.%'已經(jīng)沒(méi)有了delete權(quán)限
MySQL的root口令破解
工作中有時(shí)候可能會(huì)遇到root口令丟失的情況,此時(shí)可以通過(guò)以下方法進(jìn)行找回root口令
以下為示范如何破解root口令
一、密碼未知無(wú)法登陸MySQL
[root@localhost ~]# mysql ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
二、破解
1.修改配置文件/etc/my.cnf,添加兩行參數(shù)
skip_grant_tables:跳過(guò)授權(quán)表信息,此項(xiàng)生效后再次使用MySQL就無(wú)需使用密碼了,但是遠(yuǎn)程的其他用戶也可以不使用密碼登陸,有一定的風(fēng)險(xiǎn)性
skip_networking:關(guān)閉網(wǎng)路功能,由于光啟用skip_grant_tables選項(xiàng),其他用戶也可以無(wú)需密碼登陸MySQL非常危險(xiǎn),所以需要關(guān)閉網(wǎng)路功能只允許本地的用戶進(jìn)行操作。
[root@localhost ~]# vim /etc/my.cnf [mysqld] skip_networking=on #不啟用網(wǎng)絡(luò)功能 skip_grant_tables=on #跳過(guò)授權(quán)表 [root@localhost ~]# service mysqld restart #對(duì)位置文件修改后需要重新啟動(dòng)服務(wù) Restarting mysqld (via systemctl): [ OK ]
2.登陸MySQL,進(jìn)行密碼修改
[root@localhost ~]# mysql #此時(shí)已經(jīng)無(wú)需輸入密碼就能登陸
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.2.23-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> UPDATE mysql.user SET password=PASSWORD('123456') where user='root'; #對(duì)root的口令進(jìn)行修改
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4 Changed: 4 Warnings: 03.口令修改完畢后,需要將配置文件恢復(fù)
將剛才啟用的兩個(gè)選項(xiàng)進(jìn)行注銷或者刪除,然后重啟服務(wù)
[root@localhost ~]# vim /etc/my.cnf [mysqld] #skip_networking=on #skip_grant_tables=on [root@localhost ~]# service mysqld restart Restarting mysqld (via systemctl): [ OK ]
4.使用新口令登陸MySQL
[root@localhost ~]# mysql -uroot -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.2.23-MariaDB-log Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
關(guān)于“MySQL用戶和權(quán)限及破解root口令的示例分析”這篇文章就分享到這里了,希望以上內(nèi)容可以對(duì)大家有一定的幫助,使各位可以學(xué)到更多知識(shí),如果覺(jué)得文章不錯(cuò),請(qǐng)把它分享出去讓更多的人看到。
網(wǎng)站名稱:MySQL用戶和權(quán)限及破解root口令的示例分析-創(chuàng)新互聯(lián)
文章路徑:http://vcdvsql.cn/article2/dihpic.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供搜索引擎優(yōu)化、企業(yè)網(wǎng)站制作、網(wǎng)站設(shè)計(jì)公司、電子商務(wù)、網(wǎng)站內(nèi)鏈、建站公司
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)
猜你還喜歡下面的內(nèi)容
- JSP和ASP之間的區(qū)別有哪些-創(chuàng)新互聯(lián)
- python如何解決被修飾函數(shù)消失的問(wèn)題-創(chuàng)新互聯(lián)
- 虛擬主機(jī)和獨(dú)立主機(jī)有什么不同-創(chuàng)新互聯(lián)
- JAVA對(duì)象整體去重+按照對(duì)象內(nèi)某個(gè)屬性去重-創(chuàng)新互聯(lián)
- Android實(shí)現(xiàn)webview實(shí)例代碼-創(chuàng)新互聯(lián)
- js中的eval什么意思-創(chuàng)新互聯(lián)
- 怎么在java中使用IO流將一個(gè)文件拆分為多個(gè)子文件-創(chuàng)新互聯(lián)
- 成都網(wǎng)站建設(shè)之APP線上推廣精華方案 2022-08-11
- 網(wǎng)站建設(shè)過(guò)程中必須注意的五大問(wèn)題 2022-08-06
- 網(wǎng)站建設(shè)中的哪些不當(dāng)設(shè)計(jì)正在傷害你的用戶體驗(yàn)? 2022-05-23
- 網(wǎng)站建設(shè)優(yōu)勢(shì) 2021-05-16
- 淺談網(wǎng)站建設(shè)與seo的密切關(guān)系 2017-01-23
- 中小企業(yè)在網(wǎng)站建設(shè)中遇到網(wǎng)絡(luò)攻擊會(huì)出現(xiàn)哪些問(wèn)題? 2016-11-10
- 網(wǎng)站建設(shè)-企業(yè)網(wǎng)站如何獲得流量,如何盈利 2021-10-01
- 影響網(wǎng)站建設(shè)周期的一些因素 2014-09-30
- 高端網(wǎng)站建設(shè)公司人員如何與客戶溝通的 2014-04-23
- 一個(gè)優(yōu)秀的營(yíng)銷網(wǎng)站建設(shè),會(huì)給企業(yè)帶來(lái)什么影響 2021-03-09
- 成都網(wǎng)站建設(shè)設(shè)計(jì)應(yīng)該注意什么 2023-01-23
- 企業(yè)網(wǎng)站建設(shè)導(dǎo)航條應(yīng)該如何設(shè)置 2022-08-08