Preface
 
    I supposed we are encountering a situation that there's an anonymous user has connected in our MySQL database with an account which has large privileges.The user is doing some query operations with bad performance.Which may subsequently lead to a high load of our database server.How to solve this issue efficiently and immediately?There's a little trick we can use below.
 
Example
 
Create a test account.
 (root@localhost mysql3306.sock)[(none)]>create user aaron8219@'192.168.1.%' identified by 'zlm';

 Query OK,  rows affected (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>select user,host from mysql.user;

 +---------------+-------------+

 | user          | host        |

 +---------------+-------------+

 | rpl_mgr       | %           |

 | aaron8219     | 192.168..% |

 | repl          | 192.168..% |

 | replica       | 192.168..% |

 | zlm           | 192.168..% |

 | mysql.session | localhost   |

 | mysql.sys     | localhost   |

 | root          | localhost   |

 +---------------+-------------+

  rows in set (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>grant all privileges on *.* to aaron8219@'192.168.1.%'; //Grant the supreme privileges to the user.

 Query OK,  rows affected (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>show grants for aaron8219@'192.168.1.%';

 +----------------------------------------------------------+

 | Grants for aaron8219@192.168..%                         |

 +----------------------------------------------------------+

 | GRANT ALL PRIVILEGES ON *.* TO 'aaron8219'@'192.168.1.%' |

 +----------------------------------------------------------+

  row in set (0.00 sec)
Connect to database with the new account.
 [root@zlm2 :: ~]

 #mysql -uaaron8219 -pzlm -h192.168.1.

 mysql: [Warning] Using a password on the command line interface can be insecure.

 Welcome to the MySQL monitor.  Commands end with ; or \g.

 Your MySQL connection id is

 Server version: 5.7.-log MySQL Community Server (GPL)

 Copyright (c) , , Oracle and/or its affiliates. All rights reserved.

 Oracle is a registered trademark of Oracle Corporation and/or its

 affiliates. Other names may be trademarks of their respective

 owners.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 (aaron8219@192.168.1.101 )[(none)]>show databases; //The user "aaron8219" can see all the databases in the current MySQL instance.

 +--------------------+

 | Database           |

 +--------------------+

 | information_schema |

 | mysql              |

 | performance_schema |

 | sys                |

 | sysbench           |

 | zlm                |

 +--------------------+

  rows in set (0.01 sec)

 (aaron8219@192.168.1.101 )[(none)]>create database aaron8219;

 Query OK,  row affected (0.00 sec)

 (aaron8219@192.168.1.101 )[(none)]>use aaron8219;

 Database changed

 (aaron8219@192.168.1.101 )[aaron8219]>create table t1(

     -> id int,

     -> name char()

     -> ) engine=innodb;

 Query OK,  rows affected (0.02 sec)
Create another precise account which name is equal to the one above and with an intact ip address.
 
 (root@localhost mysql3306.sock)[(none)]>create user aaron8219@'192.168.1.101' identified by 'zlm';

 Query OK,  rows affected (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>select user,host from mysql.user;

 +---------------+---------------+

 | user          | host          |

 +---------------+---------------+

 | rpl_mgr       | %             |

 | aaron8219     | 192.168..%   |

 | repl          | 192.168..%   |

 | replica       | 192.168..%   |

 | zlm           | 192.168..%   |

 | aaron8219     | 192.168.1.101 |

 | mysql.session | localhost     |

 | mysql.sys     | localhost     |

 | root          | localhost     |

 +---------------+---------------+

  rows in set (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>grant all privileges on aaron8219.* to aaron8219@'192.168.1.101'; //Grant the privileges only on "aaron8219" database.

 Query OK,  rows affected (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>show grants for aaron8219@'192.168.1.101';

 +----------------------------------------------------------------------+

 | Grants for aaron8219@192.168.1.101                                   |

 +----------------------------------------------------------------------+

 | GRANT USAGE ON *.* TO 'aaron8219'@'192.168.1.101'                    |

 | GRANT ALL PRIVILEGES ON `aaron8219`.* TO 'aaron8219'@'192.168.1.101' |

 +----------------------------------------------------------------------+

  rows in set (0.00 sec)
Connect to database with the account again.
 [root@zlm2 :: ~]

 #mysql -uaaron8219 -pzlm -h192.168.1.

 mysql: [Warning] Using a password on the command line interface can be insecure.

 Welcome to the MySQL monitor.  Commands end with ; or \g.

 Your MySQL connection id is

 Server version: 5.7.-log MySQL Community Server (GPL)

 Copyright (c) , , Oracle and/or its affiliates. All rights reserved.

 Oracle is a registered trademark of Oracle Corporation and/or its

 affiliates. Other names may be trademarks of their respective

 owners.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 (aaron8219@192.168.1.101 )[(none)]>show databases; //Only the "aaron8219" database can be list.

 +--------------------+

 | Database           |

 +--------------------+

 | information_schema |

 | aaron8219          |

 +--------------------+

  rows in set (0.00 sec)

 (aaron8219@192.168.1.101 )[(none)]>show grants for aaron8219@'192.168.1.101';

 +----------------------------------------------------------------------+

 | Grants for aaron8219@192.168.1.101                                   |

 +----------------------------------------------------------------------+

 | GRANT USAGE ON *.* TO 'aaron8219'@'192.168.1.101'                    |

 | GRANT ALL PRIVILEGES ON `aaron8219`.* TO 'aaron8219'@'192.168.1.101' |

 +----------------------------------------------------------------------+

  rows in set (0.00 sec)

 (aaron8219@192.168.1.101 )[(none)]>use aaron8219;

 Reading table information for completion of table and column names

 You can turn off this feature to get a quicker startup with -A

 Database changed

 (aaron8219@192.168.1.101 )[aaron8219]>show tables;

 +---------------------+

 | Tables_in_aaron8219 |

 +---------------------+

 | t1                  |

 +---------------------+

  row in set (0.00 sec)

 (aaron8219@192.168.1.101 )[aaron8219]>insert into t1 values(,'abc');

 Query OK,  row affected (0.00 sec)

 (aaron8219@192.168.1.101 )[aaron8219]>select * from t1;

 +------+------+

 | id   | name |

 +------+------+

 |     | abc  |

 +------+------+

  row in set (0.00 sec)

 //Eventrually,the privileges of account aaron8219@'192.168.1.%' has been restricted merely on database "aaron8219".

 //Further more,we can revoke all the privileges on it either.
Revoke the all privileges of the account.
 (root@localhost mysql3306.sock)[(none)]>revoke all privileges on aaron8219.* from aaron8219@'192.168.1.101';

 Query OK,  rows affected (0.00 sec)

 (root@localhost mysql3306.sock)[(none)]>show grants for aaron8219@'192.168.1.101';

 +---------------------------------------------------+

 | Grants for aaron8219@192.168.1.101                |

 +---------------------------------------------------+

 | GRANT USAGE ON *.* TO 'aaron8219'@'192.168.1.101' |

 +---------------------------------------------------+

  row in set (0.00 sec)
Connect to database with the account third times.
 [root@zlm2 :: ~]

 #mysql -uaaron8219 -pzlm -h192.168.1.

 mysql: [Warning] Using a password on the command line interface can be insecure.

 Welcome to the MySQL monitor.  Commands end with ; or \g.

 Your MySQL connection id is

 Server version: 5.7.-log MySQL Community Server (GPL)

 Copyright (c) , , Oracle and/or its affiliates. All rights reserved.

 Oracle is a registered trademark of Oracle Corporation and/or its

 affiliates. Other names may be trademarks of their respective

 owners.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 (aaron8219@192.168.1.101 )[(none)]>show databases;

 +--------------------+

 | Database           |

 +--------------------+

 | information_schema |

 +--------------------+

  row in set (0.00 sec)

 (aaron8219@192.168.1.101 )[(none)]>create database test;

 ERROR  (): Access denied for user 'aaron8219'@'192.168.1.101' to database 'test'

 //This time,the account of aaron8219 login with ip "192.168.1.101" can do nothing in the target instance.
 

MySQL用户权限控制一例的更多相关文章

  1. Mysql用户权限控制(5.7以上版本)

    1.1. 最简单的MySql权限   最简单也是最高效的,如果解决新手们删库跑路的问题其实也是很简单的,对于正式库只给一个增删改查的权限,或者只给一个查询权限(是不是就解决了删库的可能性?) 使用Ro ...

  2. mysql用户权限

    mysql> show grants for root@'localhost';+-------------------------------------------------------- ...

  3. linux下通过acl配置灵活目录文件权限(可用于ftp,web服务器的用户权限控制)

    linux下通过acl配置灵活目录文件权限(可用于ftp,web服务器的用户权限控制) 发表于2012//07由feng linux 本身的ugo rwx的权限,对于精确的权限控制很是力不从心的,ac ...

  4. Vue-Access-Control:前端用户权限控制解决方案

    原文地址:http://refined-x.com/2017/11/28/Vue2.0用户权限控制解决方案/ Vue-Access-Control是一套基于Vue/Vue-Router/axios 实 ...

  5. asp.net core根据用户权限控制页面元素的显示

    asp.net core根据用户权限控制页面元素的显示 Intro 在 web 应用中我们经常需要根据用户的不同允许用户访问不同的资源,显示不同的内容,之前做了一个 AccessControlHelp ...

  6. mysql用户权限操作

    mysql用户权限操作1.创建用户mysql -urootcreate database zabbix default charset utf8;grant all on zabbix.* to za ...

  7. Linux上Mysql数据库 用户权限控制

    Linux安装mysql 点我直达 Mysql限制root用户ip地址登录 修改mysql库里边的user表: update mysql.user set host='localhost' where ...

  8. 烂泥:nginx、php-fpm、mysql用户权限解析

    原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 .作者信息和本声明.否则将追究法律责任.http://ilanni.blog.51cto.com/526870/1561097 本文首发 ...

  9. MYSQL用户权限管理学习笔记

    MYSQL 用户管理 1.权限表 MYSQL是一个多用户的数据库,MYSQL的用户可以分为两大类: (1)       超级管理员用户(root),拥有全部权限 (2)       普通用户,由roo ...

随机推荐

  1. linux服务基础之CentOS6编译安装mariadb

    1. 下载mariadb https://downloads.mariadb.org/mariadb/+releases/ 2. 解压到指定目录 # tar xf mariadb--linux-x86 ...

  2. 调用URL 接口服务

    1.Net调用URL 接口服务 using System; using System.Collections; using System.Configuration; using System.Dat ...

  3. Python—面向对象 封装03

    接着上面的一篇继续往下: 如何隐藏 在python中用双下划线开头的方式将属性隐藏起来(设置成私有的) class A: __x = 1 # _A__x = 1 def __init__(self, ...

  4. UML 类关系图(泛化,实现,依赖,关联(聚合,组合))

    UML的构造快包含3种:  (1) 事物(4种):结构事物,行为事物,分组事物,注释事物 (2) 关系(4种):泛化关系,实现关系,依赖关系,关联关系 (3) 图(10种):用例图,类图,对象图,包图 ...

  5. ASP.NET MVC中使用表单上传文件时的注意事项

    最近了好久没写ASP.NET 使用HTML的FORM来上传文件了,结果写了个文件上传发现ASP.NET MVC的Controller中老是读取不到上传的文件. MVC的View(Index.cshtm ...

  6. VSS使用方法详解

    Microsoft Visual SourceSafe是美国微软公司出品的版本控制系统,简称VSS.它提供了还原点和并行协作功能,从而使应用程序开发组织能够同时处理软件的多个版本.该版本控制系统引入了 ...

  7. 【网络流】EK算法及其优化

    今天上午我仿佛知道了什么叫做网络流,这里推荐一篇博客,大家入门网络流的可以看一下这篇博客,保证一看就懂! 博客链接: 网络流入门 这里有一篇经过我改过的EK带注释代码(博客里也有一样的,只是加了一些注 ...

  8. 只包含因子2 3 5的数(51NOD 1010)

    K的因子中只包含2 3 5.满足条件的前10个数是:2,3,4,5,6,8,9,10,12,15. 所有这样的K组成了一个序列S,现在给出一个数n,求S中 >= 给定数的最小的数. 例如:n = ...

  9. CSS实现表单

    效果图如下: HTML代码如下: <!DOCTYPE html> <html lang="en"> <head> <meta charse ...

  10. linux运维、架构之路-shell编程(二)

    一.流程控制语句 1.if语句 ①if单分支:一个条件一个结果 1 2 3 4 if 条件   then      命令 fi ②if双分支:一个条件两个结果 1 2 3 4 5 6 if 条件    ...