让自己成为 MySQL 中的另一个超级用户,但仅当通过 unix 套接字连接时
Make myself another super user in MySQL, but only when connected via unix socket
我有一台开发机器,可以玩 MySQL (MariaDB 10.3)。每次我需要额外的权限时,我都会调用 sudo mysql,这就是我想要改变的。
我试图像这样(在 sudo mysql 会话中)授予自己一切:
GRANT ALL PRIVILEGES ON *.* TO 'ubuntu'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
CREATE DATABASE test; -- Plain database with no additional grant directives
现在我可以从 mysql CLI 访问这个 MariaDB 安装中的所有内容,但其他事情仍然失败,例如使用 Python 库 mysqlclient 或 mysqldump 实用程序。
import MySQLdb
db = MySQLdb.connect("localhost", "ubuntu", "", "test")
MySQLdb._exceptions.OperationalError: (1045, "Access denied for user 'ubuntu'@'localhost' (using password: NO)")
mysqldump test > /dev/null
mysqldump: Got error: 1045: "Access denied for user 'ubuntu'@'localhost' (using password: NO)" when trying to connect
以上所有代码和命令都是运行直接来自用户ubuntu.
下的shell
我怎样才能在我的 MariaDB 中真正授予自己超级用户权限,但限制对 unix 套接字的访问(所以 ubuntu@127.0.0.1 不应该是超级用户,如果 TCP 是使用,仅当从 /var/lib/mysqld/mysqld.sock 作为 ubuntu@localhost)?
连接时
我需要在 MariaDB 10.1 和 10.3 上执行此操作。
更新
USE mysql; SELECT * FROM user WHERE Host = 'localhost' OR User = 'ubuntu';
的输出
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | Delete_history_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | is_role | default_role | max_statement_time |
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
| localhost | root | *REDACTED | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | unix_socket | | N | N | | 0.000000 |
| localhost | ubuntu | *REDACTED | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | | | N | N | | 0.000000 |
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
我使用 Ubuntu 包中的库存 /etc/mysql/my.cnf 并且没有修改它(除了 bind-address=0.0.0.0 我认为它与这里无关)。
我应该更努力地用 Google 搜索...如果有人找到这个 post,这里是解决方案:
GRANT ALL PRIVILEGES ON *.* TO 'ubuntu'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION;
^^^^^^^^^^^^^^^^^^^^^^^^^^
IDENTIFIED VIA unix_socket 部分启用无密码登录,只要通过 unix 套接字(但不是 TCP 127.0.0.1)完成连接即可。
我有一台开发机器,可以玩 MySQL (MariaDB 10.3)。每次我需要额外的权限时,我都会调用 sudo mysql,这就是我想要改变的。
我试图像这样(在 sudo mysql 会话中)授予自己一切:
GRANT ALL PRIVILEGES ON *.* TO 'ubuntu'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
CREATE DATABASE test; -- Plain database with no additional grant directives
现在我可以从 mysql CLI 访问这个 MariaDB 安装中的所有内容,但其他事情仍然失败,例如使用 Python 库 mysqlclient 或 mysqldump 实用程序。
import MySQLdb
db = MySQLdb.connect("localhost", "ubuntu", "", "test")
MySQLdb._exceptions.OperationalError: (1045, "Access denied for user 'ubuntu'@'localhost' (using password: NO)")
mysqldump test > /dev/null
mysqldump: Got error: 1045: "Access denied for user 'ubuntu'@'localhost' (using password: NO)" when trying to connect
以上所有代码和命令都是运行直接来自用户ubuntu.
我怎样才能在我的 MariaDB 中真正授予自己超级用户权限,但限制对 unix 套接字的访问(所以 ubuntu@127.0.0.1 不应该是超级用户,如果 TCP 是使用,仅当从 /var/lib/mysqld/mysqld.sock 作为 ubuntu@localhost)?
我需要在 MariaDB 10.1 和 10.3 上执行此操作。
更新
USE mysql; SELECT * FROM user WHERE Host = 'localhost' OR User = 'ubuntu';
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | Delete_history_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | is_role | default_role | max_statement_time |
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
| localhost | root | *REDACTED | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | unix_socket | | N | N | | 0.000000 |
| localhost | ubuntu | *REDACTED | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | | | N | N | | 0.000000 |
+-----------+--------+-----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-------------+-----------------------+------------------+---------+--------------+--------------------+
我使用 Ubuntu 包中的库存 /etc/mysql/my.cnf 并且没有修改它(除了 bind-address=0.0.0.0 我认为它与这里无关)。
我应该更努力地用 Google 搜索...如果有人找到这个 post,这里是解决方案:
GRANT ALL PRIVILEGES ON *.* TO 'ubuntu'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION;
^^^^^^^^^^^^^^^^^^^^^^^^^^
IDENTIFIED VIA unix_socket 部分启用无密码登录,只要通过 unix 套接字(但不是 TCP 127.0.0.1)完成连接即可。