MySQL 具有完全相同权限的用户,第一个可以连接,另一个不要
MySQL Users with exact same privilege, FIRST can connect and the other DONT
我将尝试用几句话解释这里发生的事情...
我在 Ubuntu 服务器 (18.04) 版本上创建了一个 MySQL 8 数据库的干净实例。
数据库运行良好,我可以连接本地和远程包括从另一台服务器使用 SSH。
郑重声明,
user@server:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 44
连接后,我在 mysql 数据库上发出此命令 SELECT HOST, USER FROM user 并得到:
+---------------+------------------+
| HOST | USER |
+---------------+------------------+
| 192.168.0.xxx | phpMyAdmin |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+---------------+------------------+
到目前为止,还不错。下一步,我创建一个特定的用户(例如,我们将其命名为 Usr1):
CREATE USER Usr1@'192.168.0.xxx' IDENTIFIED WITH mysql_native_password BY 'foo'
然后再重复完全相同的命令三次,仅更改用户名和密码,不更改任何其他内容。
当我尝试远程连接时(使用我在创建用户时指定的主机),usr3 能够连接,但 user1 和 user2 不能;对于这些用户,我看到了这个错误:
user@192.168.0.xxx:~$ mysql -u User1 -h 192.168.0.yyy -p
ERROR 1045 (28000): Access denied for user 'User1'@'192.168.0.xxx' (using password: YES)
user@192.168.0.xxx:~$ mysql -u User2 -h 192.168.0.yyy -p
ERROR 1045 (28000): Access denied for user 'User2'@'192.168.0.xxx' (using password: YES)
而且我很确定我没有写错密码!
使用 "User3" 我可以连接和查询数据库,没问题。使用 "User1" 或 "User2",我收到上面的消息错误。
然后,尽管为每个用户编写了完全相同的命令,但我查询 mysql.user table,并比较结果中的每一列;正如预期的那样,所有列的值都完全相同,当然,用户和密码除外。为了清楚起见,我在这里显示结果,但正如我已经提到的,列完全相同...
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
| Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes |
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
| 192.168.0.xxx | User1 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 19:43:13 | NULL | N | N | N | NULL | NULL | NULL | NULL |
| 192.168.0.xxx | User2 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 19:42:54 | NULL | N | N | N | NULL | NULL | NULL | NULL |
| 192.168.0.xxx | User3 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 18:34:12 | NULL | N | N | N | NULL | NULL | NULL | NULL |
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
运行从这点思路出来。
有什么想法吗?
提前致谢!
我终于明白了(或者有点类似于理解……)问题出在哪里。
不管为每个用户发出完全相同的命令,我创建的第一个命令可以直接访问安装了 MySQL 的服务器。另外两个用户是在另一台服务器上创建的,即安装了 phpMyAdmin 和 Apache 的服务器。
由于任何未知(至少对我而言)原因,我使用 "root"@"IP" 创建的用户无法连接到 MySQL 安装,而用户我使用 "root"@"localhost" 创建的连接正常。我删除并重新创建了用户,使用 "root"@"localhost" 帐户,他们能够连接到数据库 - 尽管 mysql.user table 上的信息仍然相同。
无论如何,现在我可以使用所有三个帐户进行连接,每个帐户都可以访问特定的数据库,正如我从一开始就打算的那样。
我将尝试用几句话解释这里发生的事情...
我在 Ubuntu 服务器 (18.04) 版本上创建了一个 MySQL 8 数据库的干净实例。 数据库运行良好,我可以连接本地和远程包括从另一台服务器使用 SSH。
郑重声明,
user@server:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 44
连接后,我在 mysql 数据库上发出此命令 SELECT HOST, USER FROM user 并得到:
+---------------+------------------+
| HOST | USER |
+---------------+------------------+
| 192.168.0.xxx | phpMyAdmin |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+---------------+------------------+
到目前为止,还不错。下一步,我创建一个特定的用户(例如,我们将其命名为 Usr1):
CREATE USER Usr1@'192.168.0.xxx' IDENTIFIED WITH mysql_native_password BY 'foo'
然后再重复完全相同的命令三次,仅更改用户名和密码,不更改任何其他内容。
当我尝试远程连接时(使用我在创建用户时指定的主机),usr3 能够连接,但 user1 和 user2 不能;对于这些用户,我看到了这个错误:
user@192.168.0.xxx:~$ mysql -u User1 -h 192.168.0.yyy -p
ERROR 1045 (28000): Access denied for user 'User1'@'192.168.0.xxx' (using password: YES)
user@192.168.0.xxx:~$ mysql -u User2 -h 192.168.0.yyy -p
ERROR 1045 (28000): Access denied for user 'User2'@'192.168.0.xxx' (using password: YES)
而且我很确定我没有写错密码! 使用 "User3" 我可以连接和查询数据库,没问题。使用 "User1" 或 "User2",我收到上面的消息错误。
然后,尽管为每个用户编写了完全相同的命令,但我查询 mysql.user table,并比较结果中的每一列;正如预期的那样,所有列的值都完全相同,当然,用户和密码除外。为了清楚起见,我在这里显示结果,但正如我已经提到的,列完全相同...
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
| Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes |
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
| 192.168.0.xxx | User1 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 19:43:13 | NULL | N | N | N | NULL | NULL | NULL | NULL |
| 192.168.0.xxx | User2 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 19:42:54 | NULL | N | N | N | NULL | NULL | NULL | NULL |
| 192.168.0.xxx | User3 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | 0x | 0x | 0x | 0 | 0 | 0 | 0 | mysql_native_password | * | N | 2020-04-10 18:34:12 | NULL | N | N | N | NULL | NULL | NULL | NULL |
+---------------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------------------+--------------------------+----------------------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+
运行从这点思路出来。 有什么想法吗?
提前致谢!
我终于明白了(或者有点类似于理解……)问题出在哪里。 不管为每个用户发出完全相同的命令,我创建的第一个命令可以直接访问安装了 MySQL 的服务器。另外两个用户是在另一台服务器上创建的,即安装了 phpMyAdmin 和 Apache 的服务器。
由于任何未知(至少对我而言)原因,我使用 "root"@"IP" 创建的用户无法连接到 MySQL 安装,而用户我使用 "root"@"localhost" 创建的连接正常。我删除并重新创建了用户,使用 "root"@"localhost" 帐户,他们能够连接到数据库 - 尽管 mysql.user table 上的信息仍然相同。
无论如何,现在我可以使用所有三个帐户进行连接,每个帐户都可以访问特定的数据库,正如我从一开始就打算的那样。