欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

MySQL如何修改账号的IP限制条件详解

程序员文章站 2023-11-09 15:20:58
前言 最近在工作中遇到一个需求:修改mysql用户的权限,需要限制特定ip地址才能访问,第一次遇到这类需求,结果在测试过程,使用更新系统权限报发现出现了一些问题, 具体演...

前言

最近在工作中遇到一个需求:修改mysql用户的权限,需要限制特定ip地址才能访问,第一次遇到这类需求,结果在测试过程,使用更新系统权限报发现出现了一些问题, 具体演示如下.

注意:下面测试环境为mysql 5.6.20. 如有其它版本与下面测试结果有出入,请以实际环境为准。

我们先创建一个测试用户limitip,只允许192.168段的ip地址访问,具体权限如下所示:

mysql> grant select on mydb.* to limitip@'192.168.%' identified by 'limitip';
query ok, 0 rows affected (0.01 sec)
 
mysql> grant insert ,update,delete on mydb.kkk to limitip@'192.168.%';
query ok, 0 rows affected (0.00 sec)
 
mysql> 
mysql> flush privileges;
query ok, 0 rows affected (0.00 sec)
 
mysql> 
 
mysql> show grants for limitip@'192.168.%';
+----------------------------------------------------------------------------------------------------------------+
| grants for limitip@192.168.%                     |
+----------------------------------------------------------------------------------------------------------------+
| grant usage on *.* to 'limitip'@'192.168.%' identified by password '*72dde03e02cc55a9478a82f3f4ebe7f639249dec' |
| grant select on `mydb`.* to 'limitip'@'192.168.%'                |
| grant insert, update, delete on `mydb`.`kkk` to 'limitip'@'192.168.%'           |
+----------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
 
mysql>

假设现在收到需求:这个用户只允许这个ip地址192.168.103.17访问,于是我打算更新mysql.user表,如下所示:

mysql> select user, host from mysql.user where user='limitip';
+---------+-----------+
| user | host  |
+---------+-----------+
| limitip | 192.168.% |
+---------+-----------+
1 row in set (0.00 sec)
 
mysql> update mysql.user set host='192.168.103.17' where user='limitip';
query ok, 1 row affected (0.02 sec)
rows matched: 1 changed: 1 warnings: 0
 
mysql> flush privileges;
query ok, 0 rows affected (0.01 sec)
 
mysql> select user, host from user where user='limitip';
error 1046 (3d000): no database selected
mysql> use mysql;
reading table information for completion of table and column names
you can turn off this feature to get a quicker startup with -a
 
database changed
mysql> select user, host from user where user='limitip';
+---------+----------------+
| user | host   |
+---------+----------------+
| limitip | 192.168.103.17 |
+---------+----------------+
1 row in set (0.00 sec)
 
mysql> show grants for limitip@'192.168.103.17';
+---------------------------------------------------------------------------------------------------------------------+
| grants for limitip@192.168.103.17                     |
+---------------------------------------------------------------------------------------------------------------------+
| grant usage on *.* to 'limitip'@'192.168.103.17' identified by password '*72dde03e02cc55a9478a82f3f4ebe7f639249dec' |
+---------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
 
mysql> 

上面测试发现,如果这样只修改mysql.user表, 那么之前的权限没有了,如下所示,如果你查询mysql.db、 mysql.tables_priv 发现host的字段值依然为192.168.%

mysql> select * from mysql.db where user='limitip'\g;
*************************** 1. row ***************************
     host: 192.168.%
     db: mydb
     user: limitip
   select_priv: y
   insert_priv: n
   update_priv: n
   delete_priv: n
   create_priv: n
   drop_priv: n
   grant_priv: n
  references_priv: n
   index_priv: n
   alter_priv: n
create_tmp_table_priv: n
  lock_tables_priv: n
  create_view_priv: n
  show_view_priv: n
 create_routine_priv: n
 alter_routine_priv: n
   execute_priv: n
   event_priv: n
   trigger_priv: n
1 row in set (0.00 sec)
 
error: 
no query specified
 
mysql> select * from mysql.tables_priv where user='limitip'\g;
*************************** 1. row ***************************
  host: 192.168.%
   db: mydb
  user: limitip
 table_name: kkk
 grantor: root@localhost
 timestamp: 0000-00-00 00:00:00
 table_priv: insert,update,delete
column_priv: 
1 row in set (0.00 sec)
 
error: 
no query specified

所以我继续修改 mysql.db、 mysql.tables_priv 表,然后测试验证终于ok了(请见下面测试步骤),当然如果账户的权限不止这几个层面,你可能还必须修改例如mysql.columns_priv、mysql.procs_priv等表

mysql> show grants for limitip@'192.168.%';
error 1141 (42000): there is no such grant defined for user 'limitip' on host '192.168.%'
mysql> 
mysql> 
mysql> update mysql.db set host='192.168.103.17' where user='limitip';
query ok, 1 row affected (0.00 sec)
rows matched: 1 changed: 1 warnings: 0
 
mysql> update mysql.tables_priv set host='192.168.103.17' where user='limitip';
query ok, 1 row affected (0.00 sec)
rows matched: 1 changed: 1 warnings: 0
 
mysql> flush privileges;
query ok, 0 rows affected (0.00 sec)
 
mysql> show grants for limitip@'192.168.103.17';
+---------------------------------------------------------------------------------------------------------------------+
| grants for limitip@192.168.103.17                     |
+---------------------------------------------------------------------------------------------------------------------+
| grant usage on *.* to 'limitip'@'192.168.103.17' identified by password '*72dde03e02cc55a9478a82f3f4ebe7f639249dec' |
| grant select on `mydb`.* to 'limitip'@'192.168.103.17'                |
| grant insert, update, delete on `mydb`.`kkk` to 'limitip'@'192.168.103.17'           |
+---------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
 
mysql> 

如果需要修改用户的ip限制,其实更新mysql相关权限表不是上上策,其实有更好的方法,那就是rename user syntax

mysql> rename user 'limitip'@'192.168.103.17' to 'limitip'@'192.168.103.18';
query ok, 0 rows affected (0.00 sec)
 
mysql> flush privileges;
query ok, 0 rows affected (0.00 sec)
 
mysql> show grants for 'limitip'@'192.168.103.18';
+---------------------------------------------------------------------------------------------------------------------+
| grants for limitip@192.168.103.18                     |
+---------------------------------------------------------------------------------------------------------------------+
| grant usage on *.* to 'limitip'@'192.168.103.18' identified by password '*72dde03e02cc55a9478a82f3f4ebe7f639249dec' |
| grant select on `mydb`.* to 'limitip'@'192.168.103.18'                |
| grant insert, update, delete on `mydb`.`kkk` to 'limitip'@'192.168.103.18'           |
+---------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
 
mysql> 

总结

以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对的支持。