create table t1 select * from user; //把user表所有数据备份到t1表
create table t2 select * from user where 1=2; //创建跟user表一样字段的t2空表
create table t3 select * from user where uid<100;
alter table t2 modify id int primary key auto_increment;//复制、备份表的时候,所有字段的键值属性都不会被复制,需要手动添加
多表查询概述
多表查询
以上格式的查询结果叫笛卡尔集
查询结果的总条目数是=(表a的记录数*表b的记录数)
where子查询
输出年龄小于平均年龄的学生的名字和年龄
select name,age from student where age<(select avg(age) from student);
输出user表中,name字段的值在db2.t1表中的name字段范围之内的数据
select name from user where name in (select name from db2.t1);
左连接查询(以左边的表为主显示查询结果)
右连接查询(以右边的表为主显示查询结果)
//db2库中创建t1表,内容是db1中user表的查询数据
create table db2.t1 select name,uid,shell,password from user limit 3;
//创建db2库中的t2表
create table db2.t2 select name,uid,homedir from user limit 5;
//查询db2库中t1表跟t2表中,name字段都是root的所有数据
select * from db2.t1,db2.t2 where db2.t1.name="root" and db2.t2.name="root";
//查询db2库中t1表跟t2表中的数据,显示t1表中name为root的所有数据,显示t2表中name为root的homedir字段数据
select db2.t1.*,db2.t2.homedir from db2.t1,db2.t2 where db2.t1.name="root" and db2.t2.name="root";
select db2.t1.name,db2.t1.uid,db2.t2.homedir from db2.t1,db2.t2 where db2.t1.name="root" and db2.t2.name="root";
//显示db2库中t1表跟t2表中uid相同的字段数据
select * from db2.t1,db2.t2 where db2.t1.uid=db2.t2.uid;
//连接查询
create table t3 select name,uid,shell from user limit 5;
create table t4 select name,uid,shell from user limit 9;
select * from t3 left join t4 on t3.uid=t4.uid; //以t3表为主显示
select * from t3 right join t4 on t3.uid=t4.uid; //以t4表为主显示,t3表中没有的数据显示为null
常见的MySQL管理工具
类型 | 界面 | 操作系统 | 说明 |
---|---|---|---|
mysql | 命令行 | 跨平台 | MySQL官方bundle包自带 |
MySQL-Workbench | 图形 | 跨平台 | MySQL官方提供 |
MySQL-Front | 图形 | Windows | 开源、轻量级客户端软件 |
phpMyAdmin | 浏览器 | 跨平台 | 开源,需LAMP平台 |
Naivat | 图形 | Windows | 专业、功能强大,商业版 |
部署LAMP+phpMyAdmin平台
部署两台虚拟机RHEL7虚拟机,其中一台作为数据服务器(192.168.4.6)、另外一台作为测试用的Linux客户机(192.168.4.254),如图所示。
一:准备软件的运行环境 lamp
[root@mysql6~]# rpm -q httpd php php-mysql //检测是否安装软件包
未安装软件包 httpd
未安装软件包 php
未安装软件包 php-mysql
[root@mysql6~]# yum -y install httpd php php-mysql //装包
[root@mysql6~]# systemctl start httpd //启动服务
[root@mysql6~]# systemctl enable httpd //设置开机自启
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
二:测试运行环境
[root@mysql6~]# vim /var/www/html/test.php //编辑页面测试文件
[root@mysql6~]# cat /var/www/html/test.php //查看页面测试文件
[root@mysql6~]# yum -y install elinks //安装测试网页工具
[root@mysql6~]# elinks --dump http://localhost/test.php
Ok //验证测试页面成功
三:安装软件包
(1)物理机传输解压包给虚拟机192.168.4.6
[root@room9pc桌面]# scp phpMyAdmin-2.11.11-all-languages.tar.gz 192.168.4.6:/root/
[email protected]'s password:
phpMyAdmin-2.11.11-a 100% 4218KB 122.5MB/s 00:00
(2)虚拟机192.168.4.6解压phpMyAdmin-2.11.11-all-languages.tar.gz压缩包
[root@mysql6~]# tar -zxf phpMyAdmin-2.11.11-all-languages.tar.gz -C /var/www/html/ //-C 表示改变至目录
[root@mysql6~]# cd /var/www/html/
[root@mysql6~]# mv phpMyAdmin-2.11.11-all-languages phpmyadmin //改变目录名
[root@mysql6~]# chown -R apache:apache phpmyadmin/ //改变phpmyadmin目录权限
四:修改软件的配置文件定义管理的数据库服务器
切换到部署后的phpmyadmin程序目录,拷贝配置文件,并修改配置以正确指定MySQL服务器的地址
[root@mysql6html]# cd phpmyadmin
[root@mysql6 phpmyadmin]# cp config.sample.inc.php config.inc.php //备份主配置文件
[root@mysql6 phpmyadmin]# vim config.inc.php //编辑主配置文件
17 $cfg['blowfish_secret'] = 'plj123'; //给cookie做认证的值,可以随便填写
31 $cfg['Servers'][$i]['host'] = 'localhost'; //指定主机名,定义连接哪台服务器
:wq
五:在客户端访问软件 管理数据库服务器
(1)在客户端访问软件,打开浏览器输入http://192.168.4.6/phpmyadmin(数据库服务器地址) 访问软件,如图所示,用户名是root,密码是123456
(2)登入成功后,如图示,即可在授权范围内对MySQL数据库进行管理。
一:重置MySQL管理密码
(1)首先停止已运行的MySQL服务程序
[root@dbsvr1 ~]# systemctl stop mysqld.service //停止服务
[root@dbsvr1 ~]# systemctl status mysqld.service //确认状态
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: inactive (dead) since 五 2017-04-07 23:01:38 CST; 21s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 20260 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 20238 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 20262 (code=exited, status=0/SUCCESS)
(2)然后跳过授权表启动MySQL服务程序
这一步主要利用mysqld的 --skip-grant-tables
选项
修改my.cnf配置,添加 skip_grant_tables=1
启动设置:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
skip_grant_tables=1
.. ..
[root@dbsvr1 ~]# systemctl restart mysqld.service
[root@dbsvr1 ~]# service mysql status
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: active (running) since 五 2017-04-07 23:40:20 CST; 40s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 11698 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 11676 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 11701 (mysqld)
CGroup: /system.slice/mysqld.service
└─11701 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.p...
(3)使用mysql命令连接到MySQL服务,重设root的密码
由于前一步启动的MySQL服务跳过了授权表,所以可以root从本机直接登录
[root@dbsvr1 ~]# mysql -u root
Enter password: //直接回车即可
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
进入 mysql> 环境后,通过修改mysql库中user表的相关记录,重设root用户从本机登录的密码:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.01 sec)
mysql> exit //退出mysql> 环境
Bye
通过执行“FLUSH PRIVILEGES;”
可使授权表立即生效,对于正常运行的MySQL服务,也可以用上述方法来修改密码,不用重启服务。本例中因为是恢复密码,最好重启MySQL服务程序,所以上述“FLUSH PRIVILEGES;”
操作可跳过。
(4)重新以正常方式启动MySQL服务程序,验证新密码
如果前面是修改/etc/my.cnf配置的方法来跳过授权表,则重置root密码后,应去除相应的设置以恢复正常:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
#skip_grant_tables=1 //注释掉或删除此行
.. ..
按正常方式,通过mysql脚本重启服务即可:
[root@dbsvr1 ~]# systemctl restart mysqld.service
验证无密码登录时,将会被拒绝:
[root@dbsvr1 ~]# mysql -u root
Enter password: //没有跳过授权表回车会报错
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
只有提供重置后的新密码,才能成功登入:
[root@dbsvr1 ~]# mysql -u root –p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
二:正常设置MySQL管理密码
正常的前提是:已知当前MySQL管理用户(root)的密码。
(1)方法1,在Shell命令行下设置
使用mysqladmin管理工具,需要验证旧的密码。比如,以下操作将会把root的密码设置为 1234567:
[root@dbsvr1 ~]# mysqladmin -u root -p password '1234567'
Enter password: //验证原来的密码
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. //提示明文修改不安全,并不是报错
(2)方法2,以root登入mysql> 后,使用SET PASSWORD指令设置
这个与新安装MySQL-server后首次修改密码时要求的方式相同,平时也可以用:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
Query OK, 0 rows affected, 1 warning (0.00 sec)
(3)方法3,以root登入mysql> 后,使用GRANT授权工具设置
这个是最常见的用户授权方式:
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
Query OK, 0 rows affected, 1 warning (0.00 sec)
(4)方法4,以root登入mysql> 后,使用UPDATE更新相应的表记录
这种方法与恢复密码时的操作相同:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 0 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.00 sec)
在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
GRANT配置授权
基本用法
GRANT 权限列表… … ON 库名.表名
TO 用户名@‘客户端地址’ IDENTIFIED BY ‘密码’ [WITH GRANT OPTION]; //WITH GRANT OPTION 可加可不加,看是否给让授权用户具备可以写grant命令的权限
注意事项
当库名.表名 为 *.*时,匹配所有库所有表
授权设置存放在mysql库的user表
权限类表
all:匹配所有权限
SELECT,UPDATE,INSERT … …
SELECT,UPDATE(字段1,… …,字段N)
客户端地址
撤销用户权限
允许root从192.168.4.0/24网段 访问,对所有库/表有完全权限,密码为mysql
添加一个管理账号dba007,完全控制及授权
撤销root从本机访问的权限,然后恢复
允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
撤销webuser的完全权限,改为查询权限
使用2台RHEL 7虚拟机,如图所示。其中192.168.4.10是MySQL服务器,授权及撤销操作均在此服务器上执行;而192.168.4.120作为测试客户机,需要安装好MySQL-client软件包,以便提供mysql命令。
同时,MySQL服务器本身(192.168.4.10)也可以作为测试客户机。
一:用户授权及撤销
(1)允许root从192.168.4.0/24访问,对所有库表有完全权限,密码为mysql。
授权之前,从192.168.4.0/24网段的客户机访问时,将会被拒绝:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10
Enter password: //输入正确的密码
ERROR 2003 (HY000): Host '192.168.4.120' is not allowed to connect to this MySQL server
授权操作,此处可设置与从localhost访问时不同的密码:
mysql> GRANT all ON *.* TO root@'192.168.4.%' IDENTIFIED BY 'mysql';
Query OK, 0 rows affected (0.00 sec)
再次从192.168.4.0/24网段的客户机访问时,输入正确的密码后可登入:
[root@host120 ~]# mysql -u root -p -h 192.168.4.10
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 20
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
从网络登入后,测试新建一个库、查看所有库:
mysql> CREATE DATABASE rootdb; //创建新库rootdb
Query OK, 1 row affected (0.06 sec)
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| home |
| mysql |
| performance_schema |
| rootdb | //新建的rootdb库
| sys |
| userdb |
+--------------------+
7 rows in set (0.01 sec)
(2)在Mysql服务器上建立一个管理账号dba007,对所有库完全控制,并赋予其授权的权限
新建账号并授权:
mysql> GRANT all ON *.* TO dba007@localhost
-> IDENTIFIED BY '1234567'
-> WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
查看dba007的权限:
mysql> SHOW GRANTS FOR dba007@localhost;
+-----------------------------------------------------------------------+
| Grants for dba007@localhost |
+-----------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'dba007'@'localhost' WITH GRANT OPTION |
+-----------------------------------------------------------------------+
1 row in set (0.00 sec)
(3)撤销root从本机访问的权限,然后恢复
注意:如果没有事先建立其他管理账号,请不要轻易撤销root用户的本地访问权限,否则恢复起来会比较困难,甚至不得不重装数据库。
撤销root对数据库的操作权限:
mysql> REVOKE all ON *.* FROM root@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost;
+--------------------------------------------------------------+
| Grants for root@localhost |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+--------------------------------------------------------------+
2 rows in set (0.00 sec)
验证撤销后的权限效果:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u root -p //重新以root从本地登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.6.15 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE newdb2014; //尝试新建库失败
ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'newdb2014'
mysql> DROP DATABASE rootdb; //尝试删除库失败
ERROR 1044 (42000): Access denied for user 'root'@'localhost' to database 'rootdb'
尝试以当前的root用户恢复权限,也会失败(无权更新授权表):
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
怎么办呢?
退出当前MySQL连接,以上一步添加的管理账号dba007登入:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u dba007 -p //以另一个管理账号登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
由管理账号dba007重新为root添加本地访问权限:
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost; //查看恢复结果
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
退出,再重新以root登入,测试一下看看,权限又恢复了吧:
mysql> exit //退出当前MySQL连接
Bye
[root@dbsvr1 ~]# mysql -u root -p //重新以root登入
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE newdb2014; //成功创建新库
Query OK, 1 row affected (0.00 sec)
(4)允许webuser从任意客户机登录,只对webdb库有完全权限,密码为 888888
添加授权:
mysql> GRANT all ON webdb.* TO webuser@'%' IDENTIFIED BY '888888';
Query OK, 0 rows affected (0.00 sec)
查看授权结果:
mysql> SHOW GRANTS FOR webuser@'%';
+----------------------------------------------------+
| Grants for webuser@% |
+----------------------------------------------------+
| GRANT USAGE ON *.* TO 'webuser'@'%' |
| GRANT ALL PRIVILEGES ON `webdb`.* TO 'webuser'@'%' |
+----------------------------------------------------+
2 rows in set (0.00 sec)
(5)撤销webuser的完全权限,改为查询权限
撤销所有权限:
mysql> REVOKE all ON webdb.* FROM webuser@'%';
Query OK, 0 rows affected (0.00 sec)
只赋予查询权限:
mysql> GRANT select ON webdb.* TO webuser@'%';
Query OK, 0 rows affected (0.00 sec)
确认授权更改结果:
mysql> SHOW GRANTS FOR webuser@'%';
+--------------------------------------------+
| Grants for webuser@% |
+--------------------------------------------+
| GRANT USAGE ON *.* TO 'webuser'@'%' |
| GRANT SELECT ON `webdb`.* TO 'webuser'@'%' |
+--------------------------------------------+
2 rows in set (0.00 sec)
管理员重置授权用户的连接密码
mysql>set password for [email protected]=password("888888");
授权用户连接后修改密码
mysql> set password=password("123456");
其他操作
//删除添加的用户
drop user 用户名@"客户端地址";
mysql> show grants; //登录用户查看自己的权限
mysql> show grants for [email protected]; //管理员查看已有授权用户的权限
mysql> revoke grant option on *.* from mydba@"%"; //撤销mydba的授权权限(grant)
mysql> revoke delete,insert,update on *.* from mydba@"%"; //撤销mydba对所有表的相关权限