2024.8.05（glibc的安装及MySQL的安全用户角色权限）

一、glibc的安装

1、清空/etc目录下的my.cnf

[root@localhost ~]# ls -l /etc/my.cnf
-rw-r--r--. 1 root root 570 6月 8 2017 /etc/my.cnf
[root@localhost ~]# rm -rf /etc/my.cnf

2、删除mariadb

[root@localhost ~]# yum -y remove mariadb
[root@localhost ~]# find / -name "mysql" -exec rm -rf {} ;

3、解压

[root@localhost ~]# ls
mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@localhost ~]# tar -xvf mysql-8.0.33-linux-glibc2.12-x86_64.tar
[root@localhost ~]# tar -xf mysql-8.0.33-linux-glibc2.12-x86_64.tar.xz

[root@localhost ~]# ls

[root@localhost ~]# cd mysql-8.0.33-linux-glibc2.12-x86_64/
[root@localhost mysql-8.0.33-linux-glibc2.12-x86_64]# ls

[root@localhost mysql-8.0.33-linux-glibc2.12-x86_64]# vim support-files/mysql.server

4、将项目文件移动到/usr/local/mysql/

[root@localhost ~]# cp -r mysql-8.0.33-linux-glibc2.12-x86_64/ /usr/local/mysql/

[root@localhost ~]# yum list installed | grep libaio
libaio.x86_64 0.3.109-13.el7 @anaconda
[root@localhost ~]# echo $?
0

5、创建用户

[root@localhost ~]# useradd -r -s /sbin/nologin mysql

6、在/usr/local/mysql目录下创建mysql-files目录

[root@localhost ~]# mkdir /usr/local/mysql/mysql-files

7、添加mysql-files权限为750和所属mysql

[root@localhost ~]# chown mysql:mysql /usr/local/mysql/mysql-files/
[root@localhost ~]# chmod 750 /usr/local/mysql/mysql-files/
[root@localhost ~]# ll /usr/local/mysql/

8、初始化数据库，找到初始密码

[root@localhost ~]# /usr/local/mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql

9、判断是否生成了data目录

[root@localhost ~]# ls /usr/local/mysql/

10、安全加密连接

[root@localhost ~]# /usr/local/mysql/bin/mysql_ssl_rsa_setup --datadir=/usr/local/mysql/data

11、把mysql.server文件放到/etc/init.d/目录下，方便启动mysql服务

[root@localhost ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql8
[root@localhost ~]# service mysql8 start

12、mysql

[root@mysql ~]# mysql -uabc -p123456

二、远程连接登陆MySQL

1、创建账户

create user 'xiaojiang'@'%' identified by 'Zhang@2002';
eg:创建三个账号，abc[abcd] , ccc[a1b2c3] ,ddd[231343]

2、给权限

grant all on . to 'xiaojiang'

3、创建库

create database if not exists test;

4、创建表

use test;
create table user(
id int primary key,
username varchar(45) not null,
password varchar(45) not null
);

5、添加数据

insert into test.user values(1,"zhangsan","123");
insert into test.user values(2,"lisi","456");
insert into test.user values(3,"wangwu","789");
insert into test.user values(4,"zhaoliu","aaa");
添加lilaosi账号，修改密码，查看mysql.user中的lilaosi的信息

create user 'lilaosi'@'%' identified by 'lilaoshi_123';
alter user 'lilaosi'@'%' identified by 'Lilaosi_123';
select host,user from mysql.user;
使用root账号，为lilaosi账号添加test库存中所有的表的所有权限

mysql -uroot -pZhang@2002

grant all on test.* to 'lilaosi';
#lilaosi就获得了test库中所有表的操作权限；但是由于root没有个lilaosimysql库的
权限，所以lilaosi账号无法查看mysql库

三、mysql环境部署脚本

[root@mysql ~]# vim mysql.sh

四、安全用户角色权限

1、密码安全策略

1. 查看密码策略

mysql> show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+

2. 修改策略

mysql>setglobal validate_password.length=0;
mysql>setglobal validate_password.policy=LOW;
mysql>showvariableslike'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 4 |
| validate_password.mixed_case_count | 0 |
| validate_password.number_count | 0 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 0 |
+--------------------------------------+--------+

2、用户

1. 创建用户

mysql>create user'efgh'@'%' identified by 'efgh';
Query OK,0 rows affected (0.01 sec)
mysql>select host,user from mysql.user;
+-----------+------------------+
| host |user |
+-----------+------------------+
|% | efgh |
|% | root |
|% | zhangmin |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | test1 |
+-----------+------------------+

2. 删除用户

mysql>drop user'xiaojiang';
Query OK,0 rows affected (0.02 sec)

3. 修改用户

mysql>alter user'zhangmin' identified by 'abc123';
Query OK,0 rows affected (0.01 sec)

3、角色

1.创建角色

mysql>create role 'jingli';
Query OK,0 rows affected (0.00 sec)

2. 查看角色

mysql> select host,user from mysql.user;

3. 修改角色

ALTER ROLE 'role_name' [...属性...];

4. 删除角色

DROP ROLE 'role_name';

4、权限

1. 刷新权限

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

2. 为root账号添加权限

mysql> grant system_user on . to "root";

3. 新增权限

mysql> grant insert,delete,update,select on test.user to 'jingli';

4. 修改权限

mysql> show grants for "efgh";
+----------------------------------+
| Grants for efgh@% |
+----------------------------------+
| GRANT USAGE ON . TO efgh@% |
+----------------------------------+
1 row in set (0.00 sec)

5. 查看权限

mysql> show grants for 'bbb';

6. 删除权限

mysql>revoke all on*.* from "efgh";
Query OK,0 rows affected (0.00 sec)

练习1

1.添加aaa账户，设置密码aaaa
drop user aaa;
create user 'aaa'@'%' identified by 'aaaa';
2.使用aaa账户访问mysql服务
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
3.查看test数据库发现么有权限
show databases;
4.退出并使用root账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
5.为aaa账户添加查看test.user表的权限
grant select on test.user to 'aaa';
6.退出root，使用aaa账户登录
quit|exit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
7.查看数据库，查看表，查看表内容 能够正常查看
show databases;
user test;
show tables;
select * from user;
8.输入数据，没有权限
insert into user values(5,"ermazi","ermazi");####
9.退出aaa使用root登录
quit|exit
mysql -h127.0.0.1 -P3306 -uroot -proot0000
10.为aaa添加insert权限
grant insert on test.user to 'aaa';
11.退出root使用aaa登录
exit|quit
mysql -h127.0.0.1 -P3306 -uaaa -paaaa
12.向user表添加一行新的数据
insert into test.user values(6,"zhangsanfeng","zhangsanfen");
13.修改user中一行的数据的password（密码）为111，没有update权限
update test.user set password='zsf' where username-'zhangsanfeng';

练习2

mysql> create role 'jingli';
Query OK, 0 rows affected (0.02 sec)

mysql> create role 'yuangong';
Query OK, 0 rows affected (0.02 sec)
#添加jingli，yuangong角色

mysql> grant insert,delete,update,select on test.user to 'jingli';
Query OK, 0 rows affected (0.00 sec)
#给jingli角色设置权限

mysql> show grants for 'jingli';
#查看jingli权限
+-----------------------------------------------------------------------+
| Grants for jingli@% |
+-----------------------------------------------------------------------+
| GRANT USAGE ON . TO jingli@% |
| GRANT SELECT, INSERT, UPDATE, DELETE ON test.user TO jingli@% |
+-----------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> grant select,insert on test.user to 'yuangong';
Query OK, 0 rows affected (0.01 sec)

mysql> show grants for 'yuangong';
+---------------------------------------------------------+
| Grants for yuangong@% |
+---------------------------------------------------------+
| GRANT USAGE ON . TO yuangong@% |
| GRANT SELECT, INSERT ON test.user TO yuangong@% |
+---------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> select host,user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | aaa |
| % | efgh |
| % | jingli |
| % | xiaojiang |
| % | yuangong |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+------------------+
9 rows in set (0.00 sec)
#新增bbb和ccc两个用户，bbb是经理需要增删改查权限，ccc是员工，只需要新增和查看的权限
mysql> create user 'bbb'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)

mysql> create user 'ccc'@'%' identified by 'Zhang@2002';
Query OK, 0 rows affected (0.01 sec)

mysql> grant jingli to 'bbb';
Query OK, 0 rows affected (0.01 sec)

mysql> grant yuangong to 'ccc';
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> show grants for 'bbb';
+---------------------------------+
| Grants for bbb@% |
+---------------------------------+
| GRANT USAGE ON . TO bbb@% |
| GRANT jingli@% TO bbb@% |
+---------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'ccc';
+-----------------------------------+
| Grants for ccc@% |
+-----------------------------------+
| GRANT USAGE ON . TO ccc@% |
| GRANT yuangong@% TO ccc@% |
+-----------------------------------+
2 rows in set (0.00 sec)