注意输出
SHOW GRANTS FOR ’root’@’localhost’;
没有说“ ALL PRIVILEGES”,而是不得不说出root @ localhost的含义。
授予所有特权将失败,因为用户无法授予他/她没有的特权,并且服务器似乎认为这里不存在某些东西…
现在,接下来缺少什么呢?
在我的系统上,我得到以下信息:
MysqL> select version();+------------+| version() |+------------+| 5.5.21-log |+------------+1 row in set (0.00 sec)MysqL> SHOW GRANTS FOR ’root’@’localhost’;+---------------------------------------------------------------------+| Grants for root@localhost |+---------------------------------------------------------------------+| GRANT ALL PRIVILEGES ON *.* TO ’root’@’localhost’ WITH GRANT OPTION || GRANT PROXY ON ’’@’’ TO ’root’@’localhost’ WITH GRANT OPTION|+---------------------------------------------------------------------+2 rows in set (0.00 sec)MysqL> SELECT * FROM MysqL.user WHERE User=’root’ and Host=’localhost’G*************************** 1. row *************************** Host: localhost User: root Password: Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: YShow_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: YCreate_tablespace_priv: Y <----------------------------- new column in 5.5 ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0plugin: <------------------------------- new column in 5.5 authentication_string: <------------------------------- new column in 5.51 row in set (0.00 sec)
5.5中还有一些新表,例如MysqL.proxies_user:确保您拥有它们。
安装全新的MysqL服务器实例时,安装脚本将创建具有适当结构的所有MysqL。*表。
从旧版本升级时,请确保使用正确的升级过程(MysqL_upgrade),它将添加缺少的表/列。
这只是一个猜测,但似乎该实例的MysqL_upgrade未完成,导致出现了这种现象。
解决方法我看过许多类似的问题,因此表明我已经检查了基础知识。当然,这并不意味着我没有错过任何显而易见的东西。:-)
我的问题是:为什么我拒绝具有特权的用户访问权限,而我却已经在其中输入密码并被授予访问权限?(为了完整起见,我尝试输入错误的密码只是为了确保MySQL客户端在程序启动时拒绝我访问。)
背景:
通过ssh登录到运行MySQL服务器的计算机的外壳,我以root用户身份登录:
[myname@host ~]$ mysql -u root -p -hlocalhostEnter password: Welcome to the MySQL monitor. Commands end with ; or g.Your MySQL connection id is 62396Server version: 5.5.18-log MySQL Community Server (GPL)Type ’help;’ or ’h’ for help. Type ’c’ to clear the current input statement.mysql>
太棒了 我对类似问题的答案的阅读表明,我应该确保特权与授予表中的权限保持最新
mysql> FLUSH PRIVILEGES;Query OK,0 rows affected (0.00 sec)mysql>
接下来,请确保我是我认为的我:
mysql> SELECT user();+----------------+| user() |+----------------+| root@localhost |+----------------+1 row in set (0.00 sec)
…真的 真的很 确定:
mysql> SELECT current_user();+----------------+| current_user() |+----------------+| root@localhost |+----------------+1 row in set (0.00 sec)mysql>
到目前为止,一切都很好。现在我有什么特权?
mysql> SHOW GRANTS FOR ’root’@’localhost’;+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| Grants for root@localhost |+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,RELOAD,SHUTDOWN,PROCESS,FILE,REFERENCES,INDEX,ALTER,SHOW DATABASES,SUPER,CREATE TEMPORARY TABLES,LOCK TABLES,EXECUTE,REPLICATION SLAVE,REPLICATION CLIENT,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,CREATE USER,EVENT,TRIGGER ON *.* TO ’root’@’localhost’ IDENTIFIED BY PASSWORD ’[OBSCURED]’ WITH GRANT OPTION |+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+1 row in set (0.00 sec)
现在有点难以理解,所以让我们尝试这种方式(您还将看到有一个非本地“ root”用户):
mysql> SELECT * FROM mysql.user WHERE User=’root’G*************************** 1. row *************************** Host: localhost User: root Password: *[OBSCURED] Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: YShutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: YCreate_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0*************************** 2. row *************************** Host: [HOSTNAME].com User: root Password: *[OBSCURED] Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: YShutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: YCreate_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 2 rows in set (0.00 sec)
太棒了!MySQL认为我是root @ localhost,而root @ localhost拥有所有这些特权。这意味着我应该能够做我想做的事,对不对?
mysql> GRANT ALL PRIVILEGES ON *.* TO ’steves’@’[hostname].com’ IDENTIFIED BY ’[OBSCURED]’ WITH GRANT OPTION;ERROR 1045 (28000): Access denied for user ’root’@’localhost’ (using password: YES)
我怎么能搞砸这个基本的东西?
旁注:对于任何想建议我没有名为root的用户都具有所有特权的用户,这很好,一旦我可以给另一个用户一些特权,我将考虑做一些事情。
谢谢!
