我們來測試吧。
連接作爲超級用戶,然後:
SHOW VARIABLES LIKE "%version%";
+-------------------------+------------------------------+
| Variable_name | Value |
+-------------------------+------------------------------+
| version | 10.0.23-MariaDB-0+deb8u1-log |
然後
USE mysql;
與密碼bar
創建用於測試的用戶foo
:
CREATE USER [email protected]'%' IDENTIFIED BY 'bar'; FLUSH PRIVILEGES;
要連接到Unix領域套接字(即由文件系統條目命名的I/O管道或一些這樣的),在命令行上運行此:
mysql -pbar -ufoo
要連接到TCP/IP端點127.0.0.1:3306代替,在命令行上運行此:
mysql -pbar -ufoo -h127.0.0.1
要檢查連接是否通過TCP/IP套接字或Unix域套接字,通過檢查ps faux
的輸出來獲取mysql客戶端進程的PID,然後運行lsof -p$GOTPID
。你會看到類似這樣的:
mysql [PID] quux 3u IPv4 [code] 0t0 TCP localhost:[port]->localhost:mysql (ESTABLISHED)
或
mysql [PID] quux 3u unix [code] 0t0 [code] socket
所以:
案例0:主機= '10 .10.10.10' (空試驗)
update user set host='10.10.10.10' where user='foo'; flush privileges;
- 連接到插座:FAILURE
- 連接到127.0.0.1:未能
案例1:主機= '%'
update user set host='%' where user='foo'; flush privileges;
情況2:主機= 'localhost' 的
update user set host='localhost' where user='foo';flush privileges;
情況3:主機='127.0.0.1'
update user set host='127.0.0.1' where user='foo';flush privileges;
案例4:主機= ''
update user set host='' where user='foo';flush privileges;
(根據MySQL 5.7: 6.2.4 Access Control, Stage 1: Connection Verification,空字符串''也意味着「任何主機」,但在'%'之後排序。)
案例5:主機= '192.168.0.1'(額外的測試)
( '192.168.0.1' 是我的機器的IP地址之一,你的情況適當改變)
update user set host='192.168.0.1' where user='foo';flush privileges;
但
- 連接到192.168.0.1使用
mysql -pbar -ufoo -h192.168.0.1
:OK
邊緣情況答:主機= '0.0.0.0'
update user set host='0.0.0.0' where user='foo';flush privileges;
邊緣案例B:主機= '255.255.255.255'
update user set host='255.255.255.255' where user='foo';flush privileges;
清理
delete from user where user='foo';flush privileges;
附錄
要了解什麼是真正的mysql.user
表,這是允許的一個表,使用:
SELECT SUBSTR(password,1,6) as password, user, host,
Super_priv AS su,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv, Event_priv, Trigger_priv) AS funcs,
CONCAT(Repl_slave_priv, Repl_client_priv) AS replic,
CONCAT(Shutdown_priv, Process_priv, File_priv, Show_db_priv, Reload_priv, Create_user_priv) AS admin
FROM user ORDER BY user, host;
這給出:
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| password | user | host | su | gr | selock | modif | ria | views | funcs | replic | admin |
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| *E8D46 | foo | | N | N | NN | NNNNN | NNN | NNN | NNNNN | NN | NNNNNN |
同樣,對於表mysql.db
:
SELECT host,db,user,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv) AS funcs
FROM db ORDER BY user, db, host;
在什麼版本?在MySQL 5.5.35中,「%」也與localhost匹配。 – depquid
「localhost」不僅通過本地套接字連接,127.0.0.1(不使用套接字)也不會與%相匹配,而是與本地主機相匹配。看到今天haproxy安裝。 – Phillipp