我们来测试吧。
连接作为超级用户,然后:
SHOW VARIABLES LIKE "%version%";
+-------------------------+------------------------------+
| Variable_name | Value |
+-------------------------+------------------------------+
| version | 10.0.23-MariaDB-0+deb8u1-log |
然后
USE mysql;
与密码bar
创建用于测试的用户foo
:
CREATE USER [email protected]'%' IDENTIFIED BY 'bar'; FLUSH PRIVILEGES;
要连接到Unix领域套接字(即由文件系统条目命名的I/O管道或一些这样的),在命令行上运行此:
mysql -pbar -ufoo
要连接到TCP/IP端点127.0.0.1:3306代替,在命令行上运行此:
mysql -pbar -ufoo -h127.0.0.1
要检查连接是否通过TCP/IP套接字或Unix域套接字,通过检查ps faux
的输出来获取mysql客户端进程的PID,然后运行lsof -p$GOTPID
。你会看到类似这样的:
mysql [PID] quux 3u IPv4 [code] 0t0 TCP localhost:[port]->localhost:mysql (ESTABLISHED)
或
mysql [PID] quux 3u unix [code] 0t0 [code] socket
所以:
案例0:主机= '10 .10.10.10' (空试验)
update user set host='10.10.10.10' where user='foo'; flush privileges;
- 连接到插座:FAILURE
- 连接到127.0.0.1:未能
案例1:主机= '%'
update user set host='%' where user='foo'; flush privileges;
情况2:主机= 'localhost' 的
update user set host='localhost' where user='foo';flush privileges;
情况3:主机='127.0.0.1'
update user set host='127.0.0.1' where user='foo';flush privileges;
案例4:主机= ''
update user set host='' where user='foo';flush privileges;
(根据MySQL 5.7: 6.2.4 Access Control, Stage 1: Connection Verification,空字符串''也意味着“任何主机”,但在'%'之后排序。)
案例5:主机= '192.168.0.1'(额外的测试)
( '192.168.0.1' 是我的机器的IP地址之一,你的情况适当改变)
update user set host='192.168.0.1' where user='foo';flush privileges;
但
- 连接到192.168.0.1使用
mysql -pbar -ufoo -h192.168.0.1
:OK
边缘情况答:主机= '0.0.0.0'
update user set host='0.0.0.0' where user='foo';flush privileges;
边缘案例B:主机= '255.255.255.255'
update user set host='255.255.255.255' where user='foo';flush privileges;
清理
delete from user where user='foo';flush privileges;
附录
要了解什么是真正的mysql.user
表,这是允许的一个表,使用:
SELECT SUBSTR(password,1,6) as password, user, host,
Super_priv AS su,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv, Event_priv, Trigger_priv) AS funcs,
CONCAT(Repl_slave_priv, Repl_client_priv) AS replic,
CONCAT(Shutdown_priv, Process_priv, File_priv, Show_db_priv, Reload_priv, Create_user_priv) AS admin
FROM user ORDER BY user, host;
这给出:
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| password | user | host | su | gr | selock | modif | ria | views | funcs | replic | admin |
+----------+----------+-----------+----+----+--------+-------+-----+-------+-------+--------+--------+
| *E8D46 | foo | | N | N | NN | NNNNN | NNN | NNN | NNNNN | NN | NNNNNN |
同样,对于表mysql.db
:
SELECT host,db,user,
Grant_priv as gr,
CONCAT(Select_priv, Lock_tables_priv) AS selock,
CONCAT(Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv) AS modif,
CONCAT(References_priv, Index_priv, Alter_priv) AS ria,
CONCAT(Create_tmp_table_priv, Create_view_priv, Show_view_priv) AS views,
CONCAT(Create_routine_priv, Alter_routine_priv, Execute_priv) AS funcs
FROM db ORDER BY user, db, host;
在什么版本?在MySQL 5.5.35中,“%”也与localhost匹配。 – depquid
“localhost”不仅通过本地套接字连接,127.0.0.1(不使用套接字)也不会与%相匹配,而是与本地主机相匹配。看到今天haproxy安装。 – Phillipp