cqlouis 发表于 2016-06-27 08:14

grant赋予用户权限,但是验证不对

mysql> show grants for z1@'localhost';
+------------------------------------------------------------------------+
| Grants for z1@localhost                                                |
+------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'z1'@'localhost' IDENTIFIED BY PASSWORD <secret> |
| GRANT SELECT, INSERT ON `sakila`.* TO 'z1'@'localhost'               |
+------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> status;
--------------
mysqlVer 14.14 Distrib 5.6.31, for Linux (x86_64) usingEditLine wrapper

Connection id:                3
Current database:        test
Current user:                z1@localhost
SSL:                        Not in use
Current pager:                stdout
Using outfile:                ''
Using delimiter:        ;
Server version:                5.6.31 MySQL Community Server (GPL)
Protocol version:        10
Connection:                Localhost via UNIX socket
Server characterset:        latin1
Db   characterset:        latin1
Client characterset:        utf8
Conn.characterset:        utf8
UNIX socket:                /var/lib/mysql/mysql.sock
Uptime:                        10 min 3 sec

Threads: 1Questions: 36Slow queries: 0Opens: 70Flush tables: 1Open tables: 63Queries per second avg: 0.059
--------------



以上说明了我对用户z1赋予在数据库sakila的权限,而现在z1在操作数据库test:

mysql> insert into tb1 values (111111111,222222,'mmmmmmmmm');
Query OK, 1 row affected (0.05 sec)

mysql> select * from tb1 order by id desc limit 10;
+-----------+--------+---------------------------------+
| id      | c1   | c2                              |
+-----------+--------+---------------------------------+
| 111111111 | 222222 | mmmmmmmmm                     |
|10000000 | 111111 | aaaaaaaaaaaaaaaaa               |
|   1000000 |90217 | testdatatestdatatestdata1000000 |
|    999999 |80588 | testdatatestdatatestdata999999|
|    999998 |   4241 | testdatatestdatatestdata999998|
|    999997 |80206 | testdatatestdatatestdata999997|
|    999996 |98930 | testdatatestdatatestdata999996|
|    999995 |71481 | testdatatestdatatestdata999995|
|    999994 |52825 | testdatatestdatatestdata999994|
|    999993 |64215 | testdatatestdatatestdata999993|
+-----------+--------+---------------------------------+
10 rows in set (0.00 sec)

mysql>



从以上操作,可以看出,我只给用户z1赋予了在数据库sakila上面的insert和select权限,可是实际上z1却可以对数据库test里的表tb1进行insert操作,


这是怎么会事呢?
谢谢




action08 发表于 2016-06-27 10:54

你肯定是自己哪里错了,

action08 发表于 2016-06-27 10:55

mysql> status;
--------------
mysqlVer 14.14 Distrib 5.6.31, for Linux (x86_64) usingEditLine wrapper

Connection id:                3
Current database:      test
Current user:                z1@localhost
SSL:                        Not in use
Current pager:                stdout
Using outfile:                ''
Using delimiter:      ;
Server version:                5.6.31 MySQL Community Server (GPL)
Protocol version:      10
Connection:                Localhost via UNIX socket
Server characterset:      latin1
Db   characterset:      latin1
Client characterset:      utf8
Conn.characterset:      utf8
UNIX socket:                /var/lib/mysql/mysql.sock
Uptime:                        10 min 3 sec

Threads: 1Questions: 36Slow queries: 0Opens: 70Flush tables: 1Open tables: 63Queries per second avg: 0.059
--------------

seesea2517 发表于 2016-06-27 11:17

回复 1# cqlouis


    这是 test 库的默认特点,只要能登录的用户都有 test 库的各种权限。出于安全考虑生产环境中会删除 test 库。相关配置可以在 mysql.db 看到。
页: [1]
查看完整版本: grant赋予用户权限,但是验证不对