Ubuntu 上 MariaDB 权限管理实操指南
一 基础准备与登录
sudo mariadbsudo mysql -u root -psudo mysql_secure_installation,可移除匿名用户、禁止远程 root 登录、删除测试库等,提升安全性。二 用户与主机管理
CREATE USER 'alice'@'localhost' IDENTIFIED BY 'StrongPass!';CREATE USER 'bob'@'192.168.1.%' IDENTIFIED BY 'StrongPass!';CREATE USER 'charlie'@'%' IDENTIFIED BY 'StrongPass!';SET PASSWORD FOR 'alice'@'localhost' = PASSWORD('NewPass!');DROP USER 'bob'@'192.168.1.%';SELECT User, Host FROM mysql.user;三 授权与撤销
GRANT 权限 ON 范围 TO '用户'@'主机';;REVOKE 权限 ON 范围 FROM '用户'@'主机';GRANT ALL PRIVILEGES ON sales.* TO 'alice'@'localhost';GRANT SELECT ON sales.* TO 'bob'@'192.168.1.%';GRANT SELECT, INSERT, UPDATE, DELETE ON sales.orders TO 'charlie'@'%';GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;REVOKE ALL PRIVILEGES ON sales.* FROM 'alice'@'localhost';REVOKE INSERT, UPDATE ON sales.orders FROM 'charlie'@'%';SHOW GRANTS FOR 'alice'@'localhost';db1.*,用 REVOKE ... ON *.* 无法撤销其 db1 上的权限。四 角色管理与最小权限
CREATE ROLE 'read_role';GRANT SELECT ON sales.* TO 'read_role';GRANT 'read_role' TO 'bob'@'192.168.1.%';SET ROLE 'read_role';(或在配置中设为默认)SELECT,写入账号按需授予 INSERT/UPDATE/DELETE,运维管理账号再考虑更高权限。localhost 或明确 IP/网段,避免使用 % 开放到公网。WITH GRANT OPTION 精细授权。五 远程访问与常见排错
GRANT ALL PRIVILEGES ON appdb.* TO 'app'@'192.168.10.%' IDENTIFIED BY 'StrongPass!';GRANT ALL PRIVILEGES ON appdb.* TO 'app'@'%' IDENTIFIED BY 'StrongPass!';FLUSH PRIVILEGES;sudo ufw allow 3306/tcp(仅在确有远程需求时开启)。mysql -h 服务器IP -u app -plocalhost 而非 % 或具体 IP)。
