MySQL 5.7数据库应用管理实战(一)
时间:2022-03-15 15:13
1 修改mysql数据库的提示符
1.1 临时修改mysql登陆提示符,session结束后失效
mysql> prompt \u@\h [\d] \r:\m:\s->
PROMPT set to ‘\u@\h [\d] \r:\m:\s->‘
root@localhost [(none)] 09:18:10->\q
1.2 永久修改mysql登陆提示符
在my.cnf配置文件中,[mysql]模块下添加如下内容(注意,不是[mysqld])保存后,无需重启MySQL,退出当前session,重新登陆即可;如果在my.cnf中添加,可以用\,避免转义带来的问题
[root@192168066012_MySQL_5_7_27 ~]# vim /etc/my.cnf
[mysql]
prompt=\\u@\\h [\d] \\r:\\m:\\s->
2 在mysql里使用help
默认情况下,MySQL中的命令是不区分大小写的;
help <command> #可以查看具体命令的使用方法
root@localhost [(none)] 09:27:28->help show;
Name: ‘SHOW‘
Description:
SHOW has many forms that provide information about databases, tables,
columns, or status information about the server. This section describes
those following:
SHOW {BINARY | MASTER} LOGS
SHOW BINLOG EVENTS [IN ‘log_name‘] [FROM pos] [LIMIT [offset,] row_count]
SHOW CHARACTER SET [like_or_where]
SHOW COLLATION [like_or_where]
SHOW [FULL] COLUMNS FROM tbl_name [FROM db_name] [like_or_where]
SHOW CREATE DATABASE db_name
SHOW CREATE EVENT event_name
SHOW CREATE FUNCTION func_name
SHOW CREATE PROCEDURE proc_name
SHOW CREATE TABLE tbl_name
SHOW CREATE TRIGGER trigger_name
SHOW CREATE VIEW view_name
SHOW DATABASES [like_or_where]
SHOW ENGINE engine_name {STATUS | MUTEX}
SHOW [STORAGE] ENGINES
...省略
3 设置及修改MySQL USER密码
3.1 命令行设置USER密码方法
#MySQL单实例设置密码
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot password "boyu123"
#MySQL多实例设置密码
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot password ‘boyu123‘ -S /application/mysql/data/3306/mysql.sock
3.2 命令行修改root密码方法<此方法常用>
#MySQL单实例修改密码
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 password ‘boyu1234‘
#MySQL多实例修改密码
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 password ‘boyu1234‘ -S /application/mysql/data/3306/mysql.sock
3.3 sql语句修改方法<此方法很危险>
#修改root密码为boyu123
root@localhost [(none)] 09:43:22->update mysql.user set authentication_string=password(‘boyu123‘) where user=‘root‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 0 Warnings: 1
#重新加载使配置立即生效
root@localhost [(none)] 09:44:33->flush privileges;
Query OK, 0 rows affected (0.00 sec)
提示:
a.必须指定where条件,否则密码全部被更改,危险!!!
b.必须使用password()函数来加密更改
4 单实例找回丢失的MySQL USER密码
4.1 首先停止MySQL数据库
单实例停止MySQL数据库
[root@192168066012_MySQL_5_7_27 ~]# /etc/init.d/mysqld stop
Shutting down MySQL. SUCCESS!
4.2 使用--skip-grant-tables启动MySQL数据库,忽略授权登陆验证
命令行输入如下命令
mysqld_safe --skip-grant-tables --user=mysql &
输入mysql可以直接跳过验证进入数据库
mysql
update 更新root密码
mysqladmin 优雅关闭数据库
mysql -uroot -pboyu123 就可以登录数据库了
提示:在启动时,加--skip-grant-tables参数,表示忽略授权表验证
4.3 使用--skip-grant-tables参数操作方法
#跳过授权表验证
[root@192168066012_MySQL_5_7_27 ~]# mysqld_safe --skip-grant-tables --user=mysql &
[1] 130775
[root@192168066012_MySQL_5_7_27 ~]# 2019-07-31T13:57:05.294289Z mysqld_safe Logging to ‘/application/mysql/logs/mysql_5_7_27.err‘.
2019-07-31T13:57:05.327331Z mysqld_safe Starting mysqld daemon with databases from /application/mysql/data
#检查一下数据库进程
[root@192168066012_MySQL_5_7_27 ~]# ps -ef|grep 3306
root 359 99061 0 21:57 pts/1 00:00:00 grep --color=auto 3306
mysql 131036 130775 2 21:57 pts/1 00:00:00 /application/mysql/bin/mysqld --basedir=/application/mysql --datadir=/application/mysql/data --plugin-dir=/application/mysql/lib/plugin --user=mysql --skip-grant-tables --log-error=/application/mysql/logs/mysql_5_7_27.err --pid-file=/application/mysql/mysqld.pid --socket=/application/mysql/tmp/mysql.sock --port=3306
#无需密码,即可登入数据库
[root@192168066012_MySQL_5_7_27 ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
...省略
#更新root密码
root@localhost [(none)] 10:03:30->update mysql.user set authentication_string=password(‘boyu123‘) where user=‘root‘;
Query OK, 0 rows affected, 1 warning (0.01 sec)
Rows matched: 1 Changed: 0 Warnings: 1
#刷新授权表
root@localhost [(none)] 10:04:28->flush privileges;
Query OK, 0 rows affected (0.00 sec)
root@localhost [(none)] 10:04:32->\q
Bye
#优雅停止数据库
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 shutdown
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
2019-07-31T14:05:16.946425Z mysqld_safe mysqld from pid file /application/mysql/mysqld.pid ended
[1]+ Done mysqld_safe --skip-grant-tables --user=mysql
#启动数据库
[root@192168066012_MySQL_5_7_27 ~]# /etc/init.d/mysqld start
Starting MySQL. SUCCESS!
#此时,就可以使用新密码登录数据库了
[root@192168066012_MySQL_5_7_27 ~]# mysql -uroot -pboyu123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
...省略
root@localhost [(none)] 10:05:42->
5 多实例找回丢失的MySQL USER密码
5.1 首先停止MySQL数据库
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -p"boyu123" -S /application/mysql/data/3306/mysql.sock shutdown
5.2 使用--skip-grant-table启动MySQL数据库,忽略授权登陆验证
[root@192168066012_MySQL_5_7_27 ~]# /application/mysql/bin/mysqld_safe --skip-grant-tables --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err &
5.3 无密码登录数据库,修改root密码,刷新授权表
[root@192168066012_MySQL_5_7_27 ~]# mysql -S /application/mysql/data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
...省略
mysql> update mysql.user set authentication_string=password(‘boyu123‘) where user=‘root‘;
Query OK, 0 rows affected, 1 warning (0.01 sec)
Rows matched: 1 Changed: 0 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
5.4 停止3306数据库,并使用新密码登陆数据库
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -p"boyu123" -S /application/mysql/data/3306/mysql.sock shutdown
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
2019-08-08T03:37:09.248027Z mysqld_safe mysqld from pid file /application/mysql/data/3306/mysql.pid ended
[1]+ Done /application/mysql/bin/mysqld_safe --skip-grant-tables --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err
#启动3306数据库
[root@192168066012_MySQL_5_7_27 ~]# /application/mysql/bin/mysqld --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err &
#新密码登录数据库
[root@192168066012_MySQL_5_7_27 ~]# mysql -uroot -pboyu123 -S /application/mysql/data/3306/mysql.sock
...省略
mysql>
6 SQL结构化查询语言
6.1 什么是SQL?
SQL(Structured Query Language)是结构化查询语言(数据库查询和程序设计语言),它是一种对关系型数据库中的数据进行定义和操作的语言方法
6.2 常见的SQL语句分类
a. DDL --- 数据定义语言(CREATE,ALTER,DROP)
全称(Data Definition Language),数据库中,创建新表或删除表,为表加入索引等,也是动作查询的一部分
b. DML --- 数据操作语言(SELECT,INSERT,DELETE,UPDATE)
全称(Data Manipulation Language),数据库中,修改和删除表中的行(数据),也称动作查询语言
c. DCL --- 数据控制语言(GRANT,REVOKE,COMMIT,ROLLBACK)
全称(Data Control Language),数据库中,获得许可,确定单个用户和用户组对数据库对象的访问
7 创建数据库
注意库名不能以数字开头
命令语法:create database <数据库名>
- 默认数据库配置,相当于创建拉丁字符集数据库
root@localhost [(none)] 10:20:09-> create database boyu;
- 创建gbk字符集数据库
root@localhost [(none)] 10:20:09-> create database boyu_gbk DEFAULT CHARACTER SET gbk COLLATE gbk_chinese_ci;
- 创建utf8字符集数据库
root@localhost [(none)] 10:20:09-> create database boyu_utf8 DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
- 查看已创建数据库的字符集
root@localhost [(none)] 10:20:09-> show create database boyu_utf8\G
+-----------+--------------------------------------------------------------------+
| Database | Create Database |
+-----------+--------------------------------------------------------------------+
| boyu_utf8 | CREATE DATABASE "boyu_utf8" /*!40100 DEFAULT CHARACTER SET utf8 */ |
+-----------+--------------------------------------------------------------------+
1 row in set (0.00 sec)
提示:
a. 字符集的不一致是数据库中文内容乱码的罪魁祸首
b. 如果编译安装的时候,指定了特定的字符集,则以后创建对应字符集的数据库时,就不需要指定字符集了。
c. 企业里怎么创建数据库呢?
根据开发的程序确定字符集(一般是UTF8)
编译的时候指定字符集,然后再创建的时候,默认创建即可;例如:
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
create database boyu;
编译的时候没有指定字符集,或者指定了和程序不同的字符集,如何解决?
创建数据库的时候,指定字符集即可;
8 显示数据库
命令语法:show databases;
- 显示当前所有数据库
root@localhost [(none)] 10:31:00->show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| boyu |
| boyu_gbk |
| boyu_utf8 |
| mysql |
| performance_schema |
| sys |
+--------------------+
7 rows in set (0.00 sec)
- 显示boyu数据库
root@localhost [(none)] 10:31:05->show databases like ‘boyu‘;
+-----------------+
| Database (boyu) |
+-----------------+
| boyu |
+-----------------+
1 row in set (0.00 sec)
- 显示以boyu开头的多个数据库,%为通配符
root@localhost [(none)] 10:31:36->show databases like ‘boyu%‘;
+------------------+
| Database (boyu%) |
+------------------+
| boyu |
| boyu_gbk |
| boyu_utf8 |
+------------------+
3 rows in set (0.00 sec)
9 删除数据库
命令语法:drop database <数据库名称>
- 删除名为boyu_utf8的数据库
root@localhost [(none)] 10:31:43->drop database boyu_utf8;
Query OK, 0 rows affected (0.00 sec)
9.1 学习潜意识查看帮助
root@localhost [(none)] 10:39:10->help drop database;
Name: ‘DROP DATABASE‘
Description:
Syntax:
DROP {DATABASE | SCHEMA} [IF EXISTS] db_name
DROP DATABASE drops all tables in the database and deletes the
database. Be very careful with this statement! To use DROP DATABASE,
you need the DROP privilege on the database. DROP SCHEMA is a synonym
for DROP DATABASE.
10 连接数据库
命令语法:use <数据库名称>
- 连接/进入boyu数据库
root@localhost [(none)] 10:45:04->use boyu;
Database changed
- 查看当前所在的数据库
root@localhost [boyu] 10:45:07->select database();
+------------+
| database() |
+------------+
| boyu |
+------------+
1 row in set (0.00 sec)
- 查看当前数据库版本
root@localhost [boyu] 10:45:24->select version();
+------------+
| version() |
+------------+
| 5.7.27-log |
+------------+
1 row in set (0.00 sec)
- 查看系统/数据库当前时间
root@localhost [boyu] 10:45:33->select now();
+---------------------+
| now() |
+---------------------+
| 2019-07-31 22:45:53 |
+---------------------+
1 row in set (0.00 sec)
11 创建MySQL用户及赋予用户权限
11.1 用help grant查看命令帮助
通过查看grant命令的帮助,可以很容易的找到创建用户并授权的例子
root@localhost [boyu] 10:45:53->help grant;
...省略
CREATE USER ‘jeffrey‘@‘localhost‘ IDENTIFIED BY ‘password‘;
GRANT ALL ON db1.* TO ‘jeffrey‘@‘localhost‘;
GRANT SELECT ON db2.invoice TO ‘jeffrey‘@‘localhost‘;
ALTER USER ‘jeffrey‘@‘localhost‘ WITH MAX_QUERIES_PER_HOUR 90;
11.2 运维人员比较常用的创建用户的方法,使用grant创建用户的同时进行权限授权,例:
GRANT ALL ON db1.* TO ‘jeffrey‘@‘localhost‘ IDENTIFIED BY ‘mypass‘;
11.3 grant命令帮助里面,提供了一个先用create命令创建用户,然后在用grant授权的方法,即创建用户和授权权限分开进行,例:
CREATE USER ‘jeffrey‘@‘localhost‘ IDENTIFIED BY ‘mypass‘;
GRANT ALL ON db1.* TO ‘jeffrey‘@‘localhost‘;
以上两条命令相当于下面一条命令:
GRANT ALL ON db1.* TO ‘jeffrey‘@‘localhost‘ IDENTIFIED BY ‘mypass‘;
11.4 通过grant命令创建用户并授权
grant语法:grant all privileges on dbname.* to ‘username’@‘localhost’ identified by ‘mypass‘;
grant | all privileges | on dbname.* | to username@localhost | identified by ‘mypass‘ |
---|---|---|---|---|
授权命令 | 对应权限 | 目标:库和表 | 用户名和客户端主机 | 用户密码 |
说明:授权localhost主机上通过用户username管理dbname数据库的所有权限,密码为passwd。其中username,dbname,passwd可根据业务的情况进行修改
- 创建boyu用户,密码为boyu123,并授权访问boyu数据库的权限
root@localhost [boyu] 11:02:41->grant all privileges on boyu.* to ‘boyu‘@‘localhost‘ identified by ‘boyu123‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
- 刷新权限表
root@localhost [boyu] 11:03:13->flush privileges;
Query OK, 0 rows affected (0.00 sec)
- 查询创建状态
root@localhost [boyu] 11:06:03->select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)
- 查看boyu拥有的权限
root@localhost [boyu] 11:10:18->show grants for ‘boyu‘@‘localhost‘;
+--------------------------------------------------------+
| Grants for boyu@localhost |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘boyu‘@‘localhost‘ |
| GRANT ALL PRIVILEGES ON "boyu".* TO ‘boyu‘@‘localhost‘ |
+--------------------------------------------------------+
2 rows in set (0.00 sec)
11.5 授权局域网内主机远程连接数据库
根据grant命令语法,我们知道oldboy@localhost位置为授权访问数据库的主机,localhost可以用域名,IP段或IP地址来替代
a.百分号匹配法
root@localhost [boyu] 11:10:41->grant all on boyu.* to boyu@‘192.168.66.%‘ identified by ‘boyu123‘;
Query OK, 0 rows affected, 1 warning (0.01 sec)
root@localhost [boyu] 11:18:50->flush privileges;
Query OK, 0 rows affected (0.00 sec)
b.子网掩码配置法
root@localhost [boyu] 11:18:55->grant all on boyu.* to boyu1@‘192.168.66.0/255.255.255.0‘ identified by ‘boyu123‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
root@localhost [boyu] 11:19:34->flush privileges;
Query OK, 0 rows affected (0.00 sec)
c.授权单IP远程连接
root@localhost [boyu] 11:19:37->grant all on boyu.* to boyu2@‘192.168.66.11‘ identified by ‘boyu123‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
root@localhost [boyu] 11:19:44->flush privileges;
Query OK, 0 rows affected (0.00 sec)
root@localhost [boyu] 11:19:46->select user,host from mysql.user;
+-------+----------------------------+
| user | host |
+-------+----------------------------+
| boyu | 192.168.66.% |
| boyu1 | 192.168.66.0/255.255.255.0 |
| boyu2 | 192.168.66.11 |
| boyu | localhost |
| root | localhost |
+-------+----------------------------+
5 rows in set (0.00 sec)
12 删除MySQL系统多余账号
- drop user "user"@"主机域",注意引号,可以为单或双引号,但是不能不加引号
root@localhost [boyu] 11:20:02->drop user ‘boyu1‘@‘192.168.66.0/255.255.255.0‘;
Query OK, 0 rows affected (0.01 sec)
root@localhost [boyu] 12:47:53->delete from mysql.user where user=‘boyu2‘ and host=‘192.168.66.11‘;
Query OK, 1 row affected (0.00 sec)
root@localhost [boyu] 01:09:50->select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)
- 注意:如果drop删除不了(一般是特殊字符或大写),可以用下面的方式删除(以BO#Y&U0@07用户,BOYU主机为例)
root@localhost [boyu] 01:27:43->select user,host from mysql.user;
+------------+-----------+
| user | host |
+------------+-----------+
| BO#Y&U0@07 | boyu |
| boyu | localhost |
| root | localhost |
+------------+-----------+
3 rows in set (0.00 sec)
root@localhost [boyu] 01:30:05->delete from mysql.user where user=‘BO#Y&U0@07‘ and host=‘boyu‘;
Query OK, 1 row affected (0.00 sec)
root@localhost [boyu] 01:30:55->select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)
root@localhost [boyu] 01:31:01->flush privileges;
Query OK, 0 rows affected (0.00 sec)
13 ALL PRIVILEGES里面包含哪些权限?
SELECT | INSERT | UPDATE | DELETE | CREATE | DROP | INDEX | ALTER | CREATE TEMPORARY TABLES |
---|---|---|---|---|---|---|---|---|
查询 | 插入 | 更新 | 删除 | 创建库和表 | 删除库和表 | 索引 | 修改 | 创建临时表 |
LOCK TABLES | EXECUTE | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ALTER ROUTINE | EVENT | TRIGGER | REFERENCES |
---|---|---|---|---|---|---|---|---|
锁表 | 执行 | 创建视图 | 显示视图 | 创建存储过程 | 修改存储过程 | 事件 | 触发器 | 外键 |
提示:即在授权时,可以授权用户最小的满足业务需求的权限,而不是一味的授权"ALL PRIVILEGES"
- 授权boyu1用户拥有执行boyu库的"select,insert,update,delete,create,drop"权限
root@localhost [boyu] 01:59:22->CREATE USER ‘boyu1‘@‘localhost‘ IDENTIFIED BY ‘boyu123‘;
Query OK, 0 rows affected (0.00 sec)
root@localhost [boyu] 02:00:20->grant select,insert,update,delete,create,drop ON `boyu`.* TO ‘boyu1‘@‘localhost‘;
Query OK, 0 rows affected (0.00 sec)
root@localhost [boyu] 02:00:28->show grants for boyu1@localhost;
+---------------------------------------------------------------------------------------+
| Grants for boyu1@localhost |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘boyu1‘@‘localhost‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON "boyu".* TO ‘boyu1‘@‘localhost‘ |
+---------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
- 创建boyu2用户,并授予拥有执行boyu库的"select,insert,update,delete,create,drop"权限
root@localhost [boyu] 01:58:31->grant select,insert,update,delete,create,drop on boyu.* to ‘boyu2‘@‘localhost‘ identified by ‘boyu123‘;
Query OK, 0 rows affected, 1 warning (0.01 sec)
root@localhost [boyu] 01:59:07->show grants for boyu2@localhost;
+---------------------------------------------------------------------------------------+
| Grants for boyu2@localhost |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘boyu2‘@‘localhost‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON "boyu".* TO ‘boyu2‘@‘localhost‘ |
+---------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
14 企业生产环境如何授权用户权限
14.1 博客,CMS等产品的授权
对于web连接用户授权尽量采用最小化原则,很多开源软件都是web界面安装,因此,常规情况下授予select,insert,update,delete权限即可,例如discuz,bbs等开源软件,还需要授予create,drop比较危险的权限
root@localhost [boyu] 02:00:39-> grant select,insert,update,delete,create,drop ON blog.* to ‘blog‘@‘192.168.66.%‘ identified by ‘boyu123‘;
14.2 生成数据库表后,需要收回create,drop权限
root@localhost [boyu] 02:00:39-> REVOKE create ON blog.* FROM ‘blog‘@‘192.168.66.%‘;
root@localhost [boyu] 02:00:39-> REVOKE drop ON blog.* FROM ‘blog‘@‘192.168.66.%‘;