我们使用 Virtualmin 来完成我们大部分的数据库管理,但显然它有一个错误,在某些情况下设置用户的权限过于宽泛。此外,MySQL 手册没有提到限制用户使用“show databases”命令查看其他数据库的能力。
当我运行“show grants for 'user'@'localhost';” 我明白了:
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for user@localhost |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, CREATE TEMPORARY TABLES ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'ENCRYPTED' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `database`.* TO 'user'@'localhost' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
这甚至在我运行“GRANT SELECT、INSERT、UPDATE、DELETE、CREATE、ALTER、CREATE TEMPORARY TABLES ON database.* to 'user'@'localhost';”之后
不确定您的实际问题是什么,但如果这就是为什么用户仍然可以看到所有内容,那是因为这些授权是附加的。
您需要删除您不想要的授权(第一个)并包括第二个。
即删除
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, CREATE TEMPORARY TABLES ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'ENCRYPTED'
并保持,
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `database`.* TO 'user'@'localhost' WITH GRANT OPTION
尝试,
REVOKE SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, CREATE TEMPORARY TABLES ON *.* FROM 'user'@'localhost'
| 归档时间: |
|
| 查看次数: |
7761 次 |
| 最近记录: |