MySQL的skip-grant-tables
安装mysql在windows和linux平台上,可以参考以下文章:
《初探MySQL-小白的Linux安装笔记》
《Windows环境安装MySQL ZIP Archive》
《MySQL 5.6 rpm安装方法和碰见的问题》
《MySQL的rpm和源码两种安装操作》
在Windows下安装MySQL 5.7时,可以使用以下指令进行初始化、服务注册和启动服务:
C:\bisal\mysql\bin>mysqld --initialize --user=mysql --console 2025-01-12T11:46:53.608737Z 0 [Warning] InnoDB: New log files created, LSN=45790 2025-01-12T11:46:53.889730Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2025-01-12T11:46:53.981412Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: ddb683f6-54cb-11eb-ac61-0250f2000002. 2025-01-12T11:46:53.996569Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2025-01-12T11:46:56.054507Z 0 [Warning] CA certificate ca.pem is self signed. 2025-01-12T11:46:56.563731Z 1 [Note] A temporary password is generated for root@localhost: Bgbo>f4-Uv1j C:\bisal\mysql\bin>mysqld install Service successfully installed. C:\bisal\mysql\bin>net start mysql MySQL 服务正在启动 . MySQL 服务已经启动成功。
执行上述命令后,data路径下将出现这些数据文件:
一些教程提到,在首次配置时,可以在配置文件my.ini中添加skip-grant-tables参数:
skip-grant-tables
此命令的作用是跳过授权表,意味着任何人都可以访问MySQL并查看所有数据表。即使忘记了账号密码,也可以使用此命令来修改密码,但需要在使用后立即关闭并重启MySQL,否则会带来很大的安全风险。
输入登录指令时,可以任意输入密码进行登录:
C:\bisal\mysql\bin>mysql -u root -p Enter password: ****** Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.32 MySQL Community Server (GPL) Copyright (c) 2000, 2025, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
通过查看用户,可以确认skip-grant-tables参数确实生效:
mysql> select current_user; +-----------------------------------+ | current_user | +-----------------------------------+ | skip-grants user@skip-grants host | +-----------------------------------+ 1 row in set (0.00 sec)
登录后,可以通过update命令更新root用户的密码。注意,在MySQL 5.7中,存储密码的字段名为authentication_string:
mysql> update mysql.user set authentication_string=password('mysql') where user='root' and host='localhost';
Query OK, 1 row affected, 1 warning (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 1密码使用password函数进行加密:
mysql> select password('mysql') from dual;
+-------------------------------------------+
| password('mysql') |
+-------------------------------------------+
| *E74858DB86EBA20BC33D0AECAE8A8108C56B17FA |
+-------------------------------------------+
1 row in set, 1 warning (0.00 sec)
mysql> select host, user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *E74858DB86EBA20BC33D0AECAE8A8108C56B17FA |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)在当前模式下,可以直接使用mysql命令进行登录:
C:\bisal\mysql\bin>mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.32 MySQL Community Server (GPL) Copyright (c) 2000, 2025, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
然而,跳过授权表的操作是不安全的,相当于打开了后门。因此,需要将skip-grant-tables参数注释掉:
# skip-grant-tables
然后在Windows的服务窗口重启MySQL服务,使用cmd-services.msc:
此时,使用mysql命令会提示错误1045:
C:\bisal\mysql\bin>mysql ERROR 1045 (28000): Access denied for user 'ODBC'@'localhost' (using password: NO)
同样,使用mysql -u -root -p命令登录时,也会提示错误1045:
C:\bisal\mysql\bin>mysql -u -root -p Enter password: ************ ERROR1045 (28000): Access denied for user '-root'@'localhost' (using password: YES)
1045 (28000): Access denied for user '-root'@'localhost' (using password: YES)可以指定-h参数进行登录:
C:\bisal\mysql\bin>mysql -u root -h localhost -p Enter password: ***** Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.7.32 MySQL Community Server (GPL) Copyright (c) 2000, 2025, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
此时,系统会提示使用ALTER USER命令重置密码:
mysql> use mysql ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement. mysql> alter user 'root'@'localhost' identified by 'mysql' password expire never; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
此时,登录的用户不再是skip-grants用户:
mysql> select current_user; +----------------+ | current_user | +----------------+ | root@localhost | +----------------+ 1 row in set (0.00 sec)
尽管我对MySQL的了解尚浅,但我发现一些看似简单的知识点,如登录,实际上包含了许多原理。理解这些原理并通过实践来深入了解MySQL可能是一个艰辛的过程,但这也是量变引起质变的必经之路。希望大家共同努力。
参考资料:
https://www./link/2065d2abc480bb9c5155747ecab64395
https://www./link/253637b08749bde403df7fcd0b66f731
https://www./link/ea90e42eb981294a7fb36b39326d9617
