首先让我提一下,我已经看了很多建议的问题,但没有找到相关的答案。这就是我正在做的。
我连接到Amazon EC2实例。我可以用这个命令登录MySQL根目录:
mysql -u root -p
然后我用host %创建了一个新的用户帐单
CREATE USER 'bill'@'%' IDENTIFIED BY 'passpass';
授予用户bill的所有权限:
grant all privileges on *.* to 'bill'@'%' with grant option;
然后我退出root用户,尝试用bill登录:
mysql -u bill -p
输入正确的密码并得到以下错误:
错误1045(28000):用户“账单”@“localhost”(使用密码:YES)的访问被拒绝
当前回答
I discovered yet another case that appears on the surface to be an edge case; I can export to the file system, via SELECT INTO .. OUTFILE as root, but not as regular user. While this may be a matter of permissions, I've looked at that, and see nothing especially obvious. All I can say is that executing the query as a regular user who has all permissions on the data base in question returns the access denied error that led me to this topic. When I found the transcript of a successful use of SELECT INTO … OUTFILE in an old project, I noticed that I was logged in as root. Sure enough, when I logged in as root, the query ran as expected.
其他回答
百分号表示所有ip,所以localhost是多余的…本地主机不需要第二条记录。
实际上有,'localhost'在mysql中是特殊的,它意味着通过unix套接字(或windows上的命名管道)连接,而不是TCP/IP套接字。使用%作为主机不包括'localhost'
MySQL用户帐户有两个组成部分:用户名和主机名。用户名标识用户,主机名指定用户可以从哪些主机连接。用户名和主机名的组合:
< user_name >的@ < host_name >的 您可以为主机名指定特定的IP地址或地址范围,或者使用百分比字符(“%”)使该用户能够从任何主机登录。
注意,用户帐户是由用户名和主机名同时定义的。例如,“root”@“%”与“root”@“localhost”是不同的用户帐户。
当你逃离
mysql -u bill -p
得到了这个错误
ERROR 1045 (28000): Access denied for user 'bill'@'localhost' (using password: YES)
Mysqld希望您以bill@localhost的身份连接
尝试创建bill@localhost
CREATE USER bill@localhost IDENTIFIED BY 'passpass';
grant all privileges on *.* to bill@localhost with grant option;
如果要远程连接,必须指定DNS名称、公共IP或127.0.0.1,使用TCP/IP:
mysql -u bill -p -hmydb@mydomain.com
mysql -u bill -p -h10.1.2.30
mysql -u bill -p -h127.0.0.1 --protocol=TCP
登录后,请运行这个
SELECT USER(),CURRENT_USER();
USER()报告您如何尝试在MySQL中进行身份验证
CURRENT_USER()报告你如何被允许从MySQL认证MySQL。用户表
这将使您更好地了解如何以及为什么允许您登录mysql。为什么知道这个观点很重要?它与用户身份验证排序协议有关。
下面是一个例子:我将在我的桌面MySQL上创建一个匿名用户
mysql> select user,host from mysql.user;
+---------+-----------+
| user | host |
+---------+-----------+
| lwdba | % |
| mywife | % |
| lwdba | 127.0.0.1 |
| root | 127.0.0.1 |
| lwdba | localhost |
| root | localhost |
| vanilla | localhost |
+---------+-----------+
7 rows in set (0.00 sec)
mysql> grant all on *.* to x@'%';
Query OK, 0 rows affected (0.02 sec)
mysql> select user,host from mysql.user;
+---------+-----------+
| user | host |
+---------+-----------+
| lwdba | % |
| mywife | % |
| x | % |
| lwdba | 127.0.0.1 |
| root | 127.0.0.1 |
| lwdba | localhost |
| root | localhost |
| vanilla | localhost |
+---------+-----------+
8 rows in set (0.00 sec)
mysql> update mysql.user set user='' where user='x';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> select user,host from mysql.user;
+---------+-----------+
| user | host |
+---------+-----------+
| | % |
| lwdba | % |
| mywife | % |
| lwdba | 127.0.0.1 |
| root | 127.0.0.1 |
| lwdba | localhost |
| root | localhost |
| vanilla | localhost |
+---------+-----------+
8 rows in set (0.00 sec)
mysql>
好吧,看我以匿名用户登录:
C:\MySQL_5.5.12>mysql -urol -Dtest -h127.0.0.1 --protocol=TCP
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.5.12-log MySQL Community Server (GPL)
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> select user(),current_user();
+---------------+----------------+
| user() | current_user() |
+---------------+----------------+
| rol@localhost | @% |
+---------------+----------------+
1 row in set (0.00 sec)
mysql>
认证顺序非常严格。它从最具体的到最不具体的。我在DBA StackExchange中写过这种身份验证样式。
不要忘记在必要时显式地调用TCP作为mysql客户端的协议。
如果MySQL运行在不区分大小写的操作系统(如Windows)上,也可能发生这种情况。
例:我发现尝试使用这些凭据连接到数据库失败:
mysql>授予数据库ev105的select权限。*到'specialuser',标识为's3curepa5wrd';
$ mysql -specialuser' -p's3curepa5wrd' -h10.61.130.89 databaseV105
错误1045(28000):拒绝访问用户'specialuser'@'10.0.1.113'(使用密码:YES)
但是,这成功了:
Mysql >授予select权限*到'specialuser',标识为's3curepa5wrd';
mysql ' - h10300,300,400 database105 -p
输入密码:
当你输入mysql -u root -p时,你是在通过本地unix套接字连接到mysql服务器。
不管你给的授权是什么,'bill'@'%'只匹配TCP/IP连接。
如果你想要授予对本地unix套接字的访问权限,你需要授予'bill'@'localhost'权限,奇怪的是,这与'bill'@'127.0.0.1'不一样。
您也可以使用TCP/IP连接mysql命令行客户端,以匹配您已经授予的权限,例如运行mysql -u root -p -h 192.168.1.123或任何您的本地IP地址。
我也有同样的问题,但在我的情况下,解决方案是由eggyal的评论解决的。我也有一个匿名用户,但删除它并不能解决问题。'FLUSH PRIVILEGES'命令仍然有效。
让我感到惊讶的是,我用MySQL Workbench创建了这个用户,我本来希望它能执行完成任务所需的所有功能。
