English
中文 
mysql 的权限体系大致分为5个层级:
全局层级
全局权限适用于一个给定服务器中的所有数据库。这些权限存储在mysql.user表中。GRANT ALL ON *.*和REVOKE ALL ON *.*只授予和撤销全局权限。
数据库层级
数据库权限适用于一个给定数据库中的所有目标。这些权限存储在mysql.db和mysql.host表中。GRANT ALL ON db_name.*和REVOKE ALL ON db_name.*只授予和撤销数据库权限。
表层级
表权限适用于一个给定表中的所有列。这些权限存储在mysql.talbes_priv表中。GRANT ALL ON db_name.tbl_name和REVOKE ALL ON db_name.tbl_name只授予和撤销表权限。
列层级
列权限适用于一个给定表中的单一列。这些权限存储在mysql.columns_priv表中。当使用REVOKE时,您必须指定与被授权列相同的列。
子程序层级
CREATE ROUTINE, ALTER ROUTINE, EXECUTE和GRANT权限适用于已存储的子程序。这些权限可以被授予为全局层级和数据库层级。而且,除了CREATE ROUTINE外,这些权限可以被授予为子程序层级,并存储在mysql.procs_priv表中。
这些权限信息存储在下面的系统表中:
mysql.user
mysql.db
mysql.host
mysql.table_priv
mysql.column_priv
当用户连接进来,mysqld会通过上面的这些表对用户权限进行验证!
注意:
当后续目标是一个表、一个已存储的函数或一个已存储的过程时,object_type子句应被指定为TABLE、FUNCTION或PROCEDURE。当从旧版本的MySQL升级时,要使用本子句,您必须升级您的授权表。请
我们可以用 CREATE USER 或 GRANT 创建用户,后者还同时分配相关权限。而 REVOKE 则用于删除用户权限,DROP USER 删除账户。
MySQL 赋予用户权限命令语法为:
grant 权限 on 数据库对象 to 用户;
grant 权限 on 数据库对象 to 用户 identified by “密码”;
grant 权限 on 数据库对象 to 用户@”ip” identified by “密码”
GRANT 语法:
GRANT privileges (columns)
ON what
TO user IDENTIFIED BY “password”
WITH GRANT OPTION;
privileges 列表:
* ALTER: 修改表和索引。
* CREATE: 创建数据库和表。
* DELETE: 删除表中已有的记录。
* DROP: 抛弃(删除)数据库和表。
* INDEX: 创建或抛弃索引。
* INSERT: 向表中插入新行。
* REFERENCE:未使用。
* SELECT: 检索表中的记录。
* UPDATE: 修改现存表记录。
* FILE: 读或写服务器上的文件。
* PROCESS: 查看服务器中执行的线程信息或杀死线程。
* RELOAD: 重载授权表或清空日志、主机缓存或表缓存。
* SHUTDOWN: 关闭服务器。
* ALL: 所有权限,ALL PRIVILEGES同义词。
* USAGE: 特殊的 “无权限” 权限。
user 账户包括 “username” 和 “host” 两部分 即是username@host ,后者表示该用户被允许从何地接入。user@’%’表示用户user可以从任何地址访问本地的数据库,默认可以省略。还可以是 “
子句 “WITH GRANT OPTION” 表示该用户可以为其他用户分配权限。使用grant 命令创建用户或者进行授权之后,需要使用flush privileges刷新MySQL的系统权限相关表,否则会出现拒绝访问,或者重新启动mysql服务器,来使新设置生效。当然后者并不是一种好想法!
比如:
一 grant普通数据用户yangql402查询、插入、更新、删除 数据库(test)中所有表数据的权利。
grant select, insert, update, delete on test.* to yangql402@’%’;
二 grant数据库开发人员(yangql402),创建表、索引、视图、存储过程、函数。。。等权限。
grant创建、修改、删除 MySQL 数据表结构权限。
grant create on test.* to yangql402@’10.250.7.225′;
grant alter on test.* to yangql402@’10.250.7.225′;
grant drop on test.* to yangql402@’10.250.7.225′;
grant 操作 MySQL 外键权限,官方文档上说未使用!
grant references on test.* to yangql402@’10.250.7.225′;
grant 操作 MySQL 临时表权限。
grant create temporary tables on test.* to yangql402@’10.250.7.225′;
grant 操作 MySQL 索引权限。
grant index on test.* to yangql402@’10.250.7.225′;
grant 操作 MySQL 视图、查看视图源代码 权限。
grant create view on test.* to yangql402@’10.250.7.225′;
grant show view on test.* to yangql402@’10.250.7.225′;
grant 操作 MySQL 存储过程、函数 权限。
grant create routine on test.* to yangql402@’10.250.7.225′;
grant alter routine on test.* to yangql402@’10.250.7.225′;
grant execute on test.* to yangql402@’10.250.7.225′;
三 grant 普通DBA管理某个MySQL数据库(test)的权限。
grant all privileges on test to dba@’localhost’
其中,关键字 “privileges” 可以省略。
四 grant 高级 DBA 管理 MySQL 中所有数据库的权限。
grant all on *.* to dba@’localhost’
五 MySQL grant 权限,分别可以作用在多个层次上。
a. grant 作用在整个 MySQL 服务器上:
grant select on *.* to dba@localhost; — dba 可以查询 MySQL 中所有数据库中的表。
grant all on *.* to dba@localhost; — dba 可以管理 MySQL 中的所有数据库
b. grant 作用在单个数据库上:
grant select on test.* to dba@localhost; — dba 可以查询 test 中的表。
c. grant 作用在单个数据表上:
grant select, insert, update, delete on test.yql8 to dba@localhost;
d. grant 作用在表中的列上:
grant select(id, se, rank) on test.yql8 to dba@localhost;
e. grant 作用在存储过程、函数上:
grant execute on procedure test.yql8 to ‘dba’@’localhost’;
grant execute on function test.yql8 to ‘dba’@’localhost’;
六 查看用户权限
查看当前用户自己的权限:
show grants;
查看其他 MySQL 用户权限:
show grants for dba@localhost;
七 撤销用户权限
使用revoke 命令来注销用户的权限,具体语法:
要撤销所有权限,需使用以下语法。此语法用于取消对于已命名的用户的所有全局层级、数据库层级、表层级和列层级的权限。
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] …
也可以指定具体的权限比如:
注意:
1 使用GRANT或REVOKE,操作者必须拥有GRANT OPTION权限,并且您必须用于您正在授予或撤销的权限。
2 使用REVOKE撤销全部权限,操作者必须拥有mysql数据库的全局CREATE USER权限或UPDATE权限。
八 删除用户:
DROP USER user;
其中user 账户包括 “username” 和 “host” 两部分 即是username@host;如果创建的时候为yangql@”10.250.7.225“,则删除的时候必须使用
drop user yangql@”10.250.7.225“,否则会报错!
mysql> drop user yangql402;
ERROR 1396 (HY000): Operation DROP USER failed for ‘yangql402′@’10.250.7.225′
mysql> drop user yangql402@’10.250.7.225′;
Query OK, 0 rows affected (0.01 sec)
Cloud file sharing involves a system where users are allocated storage space on a server and are allowed to perform read and write operations on the data they save in their space online.
A popular service is Dropbox and while it offers a free version, it is not open source. There are also many Dropbox alternatives for Linux, but this article focuses on the best free open source cloud file sharing platforms.
1. NextCloud
NextCloud is arguably the most popular open source cloud file sharing service. Apart from sharing files, it allows you to share calendars, contacts, emails and includes professional features like team collaboration and data synchronization and it packs text and video chat apps.
Nextcloud – self-hosted file share and communication platform
2. Ceph
Ceph is an open source distributed object, block, and file storage platform that uses a POSIX-compliant network file system in order to provide large data storage, high performance, and optimum support for legacy applications.
Ceph – unified, distributed storage system
3. Aurora Files
Aurora Files is a developer friendly, encrypted file-sharing software. It has support for Google Drive and Dropbox as network logins, Zipped file viewer, and MS Office file viewer.
Aurora Files – file storage platform
4. YouTransfer
YouTransfer is an open source file transfer cloud service with a few more features than FileDrop given that it has a Docker image for container users.
The file transfer process works via link sharing via email, message, or any other sharing method together with an optional message.
YouTransfer – file-sharing solution
5. Pydio Cells
Pydio Cells is a Golang-based on-premise file management platform that aims to provide reliable file hosting, synchronization, and sharing. It has a strong emphasis on security and can be deployed on any server type of your choosing.
Fun fact, Pydio Cells went by the name of just “Pydio” and was written in PHP and JavaScript before until its entire rewrite in Golang.
Pydio – File Sharing & Sync Platform
6. LinShare
LinShare aims to provide an enterprise-grade cloud file sharing solution for free and it is succeeding. It enables users to share large files, manage activity logs and users, and enjoy healthcare-related features all while enjoying high security.
LinShare – secure file sharing platform
7. NitroShare
NitroShare is a cross-platform network file transfer app designed to extremely simplify sharing files while maintaining efficient speeds.
8. OnionShare
OnionShare is an open source platform that enables its users to share files of any size across the internet without jeopardizing their security or anonymity.
OnionShare – Secure and Anonymous Filesharing
9. FileDrop
FileDrop is a lightweight web-based UI for sharing files. You can use it as a standalone server in trusted LANs but it is mostly used together with Sandstorm, an open source web-based productivity suite.
FileDrop – share files over wifi
10. ProjectSend
ProjectSend is a private clients-oriented web service that provides a file-sharing platform for teams complete with features like uploads auto-expiration, usage logs, user permissions, etc.
ProjectSend – share files with your clients
There are notable mentions like Syncthing, Seafile, Cozy and Syncany but what is your favourite open source cloud file sharing application? Drop your comments in the section below.
