MySQL 帐户名由用户名和主机名组成,这使得从不同主机连接的具有相同用户名的用户可以创建不同的帐户。本节介绍帐户名称的语法,包括特殊值和通配符规则。
帐户名称出现在 SQL 语句中,例如
CREATE USER、
GRANT和SET
PASSWORD并遵循以下规则:
帐户名语法是 .
'user_name'@'host_name'该 部分是可选的。仅由用户名组成的帐户名等同于 . 例如,相当于 .
@'host_name''user_name'@'%''me''me'@'%'如果用户名和主机名作为未加引号的标识符是合法的,则不需要加引号。
user_name如果字符串包含特殊字符(例如空格或-),或者host_name字符串包含特殊字符或通配符(例如.或),则必须使用引号%。例如,在 account name'test-user'@'%.com'中,用户名和主机名部分都需要引号。使用反引号 (
`)、单引号 (') 或双引号 (") 将用户名和主机名作为标识符或字符串引用。有关字符串引用和标识符引用指南,请参阅 第 9.1.1 节,“字符串文字”和 第 9.2 节,“模式对象名称”。如果引用用户名和主机名部分,则必须单独引用。即写
'me'@'localhost',不 写'me@localhost'。后者实际上相当于'me@localhost'@'%'.CURRENT_USER对or函数 的引用CURRENT_USER()等同于按字面指定当前客户端的用户名和主机名。
MySQL 将帐户名存储在
mysql系统数据库的授权表中,使用单独的列作为用户名和主机名部分:
有关存储在授权表中的用户名和主机名属性的更多详细信息,例如最大长度,请参阅 授权表范围列属性。
用户名和主机名具有某些特殊值或通配符约定,如下所述。
帐户名的用户名部分要么是一个与传入连接尝试的用户名字面匹配的非空值,要么是一个与任何用户名匹配的空值(空字符串)。具有空白用户名的帐户是匿名用户。要在 SQL 语句中指定匿名用户,请使用带引号的空用户名部分,例如''@'localhost'.
帐户名的主机名部分可以采用多种形式,并且允许使用通配符:
A host value can be a host name or an IP address (IPv4 or IPv6). The name
'localhost'indicates the local host. The IP address'127.0.0.1'indicates the IPv4 loopback interface. The IP address'::1'indicates the IPv6 loopback interface.The
%and_wildcard characters are permitted in host name or IP address values. These have the same meaning as for pattern-matching operations performed with theLIKEoperator. For example, a host value of'%'matches any host name, whereas a value of'%.mysql.com'matches any host in themysql.comdomain.'198.51.100.%'matches any host in the 198.51.100 class C network.Because IP wildcard values are permitted in host values (for example,
'198.51.100.%'to match every host on a subnet), someone could try to exploit this capability by naming a host198.51.100.somewhere.com. To foil such attempts, MySQL does not perform matching on host names that start with digits and a dot. For example, if a host is named1.2.example.com, its name never matches the host part of account names. An IP wildcard value can match only IP addresses, not host names.For a host value specified as an IPv4 address, a netmask can be given to indicate how many address bits to use for the network number. Netmask notation cannot be used for IPv6 addresses.
The syntax is
host_ip/netmaskCREATE USER 'david'@'198.51.100.0/255.255.255.0';This enables
davidto connect from any client host having an IP addressclient_ipfor which the following condition is true:client_ip & netmask = host_ipThat is, for the
CREATE USERstatement just shown:client_ip & 255.255.255.0 = 198.51.100.0IP addresses that satisfy this condition range from
198.51.100.0to198.51.100.255.A netmask typically begins with bits set to 1, followed by bits set to 0. Examples:
198.0.0.0/255.0.0.0: Any host on the 198 class A network198.51.0.0/255.255.0.0: Any host on the 198.51 class B network198.51.100.0/255.255.255.0: Any host on the 198.51.100 class C network198.51.100.1: Only the host with this specific IP address
The server performs matching of host values in account names against the client host using the value returned by the system DNS resolver for the client host name or IP address. Except in the case that the account host value is specified using netmask notation, the server performs this comparison as a string match, even for an account host value given as an IP address. This means that you should specify account host values in the same format used by DNS. Here are examples of problems to watch out for:
假设本地网络上的主机具有完全限定名称
host1.example.com. 如果 DNS 将此主机的名称查找返回为host1.example.com,请在帐户主机值中使用该名称。如果 DNS 仅返回host1,请host1改用。如果 DNS 返回给定主机的 IP 地址为
198.51.100.2,则匹配帐户主机值198.51.100.2但不 匹配198.051.100.2。同样,它匹配一个帐户主机模式,如198.51.100.%但不是198.051.100.%。
为避免此类问题,建议检查 DNS 返回主机名和地址的格式。在 MySQL 帐户名中使用相同格式的值。