mysql - 如何限制来自特定主机的查询

Question

如何确保 'anil' 不能从任何名为 '%desk%' 的机器上运行命令？

mysql> show grants for anil;

+------------------------------------------------------------------------------------+
| Grants for anil@%                                                                  |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'anil'@'%'                                                   |
| GRANT SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* TO 'anil'@'%' |
+------------------------------------------------------------------------------------+


mysql> revoke all privileges, grant option from 'anil'@'%desk%';
ERROR 1269 (HY000): Can't revoke all privileges for one or more of the requested users

mysql> revoke usage on *.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'

mysql> revoke SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'

Answer 1

MySQL 只允许您授予权限，它没有能力授予除特定主机之外的所有主机，或者以您尝试的方式基于主机名拒绝权限。完成此操作的唯一方法是仅向用户授予可接受的主机名的权限。该REVOKE命令仅删除以前的GRANTed 权限。

如果您的网络碰巧被分成子域 [即：*.desk.company.tld 和 *.serv.company.tld]，您应该能够授予'anil'@'%.serv.company.tld'或类似的子网：'anil'@'192.168.1.%'.