[英]prevent mysql user change password of other user
I have two users:我有两个用户:
user1 : all privleges, no grant option.
user1 :所有权限,没有授予选项。
user2 : all privleges, with grant option.
user2 :所有权限,带有授权选项。
user1 , connect to database and change password of user2 . user1 ,连接数据库,修改user2的密码。
How can I prevent this?我怎样才能防止这种情况?
The GRANT
privilege isn't related to passwords. GRANT
权限与密码无关。 It determines if user is able to change permissions for others.它确定用户是否能够更改其他人的权限。
In Set Password we can read:在设置密码中,我们可以阅读:
Setting the password for a named account (with a FOR clause) requires the
UPDATE
privilege for themysql
system schema .为命名帐户设置密码(使用 FOR 子句)需要
mysql
系统模式的UPDATE
权限。 Setting the password for yourself (for a nonanonymous account with no FOR clause) requires no special privileges.为自己设置密码(对于没有 FOR 子句的非匿名帐户)不需要特殊权限。
The recommend way to change passwords is the ALTER USER
statement but that documentation section basically states the same:更改密码的推荐方法是
ALTER USER
语句,但该文档部分基本相同:
In most cases,
ALTER USER
requires the globalCREATE USER
privilege, or theUPDATE
privilege for themysql
system schema .在大多数情况下,
ALTER USER
需要全局CREATE USER
权限,或者mysql
系统模式的UPDATE
权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.