Percona-Tookit工具包之pt-show-grants
pt-show-grants [OPTIONS] [DSN]
//Regular parameters.
--drop //Add "DROP USER" before each user of output,which can be used to get a ddl of droping user.
--flush //Add "FLUSH PRIVILEGES" after output(version ahead 4.1.1 need).
--ignore //Speicify the ignore user.
--only //on the contrary of "--ignore" does,specify the only user you want.
--include-unused-roles //This options merely for MySQL 8.0 + version which support roles.
--seperate //List the grant and revoke statement respectively. //Dump hearder relevant.
--no-header //Don't print head information of dump.
--no-timestamp //Don't add timestam to the head of dump.
[root@zlm1 :: ~]
#pt-show-grants
-- Grants dumped by pt-show-grants
-- Dumped from server Localhost via UNIX socket, MySQL 5.7.-log at -- ::
-- Grants for 'bkuser'@'localhost'
CREATE USER IF NOT EXISTS 'bkuser'@'localhost';
ALTER USER 'bkuser'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*3DE5D9E4FBC1E464DA1B1172D6333CE89FDE5C61' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT LOCK TABLES, PROCESS, RELOAD, REPLICATION CLIENT ON *.* TO 'bkuser'@'localhost';
-- Grants for 'mysql.session'@'localhost'
CREATE USER IF NOT EXISTS 'mysql.session'@'localhost';
ALTER USER 'mysql.session'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
GRANT SELECT ON `mysql`.`user` TO 'mysql.session'@'localhost';
GRANT SELECT ON `performance_schema`.* TO 'mysql.session'@'localhost';
GRANT SUPER ON *.* TO 'mysql.session'@'localhost';
-- Grants for 'mysql.sys'@'localhost'
CREATE USER IF NOT EXISTS 'mysql.sys'@'localhost';
ALTER USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
GRANT SELECT ON `sys`.`sys_config` TO 'mysql.sys'@'localhost';
GRANT TRIGGER ON `sys`.* TO 'mysql.sys'@'localhost';
GRANT USAGE ON *.* TO 'mysql.sys'@'localhost';
-- Grants for 'repl'@'192.168.56.%'
CREATE USER IF NOT EXISTS 'repl'@'192.168.56.%';
ALTER USER 'repl'@'192.168.56.%' IDENTIFIED WITH 'mysql_native_password' AS '*872ECE72A7EBAC6A183C90D7043D5F359BD85A9E' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'repl'@'192.168.56.%';
-- Grants for 'root'@'localhost'
CREATE USER IF NOT EXISTS 'root'@'localhost';
ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*DDFB542AA0BD1D251995D81AEBEB96DEEAD1132F' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;
[root@zlm1 :: ~]
#pt-show-grants -hlocalhost -P3306 -uroot -pPassw0rd --only=root
-- Grants dumped by pt-show-grants
-- Dumped from server Localhost via UNIX socket, MySQL 5.7.-log at -- ::
-- Grants for 'root'@'localhost'
CREATE USER IF NOT EXISTS 'root'@'localhost';
ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*DDFB542AA0BD1D251995D81AEBEB96DEEAD1132F' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;
[root@zlm1 :: ~]
#pt-show-grants -hlocalhost -P3306 -uroot -pPassw0rd --only=root --separate --revoke
-- Grants dumped by pt-show-grants
-- Dumped from server Localhost via UNIX socket, MySQL 5.7.-log at -- ::
-- Revoke statements for 'root'@'localhost'
REVOKE ALL PRIVILEGES ON *.* FROM 'root'@'localhost';
REVOKE GRANT OPTION ON *.* FROM 'root'@'localhost';
REVOKE PROXY ON ''@'' FROM 'root'@'localhost';
REVOKE GRANT OPTION ON *.* FROM 'root'@'localhost';
-- Grants for 'root'@'localhost'
CREATE USER IF NOT EXISTS 'root'@'localhost';
ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*DDFB542AA0BD1D251995D81AEBEB96DEEAD1132F' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;
[root@zlm1 :: ~]
# pt-show-grants -hlocalhost -P3306 -uroot -pPassw0rd --only=root --drop
-- Grants dumped by pt-show-grants
-- Dumped from server Localhost via UNIX socket, MySQL 5.7.-log at -- ::
DROP USER 'root'@'localhost';
DELETE FROM `mysql`.`user` WHERE `User`='root' AND `Host`='localhost';
-- Grants for 'root'@'localhost'
CREATE USER IF NOT EXISTS 'root'@'localhost';
ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*DDFB542AA0BD1D251995D81AEBEB96DEEAD1132F' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;
[root@zlm1 :: ~]
#pt-show-grants -h192.168.56. -P3306 -urepl -prepl4slave --only repl --no-timestamp
-- Grants dumped by pt-show-grants
-- Dumped from server 192.168.56.100 via TCP/IP, MySQL 5.7.-log
-- Grants for 'repl'@'192.168.56.%'
CREATE USER IF NOT EXISTS 'repl'@'192.168.56.%';
ALTER USER 'repl'@'192.168.56.%' IDENTIFIED WITH 'mysql_native_password' AS '*872ECE72A7EBAC6A183C90D7043D5F359BD85A9E' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'repl'@'192.168.56.%';
[root@zlm1 :: ~]
#pt-show-grants -h192.168.56. -P3306 -urepl -prepl4slave --only repl --no-header
-- Grants for 'repl'@'192.168.56.%' //Only message of annotation this time.
CREATE USER IF NOT EXISTS 'repl'@'192.168.56.%';
ALTER USER 'repl'@'192.168.56.%' IDENTIFIED WITH 'mysql_native_password' AS '*872ECE72A7EBAC6A183C90D7043D5F359BD85A9E' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
GRANT ALL PRIVILEGES ON *.* TO 'repl'@'192.168.56.%';
Distinguish the difference of user privileges between zlm1 & zlm2 and make it be same.
//Dump the user grans into a file on server zlm1
[root@zlm1 :: ~]
#pt-show-grants -h192.168.56. -P3306 -urepl -prepl4slave --only repl > repl_grants.sql //Copy the file to zlm2.
[root@zlm1 :: ~]
#scp repl_grants.sql 192.168.56.101:~
repl_grants.sql % .4KB/s : [root@zlm1 :: ~] //Show user infomation on zlm2.
root@localhost:mysql.sock [(none)]>select user,host from mysql.user;
+---------------+--------------+
| user | host |
+---------------+--------------+
| repl | 192.168..% |
| bkuser | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+--------------+
rows in set (0.00 sec) //Show user grants infomation.
root@localhost:mysql.sock [(none)]>show grants for repl@'192.168.56.%';
+---------------------------------------------------------+
| Grants for repl@192.168..% |
+---------------------------------------------------------+
| GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.56.%' |
+---------------------------------------------------------+
row in set (0.00 sec) //Revoke the privileges from repl user to mimic difference.
root@localhost:mysql.sock [(none)]>revoke all on *.* from repl@'192.168.56.%';
Query OK, rows affected (0.00 sec) root@localhost:mysql.sock [(none)]>show grants for repl@'192.168.56.%';
+---------------------------------------------+
| Grants for repl@192.168..% |
+---------------------------------------------+
| GRANT USAGE ON *.* TO 'repl'@'192.168.56.%' |
+---------------------------------------------+
row in set (0.00 sec) //Check difference with zlm1.
[root@zlm2 :: ~]
#pt-show-grants -hlocalhost -P3306 -uroot -pPassw0rd --only repl | diff repl_grants.sql -
2c2
< -- Dumped from server 192.168.56.100 via TCP/IP, MySQL 5.7.-log at -- ::
---
> -- Dumped from server Localhost via UNIX socket, MySQL 5.7.-log at -- ::
6c6
< GRANT ALL PRIVILEGES ON *.* TO 'repl'@'192.168.56.%'; //User privileges in dump file.
---
> GRANT USAGE ON *.* TO 'repl'@'192.168.56.%'; //User privileges in local server. [root@zlm2 :: ~]
#mysql -hlocalhost -S /var/lib/mysql/mysql.sock -uroot -pPassw0rd < repl_grants.sql >/dev/null //Import the user grants from dump file. //Check the privileges of user repl again.
[root@zlm2 :: ~]
#mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is
Server version: 5.7.-log MySQL Community Server (GPL) Copyright (c) , , Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. root@localhost:mysql.sock [(none)]>show grants for repl@'192.168.56.%';
+------------------------------------------------------+
| Grants for repl@192.168..% |
+------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'repl'@'192.168.56.%' | //The privileges are same with zlm1 now.
+------------------------------------------------------+
row in set (0.00 sec)
- pt-show-grants helps us dba to manager user privileges better than MySQL command line "show grant for ... ;" does.
- pt-show-grants is convenient to use even with any options specified.
- pt-show-grants can be used to check the difference of user privileges between the servers.
- pt-show-grants is not a intrusive tool like pt-pmp,you can run it at any time you need.
Percona-Tookit工具包之pt-show-grants的更多相关文章
- Linux后台开发工具箱
https://files-cdn.cnblogs.com/files/aquester/Linux后台开发工具箱.pdf 目录 目录 1 1. 前言 3 2. 脚本类工具 3 2.1. sed命令- ...
- Mysql: pt-table-checksum 和 pt-table-sync 检查主从一致性,实验过程
一.安装 percona 包 1.安装仓库的包 https://www.percona.com/doc/percona-repo-config/yum-repo.html sudo yum insta ...
- Linux后台开发工具箱-葵花宝典
Linux后台开发工具箱-葵花宝典 一见 2016/11/4 目录 目录 1 1. 前言 4 2. 脚本类工具 4 2.1. 双引号和单引号 4 2.2. 取脚本完整文件路径 5 2.3. 环境变量和 ...
- 推荐几款MySQL相关工具
前言: 随着互联网技术的不断发展, MySQL 相关生态也越来越完善,越来越多的工具涌现出来.一些公司或个人纷纷开源出一些不错的工具,本篇文章主要介绍几款 MySQL 相关实用工具.提醒下,这里并不介 ...
- [知识库分享系列] 二、.NET(ASP.NET)
最近时间又有了新的想法,当我用新的眼光在整理一些很老的知识库时,发现很多东西都已经过时,或者是很基础很零碎的知识点.如果分享出去大家不看倒好,更担心的是会误人子弟,但为了保证此系列的完整,还是选择分享 ...
- SQL慢查询安装过程
SQL慢查询 基本操作 打开防火墙 firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --reload 安 ...
- 快速安装Percona pt工具
yum install perl-DBI perl-DBD-MySQL perl-Time-HiRes perl-Time-HiRes perl-IO-Socket-SSLwget http://pk ...
- Percona 工具包 pt-online-schema-change 简介
mysql的在线表结构修改,因为低效和阻塞读写.一直被诟病.至于ALTER TABLE 的原理,参看我上一篇文章.MySQL在线修改大表结构.看完后,发现的问题是还是会锁的,且对于在线更新的这块也是不 ...
- 安装percona工具包
1.安装percona源 sudo yum install http://www.percona.com/downloads/percona-release/redhat/0.1-4/percona- ...
- percona pt toolkit 总结
##=====================================================##pt-osc之工作流程:1.检查更改表是否有主键或唯一索引,是否有触发器2.检查修改表 ...
随机推荐
- 自定义ExtJS文件上传
日常工作中,一般文件上传都是跟随表单一起提交的,但是遇到form表单中有许多地方有文件上传时这种方式却不是很适用,以下是我工作中用的文件上传方式: { xtype: 'fileuploadfield' ...
- 什么时候修改class
点击按钮class发生改变 <html> <head> <meta http-equiv="Content-Type" content="t ...
- learn OpenStack by picture
- ViewPager+handler实现轮播
先说下功能吧,随便设置一个网络图片链接的集合,作为图片的资源.我用ImageLoader来加载图片,在图片未加载完成时会ProgressBar加载状态 在Handler发送一个空消息来实现页面的轮播 ...
- matlab练习程序(结构张量structure tensor)
根据结构张量能区分图像的平坦区域.边缘区域与角点区域. 此算法也算是计算机科学最重要的32个算法之一了.链接的文章中此算法名称为Strukturtensor算法,不过我搜索了一下,Strukturte ...
- Azure 10月新公布
Azure 10月新发布:F 系列计算优化实例,认知服务,媒体服务流式处理单元更名,Azure 镜像市场,FreeBSD 适用于Azure 虚拟机的全新 F 系列计算优化实例 Azure 虚拟机的全新 ...
- 增加C盘空间大小
随着我们使用电脑的时间越来越久,电脑C盘的空间会出现不够用的情况,这时我们需要的就是增加C盘的大小,基本上有两种方式 1.通过系统自带的磁盘管理(有可能没法操作,主要介绍第二种) 2.通过分区软件进行 ...
- 【Spring实战】—— 10 AOP针对参数的通知
通过前面的学习,可以了解到 Spring的AOP可以很方便的监控到方法级别的执行 ,针对于某个方法实现通知响应. 那么对于方法的参数如何呢? 比如我们有一个方法,每次传入了一个字符串,我想要知道每次传 ...
- CSS z-index的用法
理清 position及z-index的用法: static : 无特殊定位,对象遵循HTML定位规则absolute : 将对象从文档流中拖出,使用left,right,top,bottom等属 ...
- ring0 关于SSDTHook使用的绕过页面写保护的原理与实现
原博:http://www.cnblogs.com/hongfei/archive/2013/06/18/3142162.html 为了安全起见,Windows XP及其以后的系统将一些重要的内存页设 ...