MySQL 仅在一个数据库上授予文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13552206/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
grant file on just one database
提问by John
I want to allow LOAD DATA command for the john mysql user. So I logged into mysql terminal as root and issued the following statement:
我想为 john mysql 用户允许 LOAD DATA 命令。所以我以 root 身份登录到 mysql 终端并发出以下语句:
grant file on johndatabase.* to 'john'@'localhost';
But I got the following error:
但我收到以下错误:
ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES
If I replaced johndatabase.*with *.*, then everything works. But doesn't *.*mean all databases? I want to limit the john mysql user to just johndatabase.
如果我替换johndatabase.*为*.*,那么一切正常。但不*.*意味着所有数据库?我想将 john mysql 用户限制为 johndatabase。
回答by Ben Lee
You can't grant FILE privileges on just a single database. That logically doesn't make any sense. Consider what the docssay:
您不能仅授予单个数据库的 FILE 权限。这在逻辑上没有任何意义。考虑一下文档所说的内容:
The FILE privilege gives you permission to read and write files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. (This implies the user can read any file in any database directory, because the server can access any of those files.)
FILE 权限授予您使用 LOAD DATA INFILE 和 SELECT ... INTO OUTFILE 语句以及 LOAD_FILE() 函数在服务器主机上读取和写入文件的权限。具有 FILE 权限的用户可以读取服务器主机上任何世界可读或 MySQL 服务器可读的文件。(这意味着用户可以读取任何数据库目录中的任何文件,因为服务器可以访问任何这些文件。)
Thus, the FILE privilege is a globalprivilege. It affects all files on the server and allows access only to global commands (e.g. LOAD DATA INFILE, etc...), not scoped to any database. The only way to grant FILE privileges is on all databases, using this syntax:
因此,FILE 权限是一个全局权限。它会影响服务器上的所有文件,并且只允许访问全局命令(例如LOAD DATA INFILE,等...),而不限于任何数据库。授予 FILE 权限的唯一方法是在所有数据库上使用以下语法:
GRANT FILE ON *.* TO 'john'@'localhost';
回答by Michiel van Baak
with the FILE privilege, you give a user access to the filesystem that the mysql server can access. Because of this, it's useless to limit it to a specific database, as the user will be able to access all databases on filesystem level. This is because it can only be set on .
使用 FILE 权限,您可以授予用户访问 mysql 服务器可以访问的文件系统的权限。因此,将其限制为特定数据库是没有用的,因为用户将能够访问文件系统级别的所有数据库。这是因为它只能设置在 上。
