📄 mysqlaccess
字号:
Access-rights for USER 'nobody', from HOST 'foo.bar', to DB 'Foo' +-----------------+---+ +-----------------+---+ | select_priv | Y | | drop_priv | N | | insert_priv | Y | | reload_priv | N | | update_priv | Y | | shutdown_priv | N | | delete_priv | Y | | process_priv | N | | create_priv | N | | file_priv | N | +-----------------+---+ +-----------------+---+ BEWARE: Everybody can access your DB as user 'nobody' : WITHOUT supplying a password. Be very careful about it!! The following rules are used: db : 'foo.bar','Foo','nobody','Y','Y','Y','N','N','N' host : 'Not processed: host-field is not empty in db-table.' user : 'foo.bar','nobody','','N','N','N','Y','N','N','N','N','N','N'3)Using wildcards: \$ $script \\* nobody Foo --brief ->report access-rights of user nobody from all machines to db Foo, and use a matrix-report. Sel Ins Upd Del Crea Drop Reld Shut Proc File Host,User,DB ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- -------------------- Y Y Y Y N N N N N N localhost,nobody,Foo N N N N N N N N N N %,nobody,Foo N N N N N N N N N N any_other_host,nobody,Foo_HOWTO# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ## START OF THE PROGRAM ## +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #use Getopt::Long;use Sys::Hostname;use IPC::Open3;# ****************************# debugging flag# can be set to 0,1,2,3# a higher value gives more info# ! this can also be set on the command-line $DEBUG = 0;# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++>8# Normaly nothing should be changed beneeth this line# ****************************# no caching on STDOUT $|=1; $MYSQL_CNF = tmpnam(); %MYSQL_CNF = (client => { }, mysql => { }, mysqldump => { }, );$NEW_USER = 'ANY_NEW_USER';$NEW_DB = 'ANY_NEW_DB' ;# %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ## mysqlaccess: ## ~~~~~~~~~~~ ## Lets get to it, ## and start the program by processing the parameters ## %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% #($CMD,$CGI) = GetMode();# ****************************# the copyright message should# always be printed (once)MySQLaccess::Report::Print_Header();# *****************************# Read configuration-file MySQLaccess::Debug::Print(1, "Reading configuration file..."); if (-f "./$script_conf") { require "./$script_conf"; } elsif (-f "/etc/$script_conf") { require "/etc/$script_conf"; }# ****************************# Read in all parametersif ($MySQLaccess::CMD) { #command-line version # ---------------------------- # Get options from commandline $Getopt::Long::ignorecase=0; #case sensitive options if ( grep(/\-\?/,@ARGV) ) { MySQLaccess::Report::Print_Usage(); exit 0; } GetOptions("help" => \$Param{'help'} ,"host|h=s" => \$Param{'host'} ,"user|u=s" => \$Param{'user'} ,"password|p:s" => \$Param{'password'} ,"db|d=s" => \$Param{'db'} ,"superuser|U=s" => \$Param{'superuser'} ,"spassword|P:s" => \$Param{'spassword'} ,"rhost|H=s" => \$Param{'rhost'} ,"old_server" => \$Param{'old_server'} ,"debug=i" => \$Param{'DEBUG'} ,"brief|b" => \$Param{'brief'} ,"table|t" => \$Param{'table'} ,"relnotes" => \$Param{'relnotes'} ,"plan" => \$Param{'plan'} ,"howto" => \$Param{'howto'} ,"version|v" => \$Param{'version'} ,"preview" => \$Param{'preview'} ,"copy" => \$Param{'copy'} ,"commit" => \$Param{'commit'} ,'rollback' => \$Param{'rollback'} ); # ----------------------------- # set DEBUG $DEBUG = $Param{'DEBUG'} if ($Param{'DEBUG'}>=$DEBUG); # ----------------------------- # check for things which aren't # declared as options: # 2 arguments: (user,db) -> ('localhost','user','db') if ($#ARGV == 1) { MySQLaccess::Debug::Print(2,"$script called with 2 arguments:"); $Param{'host'} = $Param{'host'} || 'localhost'; $Param{'user'} = $ARGV[0] || $Param{'user'}; $Param{'db'} = $ARGV[1] || $Param{'db'}; } # 3 arguments: (host,user,db) if ($#ARGV == 2) { MySQLaccess::Debug::Print(2,"$script called with 3 arguments:"); $Param{'host'} = $ARGV[0] || $Param{'host'}; $Param{'user'} = $ARGV[1] || $Param{'user'}; $Param{'db'} = $ARGV[2] || $Param{'db'}; } # ------------------------------------- # prompt for user password if requested if ( defined($Param{'password'}) && length($Param{'password'}) == 0 ) { $Param{'password'} = PromptPass( "Password for MySQL user $Param{'user'}: "); }}if ($MySQLaccess::CGI) { #CGI-version require CGI; $Q = new CGI; $Param{'help'} = $Q->param('help') ; $Param{'host'} = $Q->param('host') || $Q->param('h') || $Param{'host'}; $Param{'user'} = $Q->param('user') || $Q->param('u') || $Param{'user'}; $Param{'db'} = $Q->param('db') || $Q->param('d') || $Param{'db'}; $Param{'password'} = $Q->param('password') || $Q->param('p') || $Param{'password'}; $Param{'superuser'} = $Q->param('superuser') || $Q->param('U') || $Param{'superuser'}; $Param{'spassword'} = $Q->param('spassword') || $Q->param('P') || $Param{'spassword'}; $Param{'rhost'} = $Q->param('rhost') || $Q->param('H') || $Param{'rhost'}; $Param{'old_server'}= $Q->param('old_server')|| $Param{'old_server'}; $Param{'debug'} = $Q->param('debug') || $Param{'debug'}; $Param{'brief'} = $Q->param('brief') || $Param{'brief'}; $Param{'table'} = $Q->param('table') || $Param{'table'}; $Param{'relnotes'} = $Q->param('relnotes'); $Param{'plan'} = $Q->param('plan'); $Param{'howto'} = $Q->param('howto'); $Param{'version'} = $Q->param('version') ? $Q->param('version') : $Q->param('v'); $Param{'edit'} = $Q->param('edit'); $Param{'preview'} = $Q->param('preview'); $Param{'copy'} = $Q->param('copy'); $Param{'commit'} = $Q->param('commit'); $Param{'rollback'} = $Q->param('rollback'); # ----------------------------- # set DEBUG $DEBUG = $Q->param('debug') if ($Q->param('debug')>=$DEBUG);}# ----------------------# brief and table-format # exclude each-other# table-format is preferedif (defined($Param{'table'})) { undef($Param{'brief'}); }if (defined($Param{'preview'}) or defined($Param{'copy'}) or defined($Param{'commit'}) or defined($Param{'rollback'}) ) { $Param{'edit'}='on'; }# ----------------------# if no host is given# assume we mean 'localhost'if (!defined($Param{'host'})) { $Param{'host'}='localhost'; }# ----------------------# perform some checks# -> eliminate 'broken pipe' errorpush(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL);push(@MySQLaccess::Grant::Error,'not_found_diff') if !(-x $DIFF);push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);if (@MySQLaccess::Grant::Error) { MySQLaccess::Report::Print_Error_Messages() ; exit 0;}#-----------------------# get info/help if necc.$print_usage=1;if ( defined($Param{'version'}) ) { MySQLaccess::Report::Print_Version(); $print_usage=0; MySQLaccess::Report::Print_Footer(); MySQLaccess::DB::CloseConnection(); exit 0;# exit 0;}if ( defined($Param{'relnotes'}) ) { MySQLaccess::Report::Print_Relnotes(); $print_usage=0; MySQLaccess::Report::Print_Footer(); MySQLaccess::DB::CloseConnection(); exit 0;# exit 0;}if ( defined($Param{'plan'}) ) { MySQLaccess::Report::Print_Plans(); $print_usage=0; MySQLaccess::Report::Print_Footer(); MySQLaccess::DB::CloseConnection(); exit 0;# exit 0;}if ( defined($Param{'howto'}) ) { MySQLaccess::Report::Print_HowTo(); $print_usage=0; MySQLaccess::Report::Print_Footer(); MySQLaccess::DB::CloseConnection(); exit 0;# exit 0;}# -----------------------------# generate a help-screen in CMD-mode# or a blanc form in CGI-mode if ( defined($Param{'help'}) or !defined($Param{'user'}) or !defined($Param{'host'}) or !defined($Param{'db'}) ) { push(@MySQLaccess::Grant::Error,'user_required') unless defined($Param{'user'}); push(@MySQLaccess::Grant::Error,'db_required') unless defined($Param{'db'}); push(@MySQLaccess::Grant::Error,'host_required') unless defined($Param{'host'}); MySQLaccess::Report::Print_Usage() if $print_usage; exit 0;}# ----------------------------# get hostname and local-ip# for localhost$localhost = MySQLaccess::Host::LocalHost();$local_ip = MySQLaccess::Host::Name2IP($localhost);$MySQLaccess::Host::localhost = MySQLaccess::Host::LocalHost();$MySQLaccess::Host::local_ip = MySQLaccess::Host::Name2IP($localhost);MySQLaccess::Debug::Print(3, "localhost name=$localhost, ip=$local_ip");#-----------------------------------# version of MySQL-server to connect# to determine use of full where clause$MySQLaccess::Host::SERVER = $Param{'old_server'} ? '3.20' : $SERVER;#---------------------------------# create the config file for mysql and mysqldump# to avoid passing authentication info on the command line#MergeConfigFiles();die "Unsafe config file found: $unsafeConfig\n" if $unsafeConfig;if (defined($Param{'superuser'})) { $MYSQL_CNF{'mysql'}{'user'} = $Param{'superuser'}; $MYSQL_CNF{'mysqldump'}{'user'} = $Param{'superuser'};}if (defined($Param{'spassword'})) { if ( $CMD && length($Param{'spassword'}) == 0 ) { $Param{'spassword'} = PromptPass("Password for MySQL superuser $Param{'superuser'}: "); } if ( length($Param{'spassword'}) > 0 ) { $MYSQL_CNF{'mysql'}{'password'} = $Param{'spassword'}; $MYSQL_CNF{'mysqldump'}{'password'} = $Param{'spassword'}; }}WriteTempConfigFile();#---------------------------------# Inform user if he has not enough# privileges to read the access-dbif ( $nerror=MySQLaccess::DB::OpenConnection() ) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0;}# -----------------------# Read MySQL ACL-filesif ($nerror=MySQLaccess::Grant::ReadTables()) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0;};if ($Param{'edit'} and $nerror=MySQLaccess::Grant::ReadTables('tmp')) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0;}#---------------------------------# reload temporay grant-tables # with data from original onesif ( defined($Param{'copy'}) ) { $nerror=MySQLaccess::DB::LoadTmpTables(); if ($nerror) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0; } my $msg = "The grant-rules are copied from the grant-tables to\n" . "the temporary tables."; MySQLaccess::Report::Print_Message([$msg]);# MySQLaccess::Report::Print_Footer();# MySQLaccess::DB::CloseConnection();# exit 0;}#---------------------------------# preview result of changes in the # grant-tablesif ( defined($Param{'preview'}) ) { $aref=MySQLaccess::Grant::Diff_Privileges(); MySQLaccess::Report::Print_Diff_ACL($aref);# MySQLaccess::Report::Print_Footer();# MySQLaccess::DB::CloseConnection();# exit 0;}#---------------------------------# reload grant-tables # with data from temporary tablesif ( defined($Param{'commit'}) ) { if ($nerror = MySQLaccess::DB::CommitGrantTables()) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0; } my $msg = "The grant-rules have been copied from the temporary tables\n" . "to the grant-tables."; my $msg1= "Don't forget to do an 'mysqladmin reload' before these\n" . "changes take effect."; my $msg2= "A backup-version of your original grant-rules are saved in the\n" . "backup-tables, so you can always perform a 1-level rollback."; MySQLaccess::Report::Print_Message([$msg,$msg1,$msg2]);# MySQLaccess::Report::Print_Footer();# MySQLaccess::DB::CloseConnection();# exit 0;}#---------------------------------# restore previous grant-rules# with data from backup tablesif ( defined($Param{'rollback'}) ) { if ($nerror = MySQLaccess::DB::RollbackGrantTables()) { MySQLaccess::Report::Print_Error_Access($nerror); exit 0; } my $msg = "The old grant-rules have been copied back from the backup tables\n" . "to the grant-tables."; my $msg1= "Don't forget to do an 'mysqladmin reload' before these\n" . "changes take effect."; MySQLaccess::Report::Print_Message([$msg,$msg1]);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -