仅在一个数据库上授予文件 [英] grant file on just one database

问题描述

我想允许john mysql用户使用LOAD DATA命令.因此，我以root用户身份登录mysql终端并发出以下语句:

I want to allow LOAD DATA command for the john mysql user. So I logged into mysql terminal as root and issued the following statement:

grant file on johndatabase.* to 'john'@'localhost';

但是我遇到了以下错误:

But I got the following error:

ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES

如果我将johndatabase.*替换为*.*，则一切正常.但是*.*并不代表所有数据库吗?我想将john mysql用户限制为johndatabase.

If I replaced johndatabase.* with *.*, then everything works. But doesn't *.* mean all databases? I want to limit the john mysql user to just johndatabase.

推荐答案

您不能仅在单个数据库上授予FILE特权.从逻辑上讲这没有任何意义.考虑文档怎么说:

You can't grant FILE privileges on just a single database. That logically doesn't make any sense. Consider what the docs say:

FILE权限授予您读取和写入文件的权限. 服务器主机使用LOAD DATA INFILE和SELECT ... INTO OUTFILE 语句和LOAD_FILE()函数.拥有FILE的用户 特权可以读取服务器主机上的任何文件 世界范围内可读或MySQL服务器可读. (这意味着用户 可以读取任何数据库目录中的任何文件，因为服务器可以 访问其中的任何文件.)

The FILE privilege gives you permission to read and write files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. (This implies the user can read any file in any database directory, because the server can access any of those files.)

因此，FILE特权是 global 特权.它会影响服务器上的所有文件，并且仅允许访问全局命令(例如LOAD DATA INFILE等)，而不能访问任何数据库.授予FILE特权的唯一方法是使用以下语法在所有数据库上:

Thus, the FILE privilege is a global privilege. It affects all files on the server and allows access only to global commands (e.g. LOAD DATA INFILE, etc...), not scoped to any database. The only way to grant FILE privileges is on all databases, using this syntax:

GRANT FILE ON *.* TO 'john'@'localhost';

这篇关于仅在一个数据库上授予文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！