How to Create a New User
Let’s start by making a new user within the MySQL shell:
mysql> CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
At this point newuser has no permissions to do anything with the databases. In fact, even if newuser tries to login (with the password, password), they will not be able to reach the MySQL shell.
Therefore, the first thing to do is to provide the user with access to the information they will need.
mysql> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.
Please note that in this example we are granting newuser full root access to everything in our database. While this is helpful for explaining some MySQL concepts, it may be impractical for most use cases and could put your database’s security at high risk.
Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.
mysql> FLUSH PRIVILEGES;
Your changes will now be in effect.
How To Grant Different User Permissions
Here is a short list of other common possible permissions that users can enjoy.
- ALL PRIVILEGES- as we saw previously, this would allow a MySQL user full access to a designated database (or if no database is selected, global access across the system)
- CREATE- allows them to create new tables or databases
- DROP- allows them to them to delete tables or databases
- DELETE- allows them to delete rows from tables
- INSERT- allows them to insert rows into tables
- SELECT- allows them to use the SELECT command to read through databases
- UPDATE- allow them to update table rows
- GRANT OPTION- allows them to grant or remove other users' privileges
To provide a specific user with a permission, you can use this framework:
mysql> GRANT type_of_permission ON database_name.table_name TO ‘username’@'localhost’;
If you want to give them access to any database or to any table, make sure to put an asterisk (*) in the place of the database name or table name.
Each time you update or change a permission be sure to use the Flush Privileges command.
If you need to revoke a permission, the structure is almost identical to granting it:
mysql> REVOKE type_of_permission ON database_name.table_name FROM ‘username’@‘localhost’;
Note that when revoking permissions, the syntax requires that you use FROM, instead of TO as we used when granting permissions.
You can review a user’s current permissions by running the following:
mysql> SHOW GRANTS username;
Just as you can delete databases with DROP, you can use DROP to delete a user altogether:
mysql> DROP USER ‘username’@‘localhost’;
To test out your new user, log out by typing:
and log back in with this command in terminal:
$ mysql -u [username] -p
MysQL on MacOS
How to see log files in MySQL?
In mysql we need to see often 3 logs which are mostly needed during any project development.
- The Error Log. It contains information about errors that occur while the server is running (also server start and stop)
- The General Query Log. This is a general record of what mysqld is doing (connect, disconnect, queries)
- The Slow Query Log. Ιt consists of "slow" SQL statements (as indicated by its name).
By default no log files are enabled in MYSQL. All errors will be shown in the syslog.(/var/log/syslog)
To Enable them just follow below steps
- step1: Go to this file(/etc/mysql/conf.d/mysqld_safe_syslog.cnf) and remove or comment those line.
- step2: Go to mysql conf file(/etc/mysql/my.cnf ) and add following lines
To enable error log add following
[mysqld_safe] log_error=/var/log/mysql/mysql_error.log [mysqld] log_error=/var/log/mysql/mysql_error.log
To enable general query log add following
general_log_file = /var/log/mysql/mysql.log general_log = 1
To enable Slow Query Log add following
log_slow_queries = /var/log/mysql/mysql-slow.log long_query_time = 2 log-queries-not-using-indexes
step3: save the file and restart mysql using following commands
service mysql restart
To enable logs at runtime, login to mysql client (mysql -u root -p ) and give:
SET GLOBAL general_log = 'ON'; SET GLOBAL slow_query_log = 'ON';