问题
I can easily grant access to one IP using this code:
$ mysql -u root -p
Enter password:
mysql> use mysql
mysql> GRANT ALL ON *.* to root@'192.168.1.4' IDENTIFIED BY 'your-root-password';
mysql> FLUSH PRIVILEGES;
But i need to allow the whole subnet 192.168.1.* to access the database remotely.
How can i do that?
回答1:
EDIT: Consider looking at and upvoting Malvineous's answer on this page. Netmasks are a much more elegant solution.
Simply use a percent sign as a wildcard in the IP address.
From http://dev.mysql.com/doc/refman/5.1/en/grant.html
You can specify wildcards in the host name. For example,
user_name@'%.example.com'applies touser_namefor any host in theexample.comdomain, anduser_name@'192.168.1.%'applies touser_namefor any host in the192.168.1class C subnet.
回答2:
It looks like you can also use a netmask, e.g.
GRANT ... TO 'user'@'192.168.0.0/255.255.255.0' IDENTIFIED BY ...
回答3:
You would just use '%' as your wildcard like this:
GRANT ALL ON *.* to root@'192.168.1.%' IDENTIFIED BY 'your-root-password';
回答4:
mysql> GRANT ALL ON *.* to root@'192.168.1.%' IDENTIFIED BY 'your-root-password';
The wildcard character is a "%" instead of an "*"
回答5:
Just a note of a peculiarity I faced:
Consider:
db server: 192.168.0.101
web server: 192.168.0.102
If you have a user defined in mysql.user as 'user'@'192.168.0.102' with password1 and another 'user'@'192.168.0.%' with password2,
then,
if you try to connect to the db server from the web server as 'user' with password2,
it will result in an 'Access denied' error because the single IP 'user'@'192.168.0.102' authentication is used over the wildcard 'user'@'192.168.0.%' authentication.
来源:https://stackoverflow.com/questions/11742963/how-to-grant-remote-access-to-mysql-for-a-whole-subnet