This chapter covers topics that deal with administering a MySQL installation, such as configuring the server, managing user accounts, and performing backups.
The MySQL server, mysqld
, is the main program that does most of the
work in a MySQL installation. The server is accompanied by several related
scripts that perform setup operations when you install MySQL or that are
helper programs to assist you in starting and stopping the server.
This section provides an overview of the server and related programs, and information about server startup scripts. Information about configuring the server itself is given in section 5.2 Configuring the MySQL Server.
All MySQL programs take many different options. However, every
MySQL program provides a --help
option that you can use
to get a description of the program's options. For example, try
mysqld --help
.
You can override default options for all standard programs by specifying options on the command line or in an option file. section 4.3 Specifying Program Options.
The following list briefly describes the MySQL server and server-related programs:
mysqld
mysqld-max
mysqld-max
Extended MySQL Server.
mysqld_safe
mysqld_safe
attempts to start mysqld-max
if it exists, and
mysqld
otherwise.
See section 5.1.3 The mysqld_safe
Server Startup Script.
mysql.server
mysqld_safe
to start the MySQL server.
See section 5.1.4 The mysql.server
Server Startup Script.
mysqld_multi
mysqld_multi
Program for Managing Multiple MySQL Servers.
mysql_install_db
mysql_fix_privilege_tables
There are several other programs that also are run on the server host:
myisamchk
MyISAM
tables.
myisamchk
is described in
section 5.7.2 Table Maintenance and Crash Recovery.
make_binary_distribution
ftp.mysql.com
for the
convenience of other MySQL users.
mysqlbug
mysqld-max
Extended MySQL Server
A MySQL-Max server is a version of the mysqld
MySQL server that
has been built to include additional features.
The distribution to use depends on your platform:
mysqld.exe
) and the MySQL-Max server (mysqld-max.exe
), so you
need not get a special distribution. Just use a regular Windows
distribution, available at
http://dev.mysql.com/downloads/.
See section 2.3 Installing MySQL on Windows.
MySQL-server
RPM first to install a standard server named
mysqld
. Then use the MySQL-Max
RPM to install a server named
mysqld-max
. The MySQL-Max
RPM presupposes that you have
already installed the regular server RPM. See section 2.4 Installing MySQL on Linux for more
information on the Linux RPM packages.
mysqld
but that has the additional features included.
You can find the MySQL-Max binaries on the MySQL AB Web site at http://dev.mysql.com/downloads/mysql-4.0.html.
MySQL AB builds the MySQL-Max servers by using the following
configure
options:
--with-server-suffix=-max
-max
suffix to the mysqld
version string.
--with-innodb
InnoDB
storage engine. MySQL-Max
servers always include InnoDB
support, but this option actually is
needed only for MySQL 3.23. From MySQL 4 on, InnoDB
is included by
default in binary distributions, so you do not need a MySQL-Max server to
obtain InnoDB
support.
--with-bdb
BDB
) storage engine.
CFLAGS=-DUSE_SYMDIR
MySQL-Max binary distributions are a convenience for those who wish to install precompiled programs. If you build MySQL using a source distribution, you can build your own Max-like server by enabling the same features at configuration time that the MySQL-Max binary distributions are built with.
MySQL-Max servers include the BerkeleyDB (BDB
) storage engine
whenever possible, but not all platforms support BDB
. The following
table shows which platforms allow MySQL-Max binaries to include BDB
:
System | BDB Support
|
AIX 4.3 | N |
HP-UX 11.0 | N |
Linux-Alpha | N |
Linux-IA-64 | N |
Linux-Intel | Y |
Mac OS X | N |
NetWare | N |
SCO OSR5 | Y |
Solaris-Intel | N |
Solaris-SPARC | Y |
UnixWare | Y |
Windows/NT | Y |
To find out which storage engines your server supports, issue the following statement:
mysql> SHOW ENGINES;
Before MySQL 4.1.2, SHOW ENGINES
is unavailable. Use the following
statement instead and check the value of the variable for the storage engine
in which you are interested:
mysql> SHOW VARIABLES LIKE 'have_%'; +------------------+----------+ | Variable_name | Value | +------------------+----------+ | have_bdb | NO | | have_crypt | YES | | have_innodb | YES | | have_isam | NO | | have_raid | NO | | have_symlink | DISABLED | | have_openssl | NO | | have_query_cache | YES | +------------------+----------+
The values in the second column indicate the server's level of support for each feature:
Value | Meaning |
YES | The feature is supported and is active. |
NO | The feature is not supported. |
DISABLED | The feature is supported but has been disabled. |
A value of NO
means that the server was compiled without support
for the feature, so it cannot be activated at runtime.
A value of DISABLED
occurs either because the server was
started with an option that disables the feature, or because not
all options required to enable it were given. In the latter case, the
host_name.err
error log file should contain a reason indicating why
the option is disabled.
One situation in which you might see DISABLED
occurs with MySQL 3.23
when the InnoDB
storage engine is compiled in. In MySQL 3.23, you
must supply at least the innodb_data_file_path
option at runtime to
set up the InnoDB
tablespace. Without this option, InnoDB
disables itself.
See section 15.3 InnoDB
in MySQL 3.23.
You can specify configuration options for the BDB
storage engine, too,
but BDB
will not disable itself if you do not provide them.
See section 14.4.3 BDB
Startup Options.
You might also see DISABLED
for the InnoDB
, BDB
, or
ISAM
storage engines if the server was compiled to support them, but
was started with the --skip-innodb
, --skip-bdb
, or
--skip-isam
options at runtime.
As of Version 3.23, all MySQL servers support MyISAM
tables, because
MyISAM
is the default storage engine.
mysqld_safe
Server Startup Script
mysqld_safe
is the recommended way to start a mysqld
server on Unix and NetWare. mysqld_safe
adds some safety features
such as restarting the server when an error occurs and logging runtime
information to an error log file. NetWare-specific behaviors are listed
later in this section.
Note:
Before MySQL 4.0, mysqld_safe
is named safe_mysqld
.
To preserve backward compatibility, MySQL binary distributions for
some time will include safe_mysqld
as a symbolic link to
mysqld_safe
.
By default, mysqld_safe
tries to start an executable named
mysqld-max
if it exists, or mysqld
otherwise.
Be aware of the implications of this behavior:
MySQL-Max
RPM relies on this mysqld_safe
behavior. The RPM installs an executable named mysqld-max
, which
causes mysqld_safe
to automatically use that executable from that
point on.
mysqld-max
, then upgrade later to a non-Max version of MySQL,
mysqld_safe
will still attempt to run the old mysqld-max
server. If you perform such an upgrade, you should manually remove the old
mysqld-max
server to ensure that mysqld_safe
runs the new
mysqld
server.
To override the default behavior and specify explicitly which server you
want to run, specify a --mysqld
or --mysqld-version
option to
mysqld_safe
.
Many of the options to mysqld_safe
are the same as the options to
mysqld
. See section 5.2.1 mysqld
Command-Line Options.
All options specified to mysqld_safe
on the command line are
passed to mysqld
. If you want to use any options that are specific
to mysqld_safe
and that mysqld
doesn't support, do not specify
them on the command line. Instead, list them in the [mysqld_safe]
group
of an option file.
See section 4.3.2 Using Option Files.
mysqld_safe
reads all options from the [mysqld]
,
[server]
, and [mysqld_safe]
sections in option files.
For backward compatibility, it also reads [safe_mysqld]
sections, although you should rename such sections to [mysqld_safe]
when you begin using MySQL 4.0 or later.
mysqld_safe
supports the following options:
--basedir=path
--core-file-size=size
mysqld
should be able to create. The option
value is passed to ulimit -c
.
--datadir=path
--defaults-extra-file=path
--defaults-file=path
--err-log=path
--log-error
option, to be used before MySQL 4.0.
--ledir=path
mysqld
program.
Use this option to explicitly indicate the location of the server.
--log-error=path
--mysqld=prog_name
ledir
directory) that you
want to start. This option is needed if you use the MySQL binary distribution
but have the data directory outside of the binary distribution.
--mysqld-version=suffix
--mysqld
option, but you specify only
the suffix for the server program name. The basename is assumed to be
mysqld
. For example, if you use --mysqld-version=max
,
mysqld_safe
will start the mysqld-max
program in the
ledir
directory. If the argument to --mysqld-version
is
empty, mysqld_safe
uses mysqld
in the ledir
directory.
--nice=priority
nice
program to set the server's scheduling priority to the
given value. This option was added in MySQL 4.0.14.
--no-defaults
--open-files-limit=count
mysqld
should be able to open. The option value
is passed to ulimit -n
. Note that you need to start
mysqld_safe
as root
for this to work properly!
--pid-file=path
--port=port_num
--socket=path
--timezone=zone
TZ
time zone environment variable to the given option value.
Consult your operating system documentation for legal time zone
specification formats.
--user={user_name | user_id}
mysqld
server as the user having the name user_name or
the numeric user ID user_id.
(``User'' in this context refers to a system login account, not a MySQL user
listed in the grant tables.)
The mysqld_safe
script is written so that it normally can start a
server that was installed from either a source or a binary distribution of
MySQL, even though these types of distributions typically install the server
in slightly different locations.
(See section 2.1.5 Installation Layouts.)
mysqld_safe
expects one of the following conditions to be true:
mysqld_safe
is invoked. For binary distributions, mysqld_safe
looks under its working directory for `bin' and `data'
directories. For source distributions, it looks for `libexec' and
`var' directories. This condition should be met if you execute
mysqld_safe
from your MySQL installation directory (for example,
`/usr/local/mysql' for a binary distribution).
mysqld_safe
attempts to locate them by absolute pathnames.
Typical locations are `/usr/local/libexec' and `/usr/local/var'.
The actual locations are determined from the values configured into the
distribution at the time it was built. They should be correct if MySQL
is installed in the location specified at configuration time.
Because mysqld_safe
will try to find the server and databases relative
to its own working directory, you can install a binary distribution of
MySQL anywhere, as long as you run mysqld_safe
from the
MySQL installation directory:
shell> cd mysql_installation_directory shell> bin/mysqld_safe &
If mysqld_safe
fails, even when invoked from the MySQL
installation directory, you can specify the --ledir
and
--datadir
options to indicate the directories in which the server and
databases are located on your system.
Normally, you should not edit the mysqld_safe
script. Instead,
configure mysqld_safe
by using command-line options or options in the
[mysqld_safe]
section of a `my.cnf' option file. In rare cases,
it might be necessary to edit mysqld_safe
to get it to start the server
properly. However, if you do this, your modified version of
mysqld_safe
might be overwritten if you upgrade MySQL in the future, so
you should make a copy of your edited version that you can reinstall.
On NetWare, mysqld_safe
is a NetWare Loadable Module (NLM) that is
ported from the original Unix shell script. It does the following:
MyISAM
and ISAM
tables.
mysqld
, monitors it, and restarts it if it terminates in error.
mysqld
to the `host_name.err' file in the
data directory.
mysqld_safe
screen output to the `host_name.safe' file in the
data directory.
mysql.server
Server Startup Script
MySQL distributions on Unix include a script named mysql.server
.
It can be used on systems such as Linux and Solaris that use System V-style
run directories to start and stop system services. It is also used by the Mac
OS X Startup Item for MySQL.
mysql.server
can be found in the `support-files' directory under
your MySQL installation directory or in a MySQL source tree.
If you use the Linux server RPM package (MySQL-server-VERSION.rpm
),
the mysql.server
script will already have been installed in the
`/etc/init.d' directory with the name `mysql'. You need not
install it manually. See section 2.4 Installing MySQL on Linux for more information on the Linux
RPM packages.
Some vendors provide RPM packages that install a startup script under a
different name such as mysqld
.
If you install MySQL from a source distribution or using a binary distribution
format that does not install mysql.server
automatically, you can
install it manually. Instructions are provided in section 2.9.2.2 Starting and Stopping MySQL Automatically.
mysql.server
reads options from the [mysql.server]
and
[mysqld]
sections of option files. (For backward compatibility,
it also reads [mysql_server]
sections, although you should rename such
sections to [mysql.server]
when you begin using MySQL 4.0 or later.)
mysqld_multi
Program for Managing Multiple MySQL Servers
mysqld_multi
is meant for managing several mysqld
processes that listen for connections on different Unix socket files and
TCP/IP ports. It can start or stop servers, or report their current status.
The program searches for groups named [mysqld#]
in `my.cnf' (or
in the file named by the --config-file
option). #
can be any
positive integer. This number is referred to in the following discussion as
the option group number, or GNR. Group numbers distinguish option groups
from one another and are used as arguments to mysqld_multi
to specify
which servers you want to start, stop, or obtain a status report for.
Options listed in these groups are the same that you would use in the
[mysqld]
group used for starting mysqld
. (See, for example,
section 2.9.2.2 Starting and Stopping MySQL Automatically.) However, when using multiple servers it is necessary
that each one use its own value for options such as the Unix socket file and
TCP/IP port number. For more information on which options must be unique per
server in a multiple-server environment, see section 5.10 Running Multiple MySQL Servers on the Same Machine.
To invoke mysqld_multi
, use the following syntax:
shell> mysqld_multi [options] {start|stop|report} [GNR[,GNR]...]
start
, stop
, and report
indicate which operation you
want to perform. You can perform the designated operation on a single server
or multiple servers, depending on the GNR list that follows the option name.
If there is no list, mysqld_multi
performs the operation for all
servers in the option file.
Each GNR value represents an option group number or range of group numbers.
The value should be the number at the end of the group name in the
option file. For example, the GNR for a group named [mysqld17]
is 17
. To specify a range of numbers, separate the first and last
numbers by a dash. The GNR value 10-13
represents groups
[mysqld10]
through [mysqld13]
. Multiple groups or group
ranges can be specified on the command line, separated by commas. There
must be no whitespace characters (spaces or tabs) in the GNR list; anything
after a whitespace character is ignored.
This command starts a single server using option group [mysqld17]
:
shell> mysqld_multi start 17
This command stops several servers, using option groups [mysql8]
and [mysqld10]
through [mysqld13]
:
shell> mysqld_multi stop 8,10-13
For an example of how you might set up an option file, use this command:
shell> mysqld_multi --example
mysqld_multi
supports the following options:
--config-file=name
mysqld_multi
looks for [mysqld#]
option groups. Without this
option, all options are read from the usual `my.cnf' file. The option
does not affect where mysqld_multi
reads its own options, which are
always taken from the [mysqld_multi]
group in the usual `my.cnf'
file.
--example
--help
--log=name
--mysqladmin=prog_name
mysqladmin
binary to be used to stop servers.
--mysqld=prog_name
mysqld
binary to be used. Note that you can specify
mysqld_safe
as the value for this option also. The options are passed
to mysqld
. Just make sure that you have the directory where mysqld
is
located in your PATH
environment variable setting or fix mysqld_safe
.
--no-log
--password=password
mysqladmin
.
Note that the password value is not optional for this option, unlike for other
MySQL programs.
--silent
--tcp-ip
stop
and
report
operations.
--user=user_name
mysqladmin
.
--verbose
--version
Some notes about mysqld_multi
:
mysqld
servers
(with the mysqladmin
program) has the same username and password for
each server. Also, make sure that the account has the SHUTDOWN
privilege. If the servers that you want to manage have many different
usernames or passwords for the administrative accounts, you might want to
create an account on each server that has the same username and password.
For example, you might set up a common multi_admin
account by
executing the following commands for each server:
shell> mysql -u root -S /tmp/mysql.sock -proot_password mysql> GRANT SHUTDOWN ON *.* -> TO 'multi_admin'@'localhost' IDENTIFIED BY 'multipass';See section 5.5.2 How the Privilege System Works. You will have to do this for each
mysqld
server. Change the
connection parameters appropriately when connecting to each one. Note that
the host part of the account name must allow you to connect as
multi_admin
from the host where you want to run mysqld_multi
.
--pid-file
option is very important if you are using mysqld_safe
to start mysqld
(for example, --mysqld=mysqld_safe
) Every
mysqld
should have its own process ID file. The advantage of
using mysqld_safe
instead of mysqld
is
that mysqld_safe
``guards'' its mysqld
process and will
restart it if the process terminates due to a signal
sent using kill -9
, or for other reasons, such as a segmentation
fault. Please note that the
mysqld_safe
script might require that you start it from a certain
place. This means that you might have to change location to a certain directory
before running mysqld_multi
. If you have problems starting,
please see the mysqld_safe
script. Check especially the lines:
---------------------------------------------------------------- MY_PWD=`pwd` # Check if we are starting this relative (for the binary release) if test -d $MY_PWD/data/mysql -a -f ./share/mysql/english/errmsg.sys -a \ -x ./bin/mysqld ----------------------------------------------------------------See section 5.1.3 The
mysqld_safe
Server Startup Script.
The test performed by these lines should be successful, or you might encounter
problems.
mysqld
.
--user
option for mysqld
, but in order
to do this you need to run the mysqld_multi
script as the Unix
root
user. Having the option in the option file doesn't matter; you
will just get a warning, if you are not the superuser and the mysqld
processes are started under your own Unix account.
mysqld
process is started as. Do not use the
Unix root account for this, unless you know what you are doing.
mysqld_multi
be sure that you
understand the meanings of the options that are passed to the mysqld
servers and why you would want to have separate mysqld
processes. Beware of the dangers of using multiple mysqld
servers
with the same data directory. Use separate data directories, unless you
know what you are doing. Starting multiple servers with the same
data directory will not give you extra performance in a threaded
system.
See section 5.10 Running Multiple MySQL Servers on the Same Machine.
The following example shows how you might set up an option file for use with
mysqld_multi
. The first and fifth [mysqld#]
group were
intentionally left out from the example to illustrate that you can have
``gaps'' in the option file. This gives you more flexibility. The order in
which the mysqld
programs are started or stopped depends on the order
in which they appear in the option file.
# This file should probably be in your home dir (~/.my.cnf) # or /etc/my.cnf # Version 2.1 by Jani Tolonen [mysqld_multi] mysqld = /usr/local/bin/mysqld_safe mysqladmin = /usr/local/bin/mysqladmin user = multi_admin password = multipass [mysqld2] socket = /tmp/mysql.sock2 port = 3307 pid-file = /usr/local/mysql/var2/hostname.pid2 datadir = /usr/local/mysql/var2 language = /usr/local/share/mysql/english user = john [mysqld3] socket = /tmp/mysql.sock3 port = 3308 pid-file = /usr/local/mysql/var3/hostname.pid3 datadir = /usr/local/mysql/var3 language = /usr/local/share/mysql/swedish user = monty [mysqld4] socket = /tmp/mysql.sock4 port = 3309 pid-file = /usr/local/mysql/var4/hostname.pid4 datadir = /usr/local/mysql/var4 language = /usr/local/share/mysql/estonia user = tonu [mysqld6] socket = /tmp/mysql.sock6 port = 3311 pid-file = /usr/local/mysql/var6/hostname.pid6 datadir = /usr/local/mysql/var6 language = /usr/local/share/mysql/japanese user = jani
See section 4.3.2 Using Option Files.
This section discusses MySQL server configuration topics:
mysqld
Command-Line Options
When you start the mysqld
server, you can specify program options
using any of the methods described in section 4.3 Specifying Program Options. The most
common methods are to provide options in an option file or on the command
line. However, in most cases it is desirable to make sure that the server uses
the same options each time it runs. The best way to ensure this is to
list them in an option file.
See section 4.3.2 Using Option Files.
mysqld
reads options from the [mysqld]
and [server]
groups. mysqld_safe
reads options from the [mysqld]
,
[server]
, [mysqld_safe]
, and [safe_mysqld]
groups. mysql.server
reads options from the [mysqld]
and [mysql.server]
groups. An embedded MySQL server usually reads
options from the [server]
, [embedded]
, and [xxxxx_SERVER]
groups, where xxxxx is the name of the application into which the
server is embedded.
mysqld
accepts many command-line options.
For a list, execute mysqld --help
. Before MySQL 4.1.1, --help
prints the full help message. As of 4.1.1, it prints a brief message; to see
the full list, use mysqld --verbose --help
.
The following list shows some of the most common server options. Additional options are described elsewhere:
mysqld
Concerning Security.
MyISAM
Startup Options,
section 14.4.3 BDB
Startup Options,
section 15.5 InnoDB
Startup Options.
You can also set the value of a server system variable by using the variable name as an option, as described later in this section.
--help, -?
--help
displays the full help message.
As of 4.1.1, it displays an abbreviated message only. Use both the
--verbose
and --help
options to see the full message.
--ansi
--sql-mode
option instead.
--basedir=path, -b path
--big-tables
--bind-address=IP
--console
--log-error
is specified. On Windows, mysqld
will not close the console screen if
this option is used.
--character-sets-dir=path
--chroot=path
mysqld
server in a closed environment during startup by using the
chroot()
system call. This is a recommended security measure as of
MySQL 4.0. (MySQL 3.23 is not able to provide a chroot()
jail that is
100% closed.) Note that use of this option somewhat limits LOAD
DATA INFILE
and SELECT ... INTO OUTFILE
.
--character-set-server=charset
--core-file
mysqld
dies. For some systems, you must also
specify the --core-file-size
option to mysqld_safe
.
See section 5.1.3 The mysqld_safe
Server Startup Script.
Note that on some systems, such as Solaris, you will
not get a core file if you are also using the --user
option.
--collation-server=collation
--datadir=path, -h path
--debug[=debug_options], -# [debug_options]
--with-debug
, you can use this
option to get a trace file of what mysqld
is doing.
The debug_options string often is 'd:t:o,file_name'
.
See section E.1.2 Creating Trace Files.
--default-character-set=charset
--character-set-server
as of MySQL 4.1.3.
See section 5.8.1 The Character Set Used for Data and Sorting.
--default-collation=collation
--collation-server
as of MySQL 4.1.3.
See section 5.8.1 The Character Set Used for Data and Sorting.
--default-storage-engine=type
--default-table-type
.
It is available as of MySQL 4.1.2.
--default-table-type=type
--default-time-zone=type
time_zone
system variable. If this option is not given, the default
time zone will be the same as the system time zone (given by the value of
the system_time_zone
system variable.
This option is available as of MySQL 4.1.3.
--delay-key-write[= OFF | ON | ALL]
DELAYED KEYS
option should be used.
Delayed key writing causes key buffers not to be flushed between writes for
MyISAM
tables.
OFF
disables delayed key writes.
ON
enables delayed key writes for those tables that were created with
the DELAYED KEYS
option.
ALL
delays key writes for all MyISAM
tables.
Available as of MySQL 4.0.3.
See section 7.5.2 Tuning Server Parameters. See section 14.1.1 MyISAM
Startup Options.
Note: If you set this variable to ALL
, you should not use
MyISAM
tables from within another program (such as from another MySQL server or
with myisamchk
) when the table is in use. Doing so will lead to index
corruption.
--delay-key-write-for-all-tables
--delay-key-write=ALL
for use prior to MySQL 4.0.3.
As of 4.0.3, use --delay-key-write
instead.
--des-key-file=file_name
DES_ENCRYPT()
and DES_DECRYPT()
from this file.
--enable-named-pipe
mysqld-nt
and mysqld-max-nt
servers that support
named pipe connections.
--exit-info[=flags], -T [flags]
mysqld
server. Do not use this option unless you know
exactly what it does!
--external-locking
lockd
does not fully work (as on Linux), you will easily get
mysqld
to deadlock.
This option previously was named --enable-locking
.
Note: If you use this option to enable updates to MyISAM
tables from many MySQL processes, you have to ensure that these conditions are
satisfied:
--delay-key-write=ALL
or DELAY_KEY_WRITE=1
on any shared tables.
--external-locking
together with --delay-key-write=OFF --query-cache-size=0
.
(This is not done by default because in many setups it's useful to have a
mixture of the above options.)
--flush
--init-file=file
--innodb-safe-binlog
InnoDB
tables and
the binary log.
See section 5.9.4 The Binary Log.
--language=lang_name, -L lang_name
--log[=file], -l [file]
host_name.log
as the filename.
--log-bin=[file]
host_name-bin
as the log file basename.
--log-bin-index[=file]
host_name-bin.index
as
the filename.
--log-error[=file]
host_name.err
as the filename.
--log-isam[=file]
ISAM
/MyISAM
changes to this file (used only when
debugging ISAM
/MyISAM
).
--log-long-format
--log-slow-queries
and --log-long-format
,
queries that are not using indexes also are logged to the slow query log.
Note that --log-long-format
is deprecated as of MySQL version
4.1, when --log-short-format
was introduced (the long log format
is the default setting since version 4.1). Also note that starting with
MySQL 4.1, the --log-queries-not-using-indexes
option is available
for the purpose of logging queries that do not use indexes to the slow
query log.
--log-queries-not-using-indexes
--log-slow-queries
, then
queries that are not using indexes also are logged to the slow query log. This
option is available as of MySQL 4.1. See section 5.9.5 The Slow Query Log.
--log-short-format
--log-slow-queries[=file]
long_query_time
seconds
to execute to this file.
See section 5.9.5 The Slow Query Log.
Note that the default for the amount of information
logged has changed in MySQL 4.1. See the --log-long-format
and
--log-short-format
options for details.
--log-update[=file]
--log-bin
). See section 5.9.4 The Binary Log. Starting from version 5.0.0,
using --log-update
will just turn on the binary log instead
(see section D.1.4 Changes in release 5.0.0 (22 Dec 2003: Alpha)).
--log-warnings, -W
Aborted connection...
to the error log.
Enabling this option is recommended, for example, if you
use replication (you will get more information about what is happening,
such as messages about network failures and reconnections).
This option is enabled by default as of MySQL 4.0.19 and 4.1.2; to disable it,
use --skip-log-warnings
.
As of MySQL 4.0.21 and 4.1.3, aborted connections are not logged to the error
log unless the value is greater than 1.
See section A.2.10 Communication Errors and Aborted Connections.
This option was named --warnings
before MySQL 4.0.
--low-priority-updates
INSERT
, REPLACE
, DELETE
, UPDATE
)
will have lower priority than selects. This can also be done via
{INSERT | REPLACE | DELETE | UPDATE} LOW_PRIORITY ...
to lower
the priority of only one query, or by
SET LOW_PRIORITY_UPDATES=1
to change the priority in one
thread. See section 7.3.2 Table Locking Issues.
--memlock
mysqld
process in memory. This works on systems such as
Solaris that support the mlockall()
system call. This
might help if you have a problem where the operating system is causing
mysqld
to swap on disk.
Note that use of this option requires that you run the server as root
,
which is normally not a good idea for security reasons.
--myisam-recover [=option[,option...]]]
MyISAM
storage engine recovery mode.
The option value is any combination of the values
of DEFAULT
, BACKUP
, FORCE
, or QUICK
.
If you specify multiple values, separate them by commas.
You can also use a value of ""
to disable this
option. If this option is used, mysqld
will, when it opens a
MyISAM
table, open check whether the
table is marked as crashed or wasn't closed properly.
(The last option works only if you are running with
--skip-external-locking
.) If this is the case, mysqld
will run
a check on the table. If the table was corrupted, mysqld
will
attempt to repair it.
The following options affect how the repair works:
Option | Description |
DEFAULT | The same as not giving any option to
--myisam-recover .
|
BACKUP | If the data file was changed during recovery, save a backup of the `tbl_name.MYD' file as `tbl_name-datetime.BAK'. |
FORCE | Run recovery even if we will lose more than one row from the `.MYD' file. |
QUICK | Don't check the rows in the table if there aren't any delete blocks. |
BACKUP,FORCE
. This will force a repair of a table even if some rows
would be deleted, but it will keep the old data file as a backup so that
you can later examine what happened.
This option is available as of MySQL 3.23.25.
--ndb-connectstring=connect_string
NDB
storage engine, it is possible to point out the
management server that distributes the cluster configuration by setting the
connect string option. See section 16.3.4.2 The MySQL Cluster connectstring
for syntax.
--ndbcluster
NDB Cluster
storage engine
(from version 4.1.3, the MySQL-Max binaries are built with NDB Cluster
enabled)
the default disabling of support for the NDB Cluster
storage engine can be
overruled by using this option. Using the NDB Cluster
storage engine is
necessary for using MySQL Cluster.
See section 16 MySQL Cluster.
--new
--new
option can be used to make the server
behave as 4.1 in certain respects, easing a 4.0 to 4.1 upgrade:
0xFF
are treated as strings by
default rather than as numbers. (Works in 4.0.12 and up.)
TIMESTAMP
is returned as a string with the format
'YYYY-MM-DD HH:MM:SS'
. (Works in 4.0.13 and up.)
See section 11 Column Types.
--pid-file=path
mysqld_safe
.
--port=port_num, -P port_num
--old-protocol, -o
--one-thread
--open-files-limit=count
mysqld
.
If this is not set or set to 0, then mysqld
will use this value
to reserve file descriptors to use with setrlimit()
. If this
value is 0 then mysqld
will reserve max_connections*5
or
max_connections + table_cache*2
(whichever is larger) number of
files. You should try increasing this if mysqld
gives you the
error "Too many open files."
--safe-mode
--safe-show-database
SHOW DATABASES
statement displays only the names
of those databases for which the user has some kind of privilege.
As of MySQL 4.0.2, this option is deprecated and doesn't do anything
(it is enabled by default), because there is now a SHOW DATABASES
privilege that can be used to control access to database
names on a per-account basis.
See section 5.5.3 Privileges Provided by MySQL.
--safe-user-create
GRANT
statement, if the user doesn't have the INSERT
privilege for the
mysql.user
table or any column in the table.
--secure-auth
--shared-memory
--shared-memory-base-name=name
--skip-bdb
BDB
storage engine. This saves memory and might speed
up some operations.
Do not use this option if you require BDB
tables.
--skip-concurrent-insert
MyISAM
tables. (This is to be used only if you think you have found a bug in this
feature.)
--skip-delay-key-write
DELAY_KEY_WRITE
option for all tables.
As of MySQL 4.0.3, you should use --delay-key-write=OFF
instead.
See section 7.5.2 Tuning Server Parameters.
--skip-external-locking
isamchk
or myisamchk
,
you must shut down the server. See section 1.2.3 MySQL Stability. In MySQL 3.23, you
can use CHECK TABLE
and REPAIR TABLE
to check and repair
MyISAM
tables.
This option previously was named --skip-locking
.
--skip-grant-tables
mysqladmin
flush-privileges
or mysqladmin reload
command, or by issuing a
FLUSH PRIVILEGES
statement.)
--skip-host-cache
--skip-innodb
InnoDB
storage engine. This saves memory and disk
space and might speed up some operations.
Do not use this option if you require InnoDB
tables.
--skip-isam
ISAM
storage engine. As of MySQL 4.1, ISAM
is
disabled by default, so this option applies only if the server was configured
with support for ISAM
.
This option was added in MySQL 4.1.1.
--skip-name-resolve
Host
column values in the
grant tables must be IP numbers or localhost
. See section 7.5.6 How MySQL Uses DNS.
--skip-ndbcluster
NDB Cluster
storage engine. This is the default for binaries
that were built with NDB Cluster
storage engine support, this means that
the system will only allocate memory and other resources for this storage engine
if it is explicitly enabled.
--skip-networking
mysqld
must be made via named pipes or shared memory (on Windows) or Unix socket files
(on Unix). This option is highly recommended for systems where only local
clients are allowed. See section 7.5.6 How MySQL Uses DNS.
--skip-new
--skip-symlink
--skip-symbolic-links
, for use before MySQL
4.0.13.
--symbolic-links, --skip-symbolic-links
directory.sym
file that contains the path to the real directory.
See section 7.6.1.3 Using Symbolic Links for Databases on Windows.
MyISAM
index file or data file to another directory with
the INDEX DIRECTORY
or DATA DIRECTORY
options of the
CREATE TABLE
statement. If you delete or rename the table,
the files that its symbolic links point to also are deleted or
renamed. See section 13.2.6 CREATE TABLE
Syntax.
--skip-safemalloc
--with-debug=full
, all MySQL programs
check for memory overruns during each memory allocation and memory
freeing operation. This checking is very slow, so for the server you
can avoid it when you don't need it by using the --skip-safemalloc
option.
--skip-show-database
SHOW DATABASES
statement is allowed only to
users who have the SHOW DATABASES
privilege, and the statement
displays all database names. Without this option, SHOW DATABASES
is
allowed to all users, but displays each database name only if the user has
the SHOW DATABASES
privilege or some privilege for the database.
--skip-stack-trace
mysqld
under a debugger. On some systems, you also must use
this option to get a core file. See section E.1 Debugging a MySQL Server.
--skip-thread-priority
--socket=path
MySQL
.
--sql-mode=value[,value[,value...]]
--temp-pool
--transaction-isolation=level
READ-UNCOMMITTED
,
READ-COMMITTED
,
REPEATABLE-READ
, or
SERIALIZABLE
.
See section 13.4.6 SET TRANSACTION
Syntax.
--tmpdir=path, -t path
/tmp
directory resides on a partition that
is too small to hold temporary tables. Starting from MySQL 4.1, this
option accepts several paths that are used in round-robin fashion. Paths
should be separated by colon characters (`:') on Unix and semicolon
characters (`;') on Windows, NetWare, and OS/2.
If the MySQL server is acting as a replication slave, you should not set
--tmpdir
to point to a directory on a memory-based filesystem or to a
directory that is cleared when the server host restarts. A replication
slave needs some of its temporary files to survive a machine restart so that
it can replicate temporary tables or LOAD DATA INFILE
operations. If
files in the temporary file directory are lost when the server restarts,
replication will fail.
--user={user_name | user_id}, -u {user_name | user_id}
mysqld
server as the user having the name user_name or
the numeric user ID user_id.
(``User'' in this context refers to a system login account, not a MySQL user
listed in the grant tables.)
This option is mandatory when starting mysqld
as root
.
The server will change its user ID during its startup sequence, causing it
to run as that particular user rather than as root
.
See section 5.4.1 General Security Guidelines.
Starting from MySQL 3.23.56 and 4.0.12:
To avoid a possible security hole where a user adds a --user=root
option to some `my.cnf' file (thus causing the server to run as
root
), mysqld
uses only the first
--user
option specified and produces a warning if there are multiple
--user
options. Options in `/etc/my.cnf' and
`datadir/my.cnf' are processed before
command-line options, so it is recommended that you
put a --user
option in `/etc/my.cnf' and specify a value other than
root
. The option in `/etc/my.cnf' will be found before any other
--user
options, which ensures that the server runs as a user other
than root
, and that a warning results if any other --user
option
is found.
--version, -V
As of MySQL 4.0,
you can assign a value to a server system variable by using an option of
the form --var_name=value
. For example, --key_buffer_size=32M
sets the key_buffer_size
variable to a value of 32MB.
Note that when setting a variable to a value, MySQL might automatically correct it to stay within a given range, or adjust the value to the closest allowable value if only certain values are allowed.
It is also possible to set variables by using
--set-variable=var_name=value
or -O var_name=value
syntax. However, this syntax is deprecated as of MySQL 4.0.
You can find a full description for all variables in section 5.2.3 Server System Variables. The section on tuning server parameters includes information on how to optimize them. See section 7.5.2 Tuning Server Parameters.
You can change the values of most system variables for a running server with the
SET
statement. See section 13.5.3 SET
Syntax.
If you want to restrict the maximum value that a startup option can be set to
with SET
, you can define this by using the
--maximum-var_name
command-line option.
The MySQL server can operate in different SQL modes, and (as of MySQL 4.1) can apply these modes differentially for different clients. This allows an application to tailor server operation to its own requirements.
Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform. This makes it easier to use MySQL in different environments and to use MySQL together with other database servers.
You can set the default SQL mode by starting mysqld
with the
--sql-mode="modes"
option. The value also can be empty
(--sql-mode=""
) if you want to reset it.
Beginning with MySQL 4.1, you can also change the SQL mode after startup time
by setting the sql_mode
variable with a SET [SESSION|GLOBAL]
sql_mode='modes'
statement. Setting the GLOBAL
variable
requires the SUPER
privilege and affects the operation of all clients
that connect from that time on. Setting the SESSION
variable affects
only the current client. Any client can change its session sql_mode
value.
modes is a list of different modes separated
by comma (`,') characters. You can retrieve the current mode by
issuing a SELECT @@sql_mode
statement. The default value is empty
(no modes set).
The most important sql_mode
values are probably these:
ANSI
STRICT_TRANS_TABLES
TRADITIONAL
INSERT
/UPDATE
will abort as soon as the error is noticed.
This may not be what you want if you are using a non-transactional storage
engine, because data changes made prior to the error will not be rolled
back, resulting in a ``partially-done'' update. (New in MySQL 5.0.2)
When this manual refers to ``strict mode,'' it means a mode where at least
one of STRICT_TRANS_TABLES
or STRICT_ALL_TABLES
is enabled.
The following list describes all the supported modes:
ALLOW_INVALID_DATES
DATE
and DATETIME
columns. It does not apply TIMESTAMP
columns,
which always require a valid date.
This mode is new in MySQL 5.0.2. Before 5.0.2, this was the default MySQL
date-handling mode. As of 5.0.2, enabling strict mode causes the server to
require that month and day values be legal, not just in the range from 1
to 12 and 1 to 31. For example, '2004-04-31'
is legal with strict
mode disabled, but illegal with strict mode enabled. To allow such dates
in strict mode, enable ALLOW_INVALID_DATES
as well.
ANSI_QUOTES
ANSI_QUOTES
enabled, you cannot use double quotes to quote a literal string, because it
will be interpreted as an identifier.
(New in MySQL 4.0.0)
ERROR_FOR_DIVISION_BY_ZERO
MOD(X,0)
) during an INSERT
/
UPDATE
. If this mode is not given, MySQL instead returns
NULL
for divisions by zero. If used with IGNORE
, MySQL
generates a warning for divisions by zero, but the result of the operation is
NULL
.
(New in MySQL 5.0.2)
HIGH_NOT_PRECEDENCE
NOT
operator precedence is handled
so that expressions such as
NOT a BETWEEN b AND c
are parsed as
NOT (a BETWEEN b AND c)
.
Before MySQL 5.0.2, the expression is parsed as
(NOT a) BETWEEN b AND c
.
The old higher-precedence behavior can be obtained by enabling the
HIGH_NOT_PRECEDENCE
SQL mode.
(New in MySQL 5.0.2)
mysql> SET sql_mode = ''; mysql> SELECT NOT 1 BETWEEN -5 AND 5; -> 0 mysql> SET sql_mode = 'broken_not'; mysql> SELECT NOT 1 BETWEEN -5 AND 5; -> 1
IGNORE_SPACE
USER()
function, the
name of the user
table in the mysql
database and the User
column in that table become reserved, so you must quote them:
SELECT "User" FROM mysql."user";(New in MySQL 4.0.0)
NO_AUTO_CREATE_USER
GRANT
from automatically creating new users if it would
otherwise do so, unless a password also is specified.
(New in MySQL 5.0.2)
NO_AUTO_VALUE_ON_ZERO
NO_AUTO_VALUE_ON_ZERO
affects handling of AUTO_INCREMENT
columns. Normally, you generate the next sequence number for the column by
inserting either NULL
or 0
into it.
NO_AUTO_VALUE_ON_ZERO
suppresses this behavior for 0
so that
only NULL
generates the next sequence number.
(New in MySQL 4.1.1)
This mode can be useful if 0
has been stored in a table's
AUTO_INCREMENT
column. (This is not a recommended practice, by
the way.) For example, if you dump the table with mysqldump
and then reload it, MySQL normally generates new sequence numbers when
it encounters the 0
values, resulting in a table with different
contents than the one that was dumped. Enabling NO_AUTO_VALUE_ON_ZERO
before reloading the dump file solves this problem. As of MySQL 4.1.1,
mysqldump
automatically includes a statement in the dump output
to enable NO_AUTO_VALUE_ON_ZERO
.
NO_DIR_IN_CREATE
INDEX DIRECTORY
and DATA
DIRECTORY
directives. This option is useful on slave replication servers.
(New in MySQL 4.0.15)
NO_FIELD_OPTIONS
SHOW CREATE
TABLE
. This mode is used by mysqldump
in portability mode.
(New in MySQL 4.1.1)
NO_KEY_OPTIONS
SHOW CREATE
TABLE
. This mode is used by mysqldump
in portability mode.
(New in MySQL 4.1.1)
NO_TABLE_OPTIONS
ENGINE
) in the
output of SHOW CREATE TABLE
. This mode is used by mysqldump
in
portability mode.
(New in MySQL 4.1.1)
NO_UNSIGNED_SUBTRACTION
UNSIGNED
if one
of the operands is unsigned. Note that this makes UNSIGNED BIGINT
not
100% usable in all contexts. See section 12.7 Cast Functions and Operators.
(New in MySQL 4.0.2)
NO_ZERO_DATE
'0000-00-00'
as a valid date. You can still insert zero
dates with the IGNORE
option.
(New in MySQL 5.0.2)
NO_ZERO_IN_DATE
IGNORE
option, we insert a '0000-00-00'
date for any such date.
(New in MySQL 5.0.2)
ONLY_FULL_GROUP_BY
GROUP BY
part refer to a not
selected column.
(New in MySQL 4.0.0)
PIPES_AS_CONCAT
||
as a string concatenation operator (same as CONCAT()
)
rather than as a synonym for OR
.
(New in MySQL 4.0.0)
REAL_AS_FLOAT
REAL
as a synonym for FLOAT
rather than as a synonym for
DOUBLE
.
(New in MySQL 4.0.0)
STRICT_ALL_TABLES
STRICT_TRANS_TABLES
Strict mode controls how MySQL handles values that are invalid or missing. A
value can be invalid for several reasons. For example, it might have
the wrong data type for the column, or it might be out of range. A value
is missing when a new row to be inserted does not contain a value for a
column that has no explicit DEFAULT
clause in its definition.
For transactional tables, an error occurs for invalid or missing
values in a statement when either of the STRICT_ALL_TABLES
or
STRICT_TRANS_TABLES
modes are enabled. The statement is aborted
and rolled back.
For non-transactional tables, the behavior is the same for either mode, if the bad value occurs in the first row to be inserted or updated. The statement is aborted and the table remains unchanged. If the statement inserts or modifies multiple rows and the bad value occurs in the second or later row, the result depends on which strict option is enabled:
STRICT_ALL_TABLES
, MySQL returns an error and ignores the
rest of the rows. However, in this case, the earlier rows will already
have been inserted or updated. This means that you might get a partial
update, which might not be what you want. To avoid this, it's best to
use single-row statements because these can be aborted without changing the
table.
STRICT_TRANS_TABLES
, MySQL converts an invalid value to the
closest valid value for the column and insert the adjusted value. If a
value is missing, MySQL inserts the implicit default value for the column
data type. In either case, MySQL generates a warning rather than an error
and continues processing the statement. Implicit defaults are described in
section 13.2.6 CREATE TABLE
Syntax.
Strict mode disallows invalid date values such as '2004-04-31'
.
It does not disallow dates with zero parts such as 2004-04-00'
or
``zero'' dates. To disallow these as well, enable the NO_ZERO_IN_DATE
and NO_ZERO_DATE
SQL modes in addition to strict mode.
If you are not using strict mode (that is, neither STRICT_TRANS_TABLES
nor STRICT_ALL_TABLES
is enabled), MySQL inserts adjusted values
for invalid or missing values and produces warnings. In strict mode, you can
produce this behavior by using INSERT IGNORE
or UPDATE IGNORE
.
See section 13.5.4.20 SHOW WARNINGS
Syntax.
The following special modes are provided as shorthand for combinations of
mode values from the preceding list. All are available as of MySQL 4.1.1,
except TRADITIONAL
(5.0.2).
The descriptions include all mode values that are available in the most recent version of MySQL. For older versions, a combination mode does not include individual mode values that are not available except in newer versions.
ANSI
REAL_AS_FLOAT
, PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, ONLY_FULL_GROUP_BY
. See section 1.5.3 Running MySQL in ANSI Mode.
DB2
PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, NO_KEY_OPTIONS
, NO_TABLE_OPTIONS
, NO_FIELD_OPTIONS
.
MAXDB
PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, NO_KEY_OPTIONS
, NO_TABLE_OPTIONS
, NO_FIELD_OPTIONS
, NO_AUTO_CREATE_USER
.
MSSQL
PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, NO_KEY_OPTIONS
, NO_TABLE_OPTIONS
, NO_FIELD_OPTIONS
.
MYSQL323
NO_FIELD_OPTIONS
, HIGH_NOT_PRECEDENCE
.
MYSQL40
NO_FIELD_OPTIONS
, HIGH_NOT_PRECEDENCE
.
ORACLE
PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, NO_KEY_OPTIONS
, NO_TABLE_OPTIONS
, NO_FIELD_OPTIONS
, NO_AUTO_CREATE_USER
.
POSTGRESQL
PIPES_AS_CONCAT
, ANSI_QUOTES
, IGNORE_SPACE
, NO_KEY_OPTIONS
, NO_TABLE_OPTIONS
, NO_FIELD_OPTIONS
.
TRADITIONAL
STRICT_TRANS_TABLES
, STRICT_ALL_TABLES
, NO_ZERO_IN_DATE
, NO_ZERO_DATE
, ERROR_FOR_DIVISION_BY_ZERO
, NO_AUTO_CREATE_USER
.
The server maintains many system variables that indicate how it is configured.
All of them have default values. They can be set at server startup
using options on the command line or in option
files. Most of them can be set at runtime using the
SET
statement.
Beginning with MySQL 4.0.3,
the mysqld
server maintains two kinds of variables.
Global variables affect the overall operation of the server.
Session variables affect its operation for individual client connections.
When the server starts, it initializes all global variables to their default
values. These defaults can be changed by options specified in option files
or on the command line. After the server starts, those global variables
that are dynamic can be changed by connecting to the server and issuing
a SET GLOBAL var_name
statement. To change a global variable,
you must have the SUPER
privilege.
The server also maintains a set of session variables for each client
that connects. The client's session variables are initialized at connect
time using the current values of the corresponding global variables. For
those session variables that are dynamic, the client can change them
by issuing a SET SESSION var_name
statement. Setting a session
variable requires no special privilege, but a client can change only its
own session variables, not those of any other client.
A change to a global variable is visible to any client that accesses that
global variable. However, it affects the corresponding session variable
that is initialized from the global variable only for clients that connect
after the change. It does not affect the session variable for any client
that is already connected (not even that of the client that issues the
SET GLOBAL
statement).
When setting a variable using a startup option, variable values can be given
with a suffix of K
, M
, or G
to indicate kilobytes,
megabytes, or gigabytes, respectively. For example, the following command
starts the server with a key buffer size of 16 megabytes:
mysqld --key_buffer_size=16M
Before MySQL 4.0, use this syntax instead:
mysqld --set-variable=key_buffer_size=16M
The lettercase of suffix letters does not matter; 16M
and 16m
are
equivalent.
At runtime, use the SET
statement to set system variables. In this
context, suffix letters cannot be used, but the value can take the form of an
expression:
mysql> SET sort_buffer_size = 10 * 1024 * 1024;
To specify explicitly whether to set the global or session variable, use the
GLOBAL
or SESSION
options:
mysql> SET GLOBAL sort_buffer_size = 10 * 1024 * 1024; mysql> SET SESSION sort_buffer_size = 10 * 1024 * 1024;
Without either option, the statement sets the session variable.
The variables that can be set at runtime are listed in section 5.2.3.1 Dynamic System Variables.
If you want to restrict the maximum value to which a system variable can
be set with the SET
statement, you can specify this maximum
by using an option of the form --maximum-var_name
at server
startup. For example, to prevent the value of query_cache_size
from being increased to more than 32MB at runtime, use the option
--maximum-query_cache_size=32M
. This feature is available as of MySQL
4.0.2.
You can view system variables and their values by using the
SHOW VARIABLES
statement.
See section 9.4 System Variables for more information.
mysql> SHOW VARIABLES; +---------------------------------+------------------------------+ | Variable_name | Value | +---------------------------------+------------------------------| | back_log | 50 | | basedir | /usr/local/mysql | | bdb_cache_size | 8388572 | | bdb_home | /usr/local/mysql | | bdb_log_buffer_size | 32768 | | bdb_logdir | | | bdb_max_lock | 10000 | | bdb_shared_data | OFF | | bdb_tmpdir | /tmp/ | | bdb_version | Sleepycat Software: ... | | binlog_cache_size | 32768 | | bulk_insert_buffer_size | 8388608 | | character_set | latin1 | | character_sets | latin1 big5 czech euc_kr | | concurrent_insert | ON | | connect_timeout | 5 | | convert_character_set | | | datadir | /usr/local/mysql/data/ | | default_week_format | 0 | | delay_key_write | ON | | delayed_insert_limit | 100 | | delayed_insert_timeout | 300 | | delayed_queue_size | 1000 | | flush | OFF | | flush_time | 0 | | ft_boolean_syntax | + -><()~*:""&| | | ft_max_word_len | 84 | | ft_min_word_len | 4 | | ft_query_expansion_limit | 20 | | ft_stopword_file | (built-in) | | have_bdb | YES | | have_innodb | YES | | have_isam | YES | | have_openssl | YES | | have_query_cache | YES | | have_raid | NO | | have_symlink | DISABLED | | init_file | | | innodb_additional_mem_pool_size | 1048576 | | innodb_buffer_pool_size | 8388608 | | innodb_data_file_path | ibdata1:10M:autoextend | | innodb_data_home_dir | | | innodb_fast_shutdown | ON | | innodb_file_io_threads | 4 | | innodb_flush_log_at_trx_commit | 1 | | innodb_flush_method | | | innodb_force_recovery | 0 | | innodb_lock_wait_timeout | 50 | | innodb_log_arch_dir | | | innodb_log_archive | OFF | | innodb_log_buffer_size | 1048576 | | innodb_log_file_size | 5242880 | | innodb_log_files_in_group | 2 | | innodb_log_group_home_dir | ./ | | innodb_mirrored_log_groups | 1 | | innodb_thread_concurrency | 8 | | interactive_timeout | 28800 | | join_buffer_size | 131072 | | key_buffer_size | 16773120 | | key_cache_age_threshold | 300 | | key_cache_block_size | 1024 | | key_cache_division_limit | 100 | | language | /usr/local/mysql/share/... | | large_files_support | ON | | local_infile | ON | | locked_in_memory | OFF | | log | OFF | | log_bin | OFF | | log_slave_updates | OFF | | log_slow_queries | OFF | | log_update | OFF | | log_warnings | 1 | | long_query_time | 10 | | low_priority_updates | OFF | | lower_case_table_names | 0 | | max_allowed_packet | 1047552 | | max_binlog_cache_size | 4294967295 | | max_binlog_size | 1073741824 | | max_connect_errors | 10 | | max_connections | 100 | | max_delayed_threads | 20 | | max_error_count | 64 | | max_heap_table_size | 16777216 | | max_join_size | 4294967295 | | max_relay_log_size | 0 | | max_sort_length | 1024 | | max_tmp_tables | 32 | | max_user_connections | 0 | | max_write_lock_count | 4294967295 | | myisam_max_extra_sort_file_size | 268435456 | | myisam_max_sort_file_size | 2147483647 | | myisam_recover_options | force | | myisam_repair_threads | 1 | | myisam_sort_buffer_size | 8388608 | | net_buffer_length | 16384 | | net_read_timeout | 30 | | net_retry_count | 10 | | net_write_timeout | 60 | | open_files_limit | 1024 | | pid_file | /usr/local/mysql/name.pid | | port | 3306 | | protocol_version | 10 | | query_cache_limit | 1048576 | | query_cache_size | 0 | | query_cache_type | ON | | read_buffer_size | 131072 | | read_rnd_buffer_size | 262144 | | rpl_recovery_rank | 0 | | server_id | 0 | | skip_external_locking | ON | | skip_networking | OFF | | skip_show_database | OFF | | slave_net_timeout | 3600 | | slow_launch_time | 2 | | socket | /tmp/mysql.sock | | sort_buffer_size | 2097116 | | sql_mode | | | table_cache | 64 | | table_type | MYISAM | | thread_cache_size | 3 | | thread_stack | 131072 | | timezone | EEST | | tmp_table_size | 33554432 | | tmpdir | /tmp/:/mnt/hd2/tmp/ | | tx_isolation | READ-COMMITTED | | version | 4.0.4-beta | | wait_timeout | 28800 | +---------------------------------+------------------------------+
Most system variables are described here. Variables with no version
indicated have been present since at least MySQL 3.22. InnoDB
system
variables are listed at
section 15.5 InnoDB
Startup Options.
Values for buffer sizes, lengths, and stack sizes are given in bytes unless otherwise specified.
Information on tuning these variables can be found in section 7.5.2 Tuning Server Parameters.
ansi_mode
ON
if mysqld
was started with --ansi
.
See section 1.5.3 Running MySQL in ANSI Mode.
This variable was added in MySQL 3.23.6 and removed in 3.23.41.
See the description for sql_mode
.
back_log
back_log
value indicates how many requests can be
stacked during this short time before MySQL momentarily stops
answering new requests. You need to increase this only if you expect a large
number of connections in a short period of time.
In other words, this value is the size of the listen queue for incoming
TCP/IP connections. Your operating system has its own limit on the size
of this queue. The manual page for the Unix listen()
system
call should have more details. Check your OS documentation for the
maximum value for this variable. Attempting to set back_log
higher than your operating system limit will be ineffective.
basedir
--basedir
option.
bdb_cache_size
BDB
tables. If you don't use BDB
tables, you should start
mysqld
with --skip-bdb
to not waste memory for this cache.
This variable was added in MySQL 3.23.14.
bdb_home
BDB
tables. This should be assigned the same
value as the datadir
variable.
This variable was added in MySQL 3.23.14.
bdb_log_buffer_size
BDB
tables. If you don't use BDB
tables, you should set this
to 0 or start mysqld
with --skip-bdb
to not waste memory for
this cache.
This variable was added in MySQL 3.23.31.
bdb_logdir
BDB
storage engine writes its log files.
This variable can be set with the --bdb-logdir
option.
This variable was added in MySQL 3.23.14.
bdb_max_lock
BDB
table
(10,000 by default). You should increase this if errors such as the
following occur when you perform long transactions or when mysqld
has
to examine many rows to calculate a query:
bdb: Lock table is out of available locks Got error 12 from ...This variable was added in MySQL 3.23.29.
bdb_shared_data
ON
if you are using --bdb-shared-data
.
This variable was added in MySQL 3.23.29.
bdb_tmpdir
--bdb-tmpdir
option.
This variable was added in MySQL 3.23.14.
bdb_version
version_bdb
.
binlog_cache_size
--log-bin
option). If you
often use big, multiple-statement transactions, you can increase this to get
more performance.
The Binlog_cache_use
and Binlog_cache_disk_use
status variables
can be useful for tuning the size of this variable.
This variable was added in MySQL 3.23.29.
See section 5.9.4 The Binary Log.
bulk_insert_buffer_size
MyISAM
uses a special tree-like cache to make bulk inserts faster for
INSERT ... SELECT
, INSERT ... VALUES (...), (...), ...
, and
LOAD DATA INFILE
. This variable limits
the size of the cache tree in bytes per thread. Setting it to 0
disables this optimization.
Note: This cache is used only when adding data to a non-empty table.
The default value is 8MB.
This variable was added in MySQL 4.0.3.
This variable previously was named myisam_bulk_insert_tree_size
.
character_set
character_set_xxx
variables.
character_set_client
character_set_connection
character_set_database
character_set_server
.
This variable was added in MySQL 4.1.1.
character_set_results
character_set_server
character_set_system
utf8
.
This variable was added in MySQL 4.1.1.
character_sets
SHOW CHARACTER SET
for a list of character sets.)
character_sets_dir
collation_connection
collation_database
collation_server
.
This variable was added in MySQL 4.1.1.
collation_server
concurrent_insert
ON
(the default), MySQL allows INSERT
and SELECT
statements to run concurrently for MyISAM
tables that have no free
blocks in the middle. You can turn this option off by starting
mysqld
with --safe
or --skip-new
.
This variable was added in MySQL 3.23.7.
connect_timeout
mysqld
server waits for a connect
packet before responding with Bad handshake
.
convert_character_set
SET CHARACTER SET
.
This variable was removed in MySQL 4.1.
datadir
--datadir
option.
default_week_format
WEEK()
function.
This variable is available as of MySQL 4.0.14.
delay_key_write
MyISAM
tables. It can have one of the
following values to affect handling of the DELAY_KEY_WRITE
table
option that can be used in CREATE TABLE
statements.
Option | Description |
OFF | DELAYED_KEY_WRITE is ignored.
|
ON | MySQL honors the DELAY_KEY_WRITE option
for CREATE TABLE . This is the default value.
|
ALL | All new opened tables are treated as if they were
created with the DELAY_KEY_WRITE option enabled.
|
DELAY_KEY_WRITE
is enabled, this means that the key buffer for
tables with this option are not flushed on every index update, but
only when a table is closed. This will speed up writes on keys a lot,
but if you use this feature, you should add automatic checking of all
MyISAM
tables by starting the server with the --myisam-recover
option (for example, --myisam-recover=BACKUP,FORCE
).
See section 5.2.1 mysqld
Command-Line Options and section 14.1.1 MyISAM
Startup Options.
Note that --external-locking
doesn't offer any protection against
index corruption for tables that use delayed key writes.
This variable was added in MySQL 3.23.8.
delayed_insert_limit
delayed_insert_limit
delayed rows, the INSERT
DELAYED
handler thread checks whether there are any SELECT
statements pending. If so, it allows them to execute before continuing to
insert delayed rows.
delayed_insert_timeout
INSERT DELAYED
handler thread should wait for
INSERT
statements before terminating.
delayed_queue_size
INSERT DELAYED
statements. If the queue becomes full, any client that issues an
INSERT DELAYED
statement will wait until there is room in the queue
again.
expire_logs_days
flush
ON
if you have started mysqld
with the --flush
option.
This variable was added in MySQL 3.22.9.
flush_time
flush_time
seconds to free up resources and sync unflushed data to
disk. We recommend this option only on Windows 9x or Me, or on systems
with minimal resources available.
This variable was added in MySQL 3.22.18.
ft_boolean_syntax
IN BOOLEAN MODE
.
This variable was added in MySQL 4.0.1.
See section 12.6.1 Boolean Full-Text Searches.
The default variable value is '+ -><()~*:""&|'
. The rules for
changing the value are as follows:
ft_max_word_len
FULLTEXT
index.
This variable was added in MySQL 4.0.0.
Note: FULLTEXT
indexes must be rebuilt after changing
this variable.
Use REPAIR TABLE tbl_name QUICK
.
ft_min_word_len
FULLTEXT
index.
This variable was added in MySQL 4.0.0.
Note: FULLTEXT
indexes must be rebuilt after changing
this variable.
Use REPAIR TABLE tbl_name QUICK
.
ft_query_expansion_limit
WITH QUERY EXPANSION
.
This variable was added in MySQL 4.1.1.
ft_stopword_file
''
) disables stopword filtering. This variable was added in
MySQL 4.0.10.
Note: FULLTEXT
indexes must be rebuilt after changing
this variable.
Use REPAIR TABLE tbl_name QUICK
.
group_concat_max_len
GROUP_CONCAT()
function.
This variable was added in MySQL 4.1.0.
have_archive
YES
if mysqld
supports ARCHIVE
tables, NO
if not. This variable was added in MySQL 4.1.3.
have_bdb
YES
if mysqld
supports BDB
tables. DISABLED
if --skip-bdb
is used.
This variable was added in MySQL 3.23.30.
have_compress
zlib
compression library is available to the server.
If not, the COMPRESS()
and UNCOMPRESS()
functions cannot be
used.
This variable was added in MySQL 4.1.1.
have_crypt
crypt()
system call is available to the server.
If not, the CRYPT()
function cannot be used.
This variable was added in MySQL 4.0.10.
have_csv
YES
if mysqld
supports ARCHIVE
tables, NO
if not. This variable was added in MySQL 4.1.4.
have_example_engine
YES
if mysqld
supports EXAMPLE
tables, NO
if not. This variable was added in MySQL 4.1.4.
have_geometry
have_innodb
YES
if mysqld
supports InnoDB
tables. DISABLED
if --skip-innodb
is used.
This variable was added in MySQL 3.23.37.
have_isam
YES
if mysqld
supports ISAM
tables. DISABLED
if --skip-isam
is used.
This variable was added in MySQL 3.23.30.
have_ndbcluster
YES
if mysqld
supports NDB Cluster
tables.
DISABLED
if --skip-ndbcluster
is used.
This variable was added in MySQL 4.1.2.
have_openssl
YES
if mysqld
supports SSL (encryption) of the client/server
protocol.
This variable was added in MySQL 3.23.43.
have_query_cache
YES
if mysqld
supports the query cache.
This variable was added in MySQL 4.0.2.
have_raid
YES
if mysqld
supports the RAID
option.
This variable was added in MySQL 3.23.30.
have_rtree_keys
RTREE
indexes are available. (These are used for spatial
indexed in MyISAM
tables.)
This variable was added in MySQL 4.1.3.
have_symlink
DATA DIRECTORY
and INDEX DIRECTORY
table options.
This variable was added in MySQL 4.0.0.
init_connect
init_connect
can be used to achieve the
same effect:
SET GLOBAL init_connect='SET AUTOCOMMIT=0';This variable can also be set on the command line or in an option file. To set the variable as just shown using an option file, include these lines:
[mysqld] init_connect='SET AUTOCOMMIT=0'Note that the content of
init_connect
is not executed for users having
the SUPER
privilege; this is in case that content has been wrongly set
(contains a wrong query, for example with a syntax error),
thus making all connections fail. Not executing it for SUPER
users
enables those to open a connection and fix init_connect
.
This variable was added in MySQL 4.1.2.
init_file
--init-file
option when you
start the server. This is a file containing SQL statements that you want
the server to execute when it starts.
Each statement must be on a single line and should not include comments.
This variable was added in MySQL 3.23.2.
init_slave
init_connect
, but is a string to be
executed by a slave server each time the SQL thread starts. The format of
the string is the same as for the init_connect
variable.
This variable was added in MySQL 4.1.2.
innodb_xxx
InnoDB
system variables are listed at
section 15.5 InnoDB
Startup Options.
interactive_timeout
CLIENT_INTERACTIVE
option to
mysql_real_connect()
. See also wait_timeout
.
join_buffer_size
join_buffer_size
to get a faster full join when
adding indexes is not possible. One join buffer is allocated for each full
join between two tables. For a complex join between several tables for which
indexes are not used, multiple join buffers might be necessary.
key_buffer_size
MyISAM
and ISAM
tables are buffered and are
shared by all threads. key_buffer_size
is the size of the buffer
used for index blocks. The key buffer is also known as the key cache.
The maximum allowable setting for key_buffer_size
is 4GB. The
effective maximum size might be less, depending on your available
physical RAM and per-process RAM limits imposed by your operating
system or hardware platform.
Increase the value to get better index handling (for all reads and multiple
writes) to as much as you can afford. Using a value that is 25% of total
memory on a machine that mainly runs MySQL is quite common. However, if you
make the value too large (for example, more than 50% of your total memory)
your system might start to page and become extremely slow. MySQL relies on
the operating system to perform filesystem caching for data reads, so you
must leave some room for the filesystem cache.
For even more speed when writing many rows at the same time, use
LOCK TABLES
. See section 13.4.5 LOCK TABLES
and UNLOCK TABLES
Syntax.
You can check the performance of the key buffer by issuing a SHOW
STATUS
statement and examining the Key_read_requests
,
Key_reads
, Key_write_requests
, and Key_writes
status
variables.
See section 13.5.4 SHOW
Syntax.
The Key_reads/Key_read_requests
ratio should normally be
less than 0.01. The Key_writes/Key_write_requests
ratio is usually
near 1 if you are using mostly updates and deletes, but might be much
smaller if you tend to do updates that affect many rows at the same time or
if you are using the DELAY_KEY_WRITE
table option.
The fraction of the key buffer in use can be determined using
key_buffer_size
in conjunction with the Key_blocks_unused
status
variable and the buffer block size. From MySQL 4.1.1 on, the buffer block
size is available from the key_cache_block_size
server variable. The
fraction of the buffer in use is:
1 - ((Key_blocks_unused * key_cache_block_size) / key_buffer_size)This value is an approximation because some space in the key buffer may be allocated internally for administrative structures. Before MySQL 4.1.1, key cache blocks are 1024 bytes, and before MySQL 4.1.2,
Key_blocks_unused
is unavailable. The Key_blocks_used
variable
can be used as follows to determine the fraction of the key buffer in use:
(Key_blocks_used * 1024) / key_buffer_sizeHowever,
Key_blocks_used
indicates the maximum number of blocks that
have ever been in use at once, so this formula does not necessary represent
the current fraction of the buffer that is in use.
See section 7.4.6 The MyISAM
Key Cache.
key_cache_age_threshold
MyISAM
Key Cache.
key_cache_block_size
MyISAM
Key Cache.
key_cache_division_limit
MyISAM
Key Cache.
language
large_file_support
mysqld
was compiled with options for large file support.
This variable was added in MySQL 3.23.28.
license
local_infile
LOCAL
is supported for LOAD DATA INFILE
statements.
This variable was added in MySQL 4.0.3.
locked_in_memory
mysqld
was locked in memory with --memlock
.
This variable was added in MySQL 3.23.25.
log
log_bin
log_error
log_slave_updates
log_slow_queries
long_query_time
variable.
This variable was added in MySQL 4.0.2.
See section 5.9.5 The Slow Query Log.
log_update
log_warnings
long_query_time
Slow_queries
status variable is incremented. If you are using the
--log-slow-queries
option, the query is logged to the slow query log
file. This value is measured in real time, not CPU time, so a query that is
under the threshold on a lightly loaded system might be above the threshold
on a heavily loaded one.
See section 5.9.5 The Slow Query Log.
low_priority_updates
1
, all INSERT
, UPDATE
, DELETE
, and
LOCK TABLE WRITE
statements wait until there is no pending
SELECT
or LOCK TABLE READ
on the affected table.
This variable previously was named sql_low_priority_updates
.
It was added in MySQL 3.22.5.
lower_case_file_system
ON
means filenames are case
insensitive, OFF
means they are case sensitive. This variable was
added in MySQL 4.0.19.
lower_case_table_names
lower_case_table_names
to 2.
max_allowed_packet
net_buffer_length
bytes, but can grow up to max_allowed_packet
bytes when needed.
This value by default is small, to catch big (possibly wrong) packets.
You must increase this value if you are using big BLOB
columns or
long strings. It should be as big as the biggest BLOB
you want to
use. The protocol limit for max_allowed_packet
is 16MB before
MySQL 4.0 and 1GB thereafter.
max_binlog_cache_size
Multi-statement transaction required more than
'max_binlog_cache_size' bytes of storage
.
This variable was added in MySQL 3.23.29.
max_binlog_size
max_binlog_size
.
If max_relay_log_size
is 0, the value of max_binlog_size
applies to relay logs as well. max_relay_log_size
was added in
MySQL 4.0.14.
max_connect_errors
FLUSH HOSTS
statement.
max_connections
mysqld
requires. See
section 7.4.8 How MySQL Opens and Closes Tables for comments on file descriptor limits.
Also see section A.2.6 Too many connections
.
max_delayed_threads
INSERT DELAYED
statements. If you try to insert data into a new table after all INSERT
DELAYED
threads are in use, the row will be inserted as if the
DELAYED
attribute wasn't specified. If you set this to 0, MySQL
never creates a thread to handle DELAYED
rows; in effect, this
disables DELAYED
entirely.
This variable was added in MySQL 3.23.0.
max_error_count
SHOW ERRORS
or SHOW WARNINGS
.
This variable was added in MySQL 4.1.0.
max_heap_table_size
MEMORY
(HEAP
)
tables are allowed to grow. The value of the variable is used to calculate
MEMORY
table MAX_ROWS
values. Setting this variable has no
effect on any existing MEMORY
table, unless the table is re-created
with a statement such as CREATE TABLE
or TRUNCATE TABLE
, or
altered with ALTER TABLE
.
This variable was added in MySQL 3.23.0.
max_insert_delayed_threads
max_delayed_threads
.
It was added in MySQL 4.0.19.
max_join_size
SELECT
statements that probably will need to examine
more than max_join_size
row combinations or are likely to do more
than max_join_size
disk seeks. By setting this value, you can catch
SELECT
statements where keys are not used properly and that would
probably take a long time. Set it if your users tend to perform joins
that lack a WHERE
clause, that take a long time, or that return
millions of rows.
Setting this variable to a value other than DEFAULT
resets
the SQL_BIG_SELECTS
value to 0
. If you set the
SQL_BIG_SELECTS
value again, the max_join_size
variable
is ignored.
If a query result already is in the query cache, no result size
check is performed, because the result has already been computed and it does
not burden the server to send it to the client.
This variable previously was named sql_max_join_size
.
max_length_for_sort_data
filesort
algorithm to use.
See section 7.2.10 How MySQL Optimizes ORDER BY
.
This variable was added in MySQL 4.1.1
max_relay_log_size
max_binlog_size
for both binary logs and relay
logs. You must set max_relay_log_size
to between 4096 bytes and 1GB
(inclusive), or to 0. The default value is 0. This variable was added in
MySQL 4.0.14.
See section 6.3 Replication Implementation Details.
max_seeks_for_key
SHOW INDEX
Syntax). By setting this to a low value (100?), you can force
MySQL to prefer keys instead of table scans.
This variable was added in MySQL 4.0.14.
max_sort_length
BLOB
or TEXT
values. Only the first max_sort_length
bytes of each value
are used; the rest are ignored.
max_tmp_tables
max_user_connections
max_write_lock_count
myisam_data_pointer_size
CREATE TABLE
for
MyISAM
tables when no MAX_ROWS
option is specified. This
variable cannot be less than 2 or larger than 8. The default value is 4.
This variable was added in MySQL 4.1.2.
See section A.2.11 The table is full
.
myisam_max_extra_sort_file_size
MyISAM
index creation would be
larger than using the key cache by the amount specified here, prefer the key
cache method. This is mainly used to force long character keys in large
tables to use the slower key cache method to create the index.
This variable was added in MySQL 3.23.37.
Note: The value is given in megabytes before 4.0.3 and
in bytes thereafter.
myisam_max_sort_file_size
MyISAM
index (during REPAIR TABLE
, ALTER
TABLE
, or LOAD DATA INFILE
). If the file size would be bigger than
this value, the index will be created using the key cache instead, which is
slower.
This variable was added in MySQL 3.23.37.
Note: The value is given in megabytes before 4.0.3 and
in bytes thereafter.
myisam_recover_options
--myisam-recover
option.
This variable was added in MySQL 3.23.36.
myisam_repair_threads
MyISAM
table indexes are created in
parallel (each index in its own thread) during the Repair by sorting
process. The default value is 1. Note: Multi-threaded repair is
still alpha quality code.
This variable was added in MySQL 4.0.13.
myisam_sort_buffer_size
MyISAM
indexes during a
REPAIR TABLE
or when creating indexes with CREATE INDEX
or
ALTER TABLE
.
This variable was added in MySQL 3.23.16.
named_pipe
net_buffer_length
max_allowed_packet
bytes.
net_read_timeout
net_read_timeout
is the
timeout value controlling when to abort.
When the server is writing to the client, net_write_timeout
is the
timeout value controlling when to abort.
See also slave_net_timeout
.
This variable was added in MySQL 3.23.20.
net_retry_count
net_write_timeout
net_read_timeout
.
This variable was added in MySQL 3.23.20.
new
old_passwords
open_files_limit
mysqld
to open.
This is the real value allowed by the system and might be different from the
value you gave mysqld
as a startup option. The value is 0 on systems
where MySQL can't change the number of open files. This variable was added
in MySQL 3.23.20.
optimizer_prune_level
optimizer_search_depth
pid_file
--pid-file
option.
This variable was added in MySQL 3.23.23.
port
--port
option.
preload_buffer_size
protocol_version
query_alloc_block_size
query_cache_limit
query_cache_min_res_unit
query_cache_size
query_cache_type
is set to 0.
This variable was added in MySQL 4.0.1.
query_cache_type
GLOBAL
value sets the type for all
clients that connect thereafter. Individual clients can set the
SESSION
value to affect their own use of the query cache.
Option | Description |
0 or OFF | Don't cache or retrieve results.
Note that this will not deallocate the query cache buffer. To
do that, you should set query_cache_size to 0.
|
1 or ON | Cache all query results except for those that
begin with SELECT SQL_NO_CACHE .
|
2 or DEMAND | Cache results only for queries that
begin with SELECT SQL_CACHE .
|
query_cache_wlock_invalidate
WRITE
lock on a MyISAM
table, other clients are not blocked from issuing queries for the table if
the query results are present in the query cache. Setting this variable to
1 causes acquisition of a WRITE
lock for a table to invalidate
any queries in the query cache that refer to the table. This forces other
clients that attempt to access the table to wait while the lock is in effect.
This variable was added in MySQL 4.0.19.
query_prealloc_size
query_prealloc_size
value
might be helpful in improving performance, because it can reduce the need for
the server to perform memory allocation during query execution operations.
This variable was added in MySQL 4.0.16.
range_alloc_block_size
read_buffer_size
record_buffer
.
read_only
ON
for a replication slave server, it
causes the slave to allow no updates except from slave threads or from users
with the SUPER
privilege. This can be useful to ensure that a slave
server accepts no updates from clients.
This variable was added in MySQL 4.0.14.
relay_log_purge
read_rnd_buffer_size
ORDER BY
performance by a lot. However, this is a buffer
allocated for each client, so you should not set the global variable to a
large value. Instead, change the session variable only from within those
clients that need to run large queries.
This variable was added in MySQL 4.0.3.
Previously, it was named record_rnd_buffer
.
safe_show_database
skip_show_database
.
This variable was removed in MySQL 4.0.5. Instead, use the SHOW
DATABASES
privilege to control access by MySQL accounts to database names.
secure_auth
--secure-auth
option,
it blocks connections from all accounts that have passwords stored in the old
(pre-4.1) format. In that case, the value of this variable is ON
,
otherwise it is OFF
.
You should enable this option if you want to prevent all usage of passwords
in old format (and hence insecure communication over the network).
This variable was added in MySQL 4.1.1.
Server startup will fail with an error if this option is enabled
and the privilege tables are in pre-4.1 format.
When used as a client-side option, the client refuses to connect to a server
if the server requires a password in old format for the client account.
server_id
--server-id
option. It is used for master and slave
replication servers.
This variable was added in MySQL 3.23.26.
shared_memory
shared_memory_base_name
skip_external_locking
OFF
if mysqld
uses external locking.
This variable was added in MySQL 4.0.3.
Previously, it was named skip_locking
.
skip_networking
ON
if the server allows only local (non-TCP/IP) connections.
On Unix, local connections use a Unix socket file. On Windows, local
connections use a named pipe or shared memory. On NetWare, only TCP/IP connections are
supported, so do not set this variable to ON
.
This variable was added in MySQL 3.22.23.
skip_show_database
SHOW DATABASES
statement if they
don't have the SHOW DATABASES
privilege. This can improve security if
you're concerned about people being able to see what databases other users
have. See also safe_show_database
.
This variable was added in MySQL 3.23.4. As of MySQL 4.0.2, its effect also
depends on the SHOW DATABASES
privilege: If the variable value is
ON
, the SHOW DATABASES
statement is allowed only to users who
have the SHOW DATABASES
privilege, and the statement displays all
database names. If the value is OFF
, SHOW DATABASES
is
allowed to all users, but displays each database name only if the user has
the SHOW DATABASES
privilege or some privilege for the database.
slave_compressed_protocol
slave_net_timeout
slow_launch_time
Slow_launch_threads
status variable.
This variable was added in MySQL 3.23.15.
socket
sort_buffer_size
ORDER BY
or GROUP BY
operations.
See section A.4.4 Where MySQL Stores Temporary Files.
sql_mode
sql_slave_skip_counter
storage_engine
table_type
.
It was added in MySQL 4.1.2.
sync_binlog
fdatasync()
) after every sync_binlog
'th write to this binary
log. Note that there is one write to the binary log per statement if in
autocommit mode, and otherwise one write per transaction. The default value is
0 which does no sync'ing to disk. A value of 1 is the safest choice, because in
case of crash you will lose at most one statement/transaction from the binary
log; but it is also the slowest choice (unless the disk has a battery-backed
cache, which makes sync'ing very fast). This variable was added in MySQL 4.1.3.
sync_frm
fdatasync()
);
this is slower but safer in case of crash. Default is 1.
system_time_zone
system_time_zone
. Typically the time zone
is specified by the TZ
environment variable. It also can be specified
using the --timezone
option of the mysqld_safe
script.
This variable was added in MySQL 4.1.3.
table_cache
mysqld
requires.
You can check whether you need to increase the table cache by checking the
Opened_tables
status variable.
See section 5.2.4 Server Status Variables.
If the value of Opened_tables
is large and you don't do FLUSH
TABLES
a lot (which just forces all tables to be closed and reopened),
then you should increase the value of the table_cache
variable.
For more information about the table cache, see section 7.4.8 How MySQL Opens and Closes Tables.
table_type
--default-table-type
option.
This variable was added in MySQL 3.23.0.
See section 5.2.1 mysqld
Command-Line Options.
thread_cache_size
thread_cache_size
threads there. Requests for threads are
satisfied by reusing threads taken from the cache if possible, and only when
the cache is empty is a new thread created. This variable can be increased
to improve performance if you have a lot of new connections. (Normally this
doesn't give a notable performance improvement if you have a good thread
implementation.) By examining the difference between the Connections
and Threads_created
status variables (see section 5.2.4 Server Status Variables
for details) you can see how efficient the thread cache is.
This variable was added in MySQL 3.23.16.
thread_concurrency
mysqld
calls thr_setconcurrency()
with this value.
This function allows applications to give the threads system a hint about
the desired number of threads that should be run at the same time.
This variable was added in MySQL 3.23.7.
thread_stack
crash-me
test are dependent on this value. The default is
large enough for normal operation. See section 7.1.4 The MySQL Benchmark Suite.
time_zone
'SYSTEM'
(use the value of system_time_zone
), but can be specified
explicitly at server startup time with the --default-time-zone
option.
This variable was added in MySQL 4.1.3.
timezone
TZ
environment
variable when mysqld
is started. The time zone also can be set by
giving a --timezone
argument to mysqld_safe
.
This variable was added in MySQL 3.23.15. As of MySQL 4.1.3, it is obsolete
and has been replaced by the system_time_zone
variable.
See section A.4.6 Time Zone Problems.
tmp_table_size
MyISAM
table.
Increase the value of tmp_table_size
if you do many advanced
GROUP BY
queries and you have lots of memory.
tmpdir
tmpdir
to point to a directory on a memory-based filesystem or to a
directory that is cleared when the server host restarts. A replication
slave needs some of its temporary files to survive a machine restart so that
it can replicate temporary tables or LOAD DATA INFILE
operations. If
files in the temporary file directory are lost when the server restarts,
replication will fail.
This variable was added in MySQL 3.22.4.
transaction_alloc_block_size
transaction_prealloc_size
transaction_alloc_blocks
that
is not freed between queries. By making this big enough to fit all queries
in a common transaction, you can avoid a lot of malloc()
calls. This
variable was added in MySQL 4.0.16.
tx_isolation
updatable_views_with_limit
LIMIT
clause. (Such updates often are generated by GUI tools.)
An update is an UPDATE
or DELETE
statement. Primary key
here means a PRIMARY KEY
, or a UNIQUE
index in which no column
can contain NULL
.
The variable can have two values:
1
or YES
: Issue a warning only (not an error message).
This is the default value.
0
or NO
: Prohibit the update.
version
version_bdb
BDB
storage engine version.
This variable was added in MySQL 3.23.31 with the name bdb_version
and renamed to version_bdb
in MySQL 4.1.1.
version_comment
configure
script has a --with-comment
option that
allows a comment to be specified when building MySQL.
This variable contains the value of that comment.
This variable was added in MySQL 4.0.17.
version_compile_machine
version_compile_os
wait_timeout
wait_timeout
value is initialized from
the global wait_timeout
value or from the global
interactive_timeout
value, depending on the type of client (as
defined by the CLIENT_INTERACTIVE
connect option to
mysql_real_connect()
). See also interactive_timeout
.
Beginning with MySQL 4.0.3, many server system variables are dynamic and can
be set at runtime using SET GLOBAL
or SET SESSION
. You can also
select their values using SELECT
.
See section 9.4 System Variables.
The following table shows the full list of all dynamic system variables.
The last column indicates for each variable whether GLOBAL
or
SESSION
(or both) apply.
Variable Name | Value Type | Type |
autocommit | boolean | SESSION
|
big_tables | boolean | SESSION
|
binlog_cache_size | numeric | GLOBAL
|
bulk_insert_buffer_size | numeric | GLOBAL | SESSION
|
character_set_client | string | GLOBAL | SESSION
|
character_set_connection | string | GLOBAL | SESSION
|
character_set_results | string | GLOBAL | SESSION
|
character_set_server | string | GLOBAL | SESSION
|
collation_connection | string | GLOBAL | SESSION
|
collation_server | string | GLOBAL | SESSION
|
concurrent_insert | boolean | GLOBAL
|
connect_timeout | numeric | GLOBAL
|
convert_character_set | string | GLOBAL | SESSION
|
default_week_format | numeric | GLOBAL | SESSION
|
delay_key_write | OFF | ON | ALL | GLOBAL
|
delayed_insert_limit | numeric | GLOBAL
|
delayed_insert_timeout | numeric | GLOBAL
|
delayed_queue_size | numeric | GLOBAL
|
error_count | numeric | SESSION
|
expire_logs_days | numeric | GLOBAL
|
flush | boolean | GLOBAL
|
flush_time | numeric | GLOBAL
|
foreign_key_checks | boolean | SESSION
|
ft_boolean_syntax | numeric | GLOBAL
|
group_concat_max_len | numeric | GLOBAL | SESSION
|
identity | numeric | SESSION
|
innodb_autoextend_increment | numeric | GLOBAL
|
innodb_max_purge_lag | numeric | GLOBAL
|
innodb_table_locks | boolean | GLOBAL | SESSION
|
insert_id | boolean | SESSION
|
interactive_timeout | numeric | GLOBAL | SESSION
|
join_buffer_size | numeric | GLOBAL | SESSION
|
key_buffer_size | numeric | GLOBAL
|
last_insert_id | numeric | SESSION
|
local_infile | boolean | GLOBAL
|
log_warnings | numeric | GLOBAL
|
long_query_time | numeric | GLOBAL | SESSION
|
low_priority_updates | boolean | GLOBAL | SESSION
|
max_allowed_packet | numeric | GLOBAL | SESSION
|
max_binlog_cache_size | numeric | GLOBAL
|
max_binlog_size | numeric | GLOBAL
|
max_connect_errors | numeric | GLOBAL
|
max_connections | numeric | GLOBAL
|
max_delayed_threads | numeric | GLOBAL
|
max_error_count | numeric | GLOBAL | SESSION
|
max_heap_table_size | numeric | GLOBAL | SESSION
|
max_insert_delayed_threads | numeric | GLOBAL
|
max_join_size | numeric | GLOBAL | SESSION
|
max_relay_log_size | numeric | GLOBAL
|
max_seeks_for_key | numeric | GLOBAL | SESSION
|
max_sort_length | numeric | GLOBAL | SESSION
|
max_tmp_tables | numeric | GLOBAL | SESSION
|
max_user_connections | numeric | GLOBAL
|
max_write_lock_count | numeric | GLOBAL
|
myisam_data_pointer_size | numeric | GLOBAL
|
myisam_max_extra_sort_file_size | numeric | GLOBAL | SESSION
|
myisam_max_sort_file_size | numeric | GLOBAL | SESSION
|
myisam_repair_threads | numeric | GLOBAL | SESSION
|
myisam_sort_buffer_size | numeric | GLOBAL | SESSION
|
net_buffer_length | numeric | GLOBAL | SESSION
|
net_read_timeout | numeric | GLOBAL | SESSION
|
net_retry_count | numeric | GLOBAL | SESSION
|
net_write_timeout | numeric | GLOBAL | SESSION
|
old_passwords | numeric | GLOBAL | SESSION
|
optimizer_prune_level | numeric | GLOBAL | SESSION
|
optimizer_search_depth | numeric | GLOBAL | SESSION
|
preload_buffer_size | numeric | GLOBAL | SESSION
|
query_alloc_block_size | numeric | GLOBAL | SESSION
|
query_cache_limit | numeric | GLOBAL
|
query_cache_size | numeric | GLOBAL
|
query_cache_type | enumeration | GLOBAL | SESSION
|
query_cache_wlock_invalidate | boolean | GLOBAL | SESSION
|
query_prealloc_size | numeric | GLOBAL | SESSION
|
range_alloc_block_size | numeric | GLOBAL | SESSION
|
read_buffer_size | numeric | GLOBAL | SESSION
|
read_only | numeric | GLOBAL
|
read_rnd_buffer_size | numeric | GLOBAL | SESSION
|
rpl_recovery_rank | numeric | GLOBAL
|
safe_show_database | boolean | GLOBAL
|
secure_auth | boolean | GLOBAL
|
server_id | numeric | GLOBAL
|
slave_compressed_protocol | boolean | GLOBAL
|
slave_net_timeout | numeric | GLOBAL
|
slow_launch_time | numeric | GLOBAL
|
sort_buffer_size | numeric | GLOBAL | SESSION
|
sql_auto_is_null | boolean | SESSION
|
sql_big_selects | boolean | SESSION
|
sql_big_tables | boolean | SESSION
|
sql_buffer_result | boolean | SESSION
|
sql_log_bin | boolean | SESSION
|
sql_log_off | boolean | SESSION
|
sql_log_update | boolean | SESSION
|
sql_low_priority_updates | boolean | GLOBAL | SESSION
|
sql_max_join_size | numeric | GLOBAL | SESSION
|
sql_mode | enumeration | GLOBAL | SESSION
|
sql_quote_show_create | boolean | SESSION
|
sql_safe_updates | boolean | SESSION
|
sql_select_limit | numeric | SESSION
|
sql_slave_skip_counter | numeric | GLOBAL
|
updatable_views_with_limit | enumeration | GLOBAL | SESSION
|
sql_warnings | boolean | SESSION
|
sync_binlog | numeric | GLOBAL
|
sync_frm | boolean | GLOBAL
|
storage_engine | enumeration | GLOBAL | SESSION
|
table_cache | numeric | GLOBAL
|
table_type | enumeration | GLOBAL | SESSION
|
thread_cache_size | numeric | GLOBAL
|
time_zone | string | GLOBAL | SESSION
|
timestamp | boolean | SESSION
|
tmp_table_size | enumeration | GLOBAL | SESSION
|
transaction_alloc_block_size | numeric | GLOBAL | SESSION
|
transaction_prealloc_size | numeric | GLOBAL | SESSION
|
tx_isolation | enumeration | GLOBAL | SESSION
|
unique_checks | boolean | SESSION
|
wait_timeout | numeric | GLOBAL | SESSION
|
warning_count | numeric | SESSION
|
Variables that are marked as ``string'' take a string value. Variables that
are marked as ``numeric'' take a numeric value. Variables that are
marked as ``boolean'' can be set to 0, 1, ON
or OFF
. Variables
that are marked as ``enumeration'' normally should be set to one of the
available values for the variable, but can also be set to the number that
corresponds to the desired enumeration value. For enumeration-valued system
variables, the first enumeration value corresponds to 0. This differs
from ENUM
columns, for which the first enumeration value corresponds
to 1.
The server maintains many status variables that provide information about its
operations. You can view these variables and their values by using the
SHOW STATUS
statement:
mysql> SHOW STATUS; +--------------------------+------------+ | Variable_name | Value | +--------------------------+------------+ | Aborted_clients | 0 | | Aborted_connects | 0 | | Bytes_received | 155372598 | | Bytes_sent | 1176560426 | | Connections | 30023 | | Created_tmp_disk_tables | 0 | | Created_tmp_files | 60 | | Created_tmp_tables | 8340 | | Delayed_errors | 0 | | Delayed_insert_threads | 0 | | Delayed_writes | 0 | | Flush_commands | 1 | | Handler_delete | 462604 | | Handler_read_first | 105881 | | Handler_read_key | 27820558 | | Handler_read_next | 390681754 | | Handler_read_prev | 6022500 | | Handler_read_rnd | 30546748 | | Handler_read_rnd_next | 246216530 | | Handler_update | 16945404 | | Handler_write | 60356676 | | Key_blocks_used | 14955 | | Key_read_requests | 96854827 | | Key_reads | 162040 | | Key_write_requests | 7589728 | | Key_writes | 3813196 | | Max_used_connections | 0 | | Not_flushed_delayed_rows | 0 | | Not_flushed_key_blocks | 0 | | Open_files | 2 | | Open_streams | 0 | | Open_tables | 1 | | Opened_tables | 44600 | | Qcache_free_blocks | 36 | | Qcache_free_memory | 138488 | | Qcache_hits | 79570 | | Qcache_inserts | 27087 | | Qcache_lowmem_prunes | 3114 | | Qcache_not_cached | 22989 | | Qcache_queries_in_cache | 415 | | Qcache_total_blocks | 912 | | Questions | 2026873 | | Select_full_join | 0 | | Select_full_range_join | 0 | | Select_range | 99646 | | Select_range_check | 0 | | Select_scan | 30802 | | Slave_open_temp_tables | 0 | | Slave_running | OFF | | Slow_launch_threads | 0 | | Slow_queries | 0 | | Sort_merge_passes | 30 | | Sort_range | 500 | | Sort_rows | 30296250 | | Sort_scan | 4650 | | Table_locks_immediate | 1920382 | | Table_locks_waited | 0 | | Threads_cached | 0 | | Threads_connected | 1 | | Threads_created | 30022 | | Threads_running | 1 | | Uptime | 80380 | +--------------------------+------------+
Many status variables are reset to 0 by the FLUSH STATUS
statement.
The status variables have the following meanings. The Com_xxx
statement counter variables were added beginning with MySQL 3.23.47. The
Qcache_xxx
query cache variables were added beginning with MySQL
4.0.1. Otherwise, variables with no version indicated have been present since
at least MySQL 3.22.
Aborted_clients
Aborted_connects
Binlog_cache_disk_use
binlog_cache_size
and used a temporary file to
store statements from the transaction.
This variable was added in MySQL 4.1.2.
Binlog_cache_use
Bytes_received
Bytes_sent
Com_xxx
Com_delete
and Com_insert
count DELETE
and INSERT
statements.
Connections
Created_tmp_disk_tables
Created_tmp_files
mysqld
has created.
This variable was added in MySQL 3.23.28.
Created_tmp_tables
Created_tmp_disk_tables
is big, you may want to increase the
tmp_table_size
value to cause temporary tables to be memory-based
instead of disk-based.
Delayed_errors
INSERT DELAYED
for which some error
occurred (probably duplicate key
).
Delayed_insert_threads
INSERT DELAYED
handler threads in use.
Delayed_writes
INSERT DELAYED
rows written.
Flush_commands
FLUSH
statements.
Handler_commit
COMMIT
statements.
This variable was added in MySQL 4.0.2.
Handler_discover
NDB Cluster
storage engine if it knows about
a table with a given name. This is called discovery. Handler_discover
indicates the number of time tables have been discovered.
This variable was added in MySQL 4.1.2.
Handler_delete
Handler_read_first
SELECT col1 FROM foo
, assuming that col1
is indexed.
Handler_read_key
Handler_read_next
Handler_read_prev
ORDER BY ... DESC
.
This variable was added in MySQL 3.23.6.
Handler_read_rnd
Handler_read_rnd_next
Handler_rollback
ROLLBACK
statements.
This variable was added in MySQL 4.0.2.
Handler_update
Handler_write
Innodb_buffer_pool_pages_data
Innodb_buffer_pool_pages_dirty
Innodb_buffer_pool_pages_flushed
Innodb_buffer_pool_pages_free
Innodb_buffer_pool_pages_latched
InnoDB
buffer pool. These are pages
currently being read or written or that can't be flushed or removed now
for some other reason.
Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_misc
Innodb_buffer_pool_pages_total
- Innodb_buffer_pool_pages_free
- Innodb_buffer_pool_pages_data
.
Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_total
Innodb_buffer_pool_read_ahead_rnd
InnoDB
initiated. This happens
when a query is to scan a large portion of a table but in random order.
Added in MySQL 5.0.2.
Innodb_buffer_pool_read_ahead_seq
InnoDB
initiated. This happens when
InnoDB
does a sequential full table scan.
Added in MySQL 5.0.2.
Innodb_buffer_pool_read_requests
InnoDB
has done.
Added in MySQL 5.0.2.
Innodb_buffer_pool_reads
InnoDB
could not satisfy from
buffer pool and had to do a single-page read.
Added in MySQL 5.0.2.
Innodb_buffer_pool_wait_free
InnoDB
buffer pool happen in the background.
However, if it's necessary to read or create a page and no clean pages are
available, it's necessary to wait for pages to be flushed first.
This counter counts instances of these waits.
If the buffer pool size was set properly, this value should be small.
Added in MySQL 5.0.2.
Innodb_buffer_pool_write_requests
InnoDB
buffer pool.
Added in MySQL 5.0.2.
Innodb_data_fsyncs
fsync()
operations so far.
Added in MySQL 5.0.2.
Innodb_data_pending_fsyncs
fsync()
operations.
Added in MySQL 5.0.2.
Innodb_data_pending_reads
Innodb_data_pending_writes
Innodb_data_read
Innodb_data_reads
Innodb_data_writes
Innodb_data_written
Innodb_dblwr_writes
Innodb_dblwr_pages_written
Innodb_log_waits
Innodb_log_write_requests
Innodb_log_writes
Innodb_os_log_fsyncs
Innodb_os_log_pending_fsyncs
Innodb_os_log_pending_writes
Innodb_os_log_written
Innodb_page_size
InnoDB
page size (default 16KB). Many values are
counted in pages; the page size allows them to be easily converted to bytes.
Added in MySQL 5.0.2.
Innodb_pages_created
Innodb_pages_read
Innodb_pages_written
Innodb_row_lock_current_waits
Innodb_row_lock_time
Innodb_row_lock_time_avg
Innodb_row_lock_time_max
Innodb_row_lock_waits
Innodb_rows_deleted
InnoDB
tables.
Added in MySQL 5.0.2.
Innodb_rows_inserted
InnoDB
tables.
Added in MySQL 5.0.2.
Innodb_rows_read
InnoDB
tables.
Added in MySQL 5.0.2.
Innodb_rows_updated
InnoDB
tables.
Added in MySQL 5.0.2.
Key_blocks_not_flushed
Not_flushed_key_blocks
.
Key_blocks_unused
key_buffer_size
in
section 5.2.3 Server System Variables.
This variable was added in MySQL 4.1.2.
section 5.2.3 Server System Variables.
Key_blocks_used
Key_read_requests
Key_reads
Key_reads
is big, then your key_buffer_size
value is
probably too small. The cache miss rate can be calculated as
Key_reads
/Key_read_requests
.
Key_write_requests
Key_writes
Last_query_cost
Max_used_connections
Not_flushed_delayed_rows
INSERT DELAY
queues.
Not_flushed_key_blocks
Key_blocks_not_flushed
before MySQL 4.1.1.
Open_files
Open_streams
Open_tables
Opened_tables
Opened_tables
is big, your table_cache
value is probably too small.
Qcache_free_blocks
Qcache_free_memory
Qcache_hits
Qcache_inserts
Qcache_lowmem_prunes
Qcache_not_cached
query_cache_type
).
Qcache_queries_in_cache
Qcache_total_blocks
Questions
Rpl_status
Select_full_join
Select_full_range_join
Select_range
Select_range_check
Select_scan
Slave_open_temp_tables
Slave_running
ON
if this server is a slave that is connected to a master.
This variable was added in MySQL 3.23.16.
Slow_launch_threads
slow_launch_time
seconds to create.
This variable was added in MySQL 3.23.15.
Slow_queries
long_query_time
seconds. See section 5.9.5 The Slow Query Log.
Sort_merge_passes
sort_buffer_size
system variable.
This variable was added in MySQL 3.23.28.
Sort_range
Sort_rows
Sort_scan
Ssl_xxx
Table_locks_immediate
Table_locks_waited
Threads_cached
Threads_connected
Threads_created
Threads_created
is big, you may want to increase the
thread_cache_size
value. The cache hit rate can be calculated
as Threads_created
/Connections
.
This variable was added in MySQL 3.23.31.
Threads_running
Uptime
The server shutdown process can be summarized like this:
A more detailed description of the process follows:
SHUTDOWN
privilege can execute a mysqladmin shutdown
command. mysqladmin
can be used on any platform supported by
MySQL. Other operating sytem-specific shutdown initiation methods are possible
as well: The server shuts down on Unix when it receives a SIGTERM
signal. A server running as a service on Windows shuts down when the services
manager tells it to.
SIGTERM
signal, the signal thread might handle shutdown itself, or it
might create a separate thread to do so. If the server tries to create a
shutdown thread and cannot (for example, if memory is exhausted), it issues a
diagnostic message that will appear in the error log:
Error: Can't create thread to kill server
KILL
Syntax, in particular for the
instructions about killed REPAIR TABLE
or OPTIMIZE TABLE
operations on MyISAM
tables.
For threads that have an open transaction, the tranaction is rolled back.
Note that if a thread is updating a non-transactional table, an operation
such as a multiple-row UPDATE
or INSERT
may leave the table
partially updated, because the operation can terminate before completion.
If the server is a master replication server, threads associated with
currently connected slaves are treated like other client threads. That
is, each one is marked as killed and exits when it next checks its state.
If the server is a slave replication server, the I/O and SQL threads, if
active, are stopped before client threads are marked as killed. The SQL
thread is allowed to finish its current statement (to avoid causing
replication problems) then stops. If the SQL thread was in the middle
of a transaction at this point, the transaction is rolled back.
This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see section 5.5 The MySQL Access Privilege System.
Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, we emphasize the necessity of fully protecting the entire server host (not just the MySQL server) against all types of applicable attacks: eavesdropping, altering, playback, and denial of service. We do not cover all aspects of availability and fault tolerance here.
MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform. There is also some support for SSL-encrypted connections between MySQL clients and servers. Many of the concepts discussed here are not specific to MySQL at all; the same general ideas apply to almost all applications.
When running MySQL, follow these guidelines whenever possible:
root
accounts) access
to the user
table in the mysql
database! This is critical.
The encrypted password is the real password in MySQL. Anyone who
knows the password that is listed in the user
table and has access
to the host listed for the account can easily log in as that user.
GRANT
and
REVOKE
statements are used for controlling access to MySQL. Do
not grant any more privileges than necessary. Never grant privileges to all
hosts.
Checklist:
mysql -u root
. If you are able to connect successfully to the
server without being asked for a password, you have problems. Anyone
can connect to your MySQL server as the MySQL
root
user with full privileges!
Review the MySQL installation instructions, paying particular
attention to the information about setting a root
password.
See section 2.9.3 Securing the Initial MySQL Accounts.
SHOW GRANTS
statement and check to see who has access to
what. Then use the REVOKE
statement to remove those privileges that
are not necessary.
MD5()
, SHA1()
, or
some other one-way hashing function.
nmap
. MySQL uses port 3306 by default. This port should
not be accessible from untrusted hosts. Another simple way to check whether
or not your MySQL port is open is to try the following command
from some remote machine, where server_host
is the host on which
your MySQL server runs:
shell> telnet server_host 3306If you get a connection and some garbage characters, the port is open, and should be closed on your firewall or router, unless you really have a good reason to keep it open. If
telnet
just hangs or the
connection is refused, everything is OK; the port is blocked.
; DROP
DATABASE mysql;
''. This is an extreme example, but large security leaks
and data loss might occur as a result of hackers using similar techniques,
if you do not prepare for them.
A common mistake is to protect only string data values. Remember to check
numeric data as well. If an application generates a query such as
SELECT * FROM table WHERE ID=234
when a user enters the value
234
, the user can enter the value 234 OR 1=1
to cause the
application to generate the query SELECT * FROM table WHERE ID=234 OR
1=1
. As a result, the server retrieves every record in the table. This
exposes every record and causes excessive server load. The simplest way to
protect from this type of attack is to use apostrophes around the numeric
constants: SELECT * FROM table WHERE ID='234'
. If the user enters
extra information, it all becomes part of the string. In numeric context,
MySQL automatically converts this string to a number and strips any trailing
non-numeric characters from it.
Sometimes people think that if a database contains only publicly available
data, it need not be protected. This is incorrect. Even if it is allowable
to display any record in the database, you should still protect against
denial of service attacks (for example, those that are based on the
technique in the preceding paragraph that causes the server to waste
resources). Otherwise, your server becomes unresponsive to legitimate users.
Checklist:
%22
(`"'), %23
(`#'), and %27
(`'') in the URL.
mysql_real_escape_string()
API call.
escape
and quote
modifiers for query streams.
mysql_escape_string()
function, which
is based on the function of the same name in the MySQL C API.
Prior to PHP 4.0.3, use addslashes()
instead.
quote()
method or use placeholders.
PreparedStatement
object and placeholders.
tcpdump
and strings
utilities. For most cases,
you can check whether MySQL data streams are unencrypted
by issuing a command like the following:
shell> tcpdump -l -i eth0 -w - src or dst port 3306 | strings(This works under Linux and should work with small modifications under other systems.) Warning: If you do not see plaintext data, this doesn't always mean that the information actually is encrypted. If you need high security, you should consult with a security expert.
When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure. If you are using an older version of MySQL, or are still using pre-4.1.1-style passwords, the encryption algorithm is less strong and with some effort a clever attacker who can sniff the traffic between the client and the server can crack the password. (See section 5.5.9 Password Hashing in MySQL 4.1 for a discussion of the different password handling methods.) If the connection between the client and the server goes through an untrusted network, you should use an SSH tunnel to encrypt the communication.
All other information is transferred as text that can be read by anyone who is able to watch the connection. If you are concerned about this, you can use the compressed protocol (in MySQL 3.22 and above) to make traffic much more difficult to decipher. To make the connection even more secure, you should use SSH to get an encrypted TCP/IP connection between a MySQL server and a MySQL client. You can find an Open Source SSH client at http://www.openssh.org/, and a commercial SSH client at http://www.ssh.com/.
If you are using MySQL 4.0 or newer, you can also use internal OpenSSL support. See section 5.6.7 Using Secure Connections.
To make a MySQL system secure, you should strongly consider the following suggestions:
mysql
program to connect as any other
person simply by invoking it as mysql -u other_user db_name
if
other_user has no password. If all users have a password,
connecting using another user's account becomes much more difficult.
To change the password for a user, use the SET PASSWORD
statement.
It is also possible to update the user
table in the mysql
database directly. For example, to change the password of all MySQL accounts
that have a username of root
, do this:
shell> mysql -u root mysql> UPDATE mysql.user SET Password=PASSWORD('newpwd') -> WHERE User='root'; mysql> FLUSH PRIVILEGES;
root
user. This is
very dangerous, because any user with the FILE
privilege will be able
to create files as root
(for example, ~root/.bashrc
). To
prevent this, mysqld
refuses to run as root
unless that
is specified explicitly using a --user=root
option.
mysqld
can be run as an ordinary unprivileged user instead.
You can also create a separate Unix account named mysql
to make
everything even more secure. Use the account only for administering MySQL.
To start mysqld
as another Unix user, add a user
option that specifies the username to the [mysqld]
group of the
`/etc/my.cnf' option file or the `my.cnf' option file in the
server's data directory. For example:
[mysqld] user=mysqlThis causes the server to start as the designated user whether you start it manually or by using
mysqld_safe
or mysql.server
.
For more details, see section A.3.2 How to Run MySQL as a Normal User.
Running mysqld
as a Unix user other than root
does not
mean that you need to change the root
username in the user
table. Usernames for MySQL accounts have nothing to do with usernames for Unix
accounts.
--skip-symbolic-links
option.) This is especially important if you run
mysqld
as root
, because anyone that has write access to the
server's data directory then could delete any file in the system!
See section 7.6.1.2 Using Symbolic Links for Tables on Unix.
mysqld
runs as.
PROCESS
or SUPER
privilege to non-administrative users.
The output of mysqladmin processlist
shows the text of the currently
executing queries, so any user who is allowed to execute that command
might be able to see if another user issues an UPDATE user SET
password=PASSWORD('not_secure')
query.
mysqld
reserves an extra connection for users who have the
SUPER
privilege (PROCESS
before MySQL 4.0.2), so that a MySQL
root
user can log in and check server activity even if all normal
connections are in use.
The SUPER
privilege
can be used to terminate client connections, change server operation by
changing the value of system variables, and control replication servers.
FILE
privilege to non-administrative users.
Any user that has this privilege can write a file anywhere in the
filesystem with the privileges of the mysqld
daemon! To make
this a bit safer, files generated with SELECT ... INTO OUTFILE
will not overwrite existing files and are writable by everyone.
The FILE
privilege may also be used to read any file that is
world-readable or accessible to the Unix user that the server runs as.
With this privilege, you can read any file into a database table.
This could be abused, for example, by using LOAD DATA
to load
`/etc/passwd' into a table, which then can be displayed with
SELECT
.
max_user_connections
variable in
mysqld
.
The GRANT
statement also supports resource control options for limiting
the extent of server use allowed to an account.
mysqld
Concerning Security
The following mysqld
options affect security:
--local-infile[={0|1}]
--local-infile=0
, clients cannot use
LOCAL
in LOAD DATA
statements.
See section 5.4.4 Security Issues with LOAD DATA LOCAL
.
--safe-show-database
SHOW DATABASES
statement displays the names
of only those databases for which the user has some kind of privilege.
As of MySQL 4.0.2, this option is deprecated and doesn't do anything
(it is enabled by default), because there is now a SHOW DATABASES
privilege that can be used to control access to database
names on a per-account basis. See section 13.5.1.2 GRANT
and REVOKE
Syntax.
--safe-user-create
GRANT
statement unless the user has the INSERT
privilege for the
mysql.user
table. If you want a user to have the ability to create
new users with those privileges that the user has right to grant, you should
grant the user the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';This will ensure that the user can't change any privilege columns directly, but has to use the
GRANT
statement to give privileges to other users.
--secure-auth
--skip-grant-tables
mysqladmin
flush-privileges
or mysqladmin reload
command, or by issuing a
FLUSH PRIVILEGES
statement.)
--skip-name-resolve
Host
column values in the grant
tables must be IP numbers or localhost
.
--skip-networking
mysqld
must be made via Unix socket files.
This option is unsuitable when using a MySQL version prior to 3.23.27 with
the MIT-pthreads package, because Unix socket files were not supported by
MIT-pthreads at that time.
--skip-show-database
SHOW DATABASES
statement is allowed only to
users who have the SHOW DATABASES
privilege, and the statement
displays all database names. Without this option, SHOW DATABASES
is
allowed to all users, but displays each database name only if the user has
the SHOW DATABASES
privilege or some privilege for the database.
LOAD DATA LOCAL
The LOAD DATA
statement can load a file that is located on the
server host, or it can load a file that is located on the client host when
the LOCAL
keyword is specified.
There are two potential security issues with supporting the LOCAL
version of LOAD DATA
statements:
LOAD DATA
statement. Such a
server could access any file on the client host to which the client user has
read access.
LOAD DATA LOCAL
to read any files
that the Web server process has read access to (assuming that a user could
run any command against the SQL server). In this environment, the client with
respect to the MySQL server actually is the Web server, not the program being
run by the user connecting to the Web server.
To deal with these problems, we changed how LOAD DATA
LOCAL
is handled as of MySQL 3.23.49 and MySQL 4.0.2 (4.0.13 on Windows):
--enable-local-infile
option, to be compatible
with MySQL 3.23.48 and before.
--enable-local-infile
option to configure
, LOAD DATA LOCAL
cannot be used
by any client unless it is written explicitly to invoke
mysql_options(... MYSQL_OPT_LOCAL_INFILE, 0)
.
See section 21.2.3.41 mysql_options()
.
LOAD DATA LOCAL
commands from the server side
by starting mysqld
with the --local-infile=0
option.
mysql
command-line client, LOAD DATA LOCAL
can be
enabled by specifying the --local-infile[=1]
option, or disabled with
the --local-infile=0
option. Similarly, for mysqlimport
,
the --local
or -L
option enables local data file loading. In
any case, successful use of a local loading operation requires that the
server is enabled to allow it.
LOAD DATA LOCAL
in Perl scripts or other programs that
read the [client]
group from option files, you can add the
local-infile=1
option to that group. However, to keep this from
causing problems for programs that do not understand local-infile
,
specify it using the loose-
prefix:
[client] loose-local-infile=1The
loose-
prefix can be used as of MySQL 4.0.2.
LOAD DATA LOCAL INFILE
is disabled, either in the server or
the client, a client that attempts to issue such a statement receives the
following error message:
ERROR 1148: The used command is not allowed with this MySQL version
MySQL has an advanced but non-standard security/privilege system. This section describes how it works.
The primary function of the MySQL privilege system is to
authenticate a user connecting from a given host, and to associate that user
with privileges on a database such as
SELECT
, INSERT
, UPDATE
, and DELETE
.
Additional functionality includes the ability to have an anonymous user and
to grant privileges for MySQL-specific functions such as LOAD
DATA INFILE
and administrative operations.
The MySQL privilege system ensures that all users may perform only the operations allowed to them. As a user, when you connect to a MySQL server, your identity is determined by the host from which you connect and the username you specify. The system grants privileges according to your identity and what you want to do.
MySQL considers both your hostname and username in identifying you
because there is little reason to assume that a given username belongs to
the same person everywhere on the Internet. For example, the user
joe
who connects from office.com
need not be the same
person as the user joe
who connects from elsewhere.com
.
MySQL handles this by allowing you to distinguish users on different
hosts that happen to have the same name: You can grant joe
one set
of privileges for connections from office.com
, and a different set
of privileges for connections from elsewhere.com
.
MySQL access control involves two stages:
SELECT
privilege for the table or the DROP
privilege for the database.
If your privileges are changed (either by yourself or someone else) while you are connected, those changes will not necessarily take effect immediately for the next statement you issue. See section 5.5.7 When Privilege Changes Take Effect for details.
The server stores privilege information in the grant tables of the
mysql
database (that is, in the database named mysql
).
The MySQL server reads the contents of these tables into memory when it
starts and re-reads them under the circumstances indicated in section 5.5.7 When Privilege Changes Take Effect. Access-control decisions are based on the in-memory copies of the
grant tables.
Normally, you manipulate the contents of the grant tables indirectly by using
the GRANT
and REVOKE
statements to set up accounts and control
the privileges available to each one.
See section 13.5.1.2 GRANT
and REVOKE
Syntax.
The discussion here describes the underlying structure of the grant tables and
how the server uses their contents when interacting with clients.
The server uses the user
, db
, and host
tables in the
mysql
database at both stages of access control. The columns in these
grant tables are shown here:
Table Name | user | db | host |
Scope columns | Host | Host | Host
|
User | Db | Db
| |
Password | User | ||
Privilege columns | Select_priv | Select_priv | Select_priv
|
Insert_priv | Insert_priv | Insert_priv
| |
Update_priv | Update_priv | Update_priv
| |
Delete_priv | Delete_priv | Delete_priv
| |
Index_priv | Index_priv | Index_priv
| |
Alter_priv | Alter_priv | Alter_priv
| |
Create_priv | Create_priv | Create_priv
| |
Drop_priv | Drop_priv | Drop_priv
| |
Grant_priv | Grant_priv | Grant_priv
| |
Create_view_priv | Create_view_priv | Create_view_priv
| |
Show_view_priv | Show_view_priv | Show_view_priv
| |
References_priv | References_priv | References_priv
| |
Reload_priv | |||
Shutdown_priv | |||
Process_priv | |||
File_priv | |||
Show_db_priv | |||
Super_priv | |||
Create_tmp_table_priv | Create_tmp_table_priv | Create_tmp_table_priv
| |
Lock_tables_priv | Lock_tables_priv | Lock_tables_priv
| |
Execute_priv | |||
Repl_slave_priv | |||
Repl_client_priv | |||
ssl_type | |||
ssl_cipher | |||
x509_issuer | |||
x509_subject | |||
max_questions | |||
max_updates | |||
max_connections |
The
ssl_type
,
ssl_cipher
,
x509_issuer
, and
x509_subject
columns were added in MySQL 4.0.0.
The
Create_tmp_table_priv
,
Execute_priv
,
Lock_tables_priv
,
Repl_client_priv
,
Repl_slave_priv
,
Show_db_priv
,
Super_priv
,
max_questions
,
max_updates
, and
max_connections
columns were added in MySQL 4.0.2.
The Create_view_priv
and Show_view_priv
columns were added in
MySQL 5.0.1.
During the second stage of access control (request verification), the server
may, if the request involves tables, additionally consult the
tables_priv
and columns_priv
tables that provide finer control
at the table and column levels. The columns in these
tables are shown here:
Table Name | tables_priv | columns_priv |
Scope columns | Host | Host
|
Db | Db
| |
User | User
| |
Table_name | Table_name
| |
Column_name
| ||
Privilege columns | Table_priv | Column_priv
|
Column_priv | ||
Other columns | Timestamp | Timestamp
|
Grantor |
The Timestamp
and Grantor
columns currently are unused and are
discussed no further here.
Each grant table contains scope columns and privilege columns:
user
table entry
with Host
and User
values of 'thomas.loc.gov'
and
'bob'
would be used for authenticating connections made to the server
from the host thomas.loc.gov
by a client that specifies a username of
bob
. Similarly, a db
table entry with Host
, User
, and Db
column values of
'thomas.loc.gov'
, 'bob'
and 'reports'
would be used when
bob
connects from the host thomas.loc.gov
to access the
reports
database. The tables_priv
and columns_priv
tables contain scope columns indicating tables or table/column combinations
to which each entry applies.
Scope columns contain strings. They are declared as shown here; the default value for each is the empty string:
Column Name | Type |
Host | CHAR(60)
|
User | CHAR(16)
|
Password | CHAR(16)
|
Db | CHAR(64)
|
Table_name | CHAR(60)
|
Column_name | CHAR(60)
|
Before MySQL 3.23, the Db
column is CHAR(32)
in some tables
and CHAR(60)
in others.
For access-checking purposes, comparisons of Host
values are
case-insensitive. User
, Password
, Db
, and
Table_name
values are case sensitive.
Column_name
values are case insensitive in MySQL
3.22.12 or later.
In the user
, db
, and host
tables, each privilege
is listed in a separate column that is declared as
ENUM('N','Y') DEFAULT 'N'
. In other words, each privilege can be disabled
or enabled, with the default being disabled.
In the tables_priv
and columns_priv
tables, the privilege
columns are declared as SET
columns. Values in these columns can
contain any combination of the privileges controlled by the table:
Table Name | Column Name | Possible Set Elements |
tables_priv
| Table_priv
| 'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Grant', 'References', 'Index', 'Alter'
|
tables_priv
| Column_priv
| 'Select', 'Insert', 'Update', 'References'
|
columns_priv
| Column_priv
| 'Select', 'Insert', 'Update', 'References'
|
Briefly, the server uses the grant tables as follows:
user
table scope columns determine whether to reject or allow
incoming connections. For allowed connections, any privileges granted in
the user
table indicate the user's global (superuser) privileges.
These privileges apply to all databases on the server.
db
table scope columns determine which users can access which
databases from which hosts. The privilege columns determine which operations
are allowed. A privilege granted at the database level applies to the database
and to all its tables.
host
table is used in conjunction with the db
table when you
want a given db
table entry to apply to several hosts. For example,
if you want a user to be able to use a database from several hosts in
your network, leave the Host
value empty in the user's db
table
entry, then populate the host
table with an entry for each of those
hosts. This mechanism is described more detail in section 5.5.6 Access Control, Stage 2: Request Verification.
Note: The host
table is not affected by the GRANT
and
REVOKE
statements. Most MySQL installations need not use this table at
all.
tables_priv
and columns_priv
tables are similar to
the db
table, but are more fine-grained: They apply at the
table and column levels rather than at the database level.
A privilege granted at the table level applies to the table and to all its
columns.
A privilege granted at the column level applies only to a specific column.
Administrative privileges (such as RELOAD
or SHUTDOWN
)
are specified only in the user
table. This is because
administrative operations are operations on the server itself and are not
database-specific, so there is no reason to list these privileges in the
other grant tables. In fact, to determine whether you can perform an
administrative operation, the server need consult only the user
table.
The FILE
privilege also is specified only in the user
table.
It is not an administrative privilege as such, but your ability to read or
write files on the server host is independent of the database you are
accessing.
The mysqld
server reads the contents of the grant tables into memory
when it starts. You can tell it to re-read the tables by issuing a FLUSH
PRIVILEGES
statement or executing a mysqladmin flush-privileges
or
mysqladmin reload
command.
Changes to the grant tables take effect as indicated in
section 5.5.7 When Privilege Changes Take Effect.
When you modify the contents of the grant tables, it is a good idea to make
sure that your changes set up privileges the way you want. One way to check
the privileges for a given account is to use the SHOW GRANTS
statement.
For example, to determine the privileges that are granted to an account with
Host
and User
values of pc84.example.com
and bob
,
issue this statement:
mysql> SHOW GRANTS FOR 'bob'@'pc84.example.com';
A useful
diagnostic tool is the mysqlaccess
script, which Yves Carlier has
provided for the MySQL distribution. Invoke mysqlaccess
with
the --help
option to find out how it works.
Note that mysqlaccess
checks access using only the user
,
db
, and host
tables. It does not check table or column
privileges specified in the tables_priv
or columns_priv
tables.
For additional help in diagnosing privilege-related problems, see
section 5.5.8 Causes of Access denied
Errors. For general advice on security issues, see
section 5.4 General Security Issues.
Information about account privileges is stored in the user
, db
,
host
, tables_priv
, and columns_priv
tables in the
mysql
database. The MySQL server reads the contents of these
tables into memory when it starts and re-reads them under the circumstances
indicated in section 5.5.7 When Privilege Changes Take Effect. Access-control decisions are based
on the in-memory copies of the grant tables.
The names used in this manual to refer to the privileges provided by
MySQL are shown in the following table, along with the table column name
associated with each privilege in the grant tables and the context in
which the privilege applies. Further information about the meaning of
each privilege may be found at section 13.5.1.2 GRANT
and REVOKE
Syntax.
Privilege | Column | Context |
ALTER | Alter_priv | tables |
DELETE | Delete_priv | tables |
INDEX | Index_priv | tables |
INSERT | Insert_priv | tables |
SELECT | Select_priv | tables |
UPDATE | Update_priv | tables |
CREATE | Create_priv | databases, tables, or indexes |
DROP | Drop_priv | databases or tables |
GRANT | Grant_priv | databases or tables |
REFERENCES | References_priv | databases or tables |
CREATE TEMPORARY TABLES | Create_tmp_table_priv | server administration |
EXECUTE | Execute_priv | server administration |
FILE | File_priv | file access on server host |
LOCK TABLES | Lock_tables_priv | server administration |
PROCESS | Process_priv | server administration |
RELOAD | Reload_priv | server administration |
REPLICATION CLIENT | Repl_client_priv | server administration |
REPLICATION SLAVE | Repl_slave_priv | server administration |
SHOW DATABASES | Show_db_priv | server administration |
SHUTDOWN | Shutdown_priv | server administration |
SUPER | Super_priv | server administration |
The CREATE TEMPORARY TABLES
, EXECUTE
, LOCK TABLES
,
REPLICATION CLIENT
, REPLICATION SLAVE
, SHOW DATABASES
,
and SUPER
privileges were added in MySQL 4.0.2.
The EXECUTE
and REFERENCES
privileges currently are unused.
The SELECT
, INSERT
, UPDATE
, and DELETE
privileges allow you to perform operations on rows in existing tables in
a database.
SELECT
statements require the SELECT
privilege only if they
actually retrieve rows from a table. Some SELECT
statements do not
access tables and can be executed without permission for any database.
For example, you can use the mysql
client as a simple calculator
to evaluate expressions that make no reference to tables:
mysql> SELECT 1+1; mysql> SELECT PI()*2;
The CREATE
and DROP
privileges allow you to create new
databases and tables, or to drop (remove) existing databases and tables.
If you grant the DROP
privilege for the mysql
database to a user, that user can drop the database in which the
MySQL access privileges are stored!
The INDEX
privilege allows you to create or drop (remove) indexes.
INDEX
applies to existing tables.
If you have the CREATE
privilege for a table, you can include index
definitions in the CREATE TABLE
statement.
The ALTER
privilege allows you to use ALTER TABLE
to change the
structure of or rename tables.
The GRANT
privilege allows you to give to other users those
privileges that you yourself possess.
The FILE
privilege gives you permission to read and write files on
the server host using the LOAD DATA INFILE
and SELECT ... INTO
OUTFILE
statements. A user who has the FILE
privilege can read any
file on the server host that is either world-readable or readable by the MySQL
server. (This implies the user can read any file in any database
directory, because the server can access any of those files.)
The FILE
privilege also allows the user to create new files in any
directory where the MySQL server has write access. Existing files cannot be
overwritten.
The remaining privileges are used for administrative operations. Many of
them can be performed by using the mysqladmin
program or by
issuing SQL statements. The following table shows which mysqladmin
commands each administrative privilege allows you to execute:
Privilege | Commands Permitted to Privilege Holders |
RELOAD | flush-hosts , flush-logs , flush-privileges , flush-status , flush-tables , flush-threads , refresh , reload
|
SHUTDOWN | shutdown
|
PROCESS | processlist
|
SUPER | kill
|
The reload
command tells the server to re-read the grant tables
into memory. flush-privileges
is a synonym for reload
.
The refresh
command closes and reopens the log files and flushes
all tables. The other flush-xxx
commands perform functions similar to
refresh
, but are more specific and may be preferable in some instances.
For example, if you want to flush just the log files, flush-logs
is a better choice than refresh
.
The shutdown
command shuts down the server. This command can be issued
only from mysqladmin
. There is no corresponding SQL statement.
The processlist
command displays information about the threads
executing within the server (that is, about the statements being executed by
clients associated with other accounts).
The kill
command terminates server threads.
You can always display or kill your own threads, but you need the
PROCESS
privilege to display threads initiated by other users and
the SUPER
privilege to kill them.
See section 13.5.5.3 KILL
Syntax. Prior to MySQL 4.0.2 when SUPER
was
introduced, the PROCESS
privilege controls the ability to both see and
terminate threads for other clients.
The CREATE TEMPORARY TABLES
privilege allows the use of the keyword
TEMPORARY
in CREATE TABLE
statements.
The LOCK TABLES
privilege allows the use of explicit LOCK TABLES
statements to lock tables for which you have the SELECT
privilege.
This includes the use of write locks, which prevents anyone else from reading
the locked table.
The REPLICATION CLIENT
privilege allows the use of SHOW MASTER
STATUS
and SHOW SLAVE STATUS
.
The REPLICATION SLAVE
privilege should be granted to accounts that are
used by slave servers when they connect to the current server as their master.
Without this privilege, the slave cannot request updates that have been made
to databases on the master server.
The SHOW DATABASES
privilege allows the account to see database names
by issuing the SHOW DATABASE
statement. Accounts that do not have this
privilege see only databases for which they have some privileges, and cannot
use the statement at all if the server was started with the
--skip-show-database
option.
It is a good idea in general to grant privileges to only those accounts that need them, but you should exercise particular caution in granting administrative privileges:
GRANT
privilege allows users to give their privileges to
other users. Two users with different privileges and with the GRANT
privilege are able to combine privileges.
ALTER
privilege may be used to subvert the privilege system
by renaming tables.
FILE
privilege can be abused to read into a database table any
files that the MySQL server can read on the server host. This includes all
world-readable files and files in the server's data directory. The table
can then be accessed using SELECT
to transfer its contents to the
client host.
SHUTDOWN
privilege can be abused to deny service to other
users entirely by terminating the server.
PROCESS
privilege can be used to view the plain text of
currently executing queries, including queries that set or change passwords.
SUPER
privilege can be used to terminate other clients or change
how the server operates.
mysql
database itself can be used to
change passwords and other access privilege information. Passwords are
stored encrypted, so a malicious user cannot simply read them to know the
plain text password. However, a user with write access to the user
table Password
column can change an account's password, and then
connect to the MySQL server using that account.
There are some things that you cannot do with the MySQL privilege system:
MySQL client programs generally expect you to specify connection parameters when you want to access a MySQL server:
For example, the
mysql
client can be started as follows from a command-line prompt
(indicated here by shell>
):
shell> mysql -h host_name -u user_name -pyour_pass
Alternate forms of the -h
, -u
, and -p
options are
--host=host_name
, --user=user_name
, and
--password=your_pass
. Note that there is no space between
-p
or --password=
and the password following it.
If you use a -p
or --password
option but do not specify the
password value, the client program will prompt you to enter the password.
The password is not displayed as you enter it.
This is more secure than giving the password on the command line.
Any user on your system may be able to see a password specified on the command
line by executing a command such as ps auxww
.
See section 5.6.6 Keeping Your Password Secure.
MySQL client programs use default values for any connection parameter option that you do not specify:
localhost
.
ODBC
on Windows and your Unix login name
on Unix.
-p
is missing.
Thus, for a Unix user with a login name of joe
, all of the following
commands are equivalent:
shell> mysql -h localhost -u joe shell> mysql -h localhost shell> mysql -u joe shell> mysql
Other MySQL clients behave similarly.
You can specify different default values to be used when you make a connection so that you need not enter them on the command line each time you invoke a client program. This can be done in a couple of ways:
[client]
section of an
option file. The relevant section of the file might look like this:
[client] host=host_name user=user_name password=your_passOption files are discussed further in section 4.3.2 Using Option Files.
mysql
using MYSQL_HOST
. The
MySQL username can be specified using USER
(this is for
Windows and NetWare only). The password can be specified using
MYSQL_PWD
,
although this is insecure; see section 5.6.6 Keeping Your Password Secure.
For a list of variables, see section F Environment Variables.
When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password. If not, the server denies access to you completely. Otherwise, the server accepts the connection, then enters Stage 2 and waits for requests.
Your identity is based on two pieces of information:
Identity checking is performed using the three user
table scope columns
(Host
, User
, and Password
). The server accepts the
connection only if the Host
and User
columns in some
user
table record match the client hostname and username,
and the client supplies the password specified in that record.
Host
values in the user
table may be specified as follows:
Host
value may be a hostname or an IP number, or 'localhost'
to indicate the local host.
Host
column values.
These have the same meaning as for pattern-matching operations
performed with the LIKE
operator.
For example, a Host
value of '%'
matches any hostname, whereas a
value of '%.mysql.com'
matches any host in the mysql.com
domain.
Host
values specified as
IP numbers, you can specify a netmask indicating how many address bits to
use for the network number. For example:
mysql> GRANT ALL PRIVILEGES ON db.* -> TO david@'192.58.197.0/255.255.255.0';This allows
david
to connect from any client host having an IP number
client_ip
for which the following condition is true:
client_ip & netmask = host_ipThat is, for the
GRANT
statement just shown:
client_ip & 255.255.255.0 = 192.58.197.0IP numbers that satisfy this condition and can connect to the MySQL server are those that lie in the range from
192.58.197.0
to
192.58.197.255
.
Host
value in a db
table record means that its
privileges should be combined with those in the entry in the host
table that matches the client hostname. The privileges are combined
using an AND (intersection) operation, not OR (union). You can find more
information about the host
table in section 5.5.6 Access Control, Stage 2: Request Verification.
A blank Host
value in the other grant tables is the same as '%'
.
Because you can use IP wildcard values in the Host
column
(for example, '144.155.166.%'
to match every host on a
subnet), someone could try to exploit this capability by naming a host
144.155.166.somewhere.com
. To foil such attempts, MySQL disallows
matching on hostnames that start with digits and a dot. Thus, if you have
a host named something like 1.2.foo.com
, its name will never match
the Host
column of the grant tables. An IP wildcard value can
match only IP numbers, not hostnames.
In the User
column, wildcard characters are not allowed, but you can
specify a blank value, which matches any name. If the user
table
entry that matches an incoming connection has a blank username, the user is
considered to be an anonymous user with no name, not a user with the
name that the client actually specified. This means that a blank username
is used for all further access checking for the duration of the connection
(that is, during Stage 2).
The Password
column can be blank. This is not a wildcard and does
not mean that any password matches. It means that the user must connect
without specifying a password.
Non-blank Password
values in the user
table represent
encrypted passwords. MySQL does not store passwords in plaintext form for
anyone to see. Rather, the password supplied by a user who is attempting to
connect is encrypted (using the PASSWORD()
function). The encrypted
password then is used during the connection process when checking whether
the password is correct. (This is done without the encrypted password ever
traveling over the connection.) From MySQL's point of view, the
encrypted password is the REAL password, so you should not give anyone
access to it! In particular, don't give non-administrative users read
access to the tables in the mysql
database!
From version 4.1 on, MySQL employs a stronger authentication method that has
better password protection during the connection process than in earlier
versions. It is secure even if TCP/IP packets are sniffed or the
mysql
database is captured. Password encryption is discussed further
in section 5.5.9 Password Hashing in MySQL 4.1.
The following examples show how various combinations of Host
and
User
values in the user
table apply to incoming
connections:
Host Value | User Value | Connections Matched by Entry |
'thomas.loc.gov' | 'fred' | fred , connecting from thomas.loc.gov
|
'thomas.loc.gov' | '' | Any user, connecting from thomas.loc.gov
|
'%' | 'fred' | fred , connecting from any host
|
'%' | '' | Any user, connecting from any host |
'%.loc.gov' | 'fred' | fred , connecting from any host in the loc.gov domain
|
'x.y.%' | 'fred' | fred , connecting from x.y.net , x.y.com , x.y.edu , and so on. (this is probably not useful)
|
'144.155.166.177' | 'fred' | fred , connecting from the host with IP address 144.155.166.177
|
'144.155.166.%' | 'fred' | fred , connecting from any host in the 144.155.166 class C subnet
|
'144.155.166.0/255.255.255.0' | 'fred' | Same as previous example |
It is possible for the client hostname and username of
an incoming connection to match more than one entry in the
user
table. The preceding set of examples demonstrates this:
Several of the entries shown match a connection from thomas.loc.gov
by
fred
.
When multiple matches are possible, the server must determine which of them to use. It resolves this issue as follows:
user
table into memory, it sorts the
entries.
To see how this works, suppose that the user
table looks like this:
+-----------+----------+- | Host | User | ... +-----------+----------+- | % | root | ... | % | jeffrey | ... | localhost | root | ... | localhost | | ... +-----------+----------+-
When the server reads in the table, it orders the entries with the
most-specific Host
values first. Literal hostnames and IP numbers
are the most specific. The pattern '%'
means ``any host'' and is
least specific. Entries with the same Host
value are ordered with
the most-specific User
values first (a blank User
value means
``any user'' and is least specific). For the user
table just shown,
the result after sorting looks like this:
+-----------+----------+- | Host | User | ... +-----------+----------+- | localhost | root | ... | localhost | | ... | % | jeffrey | ... | % | root | ... +-----------+----------+-
When a client attempts to connect, the server looks through the sorted entries
and uses the first match found. For a connection from localhost
by
jeffrey
, two of the entries in the table match:
the one with Host
and User
values of 'localhost'
and
''
, and the one with values of '%'
and 'jeffrey'
.
The 'localhost'
entry appears first in sorted order, so that is the one
the server uses.
Here is another example. Suppose that the user
table looks like this:
+----------------+----------+- | Host | User | ... +----------------+----------+- | % | jeffrey | ... | thomas.loc.gov | | ... +----------------+----------+-
The sorted table looks like this:
+----------------+----------+- | Host | User | ... +----------------+----------+- | thomas.loc.gov | | ... | % | jeffrey | ... +----------------+----------+-
A connection by jeffrey
from thomas.loc.gov
is matched by the
first entry, whereas a connection by jeffrey
from whitehouse.gov
is matched by the second.
It is a common misconception to think that, for a given username, all entries
that explicitly name that user will be used first when the server attempts to
find a match for the connection. This is simply not true. The previous
example illustrates this, where a connection from thomas.loc.gov
by
jeffrey
is first matched not by the entry containing 'jeffrey'
as the User
column value, but by the entry with no username!
As a result, jeffrey
will be authenticated as an anonymous user, even
though he specified a username when connecting.
If you are able to connect to the server, but your privileges are not
what you expect, you probably are being authenticated as some other
account. To find out what account the server used to authenticate
you, use the CURRENT_USER()
function. It returns a value in
user_name@host_name
format that indicates the User
and Host
values from the matching user
table record.
Suppose that jeffrey
connects and issues the following query:
mysql> SELECT CURRENT_USER(); +----------------+ | CURRENT_USER() | +----------------+ | @localhost | +----------------+
The result shown here indicates that the matching user
table entry
had a blank User
column value. In other words, the server is
treating jeffrey
as an anonymous user.
The CURRENT_USER()
function is available as of MySQL 4.0.6.
See section 12.8.3 Information Functions.
Another thing you can do to diagnose authentication problems is to print
out the user
table and sort it by hand to see where the first
match is being made.
Once you establish a connection, the server enters Stage 2 of access
control. For each request that comes in on the connection, the server
determines what operation you want to perform, then checks whether you have
sufficient privileges to do so. This is where the privilege columns in the
grant tables come into play. These privileges can come from any of the
user
, db
, host
, tables_priv
, or
columns_priv
tables. (You may find it helpful to refer to
section 5.5.2 How the Privilege System Works, which lists the columns present in each of the grant
tables.)
The user
table grants privileges that are assigned to you on a global
basis and that apply no matter what the current database is. For example, if
the user
table grants you the DELETE
privilege, you can
delete rows from any table in any database on the server host! In other words,
user
table privileges are superuser privileges. It is wise to grant
privileges in the user
table only to superusers such as
database administrators. For other users, you should leave the privileges
in the user
table set to 'N'
and grant privileges at more
specific levels only. You can grant privileges for particular databases,
tables, or columns.
The db
and host
tables grant database-specific privileges.
Values in the scope columns of these tables can take the following forms:
Host
and Db
columns of either table. These have the same meaning as for
pattern-matching operations performed with the LIKE
operator. If you
want to use either character literally when granting privileges, you must
escape it with a backslash. For example, to include `_' character
as part of a database name, specify it as `\_' in the GRANT
statement.
'%'
Host
value in the db
table means ``any host.'' A
blank Host
value in the db
table means ``consult the
host
table for further information'' (a process that is described later
in this section).
'%'
or blank Host
value in the host
table means ``any
host.''
'%'
or blank Db
value in either table means ``any database.''
User
value in either table matches the anonymous user.
The server reads in and sorts the db
and host
tables at the
same time that it reads the user
table. The server sorts the db
table based on the Host
, Db
, and User
scope columns,
and sorts the host
table based on the Host
and Db
scope columns. As with the user
table, sorting puts the
most-specific values first and least-specific values last, and when the
server looks for matching entries, it uses the first match that it finds.
The tables_priv
and columns_priv
tables grant table-specific and
column-specific privileges. Values in the scope columns of these tables can
take the following form:
Host
column of either table. These have the same meaning as for pattern-matching
operations performed with the LIKE
operator.
'%'
or blank Host
value in either table means ``any host.''
Db
, Table_name
, and Column_name
columns cannot contain
wildcards or be blank in either table.
The server sorts the tables_priv
and columns_priv
tables based
on the Host
, Db
, and User
columns. This is similar to
db
table sorting, but simpler because only the Host
column can
contain wildcards.
The request verification process is described here. (If you are familiar with the access-checking source code, you will notice that the description here differs slightly from the algorithm used in the code. The description is equivalent to what the code actually does; it differs only to make the explanation simpler.)
For requests that require administrative privileges such as SHUTDOWN
or
RELOAD
, the
server checks only the user
table entry because that is the only table
that specifies administrative privileges. Access is granted if the entry
allows the requested operation and denied otherwise. For example, if you
want to execute mysqladmin shutdown
but your user
table entry
doesn't grant the SHUTDOWN
privilege to you, the server denies access
without even checking the db
or host
tables. (They
contain no Shutdown_priv
column, so there is no need to do so.)
For database-related requests (INSERT
, UPDATE
, and so on), the
server first checks the user's global (superuser) privileges by looking in
the user
table entry. If the entry allows the requested operation,
access is granted. If the global privileges in the user
table are
insufficient, the server determines the user's database-specific privileges
by checking the db
and host
tables:
db
table for a match on the Host
,
Db
, and User
columns. The Host
and User
columns are
matched to the connecting user's hostname and MySQL username. The
Db
column is matched to the database that the user wants to access. If
there is no entry for the Host
and User
, access is denied.
db
table entry and its Host
column is
not blank, that entry defines the user's database-specific privileges.
db
table entry's Host
column is blank, it
signifies that the host
table enumerates which hosts should be allowed
access to the database. In this case, a further lookup is done in the
host
table to find a match on the Host
and Db
columns.
If no host
table entry matches, access is denied. If there is a
match, the user's database-specific privileges are computed as the
intersection (not the union!) of the privileges in the db
and
host
table entries; that is, the privileges that are 'Y'
in both
entries. (This way you can grant general privileges in the db
table
entry and then selectively restrict them on a host-by-host basis using the
host
table entries.)
After determining the database-specific privileges granted by the db
and host
table entries, the server adds them to the global privileges
granted by the user
table. If the result allows the requested
operation, access is granted. Otherwise, the server successively
checks the user's table and column privileges in the tables_priv
and columns_priv
tables, adds those to the user's privileges,
and allows or denies access based on the result.
Expressed in boolean terms, the preceding description of how a user's privileges are calculated may be summarized like this:
global privileges OR (database privileges AND host privileges) OR table privileges OR column privileges
It may not be apparent why, if the global user
entry privileges are
initially found to be insufficient for the requested operation, the server
adds those privileges to the database, table, and column privileges
later. The reason is that a request might require more than one type of
privilege. For example, if you execute an INSERT INTO ... SELECT
statement, you need both the INSERT
and the SELECT
privileges.
Your privileges might be such that the user
table entry grants one
privilege and the db
table entry grants the other. In this case, you
have the necessary privileges to perform the request, but the server cannot
tell that from either table by itself; the privileges granted by the entries
in both tables must be combined.
The host
table is not affected by the GRANT
or REVOKE
statements, so it is unused in most MySQL installations. If you modify
it directly, you can use it for some specialized purposes, such as to
maintain a list of secure servers. For example, at TcX, the host
table contains a list of all machines on the local network. These are
granted all privileges.
You can also use the host
table to indicate hosts that are not
secure. Suppose that you have a machine public.your.domain
that is located
in a public area that you do not consider secure. You can allow access to
all hosts on your network except that machine by using host
table
entries
like this:
+--------------------+----+- | Host | Db | ... +--------------------+----+- | public.your.domain | % | ... (all privileges set to 'N') | %.your.domain | % | ... (all privileges set to 'Y') +--------------------+----+-
Naturally, you should always test your entries in the grant tables (for
example, by using SHOW GRANTS
or
mysqlaccess
) to make sure that your access privileges are
actually set up the way you think they are.
When mysqld
starts, all grant table contents are read into memory and
become effective for access control at that point.
When the server reloads the grant tables, privileges for existing client connections are affected as follows:
USE db_name
statement.
If you modify the grant tables using GRANT
, REVOKE
, or
SET PASSWORD
, the server notices these changes and reloads the
grant tables into memory again immediately.
If you modify the grant tables directly using statements such as
INSERT
, UPDATE
, or DELETE
, your changes have
no effect on privilege checking until you either restart the server
or tell it to reload the tables. To reload the grant tables manually,
issue a FLUSH PRIVILEGES
statement or execute a mysqladmin
flush-privileges
or mysqladmin reload
command.
If you change the grant tables directly but forget to reload them, your changes will have no effect until you restart the server. This may leave you wondering why your changes don't seem to make any difference!
Access denied
ErrorsIf you encounter problems when you try to connect to the MySQL server, the following items describe some courses of action you can take to correct the problem.
shell> mysql ERROR 2003: Can't connect to MySQL server on 'host_name' (111) shell> mysql ERROR 2002: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111)It might also be that the server is running, but you are trying to connect using a TCP/IP port, named pipe, or Unix socket file different from those on which the server is listening. To correct this when you invoke a client program, specify a
--port
option to indicate the proper port, or a
--socket
option to indicate the proper named pipe or Unix socket
file.
To find out what port is used, and where the socket is, you can do:
shell> netstat -l | grep mysql
mysql
database containing the grant tables. For
distributions that do not do this, you should initialize the grant tables
manually by running the mysql_install_db
script. For details, see
section 2.9.2 Unix Post-Installation Procedures.
One way to determine whether you need to initialize the grant tables is to
look for a `mysql' directory under the data directory. (The data
directory normally is named `data' or `var' and is located under
your MySQL installation directory.) Make sure that you have a file named
`user.MYD' in the `mysql' database directory. If you do not,
execute the mysql_install_db
script. After running this script and
starting the server, test the initial privileges by executing this command:
shell> mysql -u root testThe server should let you connect without error.
shell> mysql -u root mysqlThe server should let you connect because the MySQL
root
user
has no password initially. That is also a security risk, so setting the
password for the
root
accounts is something you should do while you're setting up
your other MySQL users.
For instructions on setting the initial passwords, see section 2.9.3 Securing the Initial MySQL Accounts.
mysql_fix_privilege_tables
script? If not, do so. The
structure of the grant tables changes occasionally when new capabilities are
added, so after an upgrade you should always make sure that your tables have
the current structure. For instructions, see section 2.10.7 Upgrading the Grant Tables.
shell> mysql Client does not support authentication protocol requested by server; consider upgrading MySQL clientFor information on how to deal with this, see section 5.5.9 Password Hashing in MySQL 4.1 and section A.2.3
Client does not support authentication protocol
.
root
and get the following error,
it means that you don't have an entry in the user
table with a
User
column value of 'root'
and that mysqld
cannot
resolve the hostname for your client:
Access denied for user ''@'unknown' to database mysqlIn this case, you must restart the server with the
--skip-grant-tables
option and edit your `/etc/hosts' or `\windows\hosts' file to
add an entry for your host.
Access denied
when you run a client
without any options, make sure that you haven't specified an old password in
any of your option files!
You can suppress the use of option files by a client program by invoking it
with the --no-defaults
option. For example:
shell> mysqladmin --no-defaults -u root versionThe option files that clients use are listed in section 4.3.2 Using Option Files. Environment variables are listed in section F Environment Variables.
root
password:
shell> mysqladmin -u root -pxxxx ver Access denied for user 'root'@'localhost' (using password: YES)If the preceding error occurs even when you haven't specified a password, it means that you have an incorrect password listed in some option file. Try the
--no-defaults
option as described in the previous item.
For information on changing passwords, see section 5.6.5 Assigning Account Passwords.
If you have lost or forgotten the root
password, you can restart
mysqld
with --skip-grant-tables
to change the password.
See section A.4.1 How to Reset the Root Password.
SET PASSWORD
, INSERT
, or
UPDATE
, you must encrypt the password using the PASSWORD()
function. If you do not use PASSWORD()
for these statements,
the password will not work. For example, the following statement sets a
password, but fails to encrypt it, so the user will not be able to connect
afterward:
mysql> SET PASSWORD FOR 'abe'@'host_name' = 'eagle';Instead, set the password like this:
mysql> SET PASSWORD FOR 'abe'@'host_name' = PASSWORD('eagle');The
PASSWORD()
function is unnecessary when you specify a password
using the GRANT
statement or the mysqladmin password
command,
both of which automatically use PASSWORD()
to encrypt the password.
See section 5.6.5 Assigning Account Passwords.
localhost
is a synonym for your local hostname, and is also the
default host to which clients try to connect if you specify no host
explicitly. However, connections to localhost
on Unix systems
do not work if you are using a MySQL version older than 3.23.27 that uses
MIT-pthreads: localhost
connections are made using Unix socket files,
which were not supported by MIT-pthreads at that time.
To avoid this problem on such systems, you can use a --host=127.0.0.1
option to name the server host explicitly. This will make a TCP/IP
connection to the local mysqld
server. You can also use TCP/IP by
specifying a --host
option that uses the actual hostname of the
local host. In this case, the hostname must be specified in a user
table entry on the server host, even though you are running the client
program on the same host as the server.
Access denied
error when trying to connect to the
database with mysql -u user_name
, you may have a problem
with the user
table. Check this by executing mysql -u root
mysql
and issuing this SQL statement:
mysql> SELECT * FROM user;The result should include an entry with the
Host
and User
columns matching your computer's hostname and your MySQL username.
Access denied
error message will tell you who you are trying
to log in as, the client host from which you are trying to connect, and whether
or not you were using a password. Normally, you should have one entry in
the user
table that exactly matches the hostname and username
that were given in the error message. For example, if you get an error
message that contains using password: NO
, it means that you
tried to log in without an password.
user
table with a Host
value that matches the client
host:
Host ... is not allowed to connect to this MySQL serverYou can fix this by setting up an account for the combination of client hostname and username that you are using when trying to connect. If you don't know the IP number or hostname of the machine from which you are connecting, you should put an entry with
'%'
as the Host
column value in the user
table and restart mysqld
with the --log
option on the server
machine. After trying to connect from the client machine, the information
in the MySQL log will indicate how you really did connect. (Then change
the '%'
in the user
table entry to the actual hostname
that shows up in the log. Otherwise, you'll have a system that is insecure
because it allows connections from any host for the given username.)
On Linux, another reason that this error might occur is that you are using
a binary MySQL version that is compiled with a different version of the
glibc
library than the one you are using. In this case, you should
either upgrade your operating system or glibc
, or download a source
distribution of MySQL version and compile it yourself. A source RPM is
normally trivial to compile and install, so this isn't a big problem.
shell> mysqladmin -u root -pxxxx -h some-hostname ver Access denied for user 'root'@'' (using password: YES)This indicates a DNS problem. To fix it, execute
mysqladmin
flush-hosts
to reset the internal DNS hostname cache. See section 7.5.6 How MySQL Uses DNS.
Some permanent solutions are:
/etc/hosts
.
mysqld
with the --skip-name-resolve
option.
mysqld
with the --skip-host-cache
option.
localhost
. Unix connections to localhost
use a Unix
socket file rather than TCP/IP.
.
(period). Connections to .
use a named pipe rather than
TCP/IP.
mysql -u root test
works but mysql -h your_hostname -u root
test
results in Access denied
(where your_hostname is the
actual hostname of the local host), you may not have the correct name
for your host in the user
table. A common problem here is that the
Host
value in the user table entry specifies an unqualified hostname,
but your system's name resolution routines return a fully qualified domain
name (or vice versa). For example, if you have an entry with host
'tcx'
in the user
table, but your DNS tells MySQL that
your hostname is 'tcx.subnet.se'
, the entry will not work. Try adding
an entry to the user
table that contains the IP number of your host as
the Host
column value. (Alternatively, you could add an entry to the
user
table with a Host
value that contains a wildcard; for
example, 'tcx.%'
. However, use of hostnames ending with `%' is
insecure and is not recommended!)
mysql -u user_name test
works but mysql -u user_name
other_db_name
does not, you have not granted database access for
other_db_name to the given user.
mysql -u user_name
works when executed on the server host, but
mysql -h host_name -u user_name
doesn't work when executed on a
remote client host, you have not enabled access to the server for the given
username from the remote host.
Access denied
, remove from the
user
table all entries that have Host
values containing
wildcards (entries that contain `%' or `_'). A very common error
is to insert a new entry with Host
='%'
and
User
='some_user'
, thinking that this will allow you to specify
localhost
to connect from the same machine. The reason that this
doesn't work is that the default privileges include an entry with
Host
='localhost'
and User
=''
. Because that entry
has a Host
value 'localhost'
that is more specific than
'%'
, it is used in preference to the new entry when connecting from
localhost
! The correct procedure is to insert a second entry with
Host
='localhost'
and User
='some_user'
, or to
delete the entry with Host
='localhost'
and
User
=''
.
After deleting the entry, remember to issue a FLUSH PRIVILEGES
statement to reload the grant tables.
db
or
host
table:
Access to database deniedIf the entry selected from the
db
table has an empty value in the
Host
column, make sure that there are one or more corresponding entries in
the host
table specifying which hosts the db
table entry
applies to.
Access
denied
message whenever you issue a SELECT ... INTO OUTFILE
or
LOAD DATA INFILE
statement, your entry in the user
table
doesn't have the FILE
privilege enabled.
INSERT
,
UPDATE
, or DELETE
statements) and your changes seem to be
ignored, remember that you must execute a FLUSH PRIVILEGES
statement
or a mysqladmin flush-privileges
command to cause the server
to re-read the privilege tables. Otherwise, your changes have no effect
until the next time the server is restarted. Remember that after you change
the root
password with an UPDATE
command, you won't need
to specify the new password until after you flush the privileges, because
the server won't know you've changed the password yet!
mysql -u user_name db_name
or mysql
-u user_name -pyour_pass db_name
. If you are able to connect using the
mysql
client, the problem lies with your program, not with the
access privileges. (There is no space between -p
and the
password; you can also use the --password=your_pass
syntax to specify
the password. If you use the -p
option alone, MySQL will
prompt you for the password.)
mysqld
server with the
--skip-grant-tables
option. Then you can change the MySQL
grant tables and use the mysqlaccess
script to check whether
your modifications have the desired effect. When you are satisfied with your
changes, execute mysqladmin flush-privileges
to tell the mysqld
server to start using the new grant tables. (Reloading the
grant tables overrides the --skip-grant-tables
option. This allows
you to tell the server to begin using the grant tables again without stopping
and restarting it.)
mysqld
server with a debugging
option (for example, --debug=d,general,query
). This will print host and
user information about attempted connections, as well as information about
each command issued. See section E.1.2 Creating Trace Files.
mysqldump mysql
command. As always, post your problem using
the mysqlbug
script. See section 1.4.1.3 How to Report Bugs or Problems. In some cases, you may need
to restart mysqld
with --skip-grant-tables
to run
mysqldump
.
MySQL user accounts are listed in the user
table of the mysql
database. Each MySQL account is assigned a password, although
what is stored in the Password
column of the user
table is not the
plaintext version of the password, but a hash value computed from
it. Password hash values are computed by the PASSWORD()
function.
MySQL uses passwords in two phases of client/server communication:
user
table for
the account that the client wants to use.
user
table.
The client can do this by using the PASSWORD()
function to generate a
password hash, or by using the GRANT
or SET PASSWORD
statements.
In other words, the server uses hash values during authentication when
a client first attempts to connect. The server generates hash values
if a connected client invokes the PASSWORD()
function or uses a
GRANT
or SET PASSWORD
statement to set or change a password.
The password hashing mechanism was updated in MySQL 4.1 to provide
better security and to reduce the risk of passwords being intercepted.
However, this new mechanism is understood only by the 4.1 server and
4.1 clients, which can result in some compatibility problems.
A 4.1 client can connect to a pre-4.1 server, because the client
understands both the old and new password hashing mechanisms. However,
a pre-4.1 client that attempts to connect to a 4.1 server may run into
difficulties. For example, a 4.0 mysql
client that attempts to connect
to a 4.1 server may fail with the following error message:
shell> mysql -h localhost -u root Client does not support authentication protocol requested by server; consider upgrading MySQL client
The following discussion describes the differences between the old and
new password mechanisms, and what you should do if you upgrade your
server to 4.1 but need to maintain backward compatibility with pre-4.1
clients. Additional information can be found in section A.2.3 Client does not support authentication protocol
.
Note: This discussion contrasts 4.1 behavior with pre-4.1 behavior, but the 4.1 behavior described here actually begins with 4.1.1. MySQL 4.1.0 is an ``odd'' release because it has a slightly different mechanism than that implemented in 4.1.1 and up. Differences between 4.1.0 and more recent versions are described further in section 5.5.9.2 Password Hashing in MySQL 4.1.0.
Prior to MySQL 4.1, password hashes computed by the PASSWORD()
function
are 16 bytes long. Such hashes look like this:
mysql> SELECT PASSWORD('mypass'); +--------------------+ | PASSWORD('mypass') | +--------------------+ | 6f8c114b58f2ce9e | +--------------------+
The Password
column of the user
table (in which these hashes are stored)
also is 16 bytes long before MySQL 4.1.
As of MySQL 4.1, the PASSWORD()
function has been modified to produce
a longer 41-byte hash value:
mysql> SELECT PASSWORD('mypass'); +-----------------------------------------------+ | PASSWORD('mypass') | +-----------------------------------------------+ | *43c8aa34cdc98eddd3de1fe9a9c2c2a9f92bb2098d75 | +-----------------------------------------------+
Accordingly, the Password
column in the user
table also must be 41
bytes long to store these values:
Password
column
will be made 41 bytes long automatically.
mysql_fix_privilege_tables
script to increase the length of the
Password
column from 16 to 41 bytes. (The script does not change existing
password values, which remain 16 bytes long.)
A widened Password
column can store password hashes in both the old and
new formats. The format of any given password hash value can be
determined two ways:
The longer password hash format has better cryptographic properties, and client authentication based on long hashes is more secure than that based on the older short hashes.
The differences between short and long password hashes are relevant both for how the server uses passwords during authentication and for how it generates password hashes for connected clients that perform password-changing operations.
The way in which the server uses password hashes during authentication
is affected by the width of the Password
column:
For short-hash accounts, the authentication process is actually a bit more secure for 4.1 clients than for older clients. In terms of security, the gradient from least to most secure is:
The way in which the server generates password hashes for connected
clients is affected by the width of the Password
column and by the
--old-passwords
option. A 4.1 server generates long hashes only if certain
conditions are met:
The Password
column must be wide enough to hold long
values and the --old-passwords
option must not be given.
These conditions apply as follows:
Password
column must be wide enough to hold long hashes (41 bytes).
If the column has not been updated and still has the pre-4.1 width of
16 bytes, the server notices that long hashes cannot fit into it and
generates only short hashes when a client performs password-changing
operations using PASSWORD()
, GRANT
, or SET PASSWORD
.
This is the behavior that
occurs if you have upgraded to 4.1 but have not yet run the
mysql_fix_privilege_tables
script to widen the Password
column.
Password
column is wide, it can store either short or long
password hashes. In this case, PASSWORD()
, GRANT
, and SET PASSWORD
generate long hashes unless the server was started with the
--old-passwords
option. That option forces the server to generate
short password hashes instead.
The purpose of the --old-passwords
option is to allow you to maintain
backward compatibility with pre-4.1 clients under circumstances where
the server would otherwise generate long password hashes. The option doesn't
affect authentication (4.1 clients can still use accounts that have
long password hashes), but it does prevent creation of a long
password hash in the user
table as the result of a password-changing
operation. Were that to occur, the account no longer could be used
by pre-4.1 clients. Without the --old-passwords
option, the following
undesirable scenario is possible:
--old-passwords
,
this results in the account having a long password hash.
This scenario illustrates that, if you must support older pre-4.1 clients,
it is dangerous to run a 4.1 server without using the --old-passwords
option. By running the server with --old-passwords
, password-changing
operations will not generate long password hashes and thus do not cause
accounts to become inaccessible to older clients. (Those clients cannot
inadvertently lock themselves out by changing their password and ending
up with a long password hash.)
The downside of the --old-passwords
option is that any passwords you
create or change will use short hashes, even for 4.1 clients. Thus, you
lose the additional security provided by long password hashes. If you want
to create an account that has a long hash (for example, for use by 4.1
clients), you must do so while running the server without
--old-passwords
.
The following scenarios are possible for running a 4.1 server:
Scenario 1: Short Password
column in user table:
Password
column.
PASSWORD()
, GRANT
, or SET PASSWORD
use short hashes
exclusively. Any change to an account's password results in
that account having a short password hash.
--old-passwords
option can be used but is superfluous because
with a short Password
column, the server will generate only short
password hashes anyway.
Scenario 2: Long Password
column; server not started with
--old-passwords
option:
Password
column.
PASSWORD()
, GRANT
, or SET PASSWORD
use long hashes
exclusively. A change to an account's password results in that account
having a long password hash.
As indicated earlier, a danger in this scenario is that it is possible for
accounts that have a short password hash to become inaccessible to pre-4.1
clients. A change to such an account's password made via GRANT
,
PASSWORD()
, or SET PASSWORD
results in the account being
given a long password hash. From that point on, no pre-4.1 client can
authenticate to that account until the client upgrades to 4.1.
To deal with this problem, you can change a password in a special way.
For example, normally you use SET PASSWORD
as follows to change
an account password:
mysql> SET PASSWORD FOR 'some_user'@'some_host' = PASSWORD('mypass');
To change the password but create a short hash, use the
OLD_PASSWORD()
function instead:
mysql> SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('mypass');
OLD_PASSWORD()
is useful for situations in which you explicitly want
to generate a short hash.
Scenario 3: Long Password
column; server started with
--old-passwords
option:
Password
column.
--old-passwords
).
PASSWORD()
, GRANT
, or SET PASSWORD
use short hashes
exclusively. Any change to an account's password results in that
account having a short password hash.
In this scenario, you cannot create accounts that have long password
hashes, because the --old-passwords
option prevents generation of long hashes. Also,
if you create an account with a long hash before using the
--old-passwords
option, changing the account's password while --old-passwords
is in
effect results in the account being given a short password, causing it
to lose the security benefits of a longer hash.
The disadvantages for these scenarios may be summarized as follows:
In scenario 1, you cannot take advantage of longer hashes that provide more secure authentication.
In scenario 2, accounts with short hashes become inaccessible to pre-4.1
clients if you change their passwords without explicitly using
OLD_PASSWORD()
.
In scenario 3, --old-passwords
prevents accounts with short hashes from
becoming inaccessible, but password-changing operations cause accounts
with long hashes to revert to short hashes, and you cannot change them
back to long hashes while --old-passwords
is in effect.
An upgrade to MySQL 4.1 can cause a compatibility issue for
applications that use PASSWORD()
to generate passwords for their own
purposes. Applications really should not do this, because PASSWORD()
should be used only to manage passwords for MySQL accounts. But some
applications use PASSWORD()
for their own purposes anyway.
If you upgrade to 4.1 and run the server under conditions where it
generates long password hashes, an application that uses PASSWORD()
for its own passwords will break. The recommended course of action is
to modify the application to use another function, such as SHA1()
or MD5()
, to produce hashed values. If that is not possible, you
can use the OLD_PASSWORD()
function, which is provided to generate
short hashes in the old format. But note that OLD_PASSWORD()
may
one day no longer be supported.
If the server is running under circumstances where it generates short hashes,
OLD_PASSWORD()
is available but is equivalent to PASSWORD()
.
Password hashing in MySQL 4.1.0 differs from hashing in 4.1.1 and up. The 4.1.0 differences are:
PASSWORD()
function is non-repeatable. That is, with a given
argument X, successive calls to PASSWORD(X)
generate different
results.
These differences make authentication in 4.1.0 incompatible with that of
releases that follow it. If you have upgraded to MySQL 4.1.0, it is
recommended that you upgrade to a newer version as soon as possible. After
you do, reassign any long passwords in the user
table so that they are
compatible with the 41-byte format.
This section describes how to set up accounts for clients of your MySQL server. It discusses the following topics:
A MySQL account is defined in terms of a username and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way usernames and passwords are used by MySQL and the way they are used by your operating system:
-u
or --user
option. Because this means
that anyone can attempt to connect to the server using any username, you
can't make a database secure in any way unless all MySQL accounts have
passwords. Anyone who specifies a username for an account that
has no password will be able to connect successfully to the server.
PASSWORD()
SQL
function. Unix password encryption is the same as that implemented by the
ENCRYPT()
SQL function. See the descriptions of the
PASSWORD()
and ENCRYPT()
functions in section 12.8.2 Encryption Functions. From version 4.1 on, MySQL employs a stronger authentication
method that has better password protection during the connection process
than in earlier versions. It is secure even if TCP/IP packets are sniffed or
the mysql
database is captured. (In earlier versions, even though
passwords are stored in encrypted form in the user
table, knowledge
of the encrypted password value could be used to connect to the MySQL
server.)
When you install MySQL, the grant tables are populated with an initial set of
accounts. These accounts have names and access privileges that are described
in section 2.9.3 Securing the Initial MySQL Accounts, which also discusses how to assign passwords
to them. Thereafter, you normally set up, modify, and remove MySQL accounts
using the GRANT
and REVOKE
statements.
See section 13.5.1.2 GRANT
and REVOKE
Syntax.
When you connect to a MySQL server with a command-line client, you should specify the username and password for the account that you want to use:
shell> mysql --user=monty --password=guess db_name
If you prefer short options, the command looks like this:
shell> mysql -u monty -pguess db_name
There must be no space between the -p
option and the
following password value.
See section 5.5.4 Connecting to the MySQL Server.
The preceding commands include the password value on the command line, which
can be a security risk.
See section 5.6.6 Keeping Your Password Secure.
To avoid this, specify the --password
or -p
option without any
following password value:
shell> mysql --user=monty --password db_name shell> mysql -u monty -p db_name
Then the client program will print a prompt and wait for you to enter the password. (In these examples, db_name is not interpreted as a password, because it is separated from the preceding password option by a space.)
On some systems, the library call that MySQL uses to prompt for a password automatically limits the password to eight characters. That is a problem with the system library, not with MySQL. Internally, MySQL doesn't have any limit for the length of the password. To work around the problem, change your MySQL password to a value that is eight or fewer characters long, or put your password in an option file.
You can create MySQL accounts in two ways:
GRANT
statements
The preferred method is to use GRANT
statements, because they are
more concise and less error-prone. GRANT
is available as of MySQL
3.22.11; its syntax is described in
section 13.5.1.2 GRANT
and REVOKE
Syntax.
Another option for creating accounts is to use one of several available
third-party programs that offer capabilities for MySQL account
administration. phpMyAdmin
is one such program.
The following examples show how to use the mysql
client program to
set up new users. These examples assume that privileges are set up
according to the defaults described in section 2.9.3 Securing the Initial MySQL Accounts. This means
that to make changes, you must connect to the MySQL server as the MySQL
root
user, and the root
account must have the INSERT
privilege for the mysql
database and the RELOAD
administrative
privilege.
First, use the mysql
program to connect to the server as the
MySQL root
user:
shell> mysql --user=root mysql
If you have assigned a password to the root
account, you'll also
need to supply a --password
or -p
option for this mysql
command and also for those later in this section.
After connecting to the server as root
, you can add new accounts. The following
statements use GRANT
to set up four new accounts:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost' -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION; mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%' -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION; mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost'; mysql> GRANT USAGE ON *.* TO 'dummy'@'localhost';
The accounts created by these GRANT
statements have the
following properties:
monty
and a password of
some_pass
. Both accounts are superuser accounts with full privileges
to do anything. One account ('monty'@'localhost'
) can be used only
when connecting from the local host. The other ('monty'@'%'
) can be
used to connect from any other host. Note that it is necessary to have both
accounts for monty
to be able to connect from anywhere as
monty
. Without the localhost
account, the anonymous-user
account for localhost
that is created by mysql_install_db
would take precedence when monty
connects from the local host. As a
result, monty
would be treated as an anonymous user. The reason for
this is that the anonymous-user account has a more specific Host
column value than the 'monty'@'%'
account and thus comes earlier in
the user
table sort order. (user
table sorting is discussed
in section 5.5.5 Access Control, Stage 1: Connection Verification.)
admin
and no password. This account
can be used only by connecting from the local host. It is granted the
RELOAD
and PROCESS
administrative privileges. These
privileges allow the admin
user to execute the mysqladmin
reload
, mysqladmin refresh
, and mysqladmin flush-xxx
commands,
as well as mysqladmin processlist
. No privileges are granted for
accessing any databases. You could add such privileges later by issuing
additional GRANT
statements.
dummy
and no password. This account
can be used only by connecting from the local host. No privileges are
granted. The USAGE
privilege in the GRANT
statement allows you
to create an account without giving it any privileges. It has the effect of
setting all the global privileges to 'N'
. It is assumed that you
will grant specific privileges to the account later.
As an alternative to GRANT
, you can create the same accounts
directly by issuing INSERT
statements and then telling
the server to reload the grant tables:
shell> mysql --user=root mysql mysql> INSERT INTO user -> VALUES('localhost','monty',PASSWORD('some_pass'), -> 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'); mysql> INSERT INTO user -> VALUES('%','monty',PASSWORD('some_pass'), -> 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'); mysql> INSERT INTO user SET Host='localhost',User='admin', -> Reload_priv='Y', Process_priv='Y'; mysql> INSERT INTO user (Host,User,Password) -> VALUES('localhost','dummy',''); mysql> FLUSH PRIVILEGES;
The reason for using FLUSH PRIVILEGES
when you create accounts with
INSERT
is to tell the server to re-read the grant tables.
Otherwise, the changes will go unnoticed until you restart the server. With
GRANT
, FLUSH PRIVILEGES
is unnecessary.
The reason for using the PASSWORD()
function with INSERT
is to
encrypt the password. The GRANT
statement encrypts the password for
you, so PASSWORD()
is unnecessary.
The 'Y'
values enable privileges for the accounts. Depending on your
MySQL version, you may have to use a different number of 'Y'
values
in the first two INSERT
statements. (Versions prior to 3.22.11 have
fewer privilege columns, and versions from 4.0.2 on have more.) For the
admin
account, the more readable extended INSERT
syntax using
SET
that is available starting with MySQL 3.22.11 is used.
In the INSERT
statement for the dummy
account, only the
Host
, User
, and Password
columns in the user
table record are assigned values. None of the privilege columns are set
explicitly, so MySQL assigns them all the default value of 'N'
.
This is equivalent to what GRANT USAGE
does.
Note that to set up a superuser account, it is necessary only to create a
user
table entry with the privilege columns set to 'Y'
.
user
table privileges are global, so no entries in any of the other
grant tables are needed.
The next examples create three accounts and give them access to specific
databases. Each of them has a username of custom
and password of
obscure
.
To create the accounts with GRANT
, use the following statements:
shell> mysql --user=root mysql mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP -> ON bankaccount.* -> TO 'custom'@'localhost' -> IDENTIFIED BY 'obscure'; mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP -> ON expenses.* -> TO 'custom'@'whitehouse.gov' -> IDENTIFIED BY 'obscure'; mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP -> ON customer.* -> TO 'custom'@'server.domain' -> IDENTIFIED BY 'obscure';
The three accounts can be used as follows:
bankaccount
database, but only from the local host.
expenses
database, but only from the host whitehouse.gov
.
customer
database, but only from the host server.domain
.
To set up the custom
accounts without GRANT
, use INSERT
statements as follows to modify the grant tables directly:
shell> mysql --user=root mysql mysql> INSERT INTO user (Host,User,Password) -> VALUES('localhost','custom',PASSWORD('obscure')); mysql> INSERT INTO user (Host,User,Password) -> VALUES('whitehouse.gov','custom',PASSWORD('obscure')); mysql> INSERT INTO user (Host,User,Password) -> VALUES('server.domain','custom',PASSWORD('obscure')); mysql> INSERT INTO db -> (Host,Db,User,Select_priv,Insert_priv, -> Update_priv,Delete_priv,Create_priv,Drop_priv) -> VALUES('localhost','bankaccount','custom', -> 'Y','Y','Y','Y','Y','Y'); mysql> INSERT INTO db -> (Host,Db,User,Select_priv,Insert_priv, -> Update_priv,Delete_priv,Create_priv,Drop_priv) -> VALUES('whitehouse.gov','expenses','custom', -> 'Y','Y','Y','Y','Y','Y'); mysql> INSERT INTO db -> (Host,Db,User,Select_priv,Insert_priv, -> Update_priv,Delete_priv,Create_priv,Drop_priv) -> VALUES('server.domain','customer','custom', -> 'Y','Y','Y','Y','Y','Y'); mysql> FLUSH PRIVILEGES;
The first three INSERT
statements add user
table entries that
allow the user custom
to connect from the various hosts with the given
password, but grant no global privileges (all privileges are set to the
default value of 'N'
). The next three INSERT
statements add
db
table entries that grant privileges to custom
for the
bankaccount
, expenses
, and customer
databases, but only
when accessed from the proper hosts. As usual when you modify the grant
tables directly, you tell the server to reload them with
FLUSH PRIVILEGES
so that the privilege changes take effect.
If you want to give a specific user access from all machines in a given
domain (for example, mydomain.com
), you can issue a GRANT
statement that uses the `%' wildcard character in the host part of the
account name:
mysql> GRANT ... -> ON *.* -> TO 'myname'@'%.mydomain.com' -> IDENTIFIED BY 'mypass';
To do the same thing by modifying the grant tables directly, do this:
mysql> INSERT INTO user (Host,User,Password,...) -> VALUES('%.mydomain.com','myname',PASSWORD('mypass'),...); mysql> FLUSH PRIVILEGES;
To remove an account, use the DROP USER
statement, which was added in
MySQL 4.1.1. For older versions of MySQL, use DELETE
instead.
The account removal procedure is described in section 13.5.1.1 DROP USER
Syntax.
Before MySQL 4.0.2, the only available method for limiting use of MySQL
server resources is to set the max_user_connections
system
variable to a non-zero value. But that method is strictly global. It does
not allow for management of individual accounts. Also, it limits only the
number of simultaneous connections made using a single account, not
what a client can do once connected. Both types of control are
interest to many MySQL administrators, particularly those for Internet
Service Providers.
Starting from MySQL 4.0.2, you can limit the following server resources for individual accounts:
Any statement that a client can issue counts against the query limit. Only statements that modify databases or tables count against the update limit.
An account in this context is a single record in the user
table. Each
account is uniquely identified by its User
and Host
column
values.
As a prerequisite for using this feature, the user
table in the
mysql
database must contain the resource-related columns. Resource
limits are stored in the max_questions
, max_updates
, and
max_connections
columns. If your user
table doesn't have
these columns, it must be upgraded; see section 2.10.7 Upgrading the Grant Tables.
To set resource limits with a GRANT
statement, use a WITH
clause that names each resource to be limited and a per-hour count
indicating the limit value. For example, to create a new account that can
access the customer
database, but only in a limited fashion, issue
this statement:
mysql> GRANT ALL ON customer.* TO 'francis'@'localhost' -> IDENTIFIED BY 'frank' -> WITH MAX_QUERIES_PER_HOUR 20 -> MAX_UPDATES_PER_HOUR 10 -> MAX_CONNECTIONS_PER_HOUR 5;
The limit types need not all be named in the WITH
clause, but those
named can be present in any order. The value for each limit should be an
integer representing a count per hour. If the GRANT
statement has no
WITH
clause, the limits are each set to the default value of zero
(that is, no limit).
To set or change limits for an existing account, use a GRANT USAGE
statement at the global level (ON *.*
). The following statement
changes the query limit for francis
to 100:
mysql> GRANT USAGE ON *.* TO 'francis'@'localhost' -> WITH MAX_QUERIES_PER_HOUR 100;
This statement leaves the account's existing privileges unchanged and modifies only the limit values specified.
To remove an existing limit, set its value to zero. For example, to remove the
limit on how many times per hour francis
can connect, use this
statement:
mysql> GRANT USAGE ON *.* TO 'francis'@'localhost' -> WITH MAX_CONNECTIONS_PER_HOUR 0;
Resource-use counting takes place when any account has a non-zero limit placed on its use of any of the resources.
As the server runs, it counts the number of times each account uses resources. If an account reaches its limit on number of connections within the last hour, further connections for the account are rejected until that hour is up. Similarly, if the account reaches its limit on the number of queries or updates, further queries or updates are rejected until the hour is up. In all such cases, an appropriate error message is issued.
Resource counting is done per account, not per client. For example, if your account has a query limit of 50, you cannot increase your limit to 100 by making two simultaneous client connections to the server. Queries issued on both connections are counted together.
The current resource-use counts can be reset globally for all accounts, or individually for a given count:
FLUSH
USER_RESOURCES
statement. The counts also can be reset by reloading the
grant tables (for example, with a FLUSH PRIVILEGES
statement or a
mysqladmin reload
command).
GRANT USAGE
as described earlier
and specify a limit value equal to the value that the account
already has.
Passwords may be assigned from the command line by using the mysqladmin
command:
shell> mysqladmin -u user_name -h host_name password "newpwd"
The account for which this command resets the password is the one with a
user
table record that matches user_name in the User
column and the client host from which you connect in the
Host
column.
Another way to assign a password to an account is to issue a SET
PASSWORD
statement:
mysql> SET PASSWORD FOR 'jeffrey'@'%' = PASSWORD('biscuit');
Only users such as root
with update access to the mysql
database can change the password for other users. If you are not connected
as an anonymous user, you can change your own password by omitting the
FOR
clause:
mysql> SET PASSWORD = PASSWORD('biscuit');
You can also use a GRANT USAGE
statement at the global level
(ON *.*
) to assign a password to an account without affecting the
account's current privileges:
mysql> GRANT USAGE ON *.* TO 'jeffrey'@'%' IDENTIFIED BY 'biscuit';
Although it is generally preferable to assign passwords using one of the
preceding methods, you can also do so by modifying the user
table
directly:
Password
column:
shell> mysql -u root mysql mysql> INSERT INTO user (Host,User,Password) -> VALUES('%','jeffrey',PASSWORD('biscuit')); mysql> FLUSH PRIVILEGES;
UPDATE
to set the
Password
column value:
shell> mysql -u root mysql mysql> UPDATE user SET Password = PASSWORD('bagel') -> WHERE Host = '%' AND User = 'francis'; mysql> FLUSH PRIVILEGES;
When you assign an account a password using SET PASSWORD
,
INSERT
, or UPDATE
, you must use the PASSWORD()
function
to encrypt it. (The only exception is that you need not use
PASSWORD()
if the password is empty.) PASSWORD()
is
necessary because the user
table stores passwords in encrypted form,
not as plaintext. If you forget that fact, you are likely to set passwords
like this:
shell> mysql -u root mysql mysql> INSERT INTO user (Host,User,Password) -> VALUES('%','jeffrey','biscuit'); mysql> FLUSH PRIVILEGES;
The result is that the literal value 'biscuit'
is stored as the
password in the user
table, not the encrypted value. When
jeffrey
attempts to connect to the server using this password, the
value is encrypted and compared to the value stored in the user
table. However, the stored value is the literal string 'biscuit'
, so
the comparison fails and the server rejects the connection:
shell> mysql -u jeffrey -pbiscuit test Access denied
If you set passwords using the GRANT ... IDENTIFIED BY
statement or
the mysqladmin password
command, they both take care of encrypting
the password for you. The PASSWORD()
function is unnecessary.
Note: PASSWORD()
encryption is different from Unix password
encryption.
See section 5.6.1 MySQL Usernames and Passwords.
On an administrative level, you should never grant access to the
mysql.user
table to any non-administrative accounts. Passwords in the
user
table are stored in encrypted form, but in versions of MySQL
earlier than 4.1, knowing the encrypted password for an account makes it
possible to connect to the server using that account.
When you run a client program to connect to the MySQL server, it is inadvisable to specify your password in a way that exposes it to discovery by other users. The methods you can use to specify your password when you run client programs are listed here, along with an assessment of the risks of each method:
-pyour_pass
or --password=your_pass
option on the command
line. For example:
shell> mysql -u francis -pfrank db_nameThis is convenient but insecure, because your password becomes visible to system status programs such as
ps
that may be invoked by other users
to display command lines. MySQL clients typically overwrite the
command-line password argument with zeros during their initialization
sequence, but there is still a brief interval during which the value is
visible.
-p
or --password
option with no password value
specified. In this case, the client program solicits the password from
the terminal:
shell> mysql -u francis -p db_name Enter password: ********The `*' characters indicate where you enter your password. The password is not displayed as you enter it. It is more secure to enter your password this way than to specify it on the command line because it is not visible to other users. However, this method of entering a password is suitable only for programs that you run interactively. If you want to invoke a client from a script that runs non-interactively, there is no opportunity to enter the password from the terminal. On some systems, you may even find that the first line of your script is read and interpreted (incorrectly) as your password!
[client]
section of the `.my.cnf' file in your
home directory:
[client] password=your_passIf you store your password in `.my.cnf', the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to
400
or 600
. For example:
shell> chmod 600 .my.cnfsection 4.3.2 Using Option Files discusses option files in more detail.
MYSQL_PWD
environment variable.
This method of specifying your MySQL password must be considered
extremely insecure and should not be used. Some versions of ps
include an option to display the environment of running processes. If you
set MYSQL_PWD
, your password will be exposed to any other user who
runs ps
. Even on systems without such a version of ps
, it is
unwise to assume that there are no other methods by which users can examine
process environments.
See section F Environment Variables.
All in all, the safest methods are to have the client program prompt for the password or to specify the password in a properly protected option file.
Beginning with version 4.0.0, MySQL has support for secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. This section discusses how to use SSL connections. It also describes a way to set up SSH on Windows.
The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a CPU-intensive operation that requires the computer to do additional work and can delay other MySQL tasks. For applications that require the security provided by encrypted connections, the extra computation is warranted.
MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal unencrypted connection or a secure encrypted SSL connection according the requirements of individual applications.
To understand how MySQL uses SSL, it's necessary to explain some basic SSL and X509 concepts. People who are already familiar with them can skip this part.
By default, MySQL uses unencrypted connections between the client and the
server. This means that someone with access to the network could watch all
your traffic and look at the data being sent or received. They could even
change the data while it is in transit between client and server. To improve
security a little, you can compress client/server traffic by using the
--compress
option when invoking client programs. However, this will
not foil a determined attacker.
When you need to move information over a network in a secure fashion, an unencrypted connection is unacceptable. Encryption is the way to make any kind of data unreadable. In fact, today's practice requires many additional security elements from encryption algorithms. They should resist many kind of known attacks such as changing the order of encrypted messages or replaying data twice.
SSL is a protocol that uses different encryption algorithms to ensure that data received over a public network can be trusted. It has mechanisms to detect any data change, loss, or replay. SSL also incorporates algorithms that provide identity verification using the X509 standard.
X509 makes it possible to identify someone on the Internet. It is most commonly used in e-commerce applications. In basic terms, there should be some company called a ``Certificate Authority'' (or CA) that assigns electronic certificates to anyone who needs them. Certificates rely on asymmetric encryption algorithms that have two encryption keys (a public key and a secret key). A certificate owner can show the certificate to another party as proof of identity. A certificate consists of its owner's public key. Any data encrypted with this public key can be decrypted only using the corresponding secret key, which is held by the owner of the certificate.
If you need more information about SSL, X509, or encryption, use your favorite Internet search engine to search for keywords in which you are interested.
To use SSL connections between the MySQL server and client programs, your system must be able to support OpenSSL and your version of MySQL must be 4.0.0 or newer.
To get secure connections to work with MySQL, you must do the following:
configure
script with the
--with-vio
and --with-openssl
options.
mysql.user
table.
This is necessary if your grant tables date from a version prior to MySQL
4.0.0. The upgrade procedure is described in section 2.10.7 Upgrading the Grant Tables.
mysqld
server supports OpenSSL,
examine the value of the have_openssl
system variable:
mysql> SHOW VARIABLES LIKE 'have_openssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | +---------------+-------+If the value is
YES
, the server supports OpenSSL connections.
Here is an example for setting up SSL certificates for MySQL:
DIR=`pwd`/openssl PRIV=$DIR/private mkdir $DIR $PRIV $DIR/newcerts cp /usr/share/ssl/openssl.cnf $DIR replace ./demoCA $DIR -- $DIR/openssl.cnf # Create necessary files: $database, $serial and $new_certs_dir # directory (optional) touch $DIR/index.txt echo "01" > $DIR/serial # # Generation of Certificate Authority(CA) # openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \ -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # ................++++++ # .........++++++ # writing new private key to '/home/monty/openssl/private/cakey.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL admin # Email Address []: # # Create server request and key # openssl req -new -keyout $DIR/server-key.pem -out \ $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # ..++++++ # ..........++++++ # writing new private key to '/home/monty/openssl/server-key.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL server # Email Address []: # # Please enter the following 'extra' attributes # to be sent with your certificate request # A challenge password []: # An optional company name []: # # Remove the passphrase from the key (optional) # openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem # # Sign server cert # openssl ca -policy policy_anything -out $DIR/server-cert.pem \ -config $DIR/openssl.cnf -infiles $DIR/server-req.pem # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Enter PEM pass phrase: # Check that the request matches the signature # Signature ok # The Subjects Distinguished Name is as follows # countryName :PRINTABLE:'FI' # organizationName :PRINTABLE:'MySQL AB' # commonName :PRINTABLE:'MySQL admin' # Certificate is to be certified until Sep 13 14:22:46 2003 GMT # (365 days) # Sign the certificate? [y/n]:y # # # 1 out of 1 certificate requests certified, commit? [y/n]y # Write out database with 1 new entries # Data Base Updated # # Create client request and key # openssl req -new -keyout $DIR/client-key.pem -out \ $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # .....................................++++++ # .............................................++++++ # writing new private key to '/home/monty/openssl/client-key.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL user # Email Address []: # # Please enter the following 'extra' attributes # to be sent with your certificate request # A challenge password []: # An optional company name []: # # Remove a passphrase from the key (optional) # openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem # # Sign client cert # openssl ca -policy policy_anything -out $DIR/client-cert.pem \ -config $DIR/openssl.cnf -infiles $DIR/client-req.pem # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Enter PEM pass phrase: # Check that the request matches the signature # Signature ok # The Subjects Distinguished Name is as follows # countryName :PRINTABLE:'FI' # organizationName :PRINTABLE:'MySQL AB' # commonName :PRINTABLE:'MySQL user' # Certificate is to be certified until Sep 13 16:45:17 2003 GMT # (365 days) # Sign the certificate? [y/n]:y # # # 1 out of 1 certificate requests certified, commit? [y/n]y # Write out database with 1 new entries # Data Base Updated # # Create a my.cnf file that you can use to test the certificates # cnf="" cnf="$cnf [client]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/client-cert.pem" cnf="$cnf ssl-key=$DIR/client-key.pem" cnf="$cnf [mysqld]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/server-cert.pem" cnf="$cnf ssl-key=$DIR/server-key.pem" echo $cnf | replace " " ' ' > $DIR/my.cnf
To test SSL connections, start the server as follows, where $DIR
is the
pathname to the directory where the sample `my.cnf' option file is
located:
shell> mysqld --defaults-file=$DIR/my.cnf &
Then invoke a client program using the same option file:
shell> mysql --defaults-file=$DIR/my.cnf
If you have a MySQL source distribution, you can also test your setup by modifying the preceding `my.cnf' file to refer to the demonstration certificate and key files in the `SSL' directory of the distribution.
GRANT
Options
MySQL can check X509 certificate attributes in addition to the usual
authentication that is based on the username and password. To specify
SSL-related options for a MySQL account, use the REQUIRE
clause of
the GRANT
statement.
See section 13.5.1.2 GRANT
and REVOKE
Syntax.
There are different possibilities for limiting connection types for an account:
REQUIRE SSL
option limits the server to allow only SSL
encrypted connections for the account. Note that this option can be omitted
if there are any ACL records that allow non-SSL connections.
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' REQUIRE SSL;
REQUIRE X509
means that the client must have a valid certificate
but that the exact certificate, issuer, and subject do not matter.
The only requirement is that it should be possible to verify its
signature with one of the CA certificates.
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' REQUIRE X509;
REQUIRE ISSUER 'issuer'
places the restriction on connection attempts
that the client must present a valid X509 certificate issued by CA
'issuer'
. If the client presents a certificate that is valid but has
a different issuer, the server rejects the connection. Use of X509
certificates always implies encryption, so the SSL
option is
unneccessary.
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' -> REQUIRE ISSUER '/C=FI/ST=Some-State/L=Helsinki/ O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com';Note that the
ISSUER
value should be entered as a single string.
REQUIRE SUBJECT 'subject'
places the restriction on connection
attempts that the client must present a valid X509 certificate with subject
'subject'
on it. If the client presents a certificate that is valid
but has a different subject, the server rejects the connection.
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' -> REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/ O=MySQL demo client certificate/ CN=Tonu Samuel/Email=tonu@example.com';Note that the
SUBJECT
value should be entered as a single string.
REQUIRE CIPHER 'cipher'
is needed to ensure that strong enough ciphers
and key lengths will be used. SSL itself can be weak if old algorithms
with short encryption keys are used. Using this option, we can ask for
some exact cipher method to allow a connection.
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' -> REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA';
The SUBJECT
, ISSUER
, and CIPHER
options can be
combined in the REQUIRE
clause like this:
mysql> GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost' -> IDENTIFIED BY 'goodsecret' -> REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/ O=MySQL demo client certificate/ CN=Tonu Samuel/Email=tonu@example.com' -> AND ISSUER '/C=FI/ST=Some-State/L=Helsinki/ O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com' -> AND CIPHER 'EDH-RSA-DES-CBC3-SHA';
Note that the SUBJECT
and ISSUER
values each should be entered
as a single string.
Starting from MySQL 4.0.4, the AND
keyword is optional between
REQUIRE
options.
The order of the options does not matter, but no option can be specified twice.
The following list describes options that are used for specifying the use of SSL, certificate files, and key files. These options are available beginning with MySQL 4.0. They may be given on the command line or in an option file.
--ssl
--ssl-ca
, --ssl-cert
, and --ssl-key
options.
This option is more often used in its opposite form to indicate that SSL
should not be used. To do this, specify the option as
--skip-ssl
or --ssl=0
.
Note that use of --ssl
doesn't require an SSL connection.
For example, if the server or client is compiled without SSL support,
a normal unencrypted connection will be used.
The secure way to ensure that an SSL connection will be used is
to create an account on the server that includes a
REQUIRE SSL
clause in the GRANT
statement.
Then use this account to connect to the server, with both a server and client
that have SSL support enabled.
--ssl-ca=file_name
--ssl-capath=directory_name
--ssl-cert=file_name
--ssl-cipher=cipher_list
openssl ciphers
command.
Example: --ssl-cipher=ALL:-AES:-EXP
--ssl-key=file_name
Here is a note about how to connect to get a secure connection to remote MySQL server with SSH (by David Carlson dcarlson@mplcomm.com):
SecureCRT
from http://www.vandyke.com/.
Another option is f-secure
from http://www.f-secure.com/. You
can also find some free ones on Google
at
http://directory.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/SSH/Clients/Windows/.
Host_Name = yourmysqlserver_URL_or_IP
.
Set userid=your_userid
to log in to your server. This userid
value may not be the same as the username of your MySQL account.
local_port: 3306
, remote_host: yourmysqlservername_or_ip
, remote_port: 3306
)
or a local forward (Set port: 3306
, host: localhost
, remote port: 3306
).
localhost
for the MySQL host server, not yourmysqlservername
.
You should now have an ODBC connection to MySQL, encrypted using SSH.
This section discusses how to make database backups (full and incremental)
and how to perform
table maintenance. The syntax of the SQL statements described here is
given in section 13.5 Database Administration Statements.
Much of the information here pertains primarily to MyISAM
tables.
InnoDB
backup procedures are given in section 15.9 Backing Up and Recovering an InnoDB
Database.
Because MySQL tables are stored as files, it is easy to do a
backup. To get a consistent backup, do a LOCK TABLES
on the
relevant tables, followed by FLUSH TABLES
for the tables.
See section 13.4.5 LOCK TABLES
and UNLOCK TABLES
Syntax and
section 13.5.5.2 FLUSH
Syntax.
You need only a read lock; this allows other clients to continue to
query the tables while you are making a copy of the files in the
database directory. The FLUSH TABLES
statement is needed to ensure that
the all active index pages are written to disk before you start the backup.
If you want to make an SQL-level backup of a table, you can use
SELECT INTO ... OUTFILE
or BACKUP TABLE
.
For SELECT INTO ... OUTFILE
, the output file cannot already exist.
For BACKUP TABLE
, the same is true as of
MySQL 3.23.56 and 4.0.12, because this would be a security risk.
See section 13.1.7 SELECT
Syntax and
section 13.5.2.2 BACKUP TABLE
Syntax.
Another way to back up a database is to use the mysqldump
program or
the mysqlhotcopy script
.
See section 8.8 The mysqldump
Database Backup Program and
section 8.9 The mysqlhotcopy
Database Backup Program.
shell> mysqldump --tab=/path/to/some/dir --opt db_nameOr:
shell> mysqlhotcopy db_name /path/to/some/dirYou can also simply copy all table files (`*.frm', `*.MYD', and `*.MYI' files) as long as the server isn't updating anything. The
mysqlhotcopy
script uses this method. (But note that these
methods
will not work if your database contains InnoDB
tables. InnoDB
does not store table contents in database directories, and mysqlhotcopy
works only for MyISAM
and ISAM
tables.)
mysqld
if it's running, then start it with the
--log-bin[=file_name]
option. See section 5.9.4 The Binary Log. The binary
log files provide you with the information you need to replicate
changes to the database that are made subsequent to the point at which
you executed mysqldump
.
For InnoDB
tables, it's possible to perform an online backup that
takes no locks on tables; see section 8.8 The mysqldump
Database Backup Program
MySQL supports incremental backups: You need to start the server with the
--log-bin
option to enable binary logging; see section 5.9.4 The Binary Log.
At the moment you want to make an incremental backup (containing all
changes that happened since the last full or incremental backup), you should
rotate the binary log by using FLUSH LOGS
. This done, you need to
copy to the backup location all binary logs which range from the one of the
moment of the last full or incremental backup to the last but one. These
binary logs are the incremental backup; at restore time, you apply them
as explained further below. The next time you do a full backup, you should
also rotate the binary log using FLUSH LOGS
, mysqldump
--flush-logs
, or mysqlhotcopy --flushlogs
. See section 8.8 The mysqldump
Database Backup Program and section 8.9 The mysqlhotcopy
Database Backup Program.
If your MySQL server is a slave replication server, then regardless of the
backup method you choose, you should also back up the
`master.info' and `relay-log.info' files
when you back up your slave's data. These files
are always needed to resume replication after you restore
the slave's data. If your slave is subject to replicating LOAD
DATA INFILE
commands, you should also back up any `SQL_LOAD-*' files
that may exist in the directory specified by the --slave-load-tmpdir
option. (This location defaults to the value of the tmpdir
variable
if not specified.) The slave needs these files to resume
replication of any interrupted LOAD DATA INFILE
operations.
If you have to restore MyISAM
tables, try to recover them using
REPAIR TABLE
or myisamchk -r
first. That should work in
99.9% of all cases. If myisamchk
fails, try the following procedure.
Note that it will work only if you have enabled binary logging by starting
MySQL with the --log-bin
option; see section 5.9.4 The Binary Log.
mysqldump
backup, or binary backup.
shell> mysqlbinlog hostname-bin.[0-9]* | mysqlIn your case, you may want to re-run only certain binary logs, from certain positions (usually you want to re-run all binary logs from the date of the restored backup, excepting possibly some incorrect queries). See section 8.5 The
mysqlbinlog
Binary Log Utility for more information on
the mysqlbinlog
utility and how to use it.
If you are using the update logs instead (which is a deprecated feature removed
in MySQL 5.0), you can process their contents like this:
shell> ls -1 -t -r hostname.[0-9]* | xargs cat | mysql
ls
is used to sort the update log filenames into the right order.
You can also do selective backups of individual files:
SELECT * INTO OUTFILE 'file_name' FROM tbl_name
.
LOAD DATA INFILE 'file_name' REPLACE ...
To avoid duplicate records, the table must have a PRIMARY KEY
or a
UNIQUE
index. The REPLACE
keyword causes old records
to be replaced with new ones when a new record duplicates an old record on
a unique key value.
If you have performance problems with your server while making backups, one strategy that can help is to set up replication and perform backups on the slave rather than on the master. See section 6.1 Introduction to Replication.
If you are using a Veritas filesystem, you can make a backup like this:
FLUSH TABLES WITH READ LOCK
.
mount vxfs snapshot
.
UNLOCK TABLES
.
The following text discusses how to use myisamchk
to check or repair
MyISAM
tables (tables with `.MYI' and `.MYD' files).
The same concepts apply to using isamchk
to check or repair
ISAM
tables (tables with `.ISM' and `.ISD' files).
See section 14 MySQL Storage Engines and Table Types.
You can use the myisamchk
utility to get information about your
database tables or to check, repair, or optimize them. The following
sections describe how to invoke myisamchk
(including a
description of its options), how to set up a table maintenance schedule,
and how to use myisamchk
to perform its various functions.
Even though table repair with myisamchk
is quite secure, it's
always a good idea to make a backup before doing a repair (or any
maintenance operation that could make a lot of changes to a table)
myisamchk
operations that affect indexes can cause
FULLTEXT
indexes to be rebuilt with full-text parameters that
are incompatible with the values used by the MySQL server. To avoid this,
read the instructions in
section 5.7.2.2 General Options for myisamchk
.
In many cases, you may find it simpler to do MyISAM
table maintenance
using the SQL statements that perform operations that myisamchk
can
do:
MyISAM
tables, use CHECK TABLE
or
REPAIR TABLE
.
MyISAM
tables, use OPTIMIZE TABLE
.
MyISAM
tables, use ANALYZE TABLE
.
These statements were introduced in different versions, but all are available
from MySQL 3.23.14 on.
See
section 13.5.2.1 ANALYZE TABLE
Syntax,
section 13.5.2.3 CHECK TABLE
Syntax,
section 13.5.2.5 OPTIMIZE TABLE
Syntax,
and section 13.5.2.6 REPAIR TABLE
Syntax.
The statements can be used directly, or by means of the mysqlcheck
client program, which provides a command-line interface to them.
One advantage of these statements over myisamchk
is that the server
does all the work. With myisamchk
, you must make sure that the server
does not use the tables at the same time. Otherwise, there can be unwanted
interaction betweeen myisamchk
and the server.
myisamchk
Invocation Syntax
Invoke myisamchk
like this:
shell> myisamchk [options] tbl_name
The options specify what you want myisamchk
to do. They are
described in the following sections. You can also get a list of options by
invoking myisamchk --help
.
With no options, myisamchk
simply checks your table as the default
operation. To get more information or to tell myisamchk
to take
corrective action, specify options as described in the following discussion.
tbl_name is the database table you want to check or repair. If you run
myisamchk
somewhere other than in the database directory, you must
specify the path to the database directory, because myisamchk
has no
idea where the
database is located. In fact, myisamchk
doesn't actually care whether
the files you are working on are located in a database directory. You can
copy the files that correspond to a database table into some other location and
perform recovery operations on them there.
You can name several tables on the myisamchk
command line if you
wish. You can also specify a table by naming its index file (the file with
the `.MYI' suffix). This allows you to specify all tables in a
directory by using the pattern `*.MYI'. For example, if you are in a
database directory, you can check all the MyISAM
tables in that
directory like this:
shell> myisamchk *.MYI
If you are not in the database directory, you can check all the tables there by specifying the path to the directory:
shell> myisamchk /path/to/database_dir/*.MYI
You can even check all tables in all databases by specifying a wildcard with the path to the MySQL data directory:
shell> myisamchk /path/to/datadir/*/*.MYI
The recommended way to quickly check all MyISAM
and ISAM
tables is:
shell> myisamchk --silent --fast /path/to/datadir/*/*.MYI shell> isamchk --silent /path/to/datadir/*/*.ISM
If you want to check all MyISAM
and ISAM
tables and repair any
that are corrupted, you can use the following commands:
shell> myisamchk --silent --force --fast --update-state \ -O key_buffer=64M -O sort_buffer=64M \ -O read_buffer=1M -O write_buffer=1M \ /path/to/datadir/*/*.MYI shell> isamchk --silent --force -O key_buffer=64M \ -O sort_buffer=64M -O read_buffer=1M -O write_buffer=1M \ /path/to/datadir/*/*.ISM
These commands assume that you have more than 64MB free.
For more information about memory allocation with myisamchk
, see
section 5.7.2.6 myisamchk
Memory Usage.
You must ensure that no other program is using the tables while you are
running myisamchk
. Otherwise, when you run myisamchk
, it may
display the following error message:
warning: clients are using or haven't closed the table properly
This means that you are trying to check a table that has been updated by
another program (such as the mysqld
server) that hasn't yet closed
the file or that has died without closing the file properly.
If mysqld
is running, you must force it to flush any table
modifications that are still buffered in memory by using FLUSH
TABLES
. You should then ensure that no one is using the tables while you
are running myisamchk
. The easiest way to
avoid this problem is to use CHECK TABLE
instead of myisamchk
to check tables.
myisamchk
The options described in this section can be used for any
type of table maintenance operation performed by myisamchk
.
The sections following this one describe options that pertain only to specific
operations, such as table checking or repairing.
--help, -?
--debug=debug_options, -# debug_options
'd:t:o,file_name'
.
--silent, -s
-s
twice (-ss
) to make myisamchk
very silent.
--verbose, -v
-d
and
-e
. Use -v
multiple times (-vv
, -vvv
) for even
more output.
--version, -V
--wait, -w
mysqld
with the --skip-external-locking
option, the table can
be locked only by another myisamchk
command.
You can also set the following variables by using --var_name=value
options:
Variable | Default Value |
decode_bits | 9 |
ft_max_word_len | version-dependent |
ft_min_word_len | 4 |
ft_stopword_file | built-in list |
key_buffer_size | 523264 |
myisam_block_size | 1024 |
read_buffer_size | 262136 |
sort_buffer_size | 2097144 |
sort_key_blocks | 16 |
write_buffer_size | 262136 |
It is also possible to set variables by using
--set-variable=var_name=value
or -O var_name=value
syntax. However, this syntax is deprecated as of MySQL 4.0.
The possible myisamchk
variables and their default values
can be examined with myisamchk --help
:
sort_buffer_size
is used when the keys are repaired by sorting
keys, which is the normal case when you use --recover
.
key_buffer_size
is used when you are checking the table with
--extend-check
or when the keys are repaired by inserting keys
row by row into the table (like when doing normal inserts). Repairing
through the key buffer is used in the following cases:
--safe-recover
.
CHAR
, VARCHAR
, or TEXT
columns, because the sort operation needs to store the complete key values
as it proceeds. If you have lots of temporary space and you can force
myisamchk
to repair by sorting, you can use the --sort-recover
option.
Repairing through the key buffer takes much less disk space than using sorting, but is also much slower.
If you want a faster repair, set the key_buffer_size
and
sort_buffer_size
variables to about 25% of your available memory.
You can set both variables to large values, because only one of them is used
at a time.
myisam_block_size
is the size used for index blocks. It is available
as of MySQL 4.0.0.
The ft_min_word_len
and ft_max_word_len
variables are
available as of MySQL 4.0.0. ft_stopword_file
is available as of
MySQL 4.0.19.
ft_min_word_len
and ft_max_word_len
indicate the minimum and
maximum word length for FULLTEXT
indexes. ft_stopword_file
names the stopword file. These need to be set under the following
circumstances.
If you use myisamchk
to perform an operation that modifies
table indexes (such as repair or analyze), the FULLTEXT
indexes
are rebuilt using the default full-text parameter values for minimum and
maximum word length and the stopword file unless you specify otherwise.
This can result in queries failing.
The problem occurs because these parameters are known only by the server.
They are not stored in MyISAM
index files. To avoid the problem if
you have modified the minimum or maximum word length or the stopword file in
the server, specify the same ft_min_word_len
, ft_max_word_len
,
and ft_stopword_file
values to myisamchk
that you use for
mysqld
. For example, if you have set the minimum word length to 3,
you can repair a table with myisamchk
like this:
shell> myisamchk --recover --ft_min_word_len=3 tbl_name.MYI
To ensure that myisamchk
and the server use the same values for
full-text parameters, you can place each one in both the [mysqld]
and [myisamchk]
sections of an option file:
[mysqld] ft_min_word_len=3 [myisamchk] ft_min_word_len=3
An alternative to using myisamchk
is to use the REPAIR TABLE
,
ANALYZE TABLE
, OPTIMIZE TABLE
, or ALTER TABLE
.
These statements are performed by the server, which knows the proper
full-text parameter values to use.
myisamchk
myisamchk
supports the following options for table checking operations:
--check, -c
--check-only-changed, -C
--extend-check, -e
myisamchk
or myisamchk --medium-check
should
be able to determine whether there are any errors in the table.
If you are using --extend-check
and have plenty of memory, setting
the key_buffer_size
variable to a large value will help the repair
operation run faster.
--fast, -F
--force, -f
myisamchk
finds any errors in the table.
The repair type is the same as that specified with the --repair
or
-r
option.
--information, -i
--medium-check, -m
--extend-check
operation.
This finds only 99.99% of all errors, which should be good enough in most cases.
--read-only, -T
myisamchk
to check a table that is in use by some other application that doesn't
use locking, such as mysqld
when run with the
--skip-external-locking
option.
--update-state, -U
--check-only-changed
option, but you shouldn't use this
option if the mysqld
server is using the table and you are
running it with the --skip-external-locking
option.
myisamchk
myisamchk
supports the following options for table repair operations:
--backup, -B
--character-sets-dir=path
--correct-checksum
--data-file-length=#, -D #
--extend-check, -e
--force, -f
--keys-used=#, -k #
myisamchk
, the option value indicates which indexes to update.
Each binary bit of the option value corresponds to a table index, where the
first index is bit 0.
For isamchk
, the option value indicates that only the first # of
the table indexes should be updated.
In either case, an option value of 0 disables updates to all indexes, which
can be used to get faster inserts.
Deactivated indexes can be reactivated by using myisamchk -r
or (isamchk -r
).
--no-symlinks, -l
myisamchk
repairs the
table that a symlink points to. This option doesn't exist as of MySQL 4.0,
because versions from 4.0 on will not remove symlinks during repair operations.
--parallel-recover, -p
-r
and -n
, but creates
all the keys in parallel, using different threads.
This option was added in MySQL 4.0.2.
This is alpha code. Use at your own risk!
--quick, -q
myisamchk
to modify the original data file in
case of duplicate keys.
--recover, -r
ISAM
/MyISAM
tables). If you want to recover a table, this is the option to try
first. You should try -o
only if myisamchk
reports that the
table can't be recovered by -r
. (In the unlikely case
that -r
fails, the data file is still intact.)
If you have lots of memory, you should increase the value of
sort_buffer_size
.
--safe-recover, -o
-r
, but can handle a couple of very unlikely cases that
-r
cannot. This recovery method also uses much less disk
space than -r
. Normally, you should repair first with
-r
, and then with -o
only if -r
fails.
If you have lots of memory, you should increase the value of
key_buffer_size
.
--set-character-set=name
--sort-recover, -n
myisamchk
to use sorting to resolve the keys even if the
temporary files should be very big.
--tmpdir=path, -t path
myisamchk
uses the value of the TMPDIR
environment variable.
Starting from MySQL 4.1, tmpdir
can be set to a list of directory paths
that will be used successively in round-robin fashion for creating
temporary files. The separator character between directory names should be
colon (`:') on Unix and semicolon (`;') on Windows, NetWare, and
OS/2.
--unpack, -u
myisampack
.
myisamchk
myisamchk
supports the following options for actions other than
table checks and repairs:
--analyze, -a
myisamchk --description --verbose tbl_name
command or the
SHOW KEYS FROM tbl_name
statement.
--description, -d
--set-auto-increment[=value], -A[value]
AUTO_INCREMENT
numbering for new records to start at the given
value (or higher, if there are already records with AUTO_INCREMENT
values this large). If value is not specified, AUTO_INCREMENT
number for new records begins with the largest value currently in the table,
plus one.
--sort-index, -S
--sort-records=#, -R #
SELECT
and ORDER
BY
operations that use this index. (The first time you use this option to
sort a table, it may be very slow.) To determine a table's index numbers,
use SHOW KEYS
, which displays a table's indexes in the same order
that myisamchk
sees them. Indexes are numbered beginning with 1.
myisamchk
Memory Usage
Memory allocation is important when you run myisamchk
.
myisamchk
uses no more memory than you specify with the -O
options. If you are going to use myisamchk
on very large tables,
you should first decide how much memory you want it to use. The default
is to use only about 3MB to perform repairs. By using larger values, you can
get myisamchk
to operate faster. For example, if you have more
than 32MB RAM, you could use options such as these (in addition to any
other options you might specify):
shell> myisamchk -O sort=16M -O key=16M -O read=1M -O write=1M ...
Using -O sort=16M
should probably be enough for most cases.
Be aware that myisamchk
uses temporary files in TMPDIR
. If
TMPDIR
points to a memory filesystem, you may easily get out of
memory errors. If this happens, set TMPDIR
to point at some directory
located on a filesystem
with more space and run myisamchk
again.
When repairing, myisamchk
will also need a lot of disk space:
--quick
; in this
case, only the index file is re-created. This space is needed on the same
filesystem as the original data file! (The copy is created in the
same directory as the original.)
--recover
or --sort-recover
(but not when using --safe-recover
), you will need space for a
sort buffer. The amount of space required is:
(largest_key + row_pointer_length) * number_of_rows * 2You can check the length of the keys and the
row_pointer_length
with myisamchk -dv tbl_name
. This space is allocated in the temporary
directory (specified by TMPDIR
or --tmpdir=path
).
If you have a problem with disk space during repair, you can try to use
--safe-recover
instead of --recover
.
myisamchk
for Crash Recovery
If you run mysqld
with --skip-external-locking
(which is the
default on some systems, such as Linux), you can't reliably use myisamchk
to check a table when mysqld
is using the same table. If you
can be sure that no one is accessing the tables through mysqld
while you run myisamchk
, you only have to do mysqladmin
flush-tables
before you start checking the tables. If you can't
guarantee this, then you must stop mysqld
while you
check the tables. If you run myisamchk
while mysqld
is updating
the tables, you may get a warning that a table is corrupt even when it
isn't.
If you are not using --skip-external-locking
, you can use
myisamchk
to check tables at any time. While you do this, all clients
that try to update the table will wait until myisamchk
is ready before
continuing.
If you use myisamchk
to repair or optimize tables, you
must always ensure that the mysqld
server is not using
the table (this also applies if you are using --skip-external-locking
).
If you don't take down mysqld
, you should at least do a
mysqladmin flush-tables
before you run myisamchk
.
Your tables may become corrupted if the server and myisamchk
access the tables simultaneously.
This section describes how to check for and deal with data corruption in MySQL databases. If your tables get corrupted frequently you should try to find the reason why. See section A.4.2 What to Do If MySQL Keeps Crashing.
The MyISAM
table section contains reason for why a table could be
corrupted. See section 14.1.4 MyISAM
Table Problems.
When performing crash recovery, it is important to understand that each
MyISAM
table tbl_name in a database corresponds to three files
in the database directory:
File | Purpose |
`tbl_name.frm' | Definition (format) file |
`tbl_name.MYD' | Data file |
`tbl_name.MYI' | Index file |
Each of these three file types is subject to corruption in various ways, but problems occur most often in data files and index files.
myisamchk
works by creating a copy of the `.MYD' data file
row by row. It ends the repair stage by removing the old `.MYD'
file and renaming the new file to the original file name. If you use
--quick
, myisamchk
does not create a temporary `.MYD'
file, but instead assumes that the `.MYD' file is correct and only
generates a new index file without touching the `.MYD' file. This is
safe, because myisamchk
automatically detects whether the `.MYD'
file is corrupt and aborts the repair if it is. You can also specify
the --quick
option twice to myisamchk
. In this case,
myisamchk
does not abort on some errors (such as duplicate-key
errors) but instead tries to resolve them by modifying the `.MYD'
file. Normally the use of two --quick
options is useful only if you
have too little free disk space to perform a normal repair. In this case,
you should at least make a backup before running myisamchk
.
MyISAM
Tables for Errors
To check a MyISAM
table, use the following commands:
myisamchk tbl_name
myisamchk
without options or
with either the -s
or --silent
option.
myisamchk -m tbl_name
myisamchk -e tbl_name
-e
means
``extended check''). It does a check-read of every key for each row to verify
that they indeed point to the correct row. This may take a long time for a
large table that has many indexes. Normally, myisamchk
stops after
the first error it finds. If you want to obtain more information, you can
add the --verbose
(-v
) option. This causes myisamchk
to keep going, up through a maximum of 20 errors.
myisamchk -e -i tbl_name
-i
option tells myisamchk
to
print some informational statistics, too.
In most cases, a simple myisamchk
with no arguments other than the
table name is sufficient to check a table.
The discussion in this section describes how to use myisamchk
on
MyISAM
tables (extensions `.MYI' and `.MYD'). If you
are using ISAM
tables (extensions `.ISM' and `.ISD'),
you should use isamchk
instead; the concepts are similar.
If you are using MySQL 3.23.16 and above, you can (and
should) use the CHECK TABLE
and REPAIR TABLE
statements to
check and repair MyISAM
tables.
See section 13.5.2.3 CHECK TABLE
Syntax
and section 13.5.2.6 REPAIR TABLE
Syntax.
The symptoms of a corrupted table include queries that abort unexpectedly and observable errors such as these:
To get more information about the error you can run perror
###,
where ### is the error number. The following example shows how to use
perror
to find the meanings for the most common error numbers that
indicate a problem with a table:
shell> perror 126 127 132 134 135 136 141 144 145 126 = Index file is crashed / Wrong file format 127 = Record-file is crashed 132 = Old database file 134 = Record was already deleted (or record file crashed) 135 = No more room in record file 136 = No more room in index file 141 = Duplicate unique key or constraint on write or update 144 = Table is crashed and last repair failed 145 = Table was marked as crashed and should be repaired
Note that error 135 (no more room in record file) and error 136 (no more
room in index file) are not errors that can be fixed by a simple repair. In
this case, you have to use ALTER TABLE
to increase the
MAX_ROWS
and AVG_ROW_LENGTH
table option values:
ALTER TABLE tbl_name MAX_ROWS=xxx AVG_ROW_LENGTH=yyy;
If you don't know the current table option values, use SHOW CREATE TABLE
tbl_name
.
For the other errors, you must repair your tables. myisamchk
can
usually detect and fix most problems that occur.
The repair process involves up to four stages, described here. Before you
begin, you should change location to the database directory and check the
permissions of the table files. On Unix, make sure that they are readable by
the user that mysqld
runs as (and to you, because you need to access
the files you are checking). If it turns out you need to modify files, they
must also be writable by you.
The options that you can use for table maintenance with myisamchk
and isamchk
are described in several of the earlier subsections of
section 5.7.2 Table Maintenance and Crash Recovery.
The following section is for the cases where the above command fails or
if you want to use the extended features that myisamchk
and
isamchk
provide.
If you are going to repair a table from the command line, you must first
stop the mysqld
server. Note that when you do
mysqladmin shutdown
on a remote server, the mysqld
server
will still be alive for a while after mysqladmin
returns, until
all queries are stopped and all keys have been flushed to disk.
Stage 1: Checking your tables
Run myisamchk *.MYI
or myisamchk -e *.MYI
if you have
more time. Use the -s
(silent) option to suppress unnecessary
information.
If the mysqld
server is down, you should use the --update-state
option to tell myisamchk
to mark the table as 'checked'.
You have to repair only those tables for which myisamchk
announces an
error. For such tables, proceed to Stage 2.
If you get weird errors when checking (such as out of
memory
errors), or if myisamchk
crashes, go to Stage 3.
Stage 2: Easy safe repair
Note: If you want a repair operation to go much faster, you should set the
values of the sort_buffer_size
and key_buffer_size
variables
each to about 25% of your available memory when running myisamchk
or isamchk
.
First, try myisamchk -r -q tbl_name
(-r -q
means ``quick
recovery mode''). This will attempt to repair the index file without
touching the data file. If the data file contains everything that it
should and the delete links point at the correct locations within the
data file, this should work, and the table is fixed. Start repairing the
next table. Otherwise, use the following procedure:
myisamchk -r tbl_name
(-r
means ``recovery mode''). This will
remove incorrect records and deleted records from the data file and
reconstruct the index file.
myisamchk --safe-recover tbl_name
.
Safe recovery mode uses an old recovery method that handles a few cases that
regular recovery mode doesn't (but is slower).
If you get weird errors when repairing (such as out of
memory
errors), or if myisamchk
crashes, go to Stage 3.
Stage 3: Difficult repair
You should reach this stage only if the first 16KB block in the index file is destroyed or contains incorrect information, or if the index file is missing. In this case, it's necessary to create a new index file. Do so as follows:
shell> mysql db_name mysql> SET AUTOCOMMIT=1; mysql> TRUNCATE TABLE tbl_name; mysql> quitIf your version of MySQL doesn't have
TRUNCATE TABLE
, use
DELETE FROM tbl_name
instead.
Go back to Stage 2. myisamchk -r -q
should work now. (This shouldn't
be an endless loop.)
As of MySQL 4.0.2, you can also use REPAIR TABLE tbl_name USE_FRM
,
which performs the whole procedure automatically.
Stage 4: Very difficult repair
You should reach this stage only if the `.frm' description file has also crashed. That should never happen, because the description file isn't changed after the table is created:
myisamchk -r
.
To coalesce fragmented records and eliminate wasted space resulting from
deleting or updating records, run myisamchk
in recovery mode:
shell> myisamchk -r tbl_name
You can optimize a table in the same way by using the SQL OPTIMIZE TABLE
statement. OPTIMIZE TABLE
does a repair of the table and a key
analysis, and also sorts the index tree to give faster key lookups.
There is also no possibility of unwanted interaction between a utility
and the server, because the server does all the work when you use
OPTIMIZE TABLE
. See section 13.5.2.5 OPTIMIZE TABLE
Syntax.
myisamchk
also has a number of other options you can use to improve
the performance of a table:
-S
, --sort-index
-R index_num
, --sort-records=index_num
-a
, --analyze
For a full description of the options, see section 5.7.2.1 myisamchk
Invocation Syntax.
It is a good idea to perform table checks on a regular basis rather than
waiting for problems to occur.
One way to check and repair MyISAM
tables is
with the CHECK TABLE
and REPAIR TABLE
statements.
These are available starting with MySQL 3.23.16.
See section 13.5.2.3 CHECK TABLE
Syntax and
section 13.5.2.6 REPAIR TABLE
Syntax.
Another way to check tables is to use myisamchk
. For maintenance
purposes, you can use myisamchk -s
. The -s
option (short for
--silent
) causes myisamchk
to run in silent mode, printing
messages only when errors occur.
It's also a good idea to check tables when the server starts.
For example, whenever the machine has done a restart in the middle of an
update, you usually need to check all the tables that could have been
affected. (These are ``expected crashed tables.'')
To check MyISAM
tables automatically, start the server with the --myisam-recover
option, available as of MySQL 3.23.25.
If your server is too old to support this option, you could
add a test to
mysqld_safe
that runs myisamchk
to check all tables that have
been modified during the last 24 hours if there is an old `.pid'
(process ID) file left after a restart. (The `.pid' file is created by
mysqld
when it starts and removed when it terminates normally. The
presence of a `.pid' file at system startup time indicates that
mysqld
terminated abnormally.)
An even better test would be to check any table whose last-modified time is more recent than that of the `.pid' file.
You should also check your tables regularly during normal system
operation. At MySQL AB, we run a cron
job to check all
our important tables once a week, using a line like this in a `crontab'
file:
35 0 * * 0 /path/to/myisamchk --fast --silent /path/to/datadir/*/*.MYI
This prints out information about crashed tables so that we can examine and repair them when needed.
Because we haven't had any unexpectedly crashed tables (tables that become corrupted for reasons other than hardware trouble) for a couple of years now (this is really true), once a week is more than enough for us.
We recommend that to start with, you execute myisamchk -s
each
night on all tables that have been updated during the last 24 hours,
until you come to trust MySQL as much as we do.
Normally, MySQL tables need little maintenance. If you are changing
MyISAM
tables with dynamic-sized rows (tables with VARCHAR
,
BLOB
, or TEXT
columns) or have tables with many deleted rows
you may want to defragment/reclaim space from the tables
from time to time (once a month?).
You can do this by using OPTIMIZE TABLE
on the tables in question.
Or, if you can stop the mysqld
server for a while, change location
into the data directory and use this command while the server is stopped:
shell> myisamchk -r -s --sort-index -O sort_buffer_size=16M */*.MYI
For ISAM
tables, the command is similar:
shell> isamchk -r -s --sort-index -O sort_buffer_size=16M */*.ISM
To obtain a description of a table or statistics about it, use the commands shown here. We explain some of the information in more detail later:
myisamchk -d tbl_name
Runs myisamchk
in ``describe mode'' to produce a description of
your table. If you start the MySQL server using the
--skip-external-locking
option, myisamchk
may report an error
for a table that is updated while it runs. However, because myisamchk
doesn't change the table in describe mode, there is no risk of
destroying data.
myisamchk -d -v tbl_name
Adding -v
runs myisamchk
in verbose mode so that it produces
more information about what it is doing.
myisamchk -eis tbl_name
Shows only the most important information from a table. This operation is slow
because it must read the entire table.
myisamchk -eiv tbl_name
This is like -eis
, but tells you what is being done.
Sample output for some of these commands follows. They are based on a table with these data and index file sizes:
-rw-rw-r-- 1 monty tcx 317235748 Jan 12 17:30 company.MYD -rw-rw-r-- 1 davida tcx 96482304 Jan 12 18:35 company.MYM
Example of myisamchk -d
output:
MyISAM file: company.MYI Record format: Fixed length Data records: 1403698 Deleted blocks: 0 Recordlength: 226 table description: Key Start Len Index Type 1 2 8 unique double 2 15 10 multip. text packed stripped 3 219 8 multip. double 4 63 10 multip. text packed stripped 5 167 2 multip. unsigned short 6 177 4 multip. unsigned long 7 155 4 multip. text 8 138 4 multip. unsigned long 9 177 4 multip. unsigned long 193 1 text
Example of myisamchk -d -v
output:
MyISAM file: company Record format: Fixed length File-version: 1 Creation time: 1999-10-30 12:12:51 Recover time: 1999-10-31 19:13:01 Status: checked Data records: 1403698 Deleted blocks: 0 Datafile parts: 1403698 Deleted data: 0 Datafile pointer (bytes): 3 Keyfile pointer (bytes): 3 Max datafile length: 3791650815 Max keyfile length: 4294967294 Recordlength: 226 table description: Key Start Len Index Type Rec/key Root Blocksize 1 2 8 unique double 1 15845376 1024 2 15 10 multip. text packed stripped 2 25062400 1024 3 219 8 multip. double 73 40907776 1024 4 63 10 multip. text packed stripped 5 48097280 1024 5 167 2 multip. unsigned short 4840 55200768 1024 6 177 4 multip. unsigned long 1346 65145856 1024 7 155 4 multip. text 4995 75090944 1024 8 138 4 multip. unsigned long 87 85036032 1024 9 177 4 multip. unsigned long 178 96481280 1024 193 1 text
Example of myisamchk -eis
output:
Checking MyISAM file: company Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4 Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4 Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4 Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3 Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4 Total: Keyblocks used: 98% Packed: 17% Records: 1403698 M.recordlength: 226 Packed: 0% Recordspace used: 100% Empty space: 0% Blocks/Record: 1.00 Record blocks: 1403698 Delete blocks: 0 Recorddata: 317235748 Deleted data: 0 Lost space: 0 Linkdata: 0 User time 1626.51, System time 232.36 Maximum resident set size 0, Integral resident set size 0 Non physical pagefaults 0, Physical pagefaults 627, Swaps 0 Blocks in 0 out 0, Messages in 0 out 0, Signals 0 Voluntary context switches 639, Involuntary context switches 28966
Example of myisamchk -eiv
output:
Checking MyISAM file: company Data records: 1403698 Deleted blocks: 0 - check file-size - check delete-chain block_size 1024: index 1: index 2: index 3: index 4: index 5: index 6: index 7: index 8: index 9: No recordlinks - check index reference - check data record references index: 1 Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4 - check data record references index: 2 Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4 - check data record references index: 3 Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4 - check data record references index: 4 Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3 - check data record references index: 5 Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 6 Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 7 Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 8 Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 9 Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4 Total: Keyblocks used: 9% Packed: 17% - check records and index references [LOTS OF ROW NUMBERS DELETED] Records: 1403698 M.recordlength: 226 Packed: 0% Recordspace used: 100% Empty space: 0% Blocks/Record: 1.00 Record blocks: 1403698 Delete blocks: 0 Recorddata: 317235748 Deleted data: 0 Lost space: 0 Linkdata: 0 User time 1639.63, System time 251.61 Maximum resident set size 0, Integral resident set size 0 Non physical pagefaults 0, Physical pagefaults 10580, Swaps 0 Blocks in 4 out 0, Messages in 0 out 0, Signals 0 Voluntary context switches 10604, Involuntary context switches 122798
Explanations for the types of information myisamchk
produces are
given here. ``Keyfile'' refers to the index file. ``Record'' and ``row''
are synonymous.
MyISAM file
Name of the MyISAM
(index) file.
File-version
Version of MyISAM
format. Currently always 2.
Creation time
When the data file was created.
Recover time
When the index/data file was last reconstructed.
Data records
How many records are in the table.
Deleted blocks
How many deleted blocks still have reserved space.
You can optimize your table to minimize this space.
See section 5.7.2.10 Table Optimization.
Datafile parts
For dynamic record format, this indicates how many data blocks there are. For
an optimized table without fragmented records, this is the same as Data
records
.
Deleted data
How many bytes of unreclaimed deleted data there are.
You can optimize your table to minimize this space.
See section 5.7.2.10 Table Optimization.
Datafile pointer
The size of the data file pointer, in bytes. It is usually 2, 3, 4, or 5
bytes. Most tables manage with 2 bytes, but this cannot be controlled
from MySQL yet. For fixed tables, this is a record address. For
dynamic tables, this is a byte address.
Keyfile pointer
The size of the index file pointer, in bytes. It is usually 1, 2, or 3
bytes. Most tables manage with 2 bytes, but this is calculated
automatically by MySQL. It is always a block address.
Max datafile length
How long the table data file can become, in bytes.
Max keyfile length
How long the table index file can become, in bytes.
Recordlength
How much space each record takes, in bytes.
Record format
The format used to store table rows.
The preceding examples use Fixed length
.
Other possible values are Compressed
and Packed
.
table description
A list of all keys in the table. For each key, myisamchk
displays
some low-level information:
Key
This key's number.
Start
Where in the record this index part starts.
Len
How long this index part is. For packed numbers, this should always be
the full length of the column. For strings, it may be shorter than the full
length of the indexed column, because you can index a prefix of a string
column.
Index
Whether a key value can exist multiple times in the index. Values are
unique
or multip.
(multiple).
Type
What data type this index part has. This is a MyISAM
data type
with the options packed
, stripped
, or empty
.
Root
Address of the root index block.
Blocksize
The size of each index block. By default this is 1024, but the value may be
changed at compile time when MySQL is built from source.
Rec/key
This is a statistical value used by the optimizer. It tells how many
records there are per value for this key. A unique key always has a
value of 1. This may be updated after a table is loaded (or greatly
changed) with myisamchk -a
. If this is not updated at all, a default
value of 30 is given.
table description
lines for the ninth index. This indicates that it is a multiple-part index
with two parts.
Keyblocks used
What percentage of the keyblocks are used. When a table has just been
reorganized with myisamchk
, as for the table in the examples, the
values are very high (very near the theoretical maximum).
Packed
MySQL tries to pack keys with a common suffix. This can only be used
for indexes on CHAR
, VARCHAR
, or DECIMAL
columns. For
long indexed strings that have similar leftmost parts,
this can significantly reduce the space used. In the third example
above, the fourth key is 10 characters long and a 60% reduction in space is
achieved.
Max levels
How deep the B-tree for this key is. Large tables with long key values get high
values.
Records
How many rows are in the table.
M.recordlength
The average record length. This is the exact record length for tables
with fixed-length records, because all records have the same length.
Packed
MySQL strips spaces from the end of strings. The Packed
value indicates the percentage of savings achieved by doing this.
Recordspace used
What percentage of the data file is used.
Empty space
What percentage of the data file is unused.
Blocks/Record
Average number of blocks per record (that is, how many links a fragmented
record is composed of). This is always 1.0 for fixed-format tables. This
value should stay as close to 1.0 as possible. If it gets too big, you can
reorganize the table.
See section 5.7.2.10 Table Optimization.
Recordblocks
How many blocks (links) are used. For fixed format, this is the same as the number
of records.
Deleteblocks
How many blocks (links) are deleted.
Recorddata
How many bytes in the data file are used.
Deleted data
How many bytes in the data file are deleted (unused).
Lost space
If a record is updated to a shorter length, some space is lost. This is
the sum of all such losses, in bytes.
Linkdata
When the dynamic table format is used, record fragments are linked with
pointers (4 to 7 bytes each). Linkdata
is the sum of the amount of
storage used by all such pointers.
If a table has been compressed with myisampack
, myisamchk
-d
prints additional information about each table column. See
section 8.2 myisampack
, the MySQL Compressed Read-only Table Generator, for an example of this
information and a description of what it means.
This section describes how to configure the server to use different character sets. It also discusses how to set the server's time zone and enable per-connection time zone support.
By default, MySQL uses the ISO-8859-1 (Latin1) character set with sorting according to Swedish/Finnish rules. These defaults are suitable for the United States and most of western Europe.
All MySQL binary distributions are compiled with
--with-extra-charsets=complex
. This adds code to all
standard programs that enables them to handle latin1
and all multi-byte
character sets within the binary. Other character sets will be
loaded from a character-set definition file when needed.
The character set determines what characters are allowed in names. It also
determines how strings are sorted by the ORDER BY
and GROUP
BY
clauses of the SELECT
statement.
You can change the character set with the --default-character-set
option when you start the server. The character sets available depend
on the --with-charset=charset
and --with-extra-charsets=
list-of-charsets | complex | all | none
options to configure
, and the
character set configuration files listed in
`SHAREDIR/charsets/Index'.
See section 2.8.2 Typical configure
Options.
As of MySQL 4.1.1, you can also change the character set collation with the
--default-collation
option when you start the server. The collation
must be a legal collation for the default character set. (Use the
SHOW COLLATION
statement to determine which collations are available
for each character set.)
See section 2.8.2 Typical configure
Options.
If you change the character set when running MySQL, that may also
change the sort order. Consequently, you must run myisamchk -r -q
--set-character-set=charset
on all tables, or your indexes may not be
ordered correctly.
When a client connects to a MySQL server, the server indicates to the client what the server's default character set is. The client will switch to use this character set for this connection.
You should use mysql_real_escape_string()
when escaping strings
for an SQL query. mysql_real_escape_string()
is identical to the
old mysql_escape_string()
function, except that it takes the MYSQL
connection handle as the first parameter so that the appropriate character set
can be taken into account when escaping characters.
If the client is compiled with different paths than where the server is installed and the user who configured MySQL didn't include all character sets in the MySQL binary, you must tell the client where it can find the additional character sets it will need if the server runs with a different character set than the client.
You can do this by specifying a --character-sets-dir
option to
indicate the path to the directory in which the dynamic MySQL character
sets are stored. For example, you can put the following in an option file:
[client] character-sets-dir=/usr/local/mysql/share/mysql/charsets
You can force the client to use specific character set as follows:
[client] default-character-set=charset
This is normally unnecessary, however.
In MySQL 4.0, to get German sorting order, you should start mysqld
with a --default-character-set=latin1_de
option. This affects server
behavior in several ways:
ä -> ae ö -> oe ü -> ue ß -> ss
LIKE
, the one-character to two-character mapping
is not done. All letters are converted to uppercase. Accents are removed
from all letters except Ü
, ü
, Ö
, ö
,
Ä
, and ä
.
In MySQL 4.1 and up, character set and collation are specified separately.
You should select the latin1
character set and either the
latin1_german1_ci
or latin1_german2_ci
collation. For
example, to start the server with the latin1_german1_ci
collation,
use the --character-set-server=latin1
and
--collation-server=latin1_german1_ci
options.
For information on the differences between these two collations, see section 10.11.2 West European Character Sets.
By default, mysqld
produces error messages in English, but they can
also be displayed in any of these other languages:
Czech, Danish, Dutch, Estonian, French, German, Greek,
Hungarian, Italian, Japanese, Korean, Norwegian, Norwegian-ny, Polish,
Portuguese, Romanian, Russian, Slovak, Spanish, or Swedish.
To start mysqld
with a particular language for error messages, use the
--language
or -L
option. The option value can be a language name
or the full path to the error message file.
For example:
shell> mysqld --language=swedish
Or:
shell> mysqld --language=/usr/local/share/swedish
The language name should be specified in lowercase.
The language files are located (by default) in the `share/LANGUAGE' directory under the MySQL base directory.
To change the error message file, you should edit the `errmsg.txt' file, and then execute the following command to generate the `errmsg.sys' file:
shell> comp_err errmsg.txt errmsg.sys
If you upgrade to a newer version of MySQL, remember to repeat your changes with the new `errmsg.txt' file.
This section discusses the procedure for adding add another character set to MySQL. You must have a MySQL source distribution to use these instructions.
To choose the proper procedure, decide whether the character set is simple or complex:
For example, latin1
and danish
are simple character sets,
whereas big5
and czech
are complex character sets.
In the following procedures, the name of your character set is represented by MYSET.
For a simple character set, do the following:
ctype
array takes up the first 257 words. The
to_lower[]
, to_upper[]
and sort_order[]
arrays take up
256 words each after that.
CHARSETS_AVAILABLE
and
COMPILED_CHARSETS
lists in configure.in
.
For a complex character set, do the following:
ctype_MYSET
,
to_lower_MYSET
, and so on. These correspond to the arrays
for a simple character set. See section 5.8.4 The Character Definition Arrays.
/* * This comment is parsed by configure to create ctype.c, * so don't change it unless you know what you are doing. * * .configure. number_MYSET=MYNUMBER * .configure. strxfrm_multiply_MYSET=N * .configure. mbmaxlen_MYSET=N */The
configure
program uses this comment to include
the character set into the MySQL library automatically.
The strxfrm_multiply
and mbmaxlen
lines are explained in
the following sections. You need include them only if you need the string
collating functions or the multi-byte character set functions,
respectively.
my_strncoll_MYSET()
my_strcoll_MYSET()
my_strxfrm_MYSET()
my_like_range_MYSET()
CHARSETS_AVAILABLE
and
COMPILED_CHARSETS
lists in configure.in
.
The `sql/share/charsets/README' file includes additional instructions.
If you want to have the character set included in the MySQL
distribution, mail a patch to the MySQL internals
mailing list.
See section 1.4.1.1 The MySQL Mailing Lists.
to_lower[]
and to_upper[]
are simple arrays that hold the
lowercase and uppercase characters corresponding to each member of the
character set. For example:
to_lower['A'] should contain 'a' to_upper['a'] should contain 'A'
sort_order[]
is a map indicating how characters should be ordered for
comparison and sorting purposes. Quite often (but not for all character sets)
this is the same as to_upper[]
, which means that sorting will be
case-insensitive. MySQL will sort characters based on the values of
sort_order[]
elements. For more complicated sorting rules, see
the discussion of string collating in section 5.8.5 String Collating Support.
ctype[]
is an array of bit values, with one element for one character.
(Note that to_lower[]
, to_upper[]
, and sort_order[]
are indexed by character value, but ctype[]
is indexed by character
value + 1. This is an old legacy convention to be able to handle EOF
.)
You can find the following bitmask definitions in `m_ctype.h':
#define _U 01 /* Uppercase */ #define _L 02 /* Lowercase */ #define _N 04 /* Numeral (digit) */ #define _S 010 /* Spacing character */ #define _P 020 /* Punctuation */ #define _C 040 /* Control character */ #define _B 0100 /* Blank */ #define _X 0200 /* heXadecimal digit */
The ctype[]
entry for each character should be the union of the
applicable bitmask values that describe the character. For example,
'A'
is an uppercase character (_U
) as well as a
hexadecimal digit (_X
), so ctype['A'+1]
should contain the
value:
_U + _X = 01 + 0200 = 0201
If the sorting rules for your language are too complex to be handled
with the simple sort_order[]
table, you need to use the string
collating functions.
Right now the best documentation for this is the character sets that are
already implemented. Look at the big5
, czech
, gbk
,
sjis
, and tis160
character sets for examples.
You must specify the strxfrm_multiply_MYSET=N
value in the
special comment at the top of the file. N should be set to
the maximum ratio the strings may grow during my_strxfrm_MYSET
(it
must be a positive integer).
If you want to add support for a new character set that includes multi-byte characters, you need to use the multi-byte character functions.
Right now the best documentation on this consists of the character sets that are
already implemented. Look at the euc_kr
, gb2312
,
gbk
, sjis
, and ujis
character sets for
examples. These are implemented in the `ctype-charset.c' files
in the `strings' directory.
You must specify the mbmaxlen_MYSET=N
value in the special
comment at the top of the source file. N should be set to the
size in bytes of the largest character in the set.
If you try to use a character set that is not compiled into your binary, you might run into the following problems:
--character-sets-dir
option when you run the program in question.
ERROR 1105: File '/usr/local/share/mysql/charsets/?.conf' not found (Errcode: 2)In this case, you should either get a new
Index
file or manually add
the name of any missing character sets to the current file.
For MyISAM
tables, you can check the character set name and number for a
table with myisamchk -dvv tbl_name
.
Before MySQL 4.1.3, you can set the time zone for the server with the
--timezone=timezone_name
option to mysqld_safe
. You can
also set it by setting the TZ
environment variable before you
start mysqld
.
The allowable values for --timezone
or TZ
are
system-dependent. Consult your operating system documentation to see
what values are acceptable.
Beginning with MySQL 4.1.3, the server maintains several time zone settings:
system_time_zone
system variable.
time_zone
system variable
indicates the time zone the server currently is operating in. The initial
value is 'SYSTEM'
, which indicates that the server time zone is the
same as the system time zone. The initial value can be specified explicitly
with the --default-time-zone=timezone
option. If you have the
SUPER
privilege, you can set the global value at runtime with this
statement:
mysql> SET GLOBAL time_zone = timezone;
time_zone
variable. Initially
this is the same as the global time_zone
variable, but can be
reset with this statement:
mysql> SET time_zone = timezone;
The current values of the global and per-connection time zones can be retrieved like this:
mysql> SELECT @@global.time_zone, @@session.time_zone;
timezone values can be given as strings indicating an offset
from UTC, such as '+10:00'
or '-6:00'
. If the time zone-related
tables in the mysql
database have been created and populated, you
can also used named time zones, such as 'Europe/Helsinki'
,
'US/Eastern'
, or 'MET'
. The value 'SYSTEM'
indicates
that the time zone should be the same as the system time zone. Time zone
names are not case sensitive.
The MySQL installation procedure creates the time zone tables in the
mysql
database, but does not load them. You must do so manually.
(If you are upgrading to MySQL 4.1.3 or later from an earlier version, you
should create the tables by upgrading your mysql
database. Use the
instructions in section 2.10.7 Upgrading the Grant Tables.)
If your system has its own zoneinfo database (the set of files describing
time zones), you should use the mysql_tzinfo_to_sql
program for
filling the time zone tables. Examples of such systems are Linux, FreeBSD,
Sun Solaris, and Mac OS X. One likely location for these files is the
`/usr/share/zoneinfo' directory. If your system does not have a
zoneinfo database, you can use the downloadable package described later in
this section.
The mysql_tzinfo_to_sql
program is used to load the time zone
tables. On the command line, pass the zoneinfo directory pathname to
mysql_tzinfo_to_sql
and send the output into the mysql
program. For example:
shell> mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
mysql_tzinfo_to_sql
reads your system's time zone files and
generates SQL statements from them. mysql
processes those
statements to load the time zone tables.
mysql_tzinfo_to_sql
also can be used to load a single time zone
file, and to generate leap second information.
To load a single time zone file tz_file that corresponds to a
time zone name tz_name, invoke mysql_tzinfo_to_sql
like this:
shell> mysql_tzinfo_to_sql tz_file tz_name | mysql -u root mysql
If your time zone needs to account for leap seconds, initialize the leap second information like this, where tz_file is the name of your time zone file:
shell> mysql_tzinfo_to_sql --leap tz_file | mysql -u root mysql
If your system doesn't have a zoneinfo database (for example, Windows or
HP-UX), you can use the package of pre-built time zone tables that is
available for download at
http://dev.mysql.com/downloads/timezones.html. This package contains
`.frm', `.MYD', and `.MYI' files for the MyISAM
time
zone tables. These tables should belong to the mysql
database, so
you should place the files in the `mysql' subdirectory of your MySQL
server's data directory. The server should be shut down while you do this.
Warning! Please don't use the downloadable package if your system
has a zoneinfo database. Use the mysql_tzinfo_to_sql
utility
instead! Otherwise, you may cause a difference in datetime handling between
MySQL and other applications on your system.
MySQL has several different log files that can help you find
out what's going on inside mysqld
:
Log File | Types of Information Logged to File |
The error log | Logs problems encountered starting, running, or
stopping mysqld .
|
The isam log | Logs all changes to the ISAM tables. Used only for debugging the isam code.
|
The query log | Logs established client connections and executed statements. |
The update log | Logs statements that change data. This log is deprecated. |
The binary log | Logs all statements that change data. Also used for replication. |
The slow log | Logs all queries that took more than long_query_time seconds to execute or didn't use indexes.
|
By default, all logs are created in the mysqld
data directory. You can
force mysqld
to close and reopen the log files (or in some cases
switch to a new log) by flushing the logs. Log flushing occurs when you
issue a FLUSH LOGS
statement or execute mysqladmin flush-logs
or
mysqladmin refresh
.
See section 13.5.5.2 FLUSH
Syntax.
If you are using MySQL replication capabilities, slave replication servers maintain additional log files called relay logs. These are discussed in section 6 Replication in MySQL.
The error log file contains information indicating when mysqld
was started and stopped and also any critical errors that occur while the
server is running.
If mysqld
dies unexpectedly and mysqld_safe
needs to
restart it, mysqld_safe
will write a restarted
mysqld
message to the error log. If
mysqld
notices a table that needs to be automatically checked or
repaired, it writes a message to the error log.
On some operating systems, the error log will contain a stack trace if
mysqld
dies. The trace can be used to determine where
mysqld
died. See section E.1.4 Using a Stack Trace.
Beginning with MySQL 4.0.10, you can specify where mysqld
stores the
error log file with the --log-error[=file_name]
option. If no
file_name value is given, mysqld
uses the name
`host_name.err' and writes the file in the data directory.
(Prior to MySQL 4.0.10, the Windows error log name is `mysql.err'.)
If you execute FLUSH LOGS
, the error log is renamed with a suffix
of -old
and mysqld
creates a new empty log file.
In older MySQL versions on Unix, error log handling was done by
mysqld_safe
which redirected the error file to
host_name.err
. You could change this filename by specifying a
--err-log=file_name
option to mysqld_safe
.
If you don't specify --log-error
, or (on Windows) if you use the
--console
option, errors are written to stderr, the standard error
output. Usually this is your terminal.
On Windows, error output is always written to the .err
file if
--console
is not given.
If you want to know what happens within mysqld
, you should start
it with the --log[=file_name]
or -l [file_name]
option.
If no file_name value is given, the default name is
`host_name.log'
This will log all connections and statements to the log file.
This log can be very useful when you suspect an error in a client and want
to know exactly what the client sent to mysqld
.
Older versions of the mysql.server
script (from MySQL 3.23.4 to 3.23.8)
pass a --log
option to safe_mysqld
to enable the general query log.
If you need better performance when you start using MySQL in a production
environment, you can remove the --log
option from mysql.server
or change it to --log-bin
. See section 5.9.4 The Binary Log.
mysqld
writes statements to the query log in the order that it
receives them. This may be different from the order in which they are
executed. This is in contrast to the update log and the binary log, which
are written after the query is executed, but before any locks are released.
(The query log also contains all statements, whereas the update and binary
logs do not contain statements that only select data.)
Server restarts and log flushing do not cause a new general query log file to be generated (although flushing closes and reopens it). On Unix, you can rename the file and create a new one by using the following commands:
shell> mv hostname.log hostname-old.log shell> mysqladmin flush-logs shell> cp hostname-old.log to-backup-directory shell> rm hostname-old.log
On Windows, you cannot rename the log file while the server has it open. You must stop the server and rename the log. Then restart the server to create a new log.
Note: The update log has been deprecated and replaced by the binary log. See section 5.9.4 The Binary Log. The binary log can do anything the old update log could do, and more. The update log is unavailable as of MySQL 5.0.0.
When started with the --log-update[=file_name]
option,
mysqld
writes a log file containing all SQL statements that update
data. If no file_name value is given, the default name is name of the host
machine. If a filename is given, but it doesn't contain a leading path, the file
is written in the data directory. If `file_name' doesn't have an
extension, mysqld
creates log files with names of the form
file_name.###, where ### is a number that is incremented each
time you start the server or flush the logs.
Note: For this naming scheme to work, you must not create your own files with the same names as those that might be used for the log file sequence.
Update logging is smart because it logs only statements that really update
data. So, an UPDATE
or a DELETE
with a WHERE
that finds no
rows is not written to the log. It even skips UPDATE
statements that
set a column to the value it already has.
The update logging is done immediately after a query completes but before any locks are released or any commit is done. This ensures that statements are logged in execution order.
If you want to update a database from update log files, you could do the following (assuming that your update logs have names of the form `file_name.###'):
shell> ls -1 -t -r file_name.[0-9]* | xargs cat | mysql
ls
is used to sort the update log filenames into the right order.
This can be useful if you have to revert to backup files after a crash and you want to redo the updates that occurred between the time of the backup and the crash.
The binary log has replaced the old update log, which is unavailable starting from MySQL 5.0. The binary log contains all information that is available in the update log in a more efficient format and in a manner that is transactionally safe.
The binary log contains all statements which updated data or (starting from
MySQL 4.1.3) could potentially have updated it (for example, a DELETE
which matched no rows).
The binary log also contains information about how long each statement took that updated the database. It doesn't contain statements that don't modify any data. If you want to log all statements (for example, to identify a problem query) you should use the general query log. See section 5.9.2 The General Query Log.
The primary purpose of the binary log is to be able to update the database during a restore operation as fully as possible, because the binary log will contain all updates done after a backup was made.
The binary log is also used on master replication servers as a record of the statements to be sent to slave servers. See section 6 Replication in MySQL.
Running the server with the binary log enabled makes performance about 1% slower. However, the benefits of the binary log for restore operations and in allowing you to set up replication generally outweigh this minor performance decrement.
When started with the --log-bin[=file_name]
option, mysqld
writes a log file containing all SQL commands that update data. If no
file_name value is given, the default name is the name of the host machine followed
by -bin
. If file name is given, but it doesn't contain a path, the
file is written in the data directory.
If you supply an extension in the log name (for example,
--log-bin=file_name.extension
), the
extension is silently removed and ignored.
mysqld
appends a numeric extension to the binary log name. The number
is incremented each time you start the server or flush the logs.
A new binary log also is created
automatically when the current log's size reaches
max_binlog_size
. A binary log may become larger than
max_binlog_size
if you are using large transactions: A transaction is
written to the binary log in one piece, never split between binary logs.
To be able to know which different binary log files have been used,
mysqld
also creates a binary log index file that
contains the name of all used binary log files. By default this has the
same name as the binary log file, with the extension '.index'
.
You can change the name of the binary log index file with the
--log-bin-index[=file_name]
option.
You should not manually edit this file while mysqld
is running;
doing so would confuse mysqld
.
You can delete all binary log files with the RESET MASTER
statement,
or only some of them with PURGE MASTER LOGS
.
See section 13.5.5.5 RESET
Syntax and section 13.6.1 SQL Statements for Controlling Master Servers.
The binary log format has some known limitations which can affect recovery from
backups, especially in old versions. These caveats which also affect
replication are listed at section 6.7 Replication Features and Known Problems. One caveat which does not
affect replication but only recovery with mysqlbinlog
: before MySQL 4.1,
mysqlbinlog
could not prepare output suitable for mysql
if
the binary log contained interlaced statements originating from different
clients that used temporary tables of the same name. This is fixed in MySQL
4.1. However, the problem still existed for LOAD DATA INFILE
statements
until it was fixed in MySQL 4.1.8.
You can use the following options to mysqld
to affect what is logged
to the binary log. See also the discussion that follows this option list.
--binlog-do-db=db_name
USE
) is db_name. All
other databases that are not explicitly mentioned are ignored. If you use
this, you should ensure that you only do updates in the current database.
Observe that there is an exception to the CREATE/ALTER/DROP
DATABASE
statements, which use the database manipulated to decide if
it should log the statement rather than the current database.
An example of what does not work as you might expect: If the server is
started with binlog-do-db=sales
, and you do
USE prices; UPDATE sales.january SET amount=amount+1000;
,
this statement will not be written into the binary log.
--binlog-ignore-db=db_name
USE
) is
db_name should not be stored in the binary log. If
you use this, you should ensure that you only do updates in the current
database.
An example of what does not work as you might expect: If the server is
started with binlog-ignore-db=sales
, and you do
USE prices; UPDATE sales.january SET amount=amount+1000;
,
this statement will be written into the binary log.
Similar to the case for --binlog-do-db
, there is an exception
to the CREATE/ALTER/DROP DATABASE
statements, which use the
database manipulated to decide if it should log the statement rather
than the current database.
To log or ignore multiple databases, specify the appropriate option multiple times, once for each database.
The rules for logging or ignoring updates to the binary log are
evaluated according to the following rules. Observe that there is an
exception for CREATE/ALTER/DROP DATABASE
statements. In those
cases, the database being created/altered/dropped replace the
current database in the rules below.
binlog-do-db
or binlog-ignore-db
rules?
binlog-do-db
or
binlog-ignore-db
or both). Is there a current database (has any
database been selected by USE
?)?
binlog-do-db
rules?
binlog-do-db
rules?
binlog-ignore-db
rules.
Does the current database match any of the binlog-ignore-db
rules?
For example, a slave running with only binlog-do-db=sales
will not write to the binary log any statement whose current database is
different from sales
(in other words, binlog-do-db
can
sometimes mean ``ignore other databases'').
If you are using replication, you should not delete old binary log
files until you are sure that no slave still needs to use them.
One way to do this is to do mysqladmin flush-logs
once a day and then
remove any logs that are more than three days old. You can remove them
manually, or preferably using PURGE MASTER LOGS
(see section 13.6.1 SQL Statements for Controlling Master Servers), which will also safely update the binary
log index file for you (and which can take a date argument since
MySQL 4.1)
A client with the SUPER
privilege can disable binary
logging of its own statements by using a SET
SQL_LOG_BIN=0
statement. See section 13.5.3 SET
Syntax.
You can examine the binary log file with the mysqlbinlog
utility.
This can be useful when you want to reprocess statements in the log.
For example, you can update a MySQL server from the binary log
as follows:
shell> mysqlbinlog log-file | mysql -h server_name
See section 8.5 The mysqlbinlog
Binary Log Utility for more information on the
mysqlbinlog
utility and how to use it.
If you are using transactions, you must use the MySQL binary log for backups instead of the old update log.
The binary logging is done immediately after a query completes but before any locks are released or any commit is done. This ensures that the log will be logged in the execution order.
Updates to non-transactional tables are stored in the binary log
immediately after execution. For transactional tables such as BDB
or InnoDB
tables, all updates (UPDATE
, DELETE
,
or INSERT
) that change tables are cached until a COMMIT
statement is received by the server. At that point, mysqld
writes the
whole transaction to the binary log before the COMMIT
is executed.
When the thread that handles the transaction starts, it allocates a buffer
of binlog_cache_size
to buffer queries. If a statement is bigger
than this, the thread opens a temporary file to store the transaction. The
temporary file is deleted when the thread ends.
The Binlog_cache_use
status variable shows the number of transactions
that used this buffer (and possibly a temporary file) for storing statements.
The Binlog_cache_disk_use
status variable shows how many of those
transactions actually did have to use a temporary file. These two variables
can be used for tuning binlog_cache_size
to a large enough value that
avoids the use of temporary files.
The max_binlog_cache_size
(default 4GB) can be used to restrict the
total size used to cache a multiple-statement transaction. If a transaction
is larger than this, it will fail and roll back.
If you are using the update log or binary log, concurrent inserts will
be converted to normal inserts when using CREATE ... SELECT
or
INSERT ... SELECT
.
This is to ensure that you can re-create an exact copy of your tables by
applying the log on a backup.
The binary log format is different in versions 3.23, 4.0, and 5.0.0. Those format changes were required to implement enhancements to replication. MySQL 4.1 has the same binary log format as 4.0. See section 6.5 Replication Compatibility Between MySQL Versions.
By default, the binary log is not synchronized to disk at each write. So
if the operating system or machine (not only the MySQL server) crashes
there is a chance that the last statements of the binary log are lost. To
prevent this, you can make the binary log be synchronized to disk after
every Nth binary log write, with the sync_binlog
global variable
(1 being the safest value, but also the slowest). See section 5.2.3 Server System Variables. Even with this set to 1, there is still the chance of an
inconsistency between the tables content and the binary log content in
case of crash. For example, if using InnoDB
tables, and the MySQL
server processes a COMMIT
statement, it writes the whole transaction
to the binary log and then commits this transaction into InnoDB
. If
it crashes between those two operations, at restart the transaction will be
rolled back by InnoDB but still exist in the binary log. This problem can be
solved with the --innodb-safe-binlog
option (available starting from
MySQL 4.1.3), which adds consistency between the content of InnoDB
tables and the binary log. For this option to really bring safety to you,
the MySQL server should also be configured to synchronize to disk, at every
transaction, the binary log (sync_binlog=1
) and (which is true by
default) the InnoDB
logs. The effect of this option is that at restart
after a crash,
after doing a rollback of transactions, the MySQL server will cut rolled
back InnoDB
transactions from the binary log. This ensures that the
binary log reflects the exact data of InnoDB
tables, and so, that
the slave remains in sync with the master (not receiving a statement which
has been rolled back). Note that --innodb-safe-binlog
can be used
even if the MySQL server updates other storage engines than InnoDB. Only
statements/transactions affecting InnoDB
tables are subject to
being removed from the binary log at InnoDB
's crash recovery. If at
crash recovery the MySQL server discovers that the binary log is shorter
than it should have been (that is, it lacks at least one successfully committed
InnoDB
transaction), which should not happen if sync_binlog=1
and the disk/filesystem do an actual sync when they are requested to (some
don't), it will print an error message ("The binary log <name> is shorter
than its expected size"). In this case, this binary log is not correct,
replication should be restarted from a fresh master's data snapshot.
Before MySQL 4.1.9, a write to a binary log file or binary log index file
that failed due to a full disk or an exceeded quota resulted in corruption
of the file. Starting from MySQL 4.1.9, writes to the binary log file and
binary log index file are handled the same way as writes to MyISAM
tables.
See section A.4.3 How MySQL Handles a Full Disk.
When started with the --log-slow-queries[=file_name]
option,
mysqld
writes a log file containing all SQL statements that took
more than long_query_time
seconds to execute. The time to acquire
the initial table locks are not counted as execution time.
If no file_name value is given, the default is the name of the
host machine with a suffix of -slow.log
. If a filename is given,
but doesn't contain a path, the file is written in the data directory.
A statement is logged to the slow query log after it has been executed and after all locks have been released. Log order may be different from execution order.
The slow query log can be used to find queries that take a long time to
execute and are therefore candidates for optimization. However, examining a long
slow query log can become a difficult task. To make this easier, you
can pipe the slow query log through the mysqldumpslow
command to
get a summary of the queries that appear in the log.
If you also use the --log-long-format
when logging slow queries,
then queries that are not using indexes are logged as well. See section 5.2.1 mysqld
Command-Line Options.
The MySQL Server can create a number of different log files that make it easy to see what is going on. See section 5.9 The MySQL Log Files. However, you must clean up these files regularly to ensure that the logs don't take up too much disk space.
When using MySQL with logging enabled, you will want to back up and remove old log files from time to time and tell MySQL to start logging to new files. See section 5.7.1 Database Backups.
On a Linux (Red Hat) installation, you can use the
mysql-log-rotate
script for this. If you installed MySQL
from an RPM distribution, the script should have been installed
automatically. You should be careful with this script if you are
using the binary log for replication! (You should not remove binary logs until
you are certain that their contents have been processed by all slaves.)
On other systems, you must install a short script yourself that you
start from cron
to handle log files.
You can force MySQL to start using new log files by using
mysqladmin flush-logs
or by using the SQL statement FLUSH LOGS
.
If you are using MySQL 3.21, you must use mysqladmin refresh
.
A log flushing operation does the following:
--log
) or slow query logging
(--log-slow-queries
) is used, closes and reopens the log file
(`mysql.log' and ``hostname`-slow.log' as default).
--log-update
) or binary logging (--log-bin
)
is used, closes the log and opens a new log file with a higher sequence number.
If you are using only an update log, you only have to rename the log file and then flush the logs before making a backup. For example, you can do something like this:
shell> cd mysql-data-directory shell> mv mysql.log mysql.old shell> mysqladmin flush-logs
Then make a backup and remove `mysql.old'.
In some cases, you might want to run multiple mysqld
servers
on the same machine. You might want to test a new
MySQL release while leaving your existing production setup undisturbed.
Or you may want to give different users access to different mysqld
servers that they manage themselves. (For example, you might be an
Internet Service Provider that wants to provide independent MySQL
installations for different customers.)
To run multiple servers on a single machine, each server must have unique values for several operating parameters. These can be set on the command line or in option files. See section 4.3 Specifying Program Options.
At least the following options must be different for each server:
--port=port_num
--port
controls the port number for TCP/IP connections.
--socket=path
--socket
controls the Unix socket file path on Unix and the name of the
named pipe on Windows. On Windows, it's necessary to specify distinct pipe names
only for those servers that support named pipe connections.
--shared-memory-base-name=name
--pid-file=path
If you use the following log file options, they must be different for each server:
--log=path
--log-bin=path
--log-update=path
--log-error=path
--log-isam=path
--bdb-logdir=path
Log file options are described in section 5.9.6 Log File Maintenance.
If you want more performance, you can also specify the following options differently for each server, to spread the load between several physical disks:
--tmpdir=path
--bdb-tmpdir=path
Having different temporary directories is also recommended, to make it easier to determine which MySQL server created any given temporary file.
Generally, each server should also use a different data directory, which is
specified using the --datadir=path
option.
Warning: Normally you should never have two servers that
update data in the same databases! This may lead to unpleasant
surprises if your operating system doesn't support fault-free system
locking!
If (despite this warning) you run multiple servers using
the same data directory and they have logging enabled, you must
use the appropriate options to specify log filenames that are
unique to each server. Otherwise, the servers will try to log to
the same files.
Please note that this kind of setup will only work with ISAM
,
MyISAM
and MERGE
tables, and not with any of the other
storage engines.
The warning against sharing a data directory among servers also applies in an NFS environment. Allowing multiple MySQL servers to access a common data directory over NFS is a bad idea!
lockd
daemon, but at the moment there is no platform that will perform
locking 100% reliably in every situation.
Make it easy for yourself: Forget about sharing a data directory among servers over NFS. A better solution is to have one computer that contains several CPUs and use an operating system that handles threads efficiently.
If you have multiple MySQL installations in different locations, normally
you can specify the base installation directory for each server with the
--basedir=path
option to cause each server to use a different data
directory, log files, and PID file. (The defaults for all these values are
determined relative to the base directory). In that case, the only other
options you need to specify are the --socket
and --port
options. For example, suppose that you install different versions of MySQL using
`tar' file binary distributions. These will install in different
locations, so you can start the server for each installation using the
command bin/mysqld_safe
under its corresponding base directory.
mysqld_safe
will determine the proper
--basedir
option to pass to mysqld
, and you need specify
only the --socket
and --port
options to mysqld_safe
.
(For versions of MySQL older than 4.0, use safe_mysqld
rather than mysqld_safe
.)
As discussed in the following sections, it is possible to start additional servers by setting environment variables or by specifying appropriate command-line options. However, if you need to run multiple servers on a more permanent basis, it will be more convenient to use option files to specify for each server those option values that must be unique to it.
You can run multiple servers on Windows by starting them manually from the command line, each with appropriate operating parameters. On Windows NT-based systems, you also have the option of installing several servers as Windows services and running them that way. General instructions for running MySQL servers from the command line or as services are given in section 2.3 Installing MySQL on Windows. This section describes how to make sure that you start each server with different values for those startup options that must be unique per server, such as the data directory. These options are described in section 5.10 Running Multiple MySQL Servers on the Same Machine.
To start multiple servers manually from the command line, you can specify the appropriate options on
the command line or in an option file. It's more convenient to place the
options in an option file, but it's necessary to make sure that each server
gets its own set of options. To do this, create an option file for each
server and tell the server the filename with a --defaults-file
option
when you run it.
Suppose that you want to run mysqld
on port 3307 with a
data directory of `C:\mydata1', and mysqld-max
on port 3308 with a
data directory of `C:\mydata2'. (To do this, make sure that before you
start the servers, each data directory exists and has its own copy of the
mysql
database that contains the grant tables.)
Then create two option files. For example, create one file named `C:\my-opts1.cnf' that looks like this:
[mysqld] datadir = C:/mydata1 port = 3307
Create a second file named `C:\my-opts2.cnf' that looks like this:
[mysqld] datadir = C:/mydata2 port = 3308
Then start each server with its own option file:
C:\> C:\mysql\bin\mysqld --defaults-file=C:\my-opts1.cnf C:\> C:\mysql\bin\mysqld-max --defaults-file=C:\my-opts2.cnf
On NT, each server will start in the foreground (no new prompt appears until the server exits later); you'll need to issue those two commands in separate console windows.
To shut down the servers, you must connect to the appropriate port number:
C:\> C:\mysql\bin\mysqladmin --port=3307 shutdown C:\> C:\mysql\bin\mysqladmin --port=3308 shutdown
Servers configured as just described will allow clients to connect over
TCP/IP. If your version of Windows supports named pipes and you also want
to allow named pipe connections, use the mysqld-nt
or
mysqld-max-nt
servers and specify options that enable the named pipe
and specify its name. Each server that supports named pipe connections must
use a unique pipe name. For example, the `C:\my-opts1.cnf' file might
be written like this:
[mysqld] datadir = C:/mydata1 port = 3307 enable-named-pipe socket = mypipe1
Then start the server this way:
C:\> C:\mysql\bin\mysqld-nt --defaults-file=C:\my-opts1.cnf
Modify `C:\my-opts2.cnf' similarly for use by the second server.
On NT-based systems, a MySQL server can be run as a Windows service. The procedures for installing, controlling, and removing a single MySQL service are described in section 2.3.12 Starting MySQL as a Windows Service.
As of MySQL 4.0.2, you can install multiple servers as services. In this case, you must make sure that each server uses a different service name in addition to all the other parameters that must be unique per server.
For the following instructions, assume that you want to run the mysqld-nt
server from two different versions of MySQL that are installed at
`C:\mysql-4.0.8' and `C:\mysql-4.0.17', respectively. (This might be
the case if you're running 4.0.8 as your production server, but want to test
4.0.17 before upgrading to it.)
The following principles apply when installing a MySQL service with the
--install
or --install-manual
option:
MySQL
and the server reads options from the [mysqld]
group in
the standard option files.
--install
option, the server ignores the [mysqld]
option
group and instead reads options from the group that has the same name as the
service. The server reads options from the standard option files.
--defaults-file
option after the service name,
the server ignores the standard option files and reads options only from the
[mysqld]
group of the named file.
Note: Before MySQL 4.0.17, only a server installed using the default service
name (MySQL
) or one installed explicitly with a service name of
mysqld
will read the [mysqld]
group in the standard option
files. As of 4.0.17, all servers read the [mysqld]
group if they read
the standard option files, even if they are installed using another service
name. This allows you to use the [mysqld]
group for options that should
be used by all MySQL services, and an option group named after each service
for use by the server installed with that service name.
Based on the preceding information, you have several ways to set up multiple services. The following instructions describe some examples. Before trying any of them, be sure that you shut down and remove any existing MySQL services first.
mysqld-nt
using the service
name of mysqld1
and the 4.0.17 mysqld-nt
using the service name mysqld2
.
In this case, you can use the [mysqld1]
group for 4.0.8 and the
[mysqld2]
group for 4.0.17.
For example, you can set up `C:\my.cnf' like this:
# options for mysqld1 service [mysqld1] basedir = C:/mysql-4.0.8 port = 3307 enable-named-pipe socket = mypipe1 # options for mysqld2 service [mysqld2] basedir = C:/mysql-4.0.17 port = 3308 enable-named-pipe socket = mypipe2Install the services as follows, using the full server pathnames to ensure that Windows registers the correct executable program for each service:
C:\> C:\mysql-4.0.8\bin\mysqld-nt --install mysqld1 C:\> C:\mysql-4.0.17\bin\mysqld-nt --install mysqld2To start the services, use the services manager, or use
NET START
with the appropriate service names:
C:\> NET START mysqld1 C:\> NET START mysqld2To stop the services, use the services manager, or use
NET STOP
with the appropriate service names:
C:\> NET STOP mysqld1 C:\> NET STOP mysqld2
--defaults-file
when you install the services to tell each server
what file to use. In this case, each file should list options using a
[mysqld]
group.
With this approach, to specify options for the 4.0.8 mysqld-nt
,
create a file `C:\my-opts1.cnf' that looks like this:
[mysqld] basedir = C:/mysql-4.0.8 port = 3307 enable-named-pipe socket = mypipe1For the 4.0.17
mysqld-nt
, create a file
`C:\my-opts2.cnf' that looks like this:
[mysqld] basedir = C:/mysql-4.0.17 port = 3308 enable-named-pipe socket = mypipe2Install the services as follows (enter each command on a single line):
C:\> C:\mysql-4.0.8\bin\mysqld-nt --install mysqld1 --defaults-file=C:\my-opts1.cnf C:\> C:\mysql-4.0.17\bin\mysqld-nt --install mysqld2 --defaults-file=C:\my-opts2.cnfTo use a
--defaults-file
option when you install a MySQL server as a
service, you must precede the option with the service name.
After installing the services, start and stop them the same way as in the
preceding example.
To remove multiple services, use mysqld --remove
for each one,
specifying a service name following the --remove
option. If the
service name is the default (MySQL
), you can omit it.
The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Also, by compiling in different base directories for each installation, that automatically results in different compiled-in data directory, log file, and PID file locations for each of your servers.
Assume that an existing server is configured for the default TCP/IP port
number (3306) and Unix socket file (`/tmp/mysql.sock'). To configure a
new server to have different operating parameters, use a configure
command something like this:
shell> ./configure --with-tcp-port=port_number \ --with-unix-socket-path=file_name \ --prefix=/usr/local/mysql-4.0.17
Here, port_number and file_name must be different from the
default TCP/IP port number and Unix socket file pathname, and the
--prefix
value should specify an installation directory different
than the one under which the existing MySQL installation is located.
If you have a MySQL server listening on a given port number, you can use the following command to find out what operating parameters it is using for several important configurable variables, including the base directory and Unix socket filename:
shell> mysqladmin --host=host_name --port=port_number variables
With the information displayed by that command, you can tell what option values not to use when configuring an additional server.
Note that if you specify localhost
as a hostname, mysqladmin
will default to using a Unix socket file connection rather than TCP/IP.
In MySQL 4.1, you can explicitly specify the connection protocol to use by
using the --protocol={TCP | SOCKET | PIPE | MEMORY}
option.
You don't have to compile a new MySQL server just to start with a different Unix socket file and TCP/IP port number. It is also possible to specify those values at runtime. One way to do so is by using command-line options:
shell> mysqld_safe --socket=file_name --port=port_number
To start a second server, provide different --socket
and
--port
option values, and pass a --datadir=path
option to
mysqld_safe
so that the server uses a different data directory.
Another way to achieve a similar effect is to use environment variables to set the Unix socket filename and TCP/IP port number:
shell> MYSQL_UNIX_PORT=/tmp/mysqld-new.sock shell> MYSQL_TCP_PORT=3307 shell> export MYSQL_UNIX_PORT MYSQL_TCP_PORT shell> mysql_install_db --user=mysql shell> mysqld_safe --datadir=/path/to/datadir &
This is a quick way of starting a second server to use for testing. The nice thing about this method is that the environment variable settings will apply to any client programs that you invoke from the same shell. Thus, connections for those clients automatically will be directed to the second server!
section F Environment Variables includes a list of other environment
variables you can use to affect mysqld
.
For automatic server execution, your startup script that is executed at boot time should execute the following command once for each server with an appropriate option file path for each command:
mysqld_safe --defaults-file=path
Each option file should contain option values specific to a given server.
On Unix,
the mysqld_multi
script is another way to start multiple servers.
See section 5.1.5 The mysqld_multi
Program for Managing Multiple MySQL Servers.
When you want to connect with a client program to a MySQL server that is listening to different network interfaces than those compiled into your client, you can use one of the following methods:
--host=host_name --port=port_number
to connect
via TCP/IP to a remote server, with --host=127.0.0.1
--port=port_number
to connect via TCP/IP to a local server, or with
--host=localhost --socket=file_name
to connect to a local server via
a Unix socket file or a Windows named pipe.
--protocol=tcp
to connect
via TCP/IP, --protocol=socket
to connect via a Unix socket file,
--protocol=pipe
to connect via a named pipe, or
--protocol=memory
to connect via shared memory. For TCP/IP
connections, you may also need to specify --host
and --port
options. For the other types of connections, you may need to specify
a --socket
option to specify a Unix socket file or named pipe name, or a
--shared-memory-base-name
option to specify the shared memory name.
Shared memory connections are supported only on Windows.
MYSQL_UNIX_PORT
and MYSQL_TCP_PORT
environment variables to point to the Unix socket file and TCP/IP port
number before you start your clients. If you normally use a specific socket
file or port number, you can place commands to set these environment
variables in your `.login' file so that they apply each time you log
in.
See section F Environment Variables.
[client]
group of an option file. For example, you can use
`C:\my.cnf' on Windows, or the `.my.cnf' file in your home
directory on Unix.
See section 4.3.2 Using Option Files.
mysql_real_connect()
call. You can also have the program read
option files by calling mysql_options()
.
See section 21.2.3 C API Function Descriptions.
DBD::mysql
module, you can read options
from MySQL option files. For example:
$dsn = "DBI:mysql:test;mysql_read_default_group=client;" . "mysql_read_default_file=/usr/local/mysql/data/my.cnf"; $dbh = DBI->connect($dsn, $user, $password);See section 21.4 MySQL Perl API. Other programming interfaces may provide similar capabilities for reading option files.
From version 4.0.1 on, MySQL Server features a query cache.
When in use, the query cache stores the text of a SELECT
query
together with the corresponding result that was sent to the client.
If the identical query is received later, the server retrieves
the results from the query cache rather than parsing and executing the
query again.
The query cache is extremely useful in an environment where (some) tables don't change very often and you have a lot of identical queries. This is a typical situation for many Web servers that generate a lot of dynamic pages based on database content.
Note: The query cache does not return stale data. When tables are modified, any relevant entries in the query cache are flushed.
Note: The query cache does not work in an environment where you
have many mysqld
servers updating the same MyISAM
tables.
Some performance data for the query cache follow. These results were generated by running the MySQL benchmark suite on a Linux Alpha 2 x 500MHz system with 2GB RAM and a 64MB query cache.
To disable the query cache at server startup, set the
query_cache_size
system variable to 0. By disabling the query cache
code, there is no noticeable overhead. Query cache capabilities can be
excluded from the server entirely by using the --without-query-cache
option to configure
when compiling MySQL.
This section describes how the query cache works when it is operational. section 5.11.3 Query Cache Configuration describes how to control whether or not it is operational.
Queries are compared before parsing, so the following two queries are regarded as different by the query cache:
SELECT * FROM tbl_name Select * from tbl_name
Queries must be exactly the same (byte for byte) to be seen as identical. In addition, query strings that are identical may be treated as different for other reasons. Queries that use different databases, different protocol versions, or different default character sets are considered different queries and are cached separately.
If a query result is returned from query cache, the server increments the
Qcache_hits
status variable, not Com_select
.
See section 5.11.4 Query Cache Status and Maintenance.
If a table changes, then all cached queries that use the table become
invalid and are removed from the cache. This includes queries that use
MERGE
tables that map to the changed table. A table can be changed
by many types of statements, such as INSERT
, UPDATE
,
DELETE
, TRUNCATE
, ALTER TABLE
, DROP TABLE
, or
DROP DATABASE
.
Transactional InnoDB
tables that have been changed are invalidated
when a COMMIT
is performed.
In MySQL 4.0, the query cache is disabled within transactions (it does
not return results). Beginning with MySQL 4.1.1, the query cache also
works within transactions when using InnoDB
tables (it uses the
table version number to detect whether or not its contents are still current).
Before MySQL 5.0, a query that begins with a leading comment might be cached, but could not be fetched from the cache. This problem is fixed in MySQL 5.0.
The query cache works for SELECT SQL_CALC_FOUND_ROWS ...
and
SELECT FOUND_ROWS()
type queries. FOUND_ROWS()
returns
the correct value even if the preceding query was fetched from the cache
because the number of found rows is also stored in the cache.
A query cannot be cached if it contains any of the following functions:
BENCHMARK()
| CONNECTION_ID()
| CURDATE()
|
CURRENT_DATE()
| CURRENT_TIME()
| CURRENT_TIMESTAMP()
|
CURTIME()
| DATABASE()
| ENCRYPT() with one parameter
|
FOUND_ROWS()
| GET_LOCK()
| LAST_INSERT_ID()
|
LOAD_FILE()
| MASTER_POS_WAIT()
| NOW()
|
RAND()
| RELEASE_LOCK()
| SYSDATE()
|
UNIX_TIMESTAMP() with no parameters
| USER()
|
A query also will not be cached under these conditions:
mysql
system database.
SELECT ... IN SHARE MODE SELECT ... INTO OUTFILE ... SELECT ... INTO DUMPFILE ... SELECT * FROM ... WHERE autoincrement_col IS NULLThe last form is not cached because it is used as the ODBC workaround for obtaining the last insert ID value. See section 22.1.14.1 How to Get the Value of an
AUTO_INCREMENT
Column in ODBC.
TEMPORARY
tables.
SELECT
privilege for all the involved databases and
tables. If this is not the case, the cached result is not used.
SELECT
Options
There are two query cache-related options that may be
specified in a SELECT
statement:
SQL_CACHE
query_cache_type
system variable is ON
or DEMAND
.
SQL_NO_CACHE
Examples:
SELECT SQL_CACHE id, name FROM customer; SELECT SQL_NO_CACHE id, name FROM customer;
The have_query_cache
server system variable indicates whether the query
cache is available:
mysql> SHOW VARIABLES LIKE 'have_query_cache'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | have_query_cache | YES | +------------------+-------+
Several other system variables control query cache operation.
These can be set in an option file or on the command line
when starting mysqld
.
The query cache-related system variables all have names that begin with
query_cache_
. They are described briefly in section 5.2.3 Server System Variables, with additional configuration information given here.
To set the size of the query cache, set the query_cache_size
system
variable. Setting it to 0 disables the query cache. The default cache size
is 0; that is, the query cache is disabled.
If the query cache is enabled, the query_cache_type
variable
influences how it works. This variable can be set to the following values:
0
or OFF
prevents caching or retrieval of cached
results.
1
or ON
allows caching except of those statements
that begin with SELECT SQL_NO_CACHE
.
2
or DEMAND
causes caching of only those statements
that begin with SELECT SQL_CACHE
.
Setting the GLOBAL
value of query_cache_type
determines query
cache behavior for all clients that connect after the change is made.
Individual clients can control cache behavior for their own connection by
setting the SESSION
value of query_cache_type
. For example, a
client can disable use of the query cache for its own queries like this:
mysql> SET SESSION query_cache_type = OFF;
To control the maximum size of individual query results that can be cached,
set the query_cache_limit
variable. The default value is 1MB.
The result of a query (the data sent to the client) is stored in the query
cache during result retrieval. Therefore the data usually is not handled in
one big chunk. The query cache allocates blocks for storing this data on
demand, so when one block is filled, a new block is allocated. Because
memory allocation operation is costly (timewise), the query cache allocates
blocks with a minimum size given by the query_cache_min_res_unit
system variable. When a query is executed, the last result block is trimmed
to the actual data size so that unused memory is freed.
Depending on the types of queries your server executes, you might find it
helpful to tune the value of query_cache_min_res_unit
:
query_cache_min_res_unit
is 4KB. This should
be adequate for most cases.
query_cache_min_res_unit
. The number of free blocks and queries
removed due to pruning are given by the values of the
Qcache_free_blocks
and Qcache_lowmem_prunes
status variables.
Qcache_total_blocks
and Qcache_queries_in_cache
status
variables), you can increase performance by increasing
query_cache_min_res_unit
. However, be careful to not make it too
large (see the previous item).
query_cache_min_res_unit
is present from MySQL 4.1.
You can check whether the query cache is present in your MySQL server using the following statement:
mysql> SHOW VARIABLES LIKE 'have_query_cache'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | have_query_cache | YES | +------------------+-------+
You can defragment the query cache to better utilize its memory
with the FLUSH QUERY CACHE
statement.
The statement does not remove any queries from the cache.
The RESET QUERY CACHE
statement removes all query results from the
query cache. The FLUSH TABLES
statement also does this.
To monitor query cache performance, use SHOW STATUS
to view
the cache status variables:
mysql> SHOW STATUS LIKE 'Qcache%'; +-------------------------+--------+ | Variable_name | Value | +-------------------------+--------+ | Qcache_free_blocks | 36 | | Qcache_free_memory | 138488 | | Qcache_hits | 79570 | | Qcache_inserts | 27087 | | Qcache_lowmem_prunes | 3114 | | Qcache_not_cached | 22989 | | Qcache_queries_in_cache | 415 | | Qcache_total_blocks | 912 | +-------------------------+--------+
Descriptions of each of these variables are given in section 5.2.4 Server Status Variables. Some uses for them are described here.
The total number of SELECT
queries is equal to:
Com_select + Qcache_hits + queries with errors found by parser
The Com_select
value is equal to:
Qcache_inserts + Qcache_not_cached + queries with errors found during columns/rights check
The query cache uses variable-length blocks, so Qcache_total_blocks
and Qcache_free_blocks
may indicate query cache memory fragmentation.
After FLUSH QUERY CACHE
, only a single free block remains.
Every cached query requires a minimum of two blocks (one for the query text and one or more for the query results). Also, every table that is used by a query requires one block. However, if two or more queries use the same table, only one block needs to be allocated.
The information provided by the Qcache_lowmem_prunes
status variable
can help you tune the query cache size. It counts the number of queries that
have been removed from the cache to free up memory for caching new queries.
The query cache uses a least recently used (LRU) strategy to decide which
queries to remove from the cache. Tuning information is given in section 5.11.3 Query Cache Configuration.
Go to the first, previous, next, last section, table of contents.