At Alden Hosting we eat and breathe Secure FTP (sFTP)! We are the industry leader in providing
affordable, quality and efficient Secure FTP (sFTP) hosting in the shared hosting marketplace.
This chapter covers topics that deal with administering a MySQL
installation:
Configuring the server
Managing user accounts
Performing backups
The server log files
The query cache
5.1. Overview of Server-Side Programs
The MySQL server, mysqld, is the main program
that does most of the work in a MySQL installation. The server is
accompanied by several related scripts that perform setup
operations when you install MySQL or that assist you in starting
and stopping the server. This section provides an overview of the
server and related programs. The following sections provide more
detailed information about each of these programs.
Each MySQL program takes many different options. Most programs
provide a --help option that you can use to get a
description of the program's different options. For example, try
mysqld --help.
You can override default option values for MySQL programs by
specifying options on the command line or in an option file.
Section 4.3, “Specifying Program Options”.
The following list briefly describes the MySQL server and
server-related programs:
mysqld
The SQL daemon (that is, the MySQL server). To use client
programs, mysqld must be running, because
clients gain access to databases by connecting to the server.
See Section 5.2, “mysqld — The MySQL Server”.
A server startup script. This script is used on systems that
use System V-style run directories containing scripts that
start system services for particular run levels. It invokes
mysqld_safe to start the MySQL server. See
Section 5.3.2, “mysql.server — MySQL Server Startup Script”.
This program makes a binary release of a compiled MySQL. This
could be sent by FTP to
/pub/mysql/upload/ on
ftp.mysql.com for the convenience of other
MySQL users.
This program is used after a MySQL upgrade operation. It
checks tables for incompatibilities and repairs them if
necessary, and updates the grant tables with any changes that
have been made in newer versions of MySQL. See
Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”.
mysqld is the MySQL server. The following
discussion covers these MySQL server configuration topics:
Startup options that the server supports
Server system variables
Server status variables
How to set the server SQL mode
The server shutdown process
Note: Not all storage engines
are supported by all MySQL server binaries and configurations.
To find out how to determine which storage engines are
supported by your MySQL server installation, see
Section 13.5.4.10, “SHOW ENGINES Syntax”.
5.2.1. Option and Variable Reference
The following table provides a list of all the command line
options, server and status variables applicable within
mysqld.
The table lists command line options (Cmd-line), options valid
in configuration files (Option file), server system variables
(Server Var), and status variables (Status var) in one unified
list, with notification of where each option/variable is
valid. If a server option set on the command line or in an
option file differs from the name of the corresponding server
system or status variable, the variable name is noted
immediately below the corresponding option. For status
variables, the scope of the variable is shown (Scope) as
either global, session, or both. Please see the corresponding
sections for details on setting and using the options and
variables. Where appropriate, a direct link to further
information on the item as available.
Note
This table is part of an ongoing process to expand and
simplify the information provided on these elements. Further
improvements to the table, and corresponding descriptions
will be applied over the coming months.
When you start the mysqld server, you can
specify program options using any of the methods described in
Section 4.3, “Specifying Program Options”. The most common methods are
to provide options in an option file or on the command line.
However, in most cases it is desirable to make sure that the
server uses the same options each time it runs. The best way
to ensure this is to list them in an option file. See
Section 4.3.2, “Using Option Files”.
mysqld reads options from the
[mysqld] and [server]
groups. mysqld_safe reads options from the
[mysqld], [server],
[mysqld_safe], and
[safe_mysqld] groups.
mysql.server reads options from the
[mysqld] and
[mysql.server] groups.
An embedded MySQL server usually reads options from the
[server], [embedded],
and
[xxxxx_SERVER]
groups, where xxxxx is the name of
the application into which the server is embedded.
mysqld accepts many command options. For a
brief summary, execute mysqld --help. To
see the full list, use mysqld --verbose
--help.
The following list shows some of the most common server
options. Additional options are described in other sections:
You can also set the values of server system variables by
using variable names as options, as described later in this
section.
--help, -?
Display a short help message and exit. Use both the
--verbose and --help
options to see the full message.
--abort-slave-event-count
This option is used internally by the MySQL test suite for
replication testing and debugging.
--allow-suspicious-udfs
This option controls whether user-defined functions that
have only an xxx symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded; this prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. This option was added in version 5.0.3. See
Section 24.2.4.6, “User-Defined Function Security Precautions”.
The path to the MySQL installation directory. All paths
are usually resolved relative to this directory.
big-tables
Allow large result sets by saving all temporary sets in
files. This option prevents most “table full”
errors, but also slows down queries for which in-memory
tables would suffice. Since MySQL 3.23.2, the server is
able to handle large result sets automatically by using
memory for small temporary tables and switching to disk
tables where necessary.
--bind-address=IP
The IP address to bind to.
--bootstrap
This option is used by the
mysql_install_db script to create the
MySQL privilege tables without having to start a full
MySQL server.
Don't ignore character set information sent by the client.
To ignore client information and use the default server
character set, use
--skip-character-set-client-handshake;
this makes MySQL behave like MySQL 4.0.
--character-set-filesystem=charset_name
The filesystem character set. This option sets the
character_set_filesystem system
variable. It was added in MySQL 5.0.19.
Use charset_name as the default
server character set. See
Section 5.10.1, “The Character Set Used for Data and Sorting”. If you use this option
to specify a non-default character set, you should also
use --collation-server to specify the
collation.
--chroot=path
Put the mysqld server in a closed
environment during startup by using the
chroot() system call. This is a
recommended security measure. Note that use of this option
somewhat limits LOAD DATA INFILE and
SELECT ... INTO OUTFILE.
(Windows only.) Write error log messages to
stderr and stdout
even if --log-error is specified.
mysqld does not close the console
window if this option is used.
--core-file
Write a core file if mysqld dies. For
some systems, you must also specify the
--core-file-size option to
mysqld_safe. See
Section 5.3.1, “mysqld_safe — MySQL Server Startup Script”. Note that on some systems,
such as Solaris, you do not get a core file if you are
also using the --user option.
--datadir=path,
-h path
The path to the data directory.
--debug[=debug_options],
-#
[debug_options]
If MySQL is configured with --with-debug,
you can use this option to get a trace file of what
mysqld is doing. The
debug_options string often is
'd:t:o,file_name'.
The default is 'd:t:i:o,mysqld.trace'.
See
MySQL
Internals: Porting.
As of MySQL 5.0.25, using --with-debug to
configure MySQL with debugging support enables you to use
the --debug="d,parser_debug" option when
you start the server. This causes the Bison parser that is
used to process SQL statements to dump a parser trace to
the server's standard error output. Typically, this output
is written to the error log.
This option is a synonym for
--default-storage-engine.
--default-time-zone=timezone
Set the default server time zone. This option sets the
global time_zone system variable. If
this option is not given, the default time zone is the
same as the system time zone (given by the value of the
system_time_zone system variable.
--delay-key-write[={OFF|ON|ALL}]
Specify how to use delayed key writes. Delayed key writing
causes key buffers not to be flushed between writes for
MyISAM tables. OFF
disables delayed key writes. ON enables
delayed key writes for those tables that were created with
the DELAY_KEY_WRITE option.
ALL delays key writes for all
MyISAM tables. See
Section 7.5.2, “Tuning Server Parameters”, and
Section 14.1.1, “MyISAM Startup Options”.
Note: If you set this
variable to ALL, you should not use
MyISAM tables from within another
program (such as another MySQL server or
myisamchk) when the tables are in use.
Doing so leads to index corruption.
--des-key-file=file_name
Read the default DES keys from this file. These keys are
used by the DES_ENCRYPT() and
DES_DECRYPT() functions.
--disconnect-slave-event-count
This option is used internally by the MySQL test suite for
replication testing and debugging.
--enable-named-pipe
Enable support for named pipes. This option can be used
only with the mysqld-nt and
mysqld-debug servers that support
named-pipe connections.
--exit-info[=flags],
-T [flags]
This is a bit mask of different flags that you can use for
debugging the mysqld server. Do not use
this option unless you know exactly
what it does!
--external-locking
Enable external locking (system locking), which is
disabled by default as of MySQL 4.0. Note that if you use
this option on a system on which lockd
does not fully work (such as Linux), it is easy for
mysqld to deadlock. This option
previously was named --enable-locking.
For more information about external locking, including
conditions under which it can and cannot be used, see
Section 7.3.4, “External Locking”.
--flush
Flush (synchronize) all changes to disk after each SQL
statement. Normally, MySQL does a write of all changes to
disk only after each SQL statement and lets the operating
system handle the synchronizing to disk. See
Section B.1.4.2, “What to Do If MySQL Keeps Crashing”.
--enable-pstack
Print a symbolic stack trace on failure.
--gdb
Install an interrupt handler for SIGINT
(needed to stop mysqld with
^C to set breakpoints) and disable
stack tracing and core file handling. See
MySQL
Internals: Porting.
--init-file=file_name
Read SQL statements from this file at startup. Each
statement must be on a single line and should not include
comments.
Adds consistency guarantees between the content of
InnoDB tables and the binary log. See
Section 5.11.3, “The Binary Log”. This option was removed in
MySQL 5.0.3, having been made obsolete by the introduction
of XA transaction support.
Return client error messages in the given language.
lang_name can be given as the
language name or as the full pathname to the directory
where the language files are installed. See
Section 5.10.2, “Setting the Error Message Language”.
--large-pages
Some hardware/operating system architectures support
memory pages greater than the default (usually 4KB). The
actual implementation of this support depends on the
underlying hardware and OS. Applications that perform a
lot of memory accesses may obtain performance improvements
by using large pages due to reduced Translation Lookaside
Buffer (TLB) misses.
Currently, MySQL supports only the Linux implementation of
large pages support (which is called HugeTLB in Linux). We
have plans to extend this support to FreeBSD, Solaris and
possibly other platforms.
Before large pages can be used on Linux, it is necessary
to configure the HugeTLB memory pool. For reference,
consult the hugetlbpage.txt file in
the Linux kernel source.
This option is disabled by default. It was added in MySQL
5.0.3.
--log[=file_name],
-l [file_name]
Log connections and SQL statements received from clients
to this file. See Section 5.11.2, “The General Query Log”. If you omit
the filename, MySQL uses
host_name.log
as the filename.
--log-bin[=base_name]
Enable binary logging. The server logs all statements that
change data to the binary log, which is used for backup
and replication. See Section 5.11.3, “The Binary Log”.
The option value, if given, is the basename for the log
sequence. The server creates binary log files in sequence
by adding a numeric suffix to the basename. It is
recommended that you specify a basename (see
Section B.1.8.1, “Open Issues in MySQL”, for the reason). Otherwise,
MySQL uses
host_name-bin
as the basename.
--log-bin-index[=file_name]
The index file for binary log filenames. See
Section 5.11.3, “The Binary Log”. If you omit the filename,
and if you didn't specify one with
--log-bin, MySQL uses
host_name-bin.index
as the filename.
--log-bin-trust-function-creators[={0|1}]
With no argument or an argument of 1, this option sets the
log_bin_trust_function_creators system
variable to 1. With an argument of 0, this option sets the
system variable to 0.
log_bin_trust_function_creators affects
how MySQL enforces restrictions on stored function
creation. See Section 17.4, “Binary Logging of Stored Routines and Triggers”.
This option was added in MySQL 5.0.16.
--log-bin-trust-routine-creators[={0|1}]
This is the old name for
--log-bin-trust-function-creators. Before
MySQL 5.0.16, it also applies to stored procedures, not
just stored functions and sets the
log_bin_trust_routine_creators system
variable. As of 5.0.16, this option is deprecated. It is
recognized for backward compatibility but its use results
in a warning.
This option was added in MySQL 5.0.6.
--log-error[=file_name]
Log errors and startup messages to this file. See
Section 5.11.1, “The Error Log”. If you omit the filename,
MySQL uses
host_name.err.
If the filename has no extension, the server adds an
extension of .err.
--log-isam[=file_name]
Log all MyISAM changes to this file
(used only when debugging MyISAM).
--log-long-format
(DEPRECATED)
Log extra information to the update log, binary update
log, and slow query log, if they have been activated. For
example, the username and timestamp are logged for all
queries. This option is deprecated, as it now represents
the default logging behavior. (See the description for
--log-short-format.) The
--log-queries-not-using-indexes option is
available for the purpose of logging queries that do not
use indexes to the slow query log.
--log-queries-not-using-indexes
If you are using this option with
--log-slow-queries, queries that do not
use indexes are logged to the slow query log. See
Section 5.11.4, “The Slow Query Log”.
--log-short-format
Log less information to the update log, binary update log,
and slow query log, if they have been activated. For
example, the username and timestamp are not logged for
queries.
--log-slow-admin-statements
Log slow administrative statements such as
OPTIMIZE TABLE, ANALYZE
TABLE, and ALTER TABLE to the
slow query log.
--log-slow-queries[=file_name]
Log all queries that have taken more than
long_query_time seconds to execute to
this file. See Section 5.11.4, “The Slow Query Log”. See the
descriptions of the --log-long-format and
--log-short-format options for details.
--log-tc=file_name
The name of the memory-mapped transaction coordinator log
file (for XA transactions that affect multiple storage
engines when the binary log is disabled). The default name
is tc.log. The file is created under
the data directory if not given as a full pathname.
Currently, this option is unused. Added in MySQL 5.0.3.
--log-tc-size=size
The size in bytes of the memory-mapped transaction
coordinator log. The default size is 24KB. Added in MySQL
5.0.3.
--log-warnings[=level],
-W [level]
Print out warnings such as Aborted
connection... to the error log. Enabling this
option is recommended, for example, if you use replication
(you get more information about what is happening, such as
messages about network failures and reconnections). This
option is enabled (1) by default, and the default
level value if omitted is 1. To
disable this option, use
--log-warnings=0. Aborted connections are
not logged to the error log unless the value is greater
than 1. See Section B.1.2.10, “Communication Errors and Aborted Connections”.
--low-priority-updates
Give table-modifying operations
(INSERT, REPLACE,
DELETE, UPDATE)
lower priority than selects. This can also be done via
{INSERT | REPLACE | DELETE | UPDATE} LOW_PRIORITY
... to lower the priority of only one query, or
by SET LOW_PRIORITY_UPDATES=1 to change
the priority in one thread. This affects only storage
engines that use only table-level locking
(MyISAM, MEMORY,
MERGE). See
Section 7.3.2, “Table Locking Issues”.
--max-binlog-dump-events
This option is used internally by the MySQL test suite for
replication testing and debugging.
--memlock
Lock the mysqld process in memory. This
works on systems such as Solaris that support the
mlockall() system call. This might help
if you have a problem where the operating system is
causing mysqld to swap on disk. Note
that use of this option requires that you run the server
as root, which is normally not a good
idea for security reasons. See
Section 5.6.5, “How to Run MySQL as a Normal User”.
--myisam-recover[=option[,option]...]]
Set the MyISAM storage engine recovery
mode. The option value is any combination of the values of
DEFAULT, BACKUP,
FORCE, or QUICK. If
you specify multiple values, separate them by commas. You
can also use a value of "" to disable
this option. If this option is used, each time
mysqld opens a
MyISAM table, it checks whether the
table is marked as crashed or wasn't closed properly. (The
last option works only if you are running with external
locking disabled.) If this is the case,
mysqld runs a check on the table. If
the table was corrupted, mysqld
attempts to repair it.
The following options affect how the repair works:
Option
Description
DEFAULT
The same as not giving any option to --myisam-recover.
BACKUP
If the data file was changed during recovery, save a backup of the
tbl_name.MYD
file as
tbl_name-datetime.BAK.
FORCE
Run recovery even if we would lose more than one row from the
.MYD file.
QUICK
Don't check the rows in the table if there aren't any delete blocks.
Before the server automatically repairs a table, it writes
a note about the repair to the error log. If you want to
be able to recover from most problems without user
intervention, you should use the options
BACKUP,FORCE. This forces a repair of a
table even if some rows would be deleted, but it keeps the
old data file as a backup so that you can later examine
what happened.
When using the NDB storage engine, it
is possible to point out the management server that
distributes the cluster configuration by setting the
connect string option. See
Section 15.4.4.2, “The Cluster Connectstring”, for syntax.
--ndbcluster
If the binary includes support for the NDB
Cluster storage engine, this option enables the
engine, which is disabled by default. See
Chapter 15, MySQL Cluster.
--old-passwords
Force the server to generate short (pre-4.1) password
hashes for new passwords. This is useful for compatibility
when the server must support older client programs. See
Section 5.7.9, “Password Hashing as of MySQL 4.1”.
--one-thread
Only use one thread (for debugging under Linux). This
option is available only if the server is built with
debugging enabled. See
MySQL
Internals: Porting.
--open-files-limit=count
Change the number of file descriptors available to
mysqld. If this option is not set or is
set to 0, mysqld uses the value to
reserve file descriptors with
setrlimit(). If the value is 0,
mysqld reserves
max_connections×5 or
max_connections +
table_open_cache×2 files (whichever is
larger). You should try increasing this value if
mysqld gives you the error Too
many open files.
--pid-file=path
The pathname of the process ID file. This file is used by
other programs such as mysqld_safe to
determine the server's process ID.
--port=port_num,
-P port_num
The port number to use when listening for TCP/IP
connections. The port number must be 1024 or higher unless
the server is started by the root
system user.
--port-open-timeout=num
On some systems, when the server is stopped, the TCP/IP
port might not become available immediately. If the server
is restarted quickly afterward, its attempt to reopen the
port can fail. This option indicates how many seconds the
server should wait for the TCP/IP port to become free if
it cannot be opened. The default is not to wait. This
option was added in MySQL 5.0.19.
If this option is enabled, a user cannot create new MySQL
users by using the GRANT statement
unless the user has the INSERT
privilege for the mysql.user table or
any column in the table. If you want a user to have the
ability to create new users that have those privileges
that the user has the right to grant, you should grant the
user the following privilege:
GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
This ensures that the user cannot change any privilege
columns directly, but has to use the
GRANT statement to give privileges to
other users.
--secure-auth
Disallow authentication by clients that attempt to use
accounts that have old (pre-4.1) passwords.
--secure-file-priv=path
This option limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in
the specified directory.
This option was added in MySQL 5.0.38.
--shared-memory
Enable shared-memory connections by local clients. This
option is available only on Windows.
--shared-memory-base-name=name
The name of shared memory to use for shared-memory
connections. This option is available only on Windows. The
default name is MYSQL. The name is case
sensitive.
--skip-bdb
Disable the BDB storage engine. This
saves memory and might speed up some operations. Do not
use this option if you require BDB
tables.
--skip-concurrent-insert
Turn off the ability to select and insert at the same time
on MyISAM tables. (This is to be used
only if you think you have found a bug in this feature.)
See Section 7.3.3, “Concurrent Inserts”.
--skip-external-locking
Do not use external locking (system locking). For more
information about external locking, including conditions
under which it can and cannot be used, see
Section 7.3.4, “External Locking”.
External locking has been disabled by default since MySQL
4.0.
--skip-grant-tables
This option causes the server not to use the privilege
system at all, which gives anyone with access to the
server unrestricted access to all
databases. You can cause a running server to
start using the grant tables again by executing
mysqladmin flush-privileges or
mysqladmin reload command from a system
shell, or by issuing a MySQL FLUSH
PRIVILEGES statement after connecting to the
server. This option also suppresses loading of
user-defined functions (UDFs).
Do not use the internal hostname cache for faster
name-to-IP resolution. Instead, query the DNS server every
time a client connects. See Section 7.5.7, “How MySQL Uses DNS”.
--skip-innodb
Disable the InnoDB storage engine. This
saves memory and disk space and might speed up some
operations. Do not use this option if you require
InnoDB tables.
--skip-merge
Disable the MERGE storage engine. This
option was added in MySQL 5.0.24. It can be used if the
following behavior is undesirable: If a user has access to
MyISAM table
t, that user can create a
MERGE table
m that accesses
t. However, if the user's
privileges on t are
subsequently revoked, the user can continue to access
t by doing so through
m.
--skip-name-resolve
Do not resolve hostnames when checking client connections.
Use only IP numbers. If you use this option, all
Host column values in the grant tables
must be IP numbers or localhost. See
Section 7.5.7, “How MySQL Uses DNS”.
--skip-ndbcluster
Disable the NDB Cluster storage engine.
This is the default for binaries that were built with
NDB Cluster storage engine support; the
server allocates memory and other resources for this
storage engine only if the --ndbcluster
option is given explicitly. See
Section 15.4.3, “Quick Test Setup of MySQL Cluster”, for an example of
usage.
--skip-networking
Don't listen for TCP/IP connections at all. All
interaction with mysqld must be made
via named pipes or shared memory (on Windows) or Unix
socket files (on Unix). This option is highly recommended
for systems where only local clients are allowed. See
Section 7.5.7, “How MySQL Uses DNS”.
--sporadic-binlog-dump-fail
This option is used internally by the MySQL test suite for
replication testing and debugging.
--ssl*
Options that begin with --ssl specify
whether to allow clients to connect via SSL and indicate
where to find SSL keys and certificates. See
Section 5.8.7.3, “SSL Command Options”.
--standalone
Instructs the MySQL server not to run as a service.
--symbolic-links,
--skip-symbolic-links
Enable or disable symbolic link support. This option has
different effects on Windows and Unix:
On Unix, enabling symbolic links means that you can
link a MyISAM index file or data
file to another directory with the INDEX
DIRECTORY or DATA
DIRECTORY options of the CREATE
TABLE statement. If you delete or rename the
table, the files that its symbolic links point to also
are deleted or renamed. See
Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
--skip-safemalloc
If MySQL is configured with
--with-debug=full, all MySQL programs
check for memory overruns during each memory allocation
and memory freeing operation. This checking is very slow,
so for the server you can avoid it when you don't need it
by using the --skip-safemalloc option.
--skip-show-database
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES privilege, and the
statement displays all database names. Without this
option, SHOW DATABASES is allowed to
all users, but displays each database name only if the
user has the SHOW DATABASES privilege
or some privilege for the database. Note that
any global privilege is considered a
privilege for the database.
--skip-stack-trace
Don't write stack traces. This option is useful when you
are running mysqld under a debugger. On
some systems, you also must use this option to get a core
file. See
MySQL
Internals: Porting.
--skip-thread-priority
Disable using thread priorities for faster response time.
--socket=path
On Unix, this option specifies the Unix socket file to use
when listening for local connections. The default value is
/tmp/mysql.sock. On Windows, the
option specifies the pipe name to use when listening for
local connections that use a named pipe. The default value
is MySQL (not case sensitive).
As of MySQL 5.0.13, SYSDATE() by
default returns the time at which it executes, not the
time at which the statement in which it occurs begins
executing. This differs from the behavior of
NOW(). This option causes
SYSDATE() to be an alias for
NOW(). For information about the
implications for binary logging and replication, see the
description for SYSDATE() in
Section 12.6, “Date and Time Functions” and for
SET TIMESTAMP in
Section 13.5.3, “SET Syntax”.
This option was added in MySQL 5.0.20.
--tc-heuristic-recover={COMMIT|ROLLBACK}
The type of decision to use in the heuristic recovery
process. Currently, this option is unused. Added in MySQL
5.0.3.
--temp-pool
This option causes most temporary files created by the
server to use a small set of names, rather than a unique
name for each new file. This works around a problem in the
Linux kernel dealing with creating many new files with
different names. With the old behavior, Linux seems to
“leak” memory, because it is being allocated
to the directory entry cache rather than to the disk
cache.
--transaction-isolation=level
Sets the default transaction isolation level. The
level value can be
READ-UNCOMMITTED,
READ-COMMITTED,
REPEATABLE-READ, or
SERIALIZABLE. See
Section 13.4.6, “SET TRANSACTION Syntax”.
--tmpdir=path,
-t path
The path of the directory to use for creating temporary
files. It might be useful if your default
/tmp directory resides on a partition
that is too small to hold temporary tables. This option
accepts several paths that are used in round-robin
fashion. Paths should be separated by colon characters
(‘:’) on Unix and semicolon
characters (‘;’) on
Windows, NetWare, and OS/2. If the MySQL server is acting
as a replication slave, you should not set
--tmpdir to point to a directory on a
memory-based filesystem or to a directory that is cleared
when the server host restarts. For more information about
the storage location of temporary files, see
Section B.1.4.4, “Where MySQL Stores Temporary Files”. A replication slave
needs some of its temporary files to survive a machine
restart so that it can replicate temporary tables or
LOAD DATA INFILE operations. If files
in the temporary file directory are lost when the server
restarts, replication fails.
Run the mysqld server as the user
having the name user_name or
the numeric user ID user_id.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant
tables.)
This option is mandatory when
starting mysqld as
root. The server changes its user ID
during its startup sequence, causing it to run as that
particular user rather than as root.
See Section 5.6.1, “General Security Guidelines”.
To avoid a possible security hole where a user adds a
--user=root option to a
my.cnf file (thus causing the server
to run as root),
mysqld uses only the first
--user option specified and produces a
warning if there are multiple --user
options. Options in /etc/my.cnf and
$MYSQL_HOME/my.cnf are processed
before command-line options, so it is recommended that you
put a --user option in
/etc/my.cnf and specify a value other
than root. The option in
/etc/my.cnf is found before any other
--user options, which ensures that the
server runs as a user other than root,
and that a warning results if any other
--user option is found.
--version, -V
Display version information and exit.
You can assign a value to a server system variable by using an
option of the form
--var_name=value.
For example, --key_buffer_size=32M sets the
key_buffer_size variable to a value of
32MB.
Note that when you assign a value to a variable, MySQL might
automatically correct the value to stay within a given range,
or adjust the value to the closest allowable value if only
certain values are allowed.
If you want to restrict the maximum value to which a variable
can be set at runtime with SET, you can
define this by using the
--maximum-var_name=value
command-line option.
It is also possible to set variables by using
--set-variable=var_name=value
or -O
var_name=value
syntax. This syntax is deprecated.
You can change the values of most system variables for a
running server with the SET statement. See
Section 13.5.3, “SET Syntax”.
The mysql server maintains many system
variables that indicate how it is configured. Each system
variable has a default value. System variables can be set at
server startup using options on the command line or in an
option file. Most of them can be changed dynamically while the
server is running by means of the SET
statement, which enables you to modify operation of the server
without having to stop and restart it. You can refer to system
variable values in expressions.
There are several ways to see the names and values of system
variables:
To see the values that a server will use based on its
compiled-in defaults and any option files that it reads,
use this command:
mysqld --verbose --help
To see the values that a server will use based on its
compiled-in defaults, ignoring the settings in any option
files, use this command:
mysqld --no-defaults --verbose --help
To see the current values used by a running server, use
the SHOW VARIABLES statement.
This section provides a description of each system variable.
Variables with no version indicated are present in all MySQL
5.0 releases. For historical information
concerning their implementation, please see MySQL
3.23, 4.0, 4.1 Reference Manual.
For additional system variable information, see these
sections:
Note: Some of the following variable
descriptions refer to “enabling” or
“disabling” a variable. These variables can be
enabled with the SET statement by setting
them to ON or 1, or
disabled by setting them to OFF or
0. However, to set such a variable on the
command line or in an option file, you must set it to
1 or 0; setting it to
ON or OFF will not work.
For example, on the command line,
--delay_key_write=1 works but
--delay_key_write=ON does not.
Values for buffer sizes, lengths, and stack sizes are given in
bytes unless otherwise specified.
auto_increment_increment
auto_increment_increment and
auto_increment_offset are intended for
use with master-to-master replication, and can be used to
control the operation of AUTO_INCREMENT
columns. Both variables can be set globally or locally,
and each can assume an integer value between 1 and 65,535
inclusive. Setting the value of either of these two
variables to 0 causes its value to be set to 1 instead.
Attempting to set the value of either of these two
variables to an integer greater than 65,535 or less than 0
causes its value to be set to 65,535 instead. Attempting
to set the value of
auto_increment_increment or
auto_increment_offset to a non-integer
value gives rise to an error, and the actual value of the
variable remains unchanged.
These two variables affect
AUTO_INCREMENT column behavior as
follows:
auto_increment_increment controls
the interval between successive column values. For
example:
mysql> SHOW VARIABLES LIKE 'auto_inc%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| auto_increment_increment | 1 |
| auto_increment_offset | 1 |
+--------------------------+-------+
2 rows in set (0.00 sec)
mysql> CREATE TABLE autoinc1
-> (col INT NOT NULL AUTO_INCREMENT PRIMARY KEY);
Query OK, 0 rows affected (0.04 sec)
mysql> SET @@auto_increment_increment=10;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE 'auto_inc%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| auto_increment_increment | 10 |
| auto_increment_offset | 1 |
+--------------------------+-------+
2 rows in set (0.01 sec)
mysql> INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL);
Query OK, 4 rows affected (0.00 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> SELECT col FROM autoinc1;
+-----+
| col |
+-----+
| 1 |
| 11 |
| 21 |
| 31 |
+-----+
4 rows in set (0.00 sec)
(Note how SHOW VARIABLES is used
here to obtain the current values for these
variables.)
auto_increment_offset determines
the starting point for the
AUTO_INCREMENT column value.
Consider the following, assuming that these statements
are executed during the same session as the example
given in the description for
auto_increment_increment:
mysql> SET @@auto_increment_offset=5;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE 'auto_inc%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| auto_increment_increment | 10 |
| auto_increment_offset | 5 |
+--------------------------+-------+
2 rows in set (0.00 sec)
mysql> CREATE TABLE autoinc2
-> (col INT NOT NULL AUTO_INCREMENT PRIMARY KEY);
Query OK, 0 rows affected (0.06 sec)
mysql> INSERT INTO autoinc2 VALUES (NULL), (NULL), (NULL), (NULL);
Query OK, 4 rows affected (0.00 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> SELECT col FROM autoinc2;
+-----+
| col |
+-----+
| 5 |
| 15 |
| 25 |
| 35 |
+-----+
4 rows in set (0.02 sec)
If the value of
auto_increment_offset is greater
than that of
auto_increment_increment, the value
of auto_increment_offset is
ignored.
Should one or both of these variables be changed and then
new rows inserted into a table containing an
AUTO_INCREMENT column, the results may
seem counterintuitive because the series of
AUTO_INCREMENT values is calculated
without regard to any values already present in the
column, and the next value inserted is the least value in
the series that is greater than the maximum existing value
in the AUTO_INCREMENT column. In other
words, the series is calculated like so:
auto_increment_offset +
N ×
auto_increment_increment
where N is a positive integer
value in the series [1, 2, 3, ...]. For example:
mysql> SHOW VARIABLES LIKE 'auto_inc%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| auto_increment_increment | 10 |
| auto_increment_offset | 5 |
+--------------------------+-------+
2 rows in set (0.00 sec)
mysql> SELECT col FROM autoinc1;
+-----+
| col |
+-----+
| 1 |
| 11 |
| 21 |
| 31 |
+-----+
4 rows in set (0.00 sec)
mysql> INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL);
Query OK, 4 rows affected (0.00 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> SELECT col FROM autoinc1;
+-----+
| col |
+-----+
| 1 |
| 11 |
| 21 |
| 31 |
| 35 |
| 45 |
| 55 |
| 65 |
+-----+
8 rows in set (0.00 sec)
The values shown for
auto_increment_increment and
auto_increment_offset generate the
series 5 + N × 10, that
is, [5, 15, 25, 35, 45, ...]. The greatest value present
in the col column prior to the
INSERT is 31, and the next available
value in the AUTO_INCREMENT series is
35, so the inserted values for col
begin at that point and the results are as shown for the
SELECT query.
It is important to remember that it is not possible to
confine the effects of these two variables to a single
table, and thus they do not take the place of the
sequences offered by some other database management
systems; these variables control the behavior of all
AUTO_INCREMENT columns in
all tables on the MySQL server. If
one of these variables is set globally, its effects
persist until the global value is changed or overridden by
setting them locally, or until mysqld
is restarted. If set locally, the new value affects
AUTO_INCREMENT columns for all tables
into which new rows are inserted by the current user for
the duration of the session, unless the values are changed
during that session.
auto_increment_increment is supported
for use with NDB tables beginning with
MySQL 5.0.46. Previously, setting it when using MySQL
Cluster tables produced unpredictable results.
auto_increment_offset
This variable was introduced in MySQL 5.0.2. Its default
value is 1. For particulars, see the description for
auto_increment_increment.
auto_increment_offset is supported for
use with NDB tables beginning with
MySQL 5.0.46. Previously, setting it when using MySQL
Cluster tables produced unpredictable results.
automatic_sp_privileges
When this variable has a value of 1 (the default), the
server automatically grants the EXECUTE
and ALTER ROUTINE privileges to the
creator of a stored routine, if the user cannot already
execute and alter or drop the routine. (The ALTER
ROUTINE privileges is required to drop the
routine.) The server also automatically drops those
privileges when the creator drops the routine. If
automatic_sp_privileges is 0, the
server does not automatically add and drop these
privileges. This variable was added in MySQL 5.0.3.
back_log
The number of outstanding connection requests MySQL can
have. This comes into play when the main MySQL thread gets
very many connection requests in a very short time. It
then takes some time (although very little) for the main
thread to check the connection and start a new thread. The
back_log value indicates how many
requests can be stacked during this short time before
MySQL momentarily stops answering new requests. You need
to increase this only if you expect a large number of
connections in a short period of time.
In other words, this value is the size of the listen queue
for incoming TCP/IP connections. Your operating system has
its own limit on the size of this queue. The manual page
for the Unix listen() system call
should have more details. Check your OS documentation for
the maximum value for this variable.
back_log cannot be set higher than your
operating system limit.
basedir
The MySQL installation base directory. This variable can
be set with the --basedir option.
bdb_cache_size
The size of the buffer that is allocated for caching
indexes and rows for BDB tables. If you
don't use BDB tables, you should start
mysqld with --skip-bdb
to not allocate memory for this cache.
bdb_home
The base directory for BDB tables. This
should be assigned the same value as the
datadir variable.
bdb_log_buffer_size
The size of the buffer that is allocated for caching
indexes and rows for BDB tables. If you
don't use BDB tables, you should set
this to 0 or start mysqld with
--skip-bdb to not allocate memory for
this cache.
bdb_logdir
The directory where the BDB storage
engine writes its log files. This variable can be set with
the --bdb-logdir option.
bdb_max_lock
The maximum number of locks that can be active for a
BDB table (10,000 by default). You
should increase this value if errors such as the following
occur when you perform long transactions or when
mysqld has to examine many rows to
calculate a query:
bdb: Lock table is out of available locks
Got error 12 from ...
bdb_shared_data
This is ON if you are using
--bdb-shared-data to start Berkeley DB in
multi-process mode. (Do not use
DB_PRIVATE when initializing Berkeley
DB.)
bdb_tmpdir
The BDB temporary file directory.
binlog_cache_size
The size of the cache to hold the SQL statements for the
binary log during a transaction. A binary log cache is
allocated for each client if the server supports any
transactional storage engines and if the server has the
binary log enabled (--log-bin option). If
you often use large, multiple-statement transactions, you
can increase this cache size to get more performance. The
Binlog_cache_use and
Binlog_cache_disk_use status variables
can be useful for tuning the size of this variable. See
Section 5.11.3, “The Binary Log”.
MySQL Enterprise
For recommendations on the optimum setting for
binlog_cache_size subscribe to the
MySQL Network Monitoring and Advisory Service. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
bulk_insert_buffer_size
MyISAM uses a special tree-like cache
to make bulk inserts faster for INSERT ...
SELECT, INSERT ... VALUES (...), (...),
..., and LOAD DATA INFILE
when adding data to non-empty tables. This variable limits
the size of the cache tree in bytes per thread. Setting it
to 0 disables this optimization. The default value is 8MB.
character_set_client
The character set for statements that arrive from the
client.
character_set_connection
The character set used for literals that do not have a
character set introducer and for number-to-string
conversion.
character_set_database
The character set used by the default database. The server
sets this variable whenever the default database changes.
If there is no default database, the variable has the same
value as character_set_server.
character_set_filesystem
The filesystem character set. This variable is used to
interpret string literals that refer to filenames, such as
in the LOAD DATA INFILE and
SELECT ... INTO OUTFILE statements and
the LOAD_FILE() function. Such
filenames are converted from
character_set_client to
character_set_filesystem before the
file opening attempt occurs. The default value is
binary, which means that no conversion
occurs. For systems on which multi-byte filenames are
allowed, a different value may be more appropriate. For
example, if the system represents filenames using UTF-8,
set character_set_filesystem to
'utf8'. This variable was added in
MySQL 5.0.19.
character_set_results
The character set used for returning query results to the
client.
character_set_server
The server's default character set.
character_set_system
The character set used by the server for storing
identifiers. The value is always utf8.
character_sets_dir
The directory where character sets are installed.
collation_connection
The collation of the connection character set.
collation_database
The collation used by the default database. The server
sets this variable whenever the default database changes.
If there is no default database, the variable has the same
value as collation_server.
collation_server
The server's default collation.
completion_type
The transaction completion type:
If the value is 0 (the default),
COMMIT and
ROLLBACK are unaffected.
If the value is 1, COMMIT and
ROLLBACK are equivalent to
COMMIT AND CHAIN and
ROLLBACK AND CHAIN, respectively.
(A new transaction starts immediately with the same
isolation level as the just-terminated transaction.)
If the value is 2, COMMIT and
ROLLBACK are equivalent to
COMMIT RELEASE and
ROLLBACK RELEASE, respectively.
(The server disconnects after terminating the
transaction.)
This variable was added in MySQL 5.0.3
concurrent_insert
If 1 (the default), MySQL allows INSERT
and SELECT statements to run
concurrently for MyISAM tables that
have no free blocks in the middle of the data file. You
can turn this option off by starting
mysqld with --safe or
--skip-new.
In MySQL 5.0.6, this variable was changed to take three
integer values:
Value
Description
0
Off
1
(Default) Enables concurrent insert for MyISAM tables
that don't have holes
2
Enables concurrent inserts for all MyISAM tables,
even those that have holes. For a table with a
hole, new rows are inserted at the end of the
table if it is in use by another thread.
Otherwise, MySQL acquires a normal write lock and
inserts the row into the hole.
This option applies only to MyISAM
tables. It can have one of the following values to affect
handling of the DELAY_KEY_WRITE table
option that can be used in CREATE TABLE
statements.
Option
Description
OFF
DELAY_KEY_WRITE is ignored.
ON
MySQL honors any DELAY_KEY_WRITE option specified in
CREATE TABLE statements. This
is the default value.
ALL
All new opened tables are treated as if they were created with the
DELAY_KEY_WRITE option enabled.
If DELAY_KEY_WRITE is enabled for a
table, the key buffer is not flushed for the table on
every index update, but only when the table is closed.
This speeds up writes on keys a lot, but if you use this
feature, you should add automatic checking of all
MyISAM tables by starting the server
with the --myisam-recover option (for
example, --myisam-recover=BACKUP,FORCE).
See Section 5.2.2, “Command Options”, and
Section 14.1.1, “MyISAM Startup Options”.
Note that if you enable external locking with
--external-locking, there is no
protection against index corruption for tables that use
delayed key writes.
delayed_insert_limit
After inserting delayed_insert_limit
delayed rows, the INSERT DELAYED
handler thread checks whether there are any
SELECT statements pending. If so, it
allows them to execute before continuing to insert delayed
rows.
delayed_insert_timeout
How many seconds an INSERT DELAYED
handler thread should wait for INSERT
statements before terminating.
delayed_queue_size
This is a per-table limit on the number of rows to queue
when handling INSERT DELAYED
statements. If the queue becomes full, any client that
issues an INSERT DELAYED statement
waits until there is room in the queue again.
div_precision_increment
This variable indicates the number of digits of precision
by which to increase the result of division operations
performed with the / operator. The
default value is 4. The minimum and maximum values are 0
and 30, respectively. The following example illustrates
the effect of increasing the default value.
This variable applies to NDB. By default it is 0
(OFF): If you execute a query such as
SELECT * FROM t WHERE mycol = 42, where
mycol is a non-indexed column, the
query is executed as a full table scan on every NDB node.
Each node sends every row to the MySQL server, which
applies the WHERE condition. If
engine_condition_pushdown is set to 1
(ON), the condition is “pushed
down” to the storage engine and sent to the NDB
nodes. Each node uses the condition to perform the scan,
and only sends back to the MySQL server the rows that
match the condition.
This variable was added in MySQL 5.0.3. Before that, the
default NDB behavior is the same as for
a value of OFF.
expire_logs_days
The number of days for automatic binary log removal. The
default is 0, which means “no automatic
removal.” Possible removals happen at startup and
at binary log rotation.
flush
If ON, the server flushes
(synchronizes) all changes to disk after each SQL
statement. Normally, MySQL does a write of all changes to
disk only after each SQL statement and lets the operating
system handle the synchronizing to disk. See
Section B.1.4.2, “What to Do If MySQL Keeps Crashing”. This variable is set to
ON if you start
mysqld with the
--flush option.
flush_time
If this is set to a non-zero value, all tables are closed
every flush_time seconds to free up
resources and synchronize unflushed data to disk. We
recommend that this option be used only on systems with
minimal resources.
The default variable value is
'+ -><()~*:""&|'. The
rules for changing the value are as follows:
Operator function is determined by position within the
string.
The replacement value must be 14 characters.
Each character must be an ASCII non-alphanumeric
character.
Either the first or second character must be a space.
No duplicates are allowed except the phrase quoting
operators in positions 11 and 12. These two characters
are not required to be the same, but they are the only
two that may be.
Positions 10, 13, and 14 (which by default are set to
‘:’,
‘&’, and
‘|’) are reserved for
future extensions.
ft_max_word_len
The maximum length of the word to be included in a
FULLTEXT index.
Note:
FULLTEXT indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
tbl_name QUICK.
ft_min_word_len
The minimum length of the word to be included in a
FULLTEXT index.
Note:
FULLTEXT indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
tbl_name QUICK.
ft_query_expansion_limit
The number of top matches to use for full-text searches
performed using WITH QUERY EXPANSION.
ft_stopword_file
The file from which to read the list of stopwords for
full-text searches. All the words from the file are used;
comments are not honored. By default,
a built-in list of stopwords is used (as defined in the
myisam/ft_static.c file). Setting
this variable to the empty string ('')
disables stopword filtering.
Note:
FULLTEXT indexes must be rebuilt after
changing this variable or the contents of the stopword
file. Use REPAIR TABLE
tbl_name QUICK.
group_concat_max_len
The maximum allowed result length for the
GROUP_CONCAT() function. The default is
1024.
have_archive
YES if mysqld
supports ARCHIVE tables,
NO if not.
have_bdb
YES if mysqld
supports BDB tables.
DISABLED if --skip-bdb
is used.
have_blackhole_engine
YES if mysqld
supports BLACKHOLE tables,
NO if not.
have_compress
YES if the zlib
compression library is available to the server,
NO if not. If not, the
COMPRESS() and
UNCOMPRESS() functions cannot be used.
have_crypt
YES if the crypt()
system call is available to the server,
NO if not. If not, the
ENCRYPT() function cannot be used.
have_csv
YES if mysqld
supports CSV tables,
NO if not.
have_example_engine
YES if mysqld
supports EXAMPLE tables,
NO if not.
have_federated_engine
YES if mysqld
supports FEDERATED tables,
NO if not. This variable was added in
MySQL 5.0.3.
have_geometry
YES if the server supports spatial data
types, NO if not.
have_innodb
YES if mysqld
supports InnoDB tables.
DISABLED if
--skip-innodb is used.
have_isam
In MySQL 5.0, this variable appears only for
reasons of backward compatibility. It is always
NO because ISAM
tables are no longer supported.
have_merge_engine
YES if mysqld
supports MERGE tables.
DISABLED if
--skip-merge is used. This variable was
added in MySQL 5.0.24.
have_ndbcluster
YES if mysqld
supports NDB Cluster tables.
DISABLED if
--skip-ndbcluster is used.
have_openssl
YES if mysqld
supports SSL connections, NO if not.
have_query_cache
YES if mysqld
supports the query cache, NO if not.
have_raid
In MySQL 5.0, this variable appears only for
reasons of backward compatibility. It is always
NO because RAID
tables are no longer supported.
have_rtree_keys
YES if RTREE indexes
are available, NO if not. (These are
used for spatial indexes in MyISAM
tables.)
have_symlink
YES if symbolic link support is
enabled, NO if not. This is required on
Unix for support of the DATA DIRECTORY
and INDEX DIRECTORY table options, and
on Windows for support of data directory symlinks.
hostname
The server sets this variable to the server hostname at
startup. This variable was added in MySQL 5.0.38.
init_connect
A string to be executed by the server for each client that
connects. The string consists of one or more SQL
statements. To specify multiple statements, separate them
by semicolon characters. For example, each client begins
by default with autocommit mode enabled. There is no
global system variable to specify that autocommit should
be disabled by default, but
init_connect can be used to achieve the
same effect:
SET GLOBAL init_connect='SET AUTOCOMMIT=0';
This variable can also be set on the command line or in an
option file. To set the variable as just shown using an
option file, include these lines:
[mysqld]
init_connect='SET AUTOCOMMIT=0'
Note that the content of init_connect
is not executed for users that have the
SUPER privilege. This is done so that
an erroneous value for init_connect
does not prevent all clients from connecting. For example,
the value might contain a statement that has a syntax
error, thus causing client connections to fail. Not
executing init_connect for users that
have the SUPER privilege enables them
to open a connection and fix the
init_connect value.
init_file
The name of the file specified with the
--init-file option when you start the
server. This should be a file containing SQL statements
that you want the server to execute when it starts. Each
statement must be on a single line and should not include
comments.
This variable is similar to
init_connect, but is a string to be
executed by a slave server each time the SQL thread
starts. The format of the string is the same as for the
init_connect variable.
The number of seconds the server waits for activity on an
interactive connection before closing it. An interactive
client is defined as a client that uses the
CLIENT_INTERACTIVE option to
mysql_real_connect(). See also
wait_timeout.
join_buffer_size
The size of the buffer that is used for joins that do not
use indexes and thus perform full table scans. Normally,
the best way to get fast joins is to add indexes. Increase
the value of join_buffer_size to get a
faster full join when adding indexes is not possible. One
join buffer is allocated for each full join between two
tables. For a complex join between several tables for
which indexes are not used, multiple join buffers might be
necessary.
key_buffer_size
Index blocks for MyISAM tables are
buffered and are shared by all threads.
key_buffer_size is the size of the
buffer used for index blocks. The key buffer is also known
as the key cache.
The maximum allowable setting for
key_buffer_size is 4GB. The effective
maximum size might be less, depending on your available
physical RAM and per-process RAM limits imposed by your
operating system or hardware platform.
Increase the value to get better index handling (for all
reads and multiple writes) to as much as you can afford.
Using a value that is 25% of total memory on a machine
that mainly runs MySQL is quite common. However, if you
make the value too large (for example, more than 50% of
your total memory) your system might start to page and
become extremely slow. MySQL relies on the operating
system to perform filesystem caching for data reads, so
you must leave some room for the filesystem cache.
Consider also the memory requirements of other storage
engines.
You can check the performance of the key buffer by issuing
a SHOW STATUS statement and examining
the Key_read_requests,
Key_reads,
Key_write_requests, and
Key_writes status variables. (See
Section 13.5.4, “SHOW Syntax”.) The
Key_reads/Key_read_requests ratio
should normally be less than 0.01. The
Key_writes/Key_write_requests ratio is
usually near 1 if you are using mostly updates and
deletes, but might be much smaller if you tend to do
updates that affect many rows at the same time or if you
are using the DELAY_KEY_WRITE table
option.
The fraction of the key buffer in use can be determined
using key_buffer_size in conjunction
with the Key_blocks_unused status
variable and the buffer block size, which is available
from the key_cache_block_size system
variable:
This value is an approximation because some space in the
key buffer may be allocated internally for administrative
structures.
It is possible to create multiple
MyISAM key caches. The size limit of
4GB applies to each cache individually, not as a group.
See Section 7.4.6, “The MyISAM Key Cache”.
key_cache_age_threshold
This value controls the demotion of buffers from the hot
sub-chain of a key cache to the warm sub-chain. Lower
values cause demotion to happen more quickly. The minimum
value is 100. The default value is 300. See
Section 7.4.6, “The MyISAM Key Cache”.
The division point between the hot and warm sub-chains of
the key cache buffer chain. The value is the percentage of
the buffer chain to use for the warm sub-chain. Allowable
values range from 1 to 100. The default value is 100. See
Section 7.4.6, “The MyISAM Key Cache”.
language
The language used for error messages.
large_file_support
Whether mysqld was compiled with
options for large file support.
large_pages
Whether large page support is enabled. This variable was
added in MySQL 5.0.3.
lc_time_names
This variable specifies the locale that controls the
language used to display day and month names and
abbreviations. This variable affects the output from the
DATE_FORMAT(),
DAYNAME() and
MONTHNAME() functions. Locale names are
POSIX-style values such as 'ja_JP' or
'pt_BR'. The default value is
'en_US' regardless of your system's
locale setting. For further information, see
Section 5.10.9, “MySQL Server Locale Support”. This variable was added
in MySQL 5.0.25.
This variable applies when binary logging is enabled. It
controls whether stored function creators can be trusted
not to create stored functions that will cause unsafe
events to be written to the binary log. If set to 0 (the
default), users are not allowed to create or alter stored
functions unless they have the SUPER
privilege in addition to the CREATE
ROUTINE or ALTER ROUTINE
privilege. A setting of 0 also enforces the restriction
that a function must be declared with the
DETERMINISTIC characteristic, or with
the READS SQL DATA or NO
SQL characteristic. If the variable is set to 1,
MySQL does not enforce these restrictions on stored
function creation. See
Section 17.4, “Binary Logging of Stored Routines and Triggers”.
This variable was added in MySQL 5.0.16.
log_bin_trust_routine_creators
This is the old name for
log_bin_trust_function_creators. Before
MySQL 5.0.16, it also applies to stored procedures, not
just stored functions. As of 5.0.16, this variable is
deprecated. It is recognized for backward compatibility
but its use results in a warning.
This variable was added in MySQL 5.0.6.
log_error
The location of the error log.
log_queries_not_using_indexes
Whether queries that do not use indexes are logged to the
slow query log. See Section 5.11.4, “The Slow Query Log”. This
variable was added in MySQL 5.0.23.
log_slave_updates
Whether updates received by a slave server from a master
server should be logged to the slave's own binary log.
Binary logging must be enabled on the slave for this
variable to have any effect. See
Section 6.8, “Replication Startup Options”.
log_slow_queries
Whether slow queries should be logged. “Slow”
is determined by the value of the
long_query_time variable. See
Section 5.11.4, “The Slow Query Log”.
log_warnings
Whether to produce additional warning messages. It is
enabled (1) by default and can be disabled by setting it
to 0. Aborted connections are not logged to the error log
unless the value is greater than 1.
long_query_time
If a query takes longer than this many seconds, the server
increments the Slow_queries status
variable. If you are using the
--log-slow-queries option, the query is
logged to the slow query log file. This value is measured
in real time, not CPU time, so a query that is under the
threshold on a lightly loaded system might be above the
threshold on a heavily loaded one. The minimum value is 1.
The default is 10. See Section 5.11.4, “The Slow Query Log”.
low_priority_updates
If set to 1, all
INSERT, UPDATE,
DELETE, and LOCK TABLE
WRITE statements wait until there is no pending
SELECT or LOCK TABLE
READ on the affected table. This affects only
storage engines that use only table-level locking
(MyISAM, MEMORY,
MERGE). This variable previously was
named sql_low_priority_updates.
lower_case_file_system
This variable describes the case sensitivity of filenames
on the filesystem where the data directory is located.
OFF means filenames are case sensitive,
ON means they are not case sensitive.
lower_case_table_names
If set to 1, table names are stored in lowercase on disk
and table name comparisons are not case sensitive. If set
to 2 table names are stored as given but compared in
lowercase. This option also applies to database names and
table aliases. See
Section 9.2.2, “Identifier Case Sensitivity”.
If you are using InnoDB tables, you
should set this variable to 1 on all platforms to force
names to be converted to lowercase.
You should not set this variable to 0
if you are running MySQL on a system that does not have
case-sensitive filenames (such as Windows or Mac OS X). If
this variable is not set at startup and the filesystem on
which the data directory is located does not have
case-sensitive filenames, MySQL automatically sets
lower_case_table_names to 2.
max_allowed_packet
The maximum size of one packet or any
generated/intermediate string.
The packet message buffer is initialized to
net_buffer_length bytes, but can grow
up to max_allowed_packet bytes when
needed. This value by default is small, to catch large
(possibly incorrect) packets.
You must increase this value if you are using large
BLOB columns or long strings. It should
be as big as the largest BLOB you want
to use. The protocol limit for
max_allowed_packet is 1GB.
max_binlog_cache_size
If a multiple-statement transaction requires more than
this many bytes of memory, the server generates a
Multi-statement transaction required more than
'max_binlog_cache_size' bytes of storage error.
The minimum value is 4096, the maximum and default values
are 4GB.
max_binlog_size
If a write to the binary log causes the current log file
size to exceed the value of this variable, the server
rotates the binary logs (closes the current file and opens
the next one). You cannot set this variable to more than
1GB or to less than 4096 bytes. The default value is 1GB.
A transaction is written in one chunk to the binary log,
so it is never split between several binary logs.
Therefore, if you have big transactions, you might see
binary logs larger than
max_binlog_size.
If max_relay_log_size is 0, the value
of max_binlog_size applies to relay
logs as well.
max_connect_errors
If there are more than this number of interrupted
connections from a host, that host is blocked from further
connections. You can unblock blocked hosts with the
FLUSH HOSTS statement.
MySQL Enterprise
For notification that the maximum number of connections
is getting dangerously high and for advice on setting
the optimum value for max_connections
subscribe to the MySQL Network Monitoring and Advisory
Service. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
Do not start more than this number of threads to handle
INSERT DELAYED statements. If you try
to insert data into a new table after all INSERT
DELAYED threads are in use, the row is inserted
as if the DELAYED attribute wasn't
specified. If you set this to 0, MySQL never creates a
thread to handle DELAYED rows; in
effect, this disables DELAYED entirely.
max_error_count
The maximum number of error, warning, and note messages to
be stored for display by the SHOW
ERRORS and SHOW WARNINGS
statements.
max_heap_table_size
This variable sets the maximum size to which
MEMORY tables are allowed to grow. The
value of the variable is used to calculate
MEMORY table
MAX_ROWS values. Setting this variable
has no effect on any existing MEMORY
table, unless the table is re-created with a statement
such as CREATE TABLE or altered with
ALTER TABLE or TRUNCATE
TABLE.
MySQL Enterprise
Subscribers to the MySQL Network Monitoring and Advisory
Service receive recommendations for the optimum setting
for max_heap_table_size. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
max_insert_delayed_threads
This variable is a synonym for
max_delayed_threads.
max_join_size
Do not allow SELECT statements that
probably need to examine more than
max_join_size rows (for single-table
statements) or row combinations (for multiple-table
statements) or that are likely to do more than
max_join_size disk seeks. By setting
this value, you can catch SELECT
statements where keys are not used properly and that would
probably take a long time. Set it if your users tend to
perform joins that lack a WHERE clause,
that take a long time, or that return millions of rows.
Setting this variable to a value other than
DEFAULT resets the value of
SQL_BIG_SELECTS to
0. If you set the
SQL_BIG_SELECTS value again, the
max_join_size variable is ignored.
If a query result is in the query cache, no result size
check is performed, because the result has previously been
computed and it does not burden the server to send it to
the client.
This variable previously was named
sql_max_join_size.
This variable limits the total number of prepared
statements in the server. It can be used in environments
where there is the potential for denial-of-service attacks
based on running the server out of memory by preparing
huge numbers of statements. The default value is 16,382.
The allowable range of values is from 0 to 1 million. If
the value is set lower than the current number of prepared
statements, existing statements are not affected and can
be used, but no new statements can be prepared until the
current number drops below the limit. This variable was
added in MySQL 5.0.21.
max_relay_log_size
If a write by a replication slave to its relay log causes
the current log file size to exceed the value of this
variable, the slave rotates the relay logs (closes the
current file and opens the next one). If
max_relay_log_size is 0, the server
uses max_binlog_size for both the
binary log and the relay log. If
max_relay_log_size is greater than 0,
it constrains the size of the relay log, which enables you
to have different sizes for the two logs. You must set
max_relay_log_size to between 4096
bytes and 1GB (inclusive), or to 0. The default value is
0. See
Section 6.3, “Replication Implementation Details”.
max_seeks_for_key
Limit the assumed maximum number of seeks when looking up
rows based on a key. The MySQL optimizer assumes that no
more than this number of key seeks are required when
searching for matching rows in a table by scanning an
index, regardless of the actual cardinality of the index
(see Section 13.5.4.13, “SHOW INDEX Syntax”). By setting this to a
low value (say, 100), you can force MySQL to prefer
indexes instead of table scans.
max_sort_length
The number of bytes to use when sorting
BLOB or TEXT values.
Only the first max_sort_length bytes of
each value are used; the rest are ignored.
max_sp_recursion_depth
The number of times that a stored procedure may call
itself. The default value for this option is 0, which
completely disallows recursion in stored procedures. The
maximum value is 255.
This variable can be set globally and per session.
max_tmp_tables
The maximum number of temporary tables a client can keep
open at the same time. (This option does not yet do
anything.)
max_user_connections
The maximum number of simultaneous connections allowed to
any given MySQL account. A value of 0 means “no
limit.”
Before MySQL 5.0.3, this variable has only global scope.
Beginning with MySQL 5.0.3, it also has a read-only
session scope. The session variable has the same value as
the global variable unless the current account has a
non-zero MAX_USER_CONNECTIONS resource
limit. In that case, the session value reflects the
account limit.
max_write_lock_count
After this many write locks, allow some pending read lock
requests to be processed in between.
multi_range_count
The maximum number of ranges to send to a table handler at
once during range selects. The default value is 256.
Sending multiple ranges to a handler at once can improve
the performance of certain selects dramatically. This
especially true for the NDB Cluster table handler, which
needs to send the range requests to all nodes. Sending a
batch of those requests at once reduces the communication
costs significantly. This variable was added in MySQL
5.0.3.
myisam_block_size
The block size to be used for MyISAM
index pages.
myisam_data_pointer_size
The default pointer size in bytes, to be used by
CREATE TABLE for
MyISAM tables when no
MAX_ROWS option is specified. This
variable cannot be less than 2 or larger than 7. The
default value is 6 (4 before MySQL 5.0.6). This variable
was added in MySQL 4.1.2. See
Section B.1.2.11, “The table is full”.
myisam_max_extra_sort_file_size
(DEPRECATED)
If the temporary file used for fast
MyISAM index creation would be larger
than using the key cache by the amount specified here,
prefer the key cache method. This is mainly used to force
long character keys in large tables to use the slower key
cache method to create the index. The value is given in
bytes.
Note: This variable was
removed in MySQL 5.0.6.
myisam_max_sort_file_size
The maximum size of the temporary file that MySQL is
allowed to use while re-creating a
MyISAM index (during REPAIR
TABLE, ALTER TABLE, or
LOAD DATA INFILE). If the file size
would be larger than this value, the index is created
using the key cache instead, which is slower. The value is
given in bytes.
The default value is 2GB. If MyISAM
index files exceed this size and disk space is available,
increasing the value may help performance.
If this value is greater than 1, MyISAM
table indexes are created in parallel (each index in its
own thread) during the Repair by
sorting process. The default value is 1.
Note: Multi-threaded
repair is still beta-quality code.
myisam_sort_buffer_size
The size of the buffer that is allocated when sorting
MyISAM indexes during a REPAIR
TABLE or when creating indexes with
CREATE INDEX or ALTER
TABLE.
myisam_stats_method
How the server treats NULL values when
collecting statistics about the distribution of index
values for MyISAM tables. This variable
has two possible values, nulls_equal
and nulls_unequal. For
nulls_equal, all
NULL index values are considered equal
and form a single value group that has a size equal to the
number of NULL values. For
nulls_unequal, NULL
values are considered unequal, and each
NULL forms a distinct value group of
size 1.
This variable was added in MySQL 5.0.14. For older
versions, the statistics collection method is equivalent
to nulls_equal.
multi_read_range
Specifies the maximum number of ranges to send to a
storage engine during range selects. The default value is
256. Sending multiple ranges to an engine is a feature
that can improve the performance of certain selects
dramatically, particularly for
NDBCLUSTER. This engine needs to send
the range requests to all nodes, and sending many of those
requests at once reduces the communication costs
significantly. This variable was added in MySQL 5.0.3.
named_pipe
(Windows only.) Indicates whether the server supports
connections over named pipes.
ndb_autoincrement_prefetch_sz
Determines the probability of gaps in an autoincremented
column. Set to 1 to minimize this. Set
to a high value for optimization — makes inserts
faster, but decreases the likelihood that consecutive
autoincrement numbers will be used in a batch of inserts.
Default value: 32. Mimimum value:
1.
ndb_cache_check_time
The number of milliseconds to wait before checking the
NDB query cache. Setting this to
0 (the default and minimum value) means
that the NDB query cache will be
checked for validation on every query.
The recommended maximum value for this variable is
1000, which means that the query cache
is checked once per second. A larger value means the
NDB query cache is less often checked
and invalidated due to updates on a different
mysqld. It is generally not desirable
to set this to a value greater than
2000.
ndb_force_send
Forces sending of buffers to NDB
immediately, without waiting for other threads. Defaults
to ON.
ndb_index_stat_cache_entries
Sets the granularity of the statistics by determining the
number of starting and ending keys to store in the
statistics memory cache. Zero means no caching takes
place; in this case, the data nodes are always queried
directly. Default value: 32.
ndb_index_stat_enable
Use NDB index statistics in query
optimization. Defaults to ON.
ndb_index_stat_update_freq
How often to query data nodes instead of the statistics
cache. For example, a value of 20 (the
default) means to direct every
20th query to the data nodes.
ndb_optimized_node_selection
Causes an SQL node to contact the nearest data node in the
cluster. Enabled by default. Set to 0
or OFF to disable, in which case the
SQL node attempts to contact data nodes in succession.
ndb_report_thresh_binlog_epoch_slip
This is a threshold on the number of epochs to be behind
before reporting binlog status. For example, a value of
3 (the default) means that if the
difference between which epoch has been received from the
storage nodes and which epoch has been applied to the
binlog is 3 or more, a status message will be sent to the
cluster log.
ndb_report_thresh_binlog_mem_usage
This is a threshold on the percentage of free memory
remaining before reporting binlog status. For example, a
value of 10 (the default) means that if
the amount of available memory for receiving binlog data
from the data nodes falls below 10%, a status message will
be sent to the cluster log.
ndb_use_exact_count
Forces NDB to use a count of records
during SELECT COUNT(*) query planning
to speed up this type of query. The default value is
ON. For faster queries overall, disable
this feature by setting the value of
ndb_use_exact_count to
OFF.
ndb_use_transactions
You can disable NDB transaction support
by setting this variable's values to
OFF (not recommended). The default is
ON.
net_buffer_length
Each client thread is associated with a connection buffer
and result buffer. Both begin with a size given by
net_buffer_length but are dynamically
enlarged up to max_allowed_packet bytes
as needed. The result buffer shrinks to
net_buffer_length after each SQL
statement.
This variable should not normally be changed, but if you
have very little memory, you can set it to the expected
length of statements sent by clients. If statements exceed
this length, the connection buffer is automatically
enlarged. The maximum value to which
net_buffer_length can be set is 1MB.
net_read_timeout
The number of seconds to wait for more data from a
connection before aborting the read. This timeout applies
only to TCP/IP connections, not to connections made via
Unix socket files, named pipes, or shared memory. When the
server is reading from the client,
net_read_timeout is the timeout value
controlling when to abort. When the server is writing to
the client, net_write_timeout is the
timeout value controlling when to abort. See also
slave_net_timeout.
net_retry_count
If a read on a communication port is interrupted, retry
this many times before giving up. This value should be set
quite high on FreeBSD because internal interrupts are sent
to all threads.
net_write_timeout
The number of seconds to wait for a block to be written to
a connection before aborting the write. This timeout
applies only to TCP/IP connections, not to connections
made via Unix socket files, named pipes, or shared memory.
See also net_read_timeout.
new
This variable was used in MySQL 4.0 to turn on some 4.1
behaviors, and is retained for backward compatibility. In
MySQL 5.0, its value is always
OFF.
This is not a variable, but it can be used when setting
some variables. It is described in
Section 13.5.3, “SET Syntax”.
open_files_limit
The number of files that the operating system allows
mysqld to open. This is the real value
allowed by the system and might be different from the
value you gave using the
--open-files-limit option to
mysqld or
mysqld_safe. The value is 0 on systems
where MySQL can't change the number of open files.
optimizer_prune_level
Controls the heuristics applied during query optimization
to prune less-promising partial plans from the optimizer
search space. A value of 0 disables heuristics so that the
optimizer performs an exhaustive search. A value of 1
causes the optimizer to prune plans based on the number of
rows retrieved by intermediate plans. This variable was
added in MySQL 5.0.1.
optimizer_search_depth
The maximum depth of search performed by the query
optimizer. Values larger than the number of relations in a
query result in better query plans, but take longer to
generate an execution plan for a query. Values smaller
than the number of relations in a query return an
execution plan quicker, but the resulting plan may be far
from being optimal. If set to 0, the system automatically
picks a reasonable value. If set to the maximum number of
tables used in a query plus 2, the optimizer switches to
the algorithm used in MySQL 5.0.0 (and previous versions)
for performing searches. This variable was added in MySQL
5.0.1.
pid_file
The pathname of the process ID (PID) file. This variable
can be set with the --pid-file option.
port
The number of the port on which the server listens for
TCP/IP connections. This variable can be set with the
--port option.
preload_buffer_size
The size of the buffer that is allocated when preloading
indexes.
prepared_stmt_count
The current number of prepared statements. (The maximum
number of statements is given by the
max_prepared_stmt_count system
variable.) This variable was added in MySQL 5.0.21. In
MySQL 5.0.32, it was converted to the global
Prepared_stmt_count status variable.
protocol_version
The version of the client/server protocol used by the
MySQL server.
query_alloc_block_size
The allocation size of memory blocks that are allocated
for objects created during statement parsing and
execution. If you have problems with memory fragmentation,
it might help to increase this a bit.
query_cache_limit
Don't cache results that are larger than this number of
bytes. The default value is 1MB.
query_cache_min_res_unit
The minimum size (in bytes) for blocks allocated by the
query cache. The default value is 4096 (4KB). Tuning
information for this variable is given in
Section 5.13.3, “Query Cache Configuration”.
query_cache_size
The amount of memory allocated for caching query results.
The default value is 0, which disables the query cache.
The allowable values are multiples of 1024; other values
are rounded down to the nearest multiple. Note that
query_cache_size bytes of memory are
allocated even if query_cache_type is
set to 0. See Section 5.13.3, “Query Cache Configuration”,
for more information.
query_cache_type
Set the query cache type. Setting the
GLOBAL value sets the type for all
clients that connect thereafter. Individual clients can
set the SESSION value to affect their
own use of the query cache. Possible values are shown in
the following table:
Option
Description
0 or OFF
Don't cache results in or retrieve results from the query cache. Note
that this does not deallocate the query cache
buffer. To do that, you should set
query_cache_size to 0.
1 or ON
Cache all query results except for those that begin with SELECT
SQL_NO_CACHE.
2 or DEMAND
Cache results only for queries that begin with SELECT
SQL_CACHE.
This variable defaults to ON.
query_cache_wlock_invalidate
Normally, when one client acquires a
WRITE lock on a
MyISAM table, other clients are not
blocked from issuing statements that read from the table
if the query results are present in the query cache.
Setting this variable to 1 causes acquisition of a
WRITE lock for a table to invalidate
any queries in the query cache that refer to the table.
This forces other clients that attempt to access the table
to wait while the lock is in effect.
query_prealloc_size
The size of the persistent buffer used for statement
parsing and execution. This buffer is not freed between
statements. If you are running complex queries, a larger
query_prealloc_size value might be
helpful in improving performance, because it can reduce
the need for the server to perform memory allocation
during query execution operations.
range_alloc_block_size
The size of blocks that are allocated when doing range
optimization.
read_buffer_size
Each thread that does a sequential scan allocates a buffer
of this size (in bytes) for each table it scans. If you do
many sequential scans, you might want to increase this
value, which defaults to 131072.
read_buffer_size and
read_rnd_buffer_size are not specific
to any storage engine and apply in a general manner for
optimization. See Section 7.5.5, “How MySQL Uses Memory”, for
example.
read_only
When this variable is set to ON, the
server allows no updates except from users that have the
SUPER privilege or (on a slave server)
from updates performed by slave threads. On a slave
server, this can be useful to ensure that the slave
accepts updates only from its master server and not from
clients. As of MySQL 5.0.16, this variable does not apply
to TEMPORARY tables.
read_only exists only as a
GLOBAL variable, so changes to its
value require the SUPER privilege.
Changes to read_only on a master server
are not replicated to slave servers. The value can be set
on a slave server independent of the setting on the
master.
read_rnd_buffer_size
When reading rows in sorted order following a key-sorting
operation, the rows are read through this buffer to avoid
disk seeks. Setting the variable to a large value can
improve ORDER BY performance by a lot.
However, this is a buffer allocated for each client, so
you should not set the global variable to a large value.
Instead, change the session variable only from within
those clients that need to run large queries.
read_buffer_size and
read_rnd_buffer_size are not specific
to any storage engine and apply in a general manner for
optimization. See Section 7.5.5, “How MySQL Uses Memory”, for
example.
relay_log_purge
Disables or enables automatic purging of relay log files
as soon as they are not needed any more. The default value
is 1 (ON).
rpl_recovery_rank
This variable is unused.
secure_auth
If the MySQL server has been started with the
--secure-auth option, it blocks
connections from all accounts that have passwords stored
in the old (pre-4.1) format. In that case, the value of
this variable is ON, otherwise it is
OFF.
You should enable this option if you want to prevent all
use of passwords employing the old format (and hence
insecure communication over the network).
By default, this variable is empty. If set to the name of
a directory, it limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in
that directory.
This variable was added in MySQL 5.0.38.
server_id
The server ID. This value is set by the
--server-id option. It is used for
replication to enable master and slave servers to identify
themselves uniquely.
shared_memory
(Windows only.) Whether the server allows shared-memory
connections.
shared_memory_base_name
(Windows only.) The name of shared memory to use for
shared-memory connections. This is useful when running
multiple MySQL instances on a single physical machine. The
default name is MYSQL. The name is case
sensitive.
skip_external_locking
This is OFF if
mysqld uses external locking,
ON if external locking is disabled.
skip_networking
This is ON if the server allows only
local (non-TCP/IP) connections. On Unix, local connections
use a Unix socket file. On Windows, local connections use
a named pipe or shared memory. On NetWare, only TCP/IP
connections are supported, so do not set this variable to
ON. This variable can be set to
ON with the
--skip-networking option.
skip_show_database
This prevents people from using the SHOW
DATABASES statement if they do not have the
SHOW DATABASES privilege. This can
improve security if you have concerns about users being
able to see databases belonging to other users. Its effect
depends on the SHOW DATABASES
privilege: If the variable value is ON,
the SHOW DATABASES statement is allowed
only to users who have the SHOW
DATABASES privilege, and the statement displays
all database names. If the value is
OFF, SHOW DATABASES
is allowed to all users, but displays the names of only
those databases for which the user has the SHOW
DATABASES or other privilege.
slave_compressed_protocol
Whether to use compression of the slave/master protocol if
both the slave and the master support it.
slave_load_tmpdir
The name of the directory where the slave creates
temporary files for replicating LOAD DATA
INFILE statements.
slave_net_timeout
The number of seconds to wait for more data from a
master/slave connection before aborting the read. This
timeout applies only to TCP/IP connections, not to
connections made via Unix socket files, named pipes, or
shared memory.
slave_skip_errors
The replication errors that the slave should skip
(ignore).
slave_transaction_retries
If a replication slave SQL thread fails to execute a
transaction because of an InnoDB
deadlock or exceeded InnoDB's
innodb_lock_wait_timeout or
NDBCluster's
TransactionDeadlockDetectionTimeout or
TransactionInactiveTimeout, it
automatically retries
slave_transaction_retries times before
stopping with an error. The default priot to MySQL 4.0.3
is 0. You must explicitly set the value greater than 0 to
enable the “retry” behavior, which is
probably a good idea. In MySQL 5.0.3 or newer, the default
is 10.
slow_launch_time
If creating a thread takes longer than this many seconds,
the server increments the
Slow_launch_threads status variable.
socket
On Unix platforms, this variable is the name of the socket
file that is used for local client connections. The
default is /tmp/mysql.sock. (For some
distribution formats, the directory might be different,
such as /var/lib/mysql for RPMs.)
On Windows, this variable is the name of the named pipe
that is used for local client connections. The default
value is MySQL (not case sensitive).
The path to a file with a list of trusted SSL CAs. This
variable was added in MySQL 5.0.23.
ssl_capath
The path to a directory that contains trusted SSL CA
certificates in PEM format. This variable was added in
MySQL 5.0.23.
ssl_cert
The name of the SSL certificate file to use for
establishing a secure connection. This variable was added
in MySQL 5.0.23.
ssl_cipher
A list of allowable ciphers to use for SSL encryption. The
cipher list has the same format as the openssl
ciphers command. This variable was added in
MySQL 5.0.23.
ssl_key
The name of the SSL key file to use for establishing a
secure connection. This variable was added in MySQL
5.0.23.
storage_engine
The default storage engine (table type). To set the
storage engine at server startup, use the
--default-storage-engine option. See
Section 5.2.2, “Command Options”.
sync_binlog
If the value of this variable is positive, the MySQL
server synchronizes its binary log to disk (using
fdatasync()) after every
sync_binlog writes to the binary log.
Note that there is one write to the binary log per
statement if autocommit is enabled, and one write per
transaction otherwise. The default value is 0, which does
no synchronizing to disk. A value of 1 is the safest
choice, because in the event of a crash you lose at most
one statement or transaction from the binary log. However,
it is also the slowest choice (unless the disk has a
battery-backed cache, which makes synchronization very
fast).
If the value of sync_binlog is 0 (the
default), no extra flushing is done. The server relies on
the operating system to flush the file contents
occasionaly as for any other file.
sync_frm
If this variable is set to 1, when any non-temporary table
is created its .frm file is
synchronized to disk (using
fdatasync()). This is slower but safer
in case of a crash. The default is 1.
system_time_zone
The server system time zone. When the server begins
executing, it inherits a time zone setting from the
machine defaults, possibly modified by the environment of
the account used for running the server or the startup
script. The value is used to set
system_time_zone. Typically the time
zone is specified by the TZ environment
variable. It also can be specified using the
--timezone option of the
mysqld_safe script.
The system_time_zone variable differs
from time_zone. Although they might
have the same value, the latter variable is used to
initialize the time zone for each client that connects.
See Section 5.10.8, “MySQL Server Time Zone Support”.
table_cache
The number of open tables for all threads. Increasing this
value increases the number of file descriptors that
mysqld requires. You can check whether
you need to increase the table cache by checking the
Opened_tables status variable. See
Section 5.2.5, “Status Variables”. If the value of
Opened_tables is large and you don't do
FLUSH TABLES often (which just forces
all tables to be closed and reopened), then you should
increase the value of the table_cache
variable. For more information about the table cache, see
Section 7.4.8, “How MySQL Opens and Closes Tables”.
table_lock_wait_timeout
Specifies a wait timeout for table-level locks, in
seconds. The default timeout is 50 seconds. The timeout is
active only if the connection has open cursors. This
variable can also be set globally at runtime (you need the
SUPER privilege to do this). It's
available as of MySQL 5.0.10.
table_type
This variable is a synonym for
storage_engine. In MySQL
5.0, storage_engine is the
preferred name.
thread_cache_size
How many threads the server should cache for reuse. When a
client disconnects, the client's threads are put in the
cache if there are fewer than
thread_cache_size threads there.
Requests for threads are satisfied by reusing threads
taken from the cache if possible, and only when the cache
is empty is a new thread created. This variable can be
increased to improve performance if you have a lot of new
connections. (Normally, this doesn't provide a notable
performance improvement if you have a good thread
implementation.) By examining the difference between the
Connections and
Threads_created status variables, you
can see how efficient the thread cache is. For details,
see Section 5.2.5, “Status Variables”.
thread_concurrency
On Solaris, mysqld calls
thr_setconcurrency() with this value.
This function enables applications to give the threads
system a hint about the desired number of threads that
should be run at the same time.
thread_stack
The stack size for each thread. Many of the limits
detected by the crash-me test are
dependent on this value. The default is large enough for
normal operation. See Section 7.1.4, “The MySQL Benchmark Suite”.
The default is 192KB.
time_format
This variable is not implemented.
time_zone
The current time zone. This variable is used to initialize
the time zone for each client that connects. By default,
the initial value of this is 'SYSTEM'
(which means, “use the value of
system_time_zone”). The value
can be specified explicitly at server startup with the
--default-time-zone option. See
Section 5.10.8, “MySQL Server Time Zone Support”.
timed_mutexes
This variable controls whether InnoDB
mutexes are timed. If this variable is set to 0 or
OFF (the default), mutex timing is
disabled. If the variable is set to 1 or
ON, mutex timing is enabled. With
timing enabled, the os_wait_times value
in the output from SHOW ENGINE INNODB
MUTEX indicates the amount of time (in ms) spent
in operating system waits. Otherwise, the value is 0. This
variable was added in MySQL 5.0.3.
tmp_table_size
The maximum size of in-memory temporary tables. (The
actual limit is determined as the smaller of
max_heap_table_size and
tmp_table_size.) If an in-memory
temporary table exceeds the limit, MySQL automatically
converts it to an on-disk MyISAM table.
Increase the value of tmp_table_size
(and max_heap_table_size if necessary)
if you do many advanced GROUP BY
queries and you have lots of memory.
tmpdir
The directory used for temporary files and temporary
tables. This variable can be set to a list of several
paths that are used in round-robin fashion. Paths should
be separated by colon characters
(‘:’) on Unix and semicolon
characters (‘;’) on
Windows, NetWare, and OS/2.
The multiple-directory feature can be used to spread the
load between several physical disks. If the MySQL server
is acting as a replication slave, you should not set
tmpdir to point to a directory on a
memory-based filesystem or to a directory that is cleared
when the server host restarts. A replication slave needs
some of its temporary files to survive a machine restart
so that it can replicate temporary tables or LOAD
DATA INFILE operations. If files in the
temporary file directory are lost when the server
restarts, replication fails. However, if you are using
MySQL 4.0.0 or later, you can set the slave's temporary
directory using the slave_load_tmpdir
variable. In that case, the slave won't use the general
tmpdir value and you can set
tmpdir to a non-permanent location.
transaction_alloc_block_size
The amount in bytes by which to increase a per-transaction
memory pool which needs memory. See the description of
transaction_prealloc_size.
transaction_prealloc_size
There is a per-transaction memory pool from which various
transaction-related allocations take memory. The initial
size of the pool in bytes is
transaction_prealloc_size. For every
allocation that cannot be satisfied from the pool because
it has insufficient memory available, the pool is
increased by
transaction_alloc_block_size bytes.
When the transaction ends, the pool is truncated to
transaction_prealloc_size bytes.
By making transaction_prealloc_size
sufficiently large to contain all statements within a
single transaction, you can avoid many
malloc() calls.
tx_isolation
The default transaction isolation level. Defaults to
REPEATABLE-READ.
This variable is set by the SET TRANSACTION
ISOLATION LEVEL statement. See
Section 13.4.6, “SET TRANSACTION Syntax”. If you set
tx_isolation directly to an isolation
level name that contains a space, the name should be
enclosed within quotes, with the space replaced by a dash.
For example:
SET tx_isolation = 'READ-COMMITTED';
updatable_views_with_limit
This variable controls whether updates to a view can be
made when the view does not contain all columns of the
primary key defined in the underlying table, if the update
statement contains a LIMIT clause.
(Such updates often are generated by GUI tools.) An update
is an UPDATE or
DELETE statement. Primary key here
means a PRIMARY KEY, or a
UNIQUE index in which no column can
contain NULL.
The variable can have two values:
1 or YES: Issue
a warning only (not an error message). This is the
default value.
0 or NO:
Prohibit the update.
This variable was added in MySQL 5.0.2.
version
The version number for the server.
Starting with MySQL 5.0.24, the version number will also
indicate whether the server is a standard release
(Community) or Enterprise release (for example,
5.0.28-enterprise-gpl-nt).
version_bdb
The BDB storage engine version.
version_comment
The configure script has a
--with-comment option that allows a
comment to be specified when building MySQL. This variable
contains the value of that comment.
For precompiled binaries, this variable will hold the
server version and license information. Starting with
MySQL 5.0.24, version_comment will
include the full server type and license. For community
users this will appear as MySQL Community Edition
- Standard (GPL). For Enterprise users, the
version might be displayed as MySQL Enterprise
Server (GPL). The corresponding license for your
MySQL binary is shown in parentheses. For server compiled
from source, the default value will be the same as that
for Community releases.
version_compile_machine
The type of machine or architecture on which MySQL was
built.
version_compile_os
The type of operating system on which MySQL was built.
wait_timeout
The number of seconds the server waits for activity on a
non-interactive connection before closing it. This timeout
applies only to TCP/IP and Unix socket file connections,
not to connections made via named pipes, or shared memory.
On thread startup, the session
wait_timeout value is initialized from
the global wait_timeout value or from
the global interactive_timeout value,
depending on the type of client (as defined by the
CLIENT_INTERACTIVE connect option to
mysql_real_connect()). See also
interactive_timeout.
The mysql server maintains many system
variables that indicate how it is configured.
Section 5.2.3, “System Variables”, describes the
meaning of these variables. Each system variable has a default
value. System variables can be set at server startup using
options on the command line or in an option file. Most of them
can be changed dynamically while the server is running by
means of the SET statement, which enables
you to modify operation of the server without having to stop
and restart it. You can refer to system variable values in
expressions.
The server maintains two kinds of system variables. Global
variables affect the overall operation of the server. Session
variables affect its operation for individual client
connections. A given system variable can have both a global
and a session value. Global and session system variables are
related as follows:
When the server starts, it initializes all global
variables to their default values. These defaults can be
changed by options specified on the command line or in an
option file. (See Section 4.3, “Specifying Program Options”.)
The server also maintains a set of session variables for
each client that connects. The client's session variables
are initialized at connect time using the current values
of the corresponding global variables. For example, the
client's SQL mode is controlled by the session
sql_mode value, which is initialized
when the client connects to the value of the global
sql_mode value.
System variable values can be set globally at server startup
by using options on the command line or in an option file.
When you use a startup option to set a variable that takes a
numeric value, the value can be given with a suffix of
K, M, or
G (either uppercase or lowercase) to
indicate a multiplier of 1024,
10242 or
10243; that is, units of kilobytes,
megabytes, or gigabytes, respectively. Thus, the following
command starts the server with a query cache size of 16
megabytes and a maximum packet size of one gigabyte:
The lettercase of suffix letters does not matter;
16M and 16m are
equivalent, as are 1G and
1g.
If you want to restrict the maximum value to which a system
variable can be set at runtime with the SET
statement, you can specify this maximum by using an option of
the form
--maximum-var_name=value
at server startup. For example, to prevent the value of
query_cache_size from being increased to
more than 32MB at runtime, use the option
--maximum-query_cache_size=32M.
Many system variables are dynamic and can be changed while the
server runs by using the SET statement. For
a list, see Section 5.2.4.2, “Dynamic System Variables”. To
change a system variable with SET, refer to
it as var_name, optionally preceded
by a modifier:
To indicate explicitly that a variable is a global
variable, precede its name by GLOBAL or
@@global.. The SUPER
privilege is required to set global variables.
To indicate explicitly that a variable is a session
variable, precede its name by SESSION,
@@session., or @@.
Setting a session variable requires no special privilege,
but a client can change only its own session variables,
not those of any other client.
LOCAL and @@local.
are synonyms for SESSION and
@@session..
If no modifier is present, SET changes
the session variable.
A SET statement can contain multiple
variable assignments, separated by commas. If you set several
system variables, the most recent GLOBAL or
SESSION modifier in the statement is used
for following variables that have no modifier specified.
Examples:
SET sort_buffer_size=10000;
SET @@local.sort_buffer_size=10000;
SET GLOBAL sort_buffer_size=1000000, SESSION sort_buffer_size=1000000;
SET @@sort_buffer_size=1000000;
SET @@global.sort_buffer_size=1000000, @@local.sort_buffer_size=1000000;
When you assign a value to a system variable with
SET, you cannot use suffix letters in the
value (as can be done with startup options). However, the
value can take the form of an expression:
SET sort_buffer_size = 10 * 1024 * 1024;
The @@var_name
syntax for system variables is supported for compatibility
with some other database systems.
If you change a session system variable, the value remains in
effect until your session ends or until you change the
variable to a different value. The change is not visible to
other clients.
If you change a global system variable, the value is
remembered and used for new connections until the server
restarts. (To make a global system variable setting permanent,
you should set it in an option file.) The change is visible to
any client that accesses that global variable. However, the
change affects the corresponding session variable only for
clients that connect after the change. The global variable
change does not affect the session variable for any client
that is currently connected (not even that of the client that
issues the SET GLOBAL statement).
To prevent incorrect usage, MySQL produces an error if you use
SET GLOBAL with a variable that can only be
used with SET SESSION or if you do not
specify GLOBAL (or
@@global.) when setting a global variable.
To set a SESSION variable to the
GLOBAL value or a GLOBAL
value to the compiled-in MySQL default value, use the
DEFAULT keyword. For example, the following
two statements are identical in setting the session value of
max_join_size to the global value:
SET max_join_size=DEFAULT;
SET @@session.max_join_size=@@global.max_join_size;
Not all system variables can be set to
DEFAULT. In such cases, use of
DEFAULT results in an error.
You can refer to the values of specific global or sesson
system variables in expressions by using one of the
@@-modifiers. For example, you can retrieve
values in a SELECT statement like this:
When you refer to a system variable in an expression as
@@var_name (that
is, when you do not specify @@global. or
@@session.), MySQL returns the session
value if it exists and the global value otherwise. (This
differs from SET
@@var_name =
value, which always
refers to the session value.)
Note: Some system variables can be
enabled with the SET statement by setting
them to ON or 1, or
disabled by setting them to OFF or
0. However, to set such a variable on the
command line or in an option file, you must set it to
1 or 0; setting it to
ON or OFF will not work.
For example, on the command line,
--delay_key_write=1 works but
--delay_key_write=ON does not.
To display system variable names and values, use the
SHOW VARIABLES statement:
With a LIKE clause, the statement displays
only those variables that match the pattern. To obtain a
specific variable name, use a LIKE clause
as shown:
SHOW VARIABLES LIKE 'max_join_size';
SHOW SESSION VARIABLES LIKE 'max_join_size';
To get a list of variables whose name match a pattern, use the
‘%’ wildcard character in a
LIKE clause:
SHOW VARIABLES LIKE '%size%';
SHOW GLOBAL VARIABLES LIKE '%size%';
Wildcard characters can be used in any position within the
pattern to be matched. Strictly speaking, because
‘_’ is a wildcard that matches
any single character, you should escape it as
‘\_’ to match it literally. In
practice, this is rarely necessary.
For SHOW VARIABLES, if you specify neither
GLOBAL nor SESSION,
MySQL returns SESSION values.
The reason for requiring the GLOBAL keyword
when setting GLOBAL-only variables but not
when retrieving them is to prevent problems in the future. If
we were to remove a SESSION variable that
has the same name as a GLOBAL variable, a
client with the SUPER privilege might
accidentally change the GLOBAL variable
rather than just the SESSION variable for
its own connection. If we add a SESSION
variable with the same name as a GLOBAL
variable, a client that intends to change the
GLOBAL variable might find only its own
SESSION variable changed.
5.2.4.1. Structured System Variables
A structured variable differs from a regular system variable
in two respects:
Its value is a structure with components that specify
server parameters considered to be closely related.
There might be several instances of a given type of
structured variable. Each one has a different name and
refers to a different resource maintained by the server.
MySQL 5.0 supports one structured variable
type, which specifies parameters governing the operation of
key caches. A key cache structured variable has these
components:
key_buffer_size
key_cache_block_size
key_cache_division_limit
key_cache_age_threshold
This section describes the syntax for referring to
structured variables. Key cache variables are used for
syntax examples, but specific details about how key caches
operate are found elsewhere, in
Section 7.4.6, “The MyISAM Key Cache”.
To refer to a component of a structured variable instance,
you can use a compound name in
instance_name.component_name
format. Examples:
For each structured system variable, an instance with the
name of default is always predefined. If
you refer to a component of a structured variable without
any instance name, the default instance
is used. Thus, default.key_buffer_size
and key_buffer_size both refer to the
same system variable.
Structured variable instances and components follow these
naming rules:
For a given type of structured variable, each instance
must have a name that is unique
within variables of that type.
However, instance names need not be unique
across structured variable types.
For example, each structured variable has an instance
named default, so
default is not unique across variable
types.
The names of the components of each structured variable
type must be unique across all system variable names. If
this were not true (that is, if two different types of
structured variables could share component member
names), it would not be clear which default structured
variable to use for references to member names that are
not qualified by an instance name.
If a structured variable instance name is not legal as
an unquoted identifier, refer to it as a quoted
identifier using backticks. For example,
hot-cache is not legal, but
`hot-cache` is.
global, session,
and local are not legal instance
names. This avoids a conflict with notation such as
@@global.var_name
for referring to non-structured system variables.
Currently, the first two rules have no possibility of being
violated because the only structured variable type is the
one for key caches. These rules will assume greater
significance if some other type of structured variable is
created in the future.
With one exception, you can refer to structured variable
components using compound names in any context where simple
variable names can occur. For example, you can assign a
value to a structured variable using a command-line option:
shell> mysqld --hot_cache.key_buffer_size=64K
In an option file, use this syntax:
[mysqld]
hot_cache.key_buffer_size=64K
If you start the server with this option, it creates a key
cache named hot_cache with a size of 64KB
in addition to the default key cache that has a default size
of 8MB.
In this case, the server sets the size of the default key
cache to 256KB. (You could also have written
--default.key_buffer_size=256K.) In
addition, the server creates a second key cache named
extra_cache that has a size of 128KB,
with the size of block buffers for caching table index
blocks set to 2048 bytes.
The following example starts the server with three different
key caches having sizes in a 3:1:1 ratio:
Structured variable values may be set and retrieved at
runtime as well. For example, to set a key cache named
hot_cache to a size of 10MB, use either
of these statements:
mysql> SET GLOBAL hot_cache.key_buffer_size = 10*1024*1024;
mysql> SET @@global.hot_cache.key_buffer_size = 10*1024*1024;
To retrieve the cache size, do this:
mysql> SELECT @@global.hot_cache.key_buffer_size;
However, the following statement does not work. The variable
is not interpreted as a compound name, but as a simple
string for a LIKE pattern-matching
operation:
mysql> SHOW GLOBAL VARIABLES LIKE 'hot_cache.key_buffer_size';
This is the exception to being able to use structured
variable names anywhere a simple variable name may occur.
5.2.4.2. Dynamic System Variables
Many server system variables are dynamic and can be set at
runtime using SET GLOBAL or SET
SESSION. You can also obtain their values using
SELECT. See
Section 5.2.4, “Using System Variables”.
The following table shows the full list of all dynamic
system variables. The last column indicates for each
variable whether GLOBAL or
SESSION (or both) apply. The table also
lists session options that can be set with the
SET statement.
Section 13.5.3, “SET Syntax”, discusses these options.
Variables that have a type of “string” take a
string value. Variables that have a type of
“numeric” take a numeric value. Variables that
have a type of “boolean” can be set to 0, 1,
ON or OFF. (If you set
them on the command line or in an option file, use the
numeric values.) Variables that are marked as
“enumeration” normally should be set to one of
the available values for the variable, but can also be set
to the number that corresponds to the desired enumeration
value. For enumerated system variables, the first
enumeration value corresponds to 0. This differs from
ENUM columns, for which the first
enumeration value corresponds to 1.
Variable Name
Value Type
Type
autocommit
boolean
SESSION
automatic_sp_privileges
boolean
GLOBAL
big_tables
boolean
SESSION
binlog_cache_size
numeric
GLOBAL
bulk_insert_buffer_size
numeric
GLOBAL | SESSION
character_set_client
string
GLOBAL | SESSION
character_set_connection
string
GLOBAL | SESSION
character_set_filesystem
string
GLOBAL | SESSION
character_set_results
string
GLOBAL | SESSION
character_set_server
string
GLOBAL | SESSION
collation_connection
string
GLOBAL | SESSION
collation_server
string
GLOBAL | SESSION
completion_type
numeric
GLOBAL | SESSION
concurrent_insert
numeric
GLOBAL
connect_timeout
numeric
GLOBAL
default_week_format
numeric
GLOBAL | SESSION
delay_key_write
OFF | ON | ALL
GLOBAL
delayed_insert_limit
numeric
GLOBAL
delayed_insert_timeout
numeric
GLOBAL
delayed_queue_size
numeric
GLOBAL
div_precision_increment
numeric
GLOBAL | SESSION
engine_condition_pushdown
boolean
GLOBAL | SESSION
error_count
numeric
SESSION
expire_logs_days
numeric
GLOBAL
flush
boolean
GLOBAL
flush_time
numeric
GLOBAL
foreign_key_checks
boolean
SESSION
ft_boolean_syntax
string
GLOBAL
group_concat_max_len
numeric
GLOBAL | SESSION
identity
numeric
SESSION
innodb_autoextend_increment
numeric
GLOBAL
innodb_commit_concurrency
numeric
GLOBAL
innodb_concurrency_tickets
numeric
GLOBAL
innodb_max_dirty_pages_pct
numeric
GLOBAL
innodb_max_purge_lag
numeric
GLOBAL
innodb_support_xa
boolean
GLOBAL | SESSION
innodb_sync_spin_loops
numeric
GLOBAL
innodb_table_locks
boolean
GLOBAL | SESSION
innodb_thread_concurrency
numeric
GLOBAL
innodb_thread_sleep_delay
numeric
GLOBAL
insert_id
numeric
SESSION
interactive_timeout
numeric
GLOBAL | SESSION
join_buffer_size
numeric
GLOBAL | SESSION
key_buffer_size
numeric
GLOBAL
last_insert_id
numeric
SESSION
lc_time_names
string
GLOBAL | SESSION
local_infile
boolean
GLOBAL
log_queries_not_using_indexes
boolean
GLOBAL
log_warnings
numeric
GLOBAL
long_query_time
numeric
GLOBAL | SESSION
low_priority_updates
boolean
GLOBAL | SESSION
max_allowed_packet
numeric
GLOBAL | SESSION
max_binlog_cache_size
numeric
GLOBAL
max_binlog_size
numeric
GLOBAL
max_connect_errors
numeric
GLOBAL
max_connections
numeric
GLOBAL
max_delayed_threads
numeric
GLOBAL
max_error_count
numeric
GLOBAL | SESSION
max_heap_table_size
numeric
GLOBAL | SESSION
max_insert_delayed_threads
numeric
GLOBAL
max_join_size
numeric
GLOBAL | SESSION
max_prepared_stmt_count
numeric
GLOBAL
max_relay_log_size
numeric
GLOBAL
max_seeks_for_key
numeric
GLOBAL | SESSION
max_sort_length
numeric
GLOBAL | SESSION
max_tmp_tables
numeric
GLOBAL | SESSION
max_user_connections
numeric
GLOBAL
max_write_lock_count
numeric
GLOBAL
multi_range_count
numeric
GLOBAL | SESSION
myisam_data_pointer_size
numeric
GLOBAL
log_bin_trust_function_creators
boolean
GLOBAL
myisam_max_sort_file_size
numeric
GLOBAL | SESSION
myisam_repair_threads
numeric
GLOBAL | SESSION
myisam_sort_buffer_size
numeric
GLOBAL | SESSION
myisam_stats_method
enum
GLOBAL | SESSION
net_buffer_length
numeric
GLOBAL | SESSION
net_read_timeout
numeric
GLOBAL | SESSION
net_retry_count
numeric
GLOBAL | SESSION
net_write_timeout
numeric
GLOBAL | SESSION
old_passwords
numeric
GLOBAL | SESSION
optimizer_prune_level
numeric
GLOBAL | SESSION
optimizer_search_depth
numeric
GLOBAL | SESSION
preload_buffer_size
numeric
GLOBAL | SESSION
profiling
boolean
SESSION
profiling_history_size
numeric
SESSION
query_alloc_block_size
numeric
GLOBAL | SESSION
query_cache_limit
numeric
GLOBAL
query_cache_size
numeric
GLOBAL
query_cache_type
enumeration
GLOBAL | SESSION
query_cache_wlock_invalidate
boolean
GLOBAL | SESSION
query_prealloc_size
numeric
GLOBAL | SESSION
range_alloc_block_size
numeric
GLOBAL | SESSION
read_buffer_size
numeric
GLOBAL | SESSION
read_only
numeric
GLOBAL
read_rnd_buffer_size
numeric
GLOBAL | SESSION
rpl_recovery_rank
numeric
GLOBAL
safe_show_database
boolean
GLOBAL
secure_auth
boolean
GLOBAL
server_id
numeric
GLOBAL
slave_compressed_protocol
boolean
GLOBAL
slave_net_timeout
numeric
GLOBAL
slave_transaction_retries
numeric
GLOBAL
slow_launch_time
numeric
GLOBAL
sort_buffer_size
numeric
GLOBAL | SESSION
sql_auto_is_null
boolean
SESSION
sql_big_selects
boolean
SESSION
sql_big_tables
boolean
SESSION
sql_buffer_result
boolean
SESSION
sql_log_bin
boolean
SESSION
sql_log_off
boolean
SESSION
sql_log_update
boolean
SESSION
sql_low_priority_updates
boolean
GLOBAL | SESSION
sql_max_join_size
numeric
GLOBAL | SESSION
sql_mode
enumeration
GLOBAL | SESSION
sql_notes
boolean
SESSION
sql_quote_show_create
boolean
SESSION
sql_safe_updates
boolean
SESSION
sql_select_limit
numeric
SESSION
sql_slave_skip_counter
numeric
GLOBAL
updatable_views_with_limit
enumeration
GLOBAL | SESSION
sql_warnings
boolean
SESSION
sync_binlog
numeric
GLOBAL
sync_frm
boolean
GLOBAL
storage_engine
enumeration
GLOBAL | SESSION
table_cache
numeric
GLOBAL
table_type
enumeration
GLOBAL | SESSION
thread_cache_size
numeric
GLOBAL
time_zone
string
GLOBAL | SESSION
timestamp
boolean
SESSION
tmp_table_size
enumeration
GLOBAL | SESSION
transaction_alloc_block_size
numeric
GLOBAL | SESSION
transaction_prealloc_size
numeric
GLOBAL | SESSION
tx_isolation
enumeration
GLOBAL | SESSION
unique_checks
boolean
SESSION
wait_timeout
numeric
GLOBAL | SESSION
warning_count
numeric
SESSION
MySQL Enterprise
Improper configuration of system variables can adversely
affect performance and security. The MySQL Network
Monitoring and Advisory Service continually monitors
system variables and provides expert advice about
appropriate settings. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
5.2.5. Status Variables
The server maintains many status variables that provide
information about its operation. You can view these variables
and their values by using the SHOW [GLOBAL]
STATUS statement. The optional
GLOBAL keyword aggregates the values over
all connections.
Note: Before MySQL 5.0.2,
SHOW STATUS returned global status values.
Because the default as of 5.0.2 is to return session values,
this is incompatible with previous versions. To issue a
SHOW STATUS statement that will retrieve
global status values for all versions of MySQL, write it like
this:
SHOW /*!50002 GLOBAL */ STATUS;
Many status variables are reset to 0 by the FLUSH
STATUS statement.
The status variables have the following meanings. Variables
with no version indicated were already present prior to MySQL
5.0. For information regarding their
implementation history, see
MySQL 3.23, 4.0, 4.1 Reference Manual.
The number of transactions that used the temporary binary
log cache but that exceeded the value of
binlog_cache_size and used a temporary
file to store statements from the transaction.
Binlog_cache_use
The number of transactions that used the temporary binary
log cache.
Bytes_received
The number of bytes received from all clients.
Bytes_sent
The number of bytes sent to all clients.
Com_xxx
The Com_xxx
statement counter variables indicate the number of times
each xxx statement has been
executed. There is one status variable for each type of
statement. For example, Com_delete and
Com_insert count
DELETE and INSERT
statements, respectively. However, if a query result is
returned from query cache, the server increments the
Qcache_hits status variable, not
Com_select. See
Section 5.13.4, “Query Cache Status and Maintenance”.
All of the
Com_stmt_xxx
variables are increased even if a prepared statement
argument is unknown or an error occurred during execution.
In other words, their values correspond to the number of
requests issued, not to the number of requests
successfully completed.
The
Com_stmt_xxx
status variables were added in 5.0.8:
Com_stmt_prepare
Com_stmt_execute
Com_stmt_fetch
Com_stmt_send_long_data
Com_stmt_reset
Com_stmt_close
Those variables stand for prepared statement commands.
Their names refer to the
COM_xxx
command set used in the network layer. In other words,
their values increase whenever prepared statement API
calls such as mysql_stmt_prepare(),
mysql_stmt_execute(), and so forth are
executed. However, Com_stmt_prepare,
Com_stmt_execute and
Com_stmt_close also increase for
PREPARE, EXECUTE, or
DEALLOCATE PREPARE, respectively.
Additionally, the values of the older (available since
MySQL 4.1.3) statement counter variables
Com_prepare_sql,
Com_execute_sql, and
Com_dealloc_sql increase for the
PREPARE, EXECUTE,
and DEALLOCATE PREPARE statements.
Com_stmt_fetch stands for the total
number of network round-trips issued when fetching from
cursors.
Compression
Whether the client connection uses compression in the
client/server protocol. Added in MySQL 5.0.16.
Connections
The number of connection attempts (successful or not) to
the MySQL server.
Created_tmp_disk_tables
The number of temporary tables on disk created
automatically by the server while executing statements.
Created_tmp_files
How many temporary files mysqld has
created.
Created_tmp_tables
The number of in-memory temporary tables created
automatically by the server while executing statements. If
Created_tmp_disk_tables is large, you
may want to increase the tmp_table_size
value to cause temporary tables to be memory-based instead
of disk-based.
Delayed_errors
The number of rows written with INSERT
DELAYED for which some error occurred (probably
duplicate key).
Delayed_insert_threads
The number of INSERT DELAYED handler
threads in use.
Delayed_writes
The number of INSERT DELAYED rows
written.
Flush_commands
The number of executed FLUSH
statements.
Handler_commit
The number of internal COMMIT
statements.
Handler_delete
The number of times that rows have been deleted from
tables.
Handler_discover
The MySQL server can ask the NDB
Cluster storage engine if it knows about a table
with a given name. This is called discovery.
Handler_discover indicates the number
of times that tables have been discovered via this
mechanism.
Handler_prepare
A counter for the prepare phase of two-phase commit
operations. Added in MySQL 5.0.3.
Handler_read_first
The number of times the first entry was read from an
index. If this value is high, it suggests that the server
is doing a lot of full index scans; for example,
SELECT col1 FROM foo, assuming that
col1 is indexed.
Handler_read_key
The number of requests to read a row based on a key. If
this value is high, it is a good indication that your
tables are properly indexed for your queries.
Handler_read_next
The number of requests to read the next row in key order.
This value is incremented if you are querying an index
column with a range constraint or if you are doing an
index scan.
Handler_read_prev
The number of requests to read the previous row in key
order. This read method is mainly used to optimize
ORDER BY ... DESC.
Handler_read_rnd
The number of requests to read a row based on a fixed
position. This value is high if you are doing a lot of
queries that require sorting of the result. You probably
have a lot of queries that require MySQL to scan entire
tables or you have joins that don't use keys properly.
Handler_read_rnd_next
The number of requests to read the next row in the data
file. This value is high if you are doing a lot of table
scans. Generally this suggests that your tables are not
properly indexed or that your queries are not written to
take advantage of the indexes you have.
Handler_rollback
The number of requests for a storage engine to perform a
rollback operation.
Handler_savepoint
The number of requests for a storage engine to place a
savepoint. Added in MySQL 5.0.3.
Handler_savepoint_rollback
The number of requests for a storage engine to roll back
to a savepoint. Added in MySQL 5.0.3.
Handler_update
The number of requests to update a row in a table.
Handler_write
The number of requests to insert a row in a table.
Innodb_buffer_pool_pages_data
The number of pages containing data (dirty or clean).
Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_dirty
The number of pages currently dirty. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_flushed
The number of buffer pool page-flush requests. Added in
MySQL 5.0.2.
Innodb_buffer_pool_pages_free
The number of free pages. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_latched
The number of latched pages in InnoDB
buffer pool. These are pages currently being read or
written or that cannot be flushed or removed for some
other reason. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_misc
The number of pages that are busy because they have been
allocated for administrative overhead such as row locks or
the adaptive hash index. This value can also be calculated
as Innodb_buffer_pool_pages_total
– Innodb_buffer_pool_pages_free
– Innodb_buffer_pool_pages_data.
Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_total
The total size of buffer pool, in pages. Added in MySQL
5.0.2.
Innodb_buffer_pool_read_ahead_rnd
The number of “random” read-aheads initiated
by InnoDB. This happens when a query
scans a large portion of a table but in random order.
Added in MySQL 5.0.2.
Innodb_buffer_pool_read_ahead_seq
The number of sequential read-aheads initiated by
InnoDB. This happens when
InnoDB does a sequential full table
scan. Added in MySQL 5.0.2.
Innodb_buffer_pool_read_requests
The number of logical read requests
InnoDB has done. Added in MySQL 5.0.2.
Innodb_buffer_pool_reads
The number of logical reads that InnoDB
could not satisfy from the buffer pool and had to do a
single-page read. Added in MySQL 5.0.2.
Innodb_buffer_pool_wait_free
Normally, writes to the InnoDB buffer
pool happen in the background. However, if it is necessary
to read or create a page and no clean pages are available,
it is also necessary to wait for pages to be flushed
first. This counter counts instances of these waits. If
the buffer pool size has been set properly, this value
should be small. Added in MySQL 5.0.2.
Innodb_buffer_pool_write_requests
The number writes done to the InnoDB
buffer pool. Added in MySQL 5.0.2.
Innodb_data_fsyncs
The number of fsync() operations so
far. Added in MySQL 5.0.2.
Innodb_data_pending_fsyncs
The current number of pending fsync()
operations. Added in MySQL 5.0.2.
Innodb_data_pending_reads
The current number of pending reads. Added in MySQL 5.0.2.
Innodb_data_pending_writes
The current number of pending writes. Added in MySQL
5.0.2.
Innodb_data_read
The amount of data read so far, in bytes. Added in MySQL
5.0.2.
Innodb_data_reads
The total number of data reads. Added in MySQL 5.0.2.
Innodb_data_writes
The total number of data writes. Added in MySQL 5.0.2.
Innodb_data_written
The amount of data written so far, in bytes. Added in
MySQL 5.0.2.
Innodb_dblwr_writes,
Innodb_dblwr_pages_written
The number of doublewrite operations that have been
performed and the number of pages that have been written
for this purpose. Added in MySQL 5.0.2. See
Section 14.2.14.1, “InnoDB Disk I/O”.
Innodb_log_waits
The number of times that the log buffer was too small and
a wait was required for it to be flushed before
continuing. Added in MySQL 5.0.2.
Innodb_log_write_requests
The number of log write requests. Added in MySQL 5.0.2.
Innodb_log_writes
The number of physical writes to the log file. Added in
MySQL 5.0.2.
Innodb_os_log_fsyncs
The number of fsync() writes done to
the log file. Added in MySQL 5.0.2.
Innodb_os_log_pending_fsyncs
The number of pending log file fsync()
operations. Added in MySQL 5.0.2.
Innodb_os_log_pending_writes
The number of pending log file writes. Added in MySQL
5.0.2.
Innodb_os_log_written
The number of bytes written to the log file. Added in
MySQL 5.0.2.
Innodb_page_size
The compiled-in InnoDB page size
(default 16KB). Many values are counted in pages; the page
size allows them to be easily converted to bytes. Added in
MySQL 5.0.2.
Innodb_pages_created
The number of pages created. Added in MySQL 5.0.2.
Innodb_pages_read
The number of pages read. Added in MySQL 5.0.2.
Innodb_pages_written
The number of pages written. Added in MySQL 5.0.2.
Innodb_row_lock_current_waits
The number of row locks currently being waited for. Added
in MySQL 5.0.3.
Innodb_row_lock_time
The total time spent in acquiring row locks, in
milliseconds. Added in MySQL 5.0.3.
Innodb_row_lock_time_avg
The average time to acquire a row lock, in milliseconds.
Added in MySQL 5.0.3.
Innodb_row_lock_time_max
The maximum time to acquire a row lock, in milliseconds.
Added in MySQL 5.0.3.
Innodb_row_lock_waits
The number of times a row lock had to be waited for. Added
in MySQL 5.0.3.
Innodb_rows_deleted
The number of rows deleted from InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_inserted
The number of rows inserted into InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_read
The number of rows read from InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_updated
The number of rows updated in InnoDB
tables. Added in MySQL 5.0.2.
Key_blocks_not_flushed
The number of key blocks in the key cache that have
changed but have not yet been flushed to disk.
Key_blocks_unused
The number of unused blocks in the key cache. You can use
this value to determine how much of the key cache is in
use; see the discussion of
key_buffer_size in
Section 5.2.3, “System Variables”.
Key_blocks_used
The number of used blocks in the key cache. This value is
a high-water mark that indicates the maximum number of
blocks that have ever been in use at one time.
Key_read_requests
The number of requests to read a key block from the cache.
Key_reads
The number of physical reads of a key block from disk. If
Key_reads is large, then your
key_buffer_size value is probably too
small. The cache miss rate can be calculated as
Key_reads/Key_read_requests.
Key_write_requests
The number of requests to write a key block to the cache.
Key_writes
The number of physical writes of a key block to disk.
Last_query_cost
The total cost of the last compiled query as computed by
the query optimizer. This is useful for comparing the cost
of different query plans for the same query. The default
value of 0 means that no query has been compiled yet. This
variable was added in MySQL 5.0.1, with a default value of
-1. In MySQL 5.0.7, the default was changed to 0; also in
version 5.0.7, the scope of
Last_query_cost was changed to session
rather than global.
Prior to MySQL 5.0.16, this variable was not updated for
queries served from the query cache.
Max_used_connections
The maximum number of connections that have been in use
simultaneously since the server started.
Ndb_cluster_node_id
If the server is acting as a MySQL Cluster node, then the
value of this variable its node ID in the cluster.
If the server is not part of a MySQL Cluster, then the
value of this variable is 0.
Ndb_config_from_host
If the server is part of a MySQL Cluster, the value of
this variable is the hostname or IP address of the Cluster
management server from which it gets its configuration
data.
If the server is not part of a MySQL Cluster, then the
value of this variable is an empty string.
Prior to MySQL 5.0.23, this variable was named
Ndb_connected_host.
Ndb_config_from_port
If the server is part of a MySQL Cluster, the value of
this variable is the number of the port through which it
is connected to the Cluster management server from which
it gets its configuration data.
If the server is not part of a MySQL Cluster, then the
value of this variable is 0.
Prior to MySQL 5.0.23, this variable was named
Ndb_connected_port.
Ndb_number_of_data_nodes
If the server is part of a MySQL Cluster, the value of
this variable is the number of data nodes in the cluster.
If the server is not part of a MySQL Cluster, then the
value of this variable is 0.
Prior to MySQL 5.0.29, this variable was named
Ndb_number_of_storage_nodes.
Not_flushed_delayed_rows
The number of rows waiting to be written in
INSERT DELAY queues.
Open_files
The number of files that are open.
Open_streams
The number of streams that are open (used mainly for
logging).
Open_tables
The number of tables that are open.
Opened_tables
The number of tables that have been opened. If
Opened_tables is big, your
table_cache value is probably too
small.
Prepared_stmt_count
The current number of prepared statements. (The maximum
number of statements is given by the
max_prepared_stmt_count system
variable.) This variable was added in MySQL 5.0.32.
Qcache_free_blocks
The number of free memory blocks in the query cache.
Qcache_free_memory
The amount of free memory for the query cache.
Qcache_hits
The number of query cache hits.
Qcache_inserts
The number of queries added to the query cache.
Qcache_lowmem_prunes
The number of queries that were deleted from the query
cache because of low memory.
Qcache_not_cached
The number of non-cached queries (not cacheable, or not
cached due to the query_cache_type
setting).
Qcache_queries_in_cache
The number of queries registered in the query cache.
Qcache_total_blocks
The total number of blocks in the query cache.
Questions
The number of statements that clients have sent to the
server.
Rpl_status
The status of fail-safe replication (not yet implemented).
Select_full_join
The number of joins that perform table scans because they
do not use indexes. If this value is not 0, you should
carefully check the indexes of your tables.
Select_full_range_join
The number of joins that used a range search on a
reference table.
Select_range
The number of joins that used ranges on the first table.
This is normally not a critical issue even if the value is
quite large.
Select_range_check
The number of joins without keys that check for key usage
after each row. If this is not 0, you should carefully
check the indexes of your tables.
Select_scan
The number of joins that did a full scan of the first
table.
Slave_open_temp_tables
The number of temporary tables that the slave SQL thread
currently has open.
Slave_running
This is ON if this server is a slave
that is connected to a master.
Slave_retried_transactions
The total number of times since startup that the
replication slave SQL thread has retried transactions.
This variable was added in version 5.0.4.
Slow_launch_threads
The number of threads that have taken more than
slow_launch_time seconds to create.
The number of merge passes that the sort algorithm has had
to do. If this value is large, you should consider
increasing the value of the
sort_buffer_size system variable.
Sort_range
The number of sorts that were done using ranges.
Sort_rows
The number of sorted rows.
Sort_scan
The number of sorts that were done by scanning the table.
Ssl_xxx
Variables used for SSL connections.
Table_locks_immediate
The number of times that a table lock was acquired
immediately.
Table_locks_waited
The number of times that a table lock could not be
acquired immediately and a wait was needed. If this is
high and you have performance problems, you should first
optimize your queries, and then either split your table or
tables or use replication.
Tc_log_max_pages_used
For the memory-mapped implementation of the log that is
used by mysqld when it acts as the
transaction coordinator for recovery of internal XA
transactions, this variable indicates the largest number
of pages used for the log since the server started. If the
product of Tc_log_max_pages_used and
Tc_log_page_size is always
significantly less than the log size, the size is larger
than necessary and can be reduced. (The size is set by the
--log-tc-size option. Currently, this
variable is unused: It is unneeded for binary log-based
recovery, and the memory-mapped recovery log method is not
used unless the number of storage engines capable of
two-phase commit is greater than one.
(InnoDB is the only applicable engine.)
Added in MySQL 5.0.3.
Tc_log_page_size
The page size used for the memory-mapped implementation of
the XA recovery log. The default value is determined using
getpagesize(). Currently, this variable
is unused for the same reasons as described for
Tc_log_max_pages_used. Added in MySQL
5.0.3.
Tc_log_page_waits
For the memory-mapped implementation of the recovery log,
this variable increments each time the server was not able
to commit a transaction and had to wait for a free page in
the log. If this value is large, you might want to
increase the log size (with the
--log-tc-size option). For binary
log-based recovery, this variable increments each time the
binary log cannot be closed because there are two-phase
commits in progress. (The close operation waits until all
such transactions are finished.) Added in MySQL 5.0.3.
Threads_cached
The number of threads in the thread cache.
Threads_connected
The number of currently open connections.
Threads_created
The number of threads created to handle connections. If
Threads_created is big, you may want to
increase the thread_cache_size value.
The cache miss rate can be calculated as
Threads_created/Connections.
Threads_running
The number of threads that are not sleeping.
Uptime
The number of seconds that the server has been up.
5.2.6. SQL Modes
The MySQL server can operate in different SQL modes, and can
apply these modes differently for different clients. This
capability enables each application to tailor the server's
operating mode to its own requirements.
Modes define what SQL syntax MySQL should support and what
kind of data validation checks it should perform. This makes
it easier to use MySQL in different environments and to use
MySQL together with other database servers.
You can set the default SQL mode by starting
mysqld with the
--sql-mode="modes"
option, or by using
sql-mode="modes"
in my.cnf (Unix operating systems) or
my.ini (Windows).
modes is a list of different modes
separated by comma (“,”)
characters. The default value is empty (no modes set). The
modes value also can be empty
(--sql-mode="" on the command line, or
sql-mode="" in my.cnf on
Unix systems or in my.ini on Windows) if
you want to clear it explicitly.
You can change the SQL mode at runtime by using a SET
[GLOBAL|SESSION]
sql_mode='modes'
statement to set the sql_mode system value.
Setting the GLOBAL variable requires the
SUPER privilege and affects the operation
of all clients that connect from that time on. Setting the
SESSION variable affects only the current
client. Any client can change its own session
sql_mode value at any time.
You can retrieve the current global or session
sql_mode value with the following
statements:
The most important sql_mode values are
probably these:
ANSI
This mode changes syntax and behavior to conform more
closely to standard SQL.
STRICT_TRANS_TABLES
If a value could not be inserted as given into a
transactional table, abort the statement. For a
non-transactional table, abort the statement if the value
occurs in a single-row statement or the first row of a
multiple-row statement. More detail is given later in this
section. (Implemented in MySQL 5.0.2)
TRADITIONAL
Make MySQL behave like a “traditional” SQL
database system. A simple description of this mode is
“give an error instead of a warning” when
inserting an incorrect value into a column.
Note: The
INSERT/UPDATE aborts
as soon as the error is noticed. This may not be what you
want if you are using a non-transactional storage engine,
because data changes made prior to the error may not be
rolled back, resulting in a “partially done”
update. (Added in MySQL 5.0.2)
When this manual refers to “strict mode,” it
means a mode where at least one of
STRICT_TRANS_TABLES or
STRICT_ALL_TABLES is enabled.
The following list describes all supported modes:
ALLOW_INVALID_DATES
Don't do full checking of dates. Check only that the month
is in the range from 1 to 12 and the day is in the range
from 1 to 31. This is very convenient for Web applications
where you obtain year, month, and day in three different
fields and you want to store exactly what the user
inserted (without date validation). This mode applies to
DATE and DATETIME
columns. It does not apply TIMESTAMP
columns, which always require a valid date.
This mode is implemented in MySQL 5.0.2. Before 5.0.2,
this was the default MySQL date-handling mode. As of
5.0.2, the server requires that month and day values be
legal, and not merely in the range 1 to 12 and 1 to 31,
respectively. With strict mode disabled, invalid dates
such as '2004-04-31' are converted to
'0000-00-00' and a warning is
generated. With strict mode enabled, invalid dates
generate an error. To allow such dates, enable
ALLOW_INVALID_DATES.
ANSI_QUOTES
Treat ‘"’ as an identifier
quote character (like the
‘`’ quote character) and
not as a string quote character. You can still use
‘`’ to quote identifiers
with this mode enabled. With
ANSI_QUOTES enabled, you cannot use
double quotes to quote literal strings, because it is
interpreted as an identifier.
ERROR_FOR_DIVISION_BY_ZERO
Produce an error in strict mode (otherwise a warning) when
a division by zero (or MOD(X,0)) occurs
during an INSERT or
UPDATE. If this mode is not enabled,
MySQL instead returns NULL for
divisions by zero. For INSERT IGNORE or
UPDATE IGNORE, MySQL generates a
warning for divisions by zero, but the result of the
operation is NULL. (Implemented in
MySQL 5.0.2)
HIGH_NOT_PRECEDENCE
From MySQL 5.0.2 on, the precedence of the
NOT operator is such that expressions
such as NOT a BETWEEN b AND c are
parsed as NOT (a BETWEEN b AND c).
Before MySQL 5.0.2, the expression is parsed as
(NOT a) BETWEEN b AND c. The old
higher-precedence behavior can be obtained by enabling the
HIGH_NOT_PRECEDENCE SQL mode. (Added in
MySQL 5.0.2)
mysql> SET sql_mode = '';
mysql> SELECT NOT 1 BETWEEN -5 AND 5;
-> 0
mysql> SET sql_mode = 'HIGH_NOT_PRECEDENCE';
mysql> SELECT NOT 1 BETWEEN -5 AND 5;
-> 1
IGNORE_SPACE
Allow spaces between a function name and the
‘(’ character. This causes
built-in function names to be treated as reserved words.
As a result, identifiers that are the same as function
names must be quoted as described in
Section 9.2, “Database, Table, Index, Column, and Alias Names”. For example, because there
is a COUNT() function, the use of
count as a table name in the following
statement causes an error:
mysql> CREATE TABLE count (i INT);
ERROR 1064 (42000): You have an error in your SQL syntax
The IGNORE_SPACE SQL mode applies to
built-in functions, not to user-defined functions or
stored functions. It is always allowable to have spaces
after a UDF or stored function name, regardless of whether
IGNORE_SPACE is enabled.
Prevent the GRANT statement from
automatically creating new users if it would otherwise do
so, unless a non-empty password also is specified. (Added
in MySQL 5.0.2)
NO_AUTO_VALUE_ON_ZERO
NO_AUTO_VALUE_ON_ZERO affects handling
of AUTO_INCREMENT columns. Normally,
you generate the next sequence number for the column by
inserting either NULL or
0 into it.
NO_AUTO_VALUE_ON_ZERO suppresses this
behavior for 0 so that only
NULL generates the next sequence
number.
This mode can be useful if 0 has been
stored in a table's AUTO_INCREMENT
column. (Storing 0 is not a recommended
practice, by the way.) For example, if you dump the table
with mysqldump and then reload it,
MySQL normally generates new sequence numbers when it
encounters the 0 values, resulting in a
table with contents different from the one that was
dumped. Enabling NO_AUTO_VALUE_ON_ZERO
before reloading the dump file solves this problem.
mysqldump now automatically includes in
its output a statement that enables
NO_AUTO_VALUE_ON_ZERO, to avoid this
problem.
NO_BACKSLASH_ESCAPES
Disable the use of the backslash character
(‘\’) as an escape
character within strings. With this mode enabled,
backslash becomes an ordinary character like any other.
(Implemented in MySQL 5.0.1)
NO_DIR_IN_CREATE
When creating a table, ignore all INDEX
DIRECTORY and DATA DIRECTORY
directives. This option is useful on slave replication
servers.
NO_ENGINE_SUBSTITUTION
Control automatic substitution of the default storage
engine when a statement such as CREATE
TABLE or ALTER TABLE
specifies a storage engine that is disabled or not
compiled in. (Implemented in MySQL 5.0.8)
With NO_ENGINE_SUBSTITUTION disabled,
the default engine is used and a warning occurs if the
desired engine is known but disabled or not compiled in.
If the desired engine is invalid (not a known engine
name), an error occurs and the table is not created or
altered.
With NO_ENGINE_SUBSTITUTION enabled, an
error occurs and the table is not created or altered if
the desired engine is unavailable for any reason (whether
disabled or invalid).
NO_FIELD_OPTIONS
Do not print MySQL-specific column options in the output
of SHOW CREATE TABLE. This mode is used
by mysqldump in portability mode.
NO_KEY_OPTIONS
Do not print MySQL-specific index options in the output of
SHOW CREATE TABLE. This mode is used by
mysqldump in portability mode.
NO_TABLE_OPTIONS
Do not print MySQL-specific table options (such as
ENGINE) in the output of SHOW
CREATE TABLE. This mode is used by
mysqldump in portability mode.
NO_UNSIGNED_SUBTRACTION
In integer subtraction operations, do not mark the result
as UNSIGNED if one of the operands is
unsigned. In other words, the result of a
subtraction is always signed whenever this mode is in
effect, even if one of the operands is
unsigned. For example, compare the type of
column c2 in table
t1 with that of column
c2 in table t2:
mysql> SET SQL_MODE='';
mysql> CREATE TABLE test (c1 BIGINT UNSIGNED NOT NULL);
mysql> CREATE TABLE t1 SELECT c1 - 1 AS c2 FROM test;
mysql> DESCRIBE t1;
+-------+---------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+---------------------+------+-----+---------+-------+
| c2 | bigint(21) unsigned | | | 0 | |
+-------+---------------------+------+-----+---------+-------+
mysql> SET SQL_MODE='NO_UNSIGNED_SUBTRACTION';
mysql> CREATE TABLE t2 SELECT c1 - 1 AS c2 FROM test;
mysql> DESCRIBE t2;
+-------+------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+------------+------+-----+---------+-------+
| c2 | bigint(21) | | | 0 | |
+-------+------------+------+-----+---------+-------+
mysql> SET SQL_MODE = '';
mysql> SELECT CAST(0 AS UNSIGNED) - 1;
+-------------------------+
| CAST(0 AS UNSIGNED) - 1 |
+-------------------------+
| 18446744073709551615 |
+-------------------------+
mysql> SET SQL_MODE = 'NO_UNSIGNED_SUBTRACTION';
mysql> SELECT CAST(0 AS UNSIGNED) - 1;
+-------------------------+
| CAST(0 AS UNSIGNED) - 1 |
+-------------------------+
| -1 |
+-------------------------+
NO_ZERO_DATE
In strict mode, don't allow
'0000-00-00' as a valid date. You can
still insert zero dates with the IGNORE
option. When not in strict mode, the date is accepted but
a warning is generated. (Added in MySQL 5.0.2)
NO_ZERO_IN_DATE
In strict mode, don't accept dates where the month or day
part is 0. If used with the IGNORE
option, MySQL inserts a '0000-00-00'
date for any such date. When not in strict mode, the date
is accepted but a warning is generated. (Added in MySQL
5.0.2)
ONLY_FULL_GROUP_BY
Do not allow queries for which the
SELECT list refers to non-aggregated
columns that are not named in the GROUP
BY clause. The following query is invalid with
this mode enabled because address is
not named in the GROUP BY clause:
SELECT name, address, MAX(age) FROM t GROUP BY name;
As of MySQL 5.0.23, this mode also restricts references to
non-aggregated columns in the HAVING
clause that are not named in the GROUP
BY clause.
PIPES_AS_CONCAT
Treat || as a string concatenation
operator (same as CONCAT()) rather than
as a synonym for OR.
REAL_AS_FLOAT
Treat REAL as a synonym for
FLOAT. By default, MySQL treats
REAL as a synonym for
DOUBLE.
STRICT_ALL_TABLES
Enable strict mode for all storage engines. Invalid data
values are rejected. Additional detail follows. (Added in
MySQL 5.0.2)
STRICT_TRANS_TABLES
Enable strict mode for transactional storage engines, and
when possible for non-transactional storage engines.
Additional details follow. (Implemented in MySQL 5.0.2)
Strict mode controls how MySQL handles input values that are
invalid or missing. A value can be invalid for several
reasons. For example, it might have the wrong data type for
the column, or it might be out of range. A value is missing
when a new row to be inserted does not contain a value for a
non-NULL column that has no explicit
DEFAULT clause in its definition. (For a
NULL column, NULL is
inserted if the value is missing.)
For transactional tables, an error occurs for invalid or
missing values in a statement when either of the
STRICT_ALL_TABLES or
STRICT_TRANS_TABLES modes are enabled. The
statement is aborted and rolled back.
For non-transactional tables, the behavior is the same for
either mode, if the bad value occurs in the first row to be
inserted or updated. The statement is aborted and the table
remains unchanged. If the statement inserts or modifies
multiple rows and the bad value occurs in the second or later
row, the result depends on which strict option is enabled:
For STRICT_ALL_TABLES, MySQL returns an
error and ignores the rest of the rows. However, in this
case, the earlier rows still have been inserted or
updated. This means that you might get a partial update,
which might not be what you want. To avoid this, it's best
to use single-row statements because these can be aborted
without changing the table.
For STRICT_TRANS_TABLES, MySQL converts
an invalid value to the closest valid value for the column
and insert the adjusted value. If a value is missing,
MySQL inserts the implicit default value for the column
data type. In either case, MySQL generates a warning
rather than an error and continues processing the
statement. Implicit defaults are described in
Section 11.1.4, “Data Type Default Values”.
Strict mode disallows invalid date values such as
'2004-04-31'. It does not disallow dates
with zero parts such as '2004-04-00' or
“zero” dates. To disallow these as well, enable
the NO_ZERO_IN_DATE and
NO_ZERO_DATE SQL modes in addition to
strict mode.
If you are not using strict mode (that is, neither
STRICT_TRANS_TABLES nor
STRICT_ALL_TABLES is enabled), MySQL
inserts adjusted values for invalid or missing values and
produces warnings. In strict mode, you can produce this
behavior by using INSERT IGNORE or
UPDATE IGNORE. See
Section 13.5.4.28, “SHOW WARNINGS Syntax”.
The following special modes are provided as shorthand for
combinations of mode values from the preceding list. All are
available in MySQL 5.0 beginning with version
5.0.0, except for TRADITIONAL, which was
implemented in MySQL 5.0.2.
The descriptions include all mode values that are available in
the most recent version of MySQL. For older versions, a
combination mode does not include individual mode values that
are not available except in newer versions.
ANSI
Equivalent to REAL_AS_FLOAT,
PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE. Before MySQL 5.0.3,
ANSI also includes
ONLY_FULL_GROUP_BY.
As of MySQL 5.0.40, ANSI mode also
causes the server to return an error for queries where a
set function S with an outer
reference
S(outer_ref)
cannot be aggregated in the outer query against which the
outer reference has been resolved. This is such a query:
SELECT * FROM t1 WHERE t1.a IN (SELECT MAX(t1.b) FROM t2 WHERE ...);
Here, MAX(t1.b) cannot aggregated in
the outer query because it appears in the
WHERE clause of that query. Standard
SQL requires an error in this situation. If
ANSI mode is not enabled, the server
treats
S(outer_ref)
in such queries the same way that it would interpret
S(const),
as was always done prior to 5.0.40.
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
MAXDB
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS,
NO_AUTO_CREATE_USER.
MSSQL
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
MYSQL323
Equivalent to NO_FIELD_OPTIONS,
HIGH_NOT_PRECEDENCE.
MYSQL40
Equivalent to NO_FIELD_OPTIONS,
HIGH_NOT_PRECEDENCE.
ORACLE
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS,
NO_AUTO_CREATE_USER.
POSTGRESQL
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
TRADITIONAL
Equivalent to STRICT_TRANS_TABLES,
STRICT_ALL_TABLES,
NO_ZERO_IN_DATE,
NO_ZERO_DATE,
ERROR_FOR_DIVISION_BY_ZERO,
NO_AUTO_CREATE_USER.
5.2.7. The Shutdown Process
The server shutdown process takes place as follows:
The shutdown process is initiated.
Server shutdown can be initiated several ways. For
example, a user with the SHUTDOWN
privilege can execute a mysqladmin
shutdown command. mysqladmin
can be used on any platform supported by MySQL. Other
operating system-specific shutdown initiation methods are
possible as well: The server shuts down on Unix when it
receives a SIGTERM signal. A server
running as a service on Windows shuts down when the
services manager tells it to.
The server creates a shutdown thread if necessary.
Depending on how shutdown was initiated, the server might
create a thread to handle the shutdown process. If
shutdown was requested by a client, a shutdown thread is
created. If shutdown is the result of receiving a
SIGTERM signal, the signal thread might
handle shutdown itself, or it might create a separate
thread to do so. If the server tries to create a shutdown
thread and cannot (for example, if memory is exhausted),
it issues a diagnostic message that appears in the error
log:
Error: Can't create thread to kill server
The server stops accepting new connections.
To prevent new activity from being initiated during
shutdown, the server stops accepting new client
connections. It does this by closing the network
connections to which it normally listens for connections:
the TCP/IP port, the Unix socket file, the Windows named
pipe, and shared memory on Windows.
The server terminates current activity.
For each thread that is associated with a client
connection, the connection to the client is broken and the
thread is marked as killed. Threads die when they notice
that they are so marked. Threads for idle connections die
quickly. Threads that currently are processing statements
check their state periodically and take longer to die. For
additional information about thread termination, see
Section 13.5.5.3, “KILL Syntax”, in particular for the instructions
about killed REPAIR TABLE or
OPTIMIZE TABLE operations on
MyISAM tables.
For threads that have an open transaction, the transaction
is rolled back. Note that if a thread is updating a
non-transactional table, an operation such as a
multiple-row UPDATE or
INSERT may leave the table partially
updated, because the operation can terminate before
completion.
If the server is a master replication server, threads
associated with currently connected slaves are treated
like other client threads. That is, each one is marked as
killed and exits when it next checks its state.
If the server is a slave replication server, the I/O and
SQL threads, if active, are stopped before client threads
are marked as killed. The SQL thread is allowed to finish
its current statement (to avoid causing replication
problems), and then stops. If the SQL thread was in the
middle of a transaction at this point, the transaction is
rolled back.
Storage engines are shut down or closed.
At this stage, the table cache is flushed and all open
tables are closed.
Each storage engine performs any actions necessary for
tables that it manages. For example,
MyISAM flushes any pending index writes
for a table. InnoDB flushes its buffer
pool to disk (starting from 5.0.5: unless
innodb_fast_shutdown is 2), writes the
current LSN to the tablespace, and terminates its own
internal threads.
The server exits.
5.2.8. Server-Side Help
MySQL Server supports a HELP statement that
returns online information from the MySQL Reference manual
(see Section 13.3.2, “HELP Syntax”). The proper operation of this
statement requires that the help tables in the
mysql database be initialized with help
topic information, which is done by processing the contents of
the fill_help_tables.sql script.
For a MySQL binary distribution on Unix, help table setup
occurs when you run mysql_install_db. For
an RPM distribution on Linux or binary distribution on
Windows, help table setup occurs as part of the MySQL
installation process.
For a MySQL source distribution, you can find the
fill_help_tables.sql file in the
scripts directory. To load the file
manually, make sure that you have initialized the
mysql database by running
mysql_install_db, and then process the file
with the mysql client as follows:
shell> mysql -u root mysql < fill_help_tables.sql
If you are working with BitKeeper and a MySQL development
source tree, the tree doesn't contain
fill_help_tables.sql. You can download
the proper file for your version of MySQL from
http://dev.mysql.com/doc/. After downloading and
uncompressing the file, process it with
mysql as just described.
This section describes several programs that are used to start
mysqld, the MySQL server.
5.3.1. mysqld_safe — MySQL Server Startup Script
mysqld_safe is the recommended way to
start a mysqld server on Unix and
NetWare. mysqld_safe adds some safety
features such as restarting the server when an error occurs
and logging runtime information to an error log file.
NetWare-specific behaviors are listed later in this section.
Note: To preserve backward
compatibility with older versions of MySQL, MySQL binary
distributions still include safe_mysqld
as a symbolic link to mysqld_safe.
However, you should not rely on this because it is removed
as of MySQL 5.1.
By default, mysqld_safe before MySQL
5.0.27 tries to start an executable named
mysqld-max if it exists, and
mysqld otherwise. Be aware of the
implications of this behavior:
On Linux, the MySQL-Max RPM relies on
this mysqld_safe behavior. The RPM
installs an executable named
mysqld-max, which causes
mysqld_safe to automatically use that
executable rather than mysqld from
that point on.
If you install a MySQL-Max distribution that includes a
server named mysqld-max, and then
upgrade later to a non-Max version of MySQL,
mysqld_safe will still attempt to run
the old mysqld-max server. If you
perform such an upgrade, you should manually remove the
old mysqld-max server to ensure that
mysqld_safe runs the new
mysqld server.
To override the default behavior and specify explicitly the
name of the server you want to run, specify a
--mysqld or
--mysqld-version option to
mysqld_safe. You can also use
--ledir to indicate the directory where
mysqld_safe should look for the server.
All options specified to mysqld_safe on
the command line are passed to mysqld. If
you want to use any options that are specific to
mysqld_safe and that
mysqld doesn't support, do not specify
them on the command line. Instead, list them in the
[mysqld_safe] group of an option file.
See Section 4.3.2, “Using Option Files”.
mysqld_safe reads all options from the
[mysqld], [server],
and [mysqld_safe] sections in option
files. For backward compatibility, it also reads
[safe_mysqld] sections, although you
should rename such sections to
[mysqld_safe] in MySQL 5.0
installations.
mysqld_safe supports the following
options:
--help
Display a help message and exit. (Added in MySQL 5.0.3)
--autoclose
(NetWare only) On NetWare,
mysqld_safe provides a screen
presence. When you unload (shut down) the
mysqld_safe NLM, the screen does not
by default go away. Instead, it prompts for user input:
*<NLM has terminated; Press any key to close the screen>*
If you want NetWare to close the screen automatically
instead, use the --autoclose option to
mysqld_safe.
--basedir=path
The path to the MySQL installation directory.
--core-file-size=size
The size of the core file that mysqld
should be able to create. The option value is passed to
ulimit -c.
--datadir=path
The path to the data directory.
--defaults-extra-file=path
The name of an option file to be read in addition to the
usual option files. This must be the first option on the
command line if it is used. As of MySQL 5.0.6, if the
file does not exist or is otherwise inaccessible, the
server will exit with an error.
--defaults-file=file_name
The name of an option file to be read instead of the
usual option files. This must be the first option on the
command line if it is used.
--ledir=path
If mysqld_safe cannot find the
server, use this option to indicate the pathname to the
directory where the server is located.
The name of the server program (in the
ledir directory) that you want to
start. This option is needed if you use the MySQL binary
distribution but have the data directory outside of the
binary distribution. If mysqld_safe
cannot find the server, use the --ledir
option to indicate the pathname to the directory where
the server is located.
--mysqld-version=suffix
This option is similar to the --mysqld
option, but you specify only the suffix for the server
program name. The basename is assumed to be
mysqld. For example, if you use
--mysqld-version=debug,
mysqld_safe starts the
mysqld-debug program in the
ledir directory. If the argument to
--mysqld-version is empty,
mysqld_safe uses
mysqld in the
ledir directory.
--nice=priority
Use the nice program to set the
server's scheduling priority to the given value.
--no-defaults
Do not read any option files. This must be the first
option on the command line if it is used.
--open-files-limit=count
The number of files that mysqld
should be able to open. The option value is passed to
ulimit -n. Note that you need to
start mysqld_safe as
root for this to work properly!
--pid-file=file_name
The pathname of the process ID file.
--port=port_num
The port number that the server should use when
listening for TCP/IP connections. The port number must
be 1024 or higher unless the server is started by the
root system user.
--socket=path
The Unix socket file that the server should use when
listening for local connections.
--timezone=timezone
Set the TZ time zone environment
variable to the given option value. Consult your
operating system documentation for legal time zone
specification formats.
--user={user_name|user_id}
Run the mysqld server as the user
having the name user_name or
the numeric user ID user_id.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant
tables.)
If you execute mysqld_safe with the
--defaults-file or
--defaults-extra-option option to name an
option file, the option must be the first one given on the
command line or the option file will not be used. For
example, this command will not use the named option file:
The mysqld_safe script is written so that
it normally can start a server that was installed from
either a source or a binary distribution of MySQL, even
though these types of distributions typically install the
server in slightly different locations. (See
Section 2.4.6, “Installation Layouts”.)
mysqld_safe expects one of the following
conditions to be true:
The server and databases can be found relative to the
working directory (the directory from which
mysqld_safe is invoked). For binary
distributions, mysqld_safe looks
under its working directory for bin
and data directories. For source
distributions, it looks for libexec
and var directories. This condition
should be met if you execute
mysqld_safe from your MySQL
installation directory (for example,
/usr/local/mysql for a binary
distribution).
If the server and databases cannot be found relative to
the working directory, mysqld_safe
attempts to locate them by absolute pathnames. Typical
locations are /usr/local/libexec
and /usr/local/var. The actual
locations are determined from the values configured into
the distribution at the time it was built. They should
be correct if MySQL is installed in the location
specified at configuration time.
Because mysqld_safe tries to find the
server and databases relative to its own working directory,
you can install a binary distribution of MySQL anywhere, as
long as you run mysqld_safe from the
MySQL installation directory:
shell> cd mysql_installation_directory
shell> bin/mysqld_safe &
If mysqld_safe fails, even when invoked
from the MySQL installation directory, you can specify the
--ledir and --datadir
options to indicate the directories in which the server and
databases are located on your system.
Normally, you should not edit the
mysqld_safe script. Instead, configure
mysqld_safe by using command-line options
or options in the [mysqld_safe] section
of a my.cnf option file. In rare cases,
it might be necessary to edit mysqld_safe
to get it to start the server properly. However, if you do
this, your modified version of
mysqld_safe might be overwritten if you
upgrade MySQL in the future, so you should make a copy of
your edited version that you can reinstall.
On NetWare, mysqld_safe is a NetWare
Loadable Module (NLM) that is ported from the original Unix
shell script. It starts the server as follows:
Runs a number of system and option checks.
Runs a check on MyISAM tables.
Provides a screen presence for the MySQL server.
Starts mysqld, monitors it, and
restarts it if it terminates in error.
Sends error messages from mysqld to
the
host_name.err
file in the data directory.
Sends mysqld_safe screen output to
the
host_name.safe
file in the data directory.
5.3.2. mysql.server — MySQL Server Startup Script
MySQL distributions on Unix include a script named
mysql.server. It can be used on systems
such as Linux and Solaris that use System V-style run
directories to start and stop system services. It is also
used by the Mac OS X Startup Item for MySQL.
mysql.server can be found in the
support-files directory under your
MySQL installation directory or in a MySQL source
distribution.
If you use the Linux server RPM package
(MySQL-server-VERSION.rpm),
the mysql.server script will be installed
in the /etc/init.d directory with the
name mysql. You need not install it
manually. See Section 2.4.9, “Installing MySQL from RPM Packages on Linux”, for more
information on the Linux RPM packages.
Some vendors provide RPM packages that install a startup
script under a different name such as
mysqld.
If you install MySQL from a source distribution or using a
binary distribution format that does not install
mysql.server automatically, you can
install it manually. Instructions are provided in
Section 2.4.15.2.2, “Starting and Stopping MySQL Automatically”.
mysql.server reads options from the
[mysql.server] and
[mysqld] sections of option files. For
backward compatibility, it also reads
[mysql_server] sections, although you
should rename such sections to
[mysql.server] when using MySQL
5.0.
mysql.server understands the following
options:
--basedir=path
The path to the MySQL installation directory.
--datadir=path
The path to the MySQL data directory.
--pid-file=file_name
The pathname of the file in which the server should
write its process ID.
--service-startup-timeout=file_name
How long in seconds to wait for confirmation of server
startup. If the server does not start within this time,
mysql.server exits with an error. The
default value is 900. A value of 0 means not to wait at
all for startup. Negative values mean to wait forever
(no timeout). This option was added in MySQL 5.0.40.
Before that, a value of 900 is always used.
--use-mysqld_safe
Use mysqld_safe to start the server.
This is the default. This option was added in MySQL
5.0.4.
--use-manager
Use Instance Manager to start the server. This option
was added in MySQL 5.0.4.
--user=user_name
The login username to use for running
mysqld. This option was added in
MySQL 5.0.4.
5.3.3. mysqld_multi — Manage Multiple MySQL Servers
mysqld_multi is designed to manage
several mysqld processes that listen for
connections on different Unix socket files and TCP/IP ports.
It can start or stop servers, or report their current
status. The MySQL Instance Manager is an alternative means
of managing multiple servers (see
Section 5.4, “mysqlmanager — The MySQL Instance Manager”).
mysqld_multi searches for groups named
[mysqldN] in
my.cnf (or in the file named by the
--config-file option).
N can be any positive integer.
This number is referred to in the following discussion as
the option group number, or GNR.
Group numbers distinguish option groups from one another and
are used as arguments to mysqld_multi to
specify which servers you want to start, stop, or obtain a
status report for. Options listed in these groups are the
same that you would use in the [mysqld]
group used for starting mysqld. (See, for
example, Section 2.4.15.2.2, “Starting and Stopping MySQL Automatically”.) However, when
using multiple servers, it is necessary that each one use
its own value for options such as the Unix socket file and
TCP/IP port number. For more information on which options
must be unique per server in a multiple-server environment,
see Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
start, stop, and
report indicate which operation to
perform. You can perform the designated operation for a
single server or multiple servers, depending on the
GNR list that follows the option
name. If there is no list, mysqld_multi
performs the operation for all servers in the option file.
Each GNR value represents an
option group number or range of group numbers. The value
should be the number at the end of the group name in the
option file. For example, the GNR
for a group named [mysqld17] is
17. To specify a range of numbers,
separate the first and last numbers by a dash. The
GNR value
10-13 represents groups
[mysqld10] through
[mysqld13]. Multiple groups or group
ranges can be specified on the command line, separated by
commas. There must be no whitespace characters (spaces or
tabs) in the GNR list; anything
after a whitespace character is ignored.
This command starts a single server using option group
[mysqld17]:
shell> mysqld_multi start 17
This command stops several servers, using option groups
[mysqld8] and
[mysqld10] through
[mysqld13]:
shell> mysqld_multi stop 8,10-13
For an example of how you might set up an option file, use
this command:
shell> mysqld_multi --example
mysqld_multi supports the following
options:
--help
Display a help message and exit.
--config-file=file_name
Specify the name of an alternative option file. This
affects where mysqld_multi looks for
[mysqldN]
option groups. Without this option, all options are read
from the usual my.cnf file. The
option does not affect where
mysqld_multi reads its own options,
which are always taken from the
[mysqld_multi] group in the usual
my.cnf file.
--example
Display a sample option file.
--log=file_name
Specify the name of the log file. If the file exists,
log output is appended to it.
--mysqladmin=prog_name
The mysqladmin binary to be used to
stop servers.
--mysqld=prog_name
The mysqld binary to be used. Note
that you can specify mysqld_safe as
the value for this option also. If you use
mysqld_safe to start the server, you
can include the mysqld or
ledir options in the corresponding
[mysqldN]
option group. These options indicate the name of the
server that mysqld_safe should start
and the pathname of the directory where the server is
located. (See the descriptions for these options in
Section 5.3.1, “mysqld_safe — MySQL Server Startup Script”.) Example:
Print log information to stdout
rather than to the log file. By default, output goes to
the log file.
--password=password
The password of the MySQL account to use when invoking
mysqladmin. Note that the password
value is not optional for this option, unlike for other
MySQL programs.
--silent
Silent mode; disable warnings.
--tcp-ip
Connect to each MySQL server via the TCP/IP port instead
of the Unix socket file. (If a socket file is missing,
the server might still be running, but accessible only
via the TCP/IP port.) By default, connections are made
using the Unix socket file. This option affects
stop and report
operations.
--user=user_name
The username of the MySQL account to use when invoking
mysqladmin.
--verbose
Be more verbose.
--version
Display version information and exit.
Some notes about mysqld_multi:
Most important: Before
using mysqld_multi be sure that you
understand the meanings of the options that are passed
to the mysqld servers and
why you would want to have separate
mysqld processes. Beware of the
dangers of using multiple mysqld
servers with the same data directory. Use separate data
directories, unless you know what
you are doing. Starting multiple servers with the same
data directory does not give you
extra performance in a threaded system. See
Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
Important: Make sure
that the data directory for each server is fully
accessible to the Unix account that the specific
mysqld process is started as.
Do not use the Unix
root account for this, unless
you know what you are doing. See
Section 5.6.5, “How to Run MySQL as a Normal User”.
Make sure that the MySQL account used for stopping the
mysqld servers (with the
mysqladmin program) has the same
username and password for each server. Also, make sure
that the account has the SHUTDOWN
privilege. If the servers that you want to manage have
different usernames or passwords for the administrative
accounts, you might want to create an account on each
server that has the same username and password. For
example, you might set up a common
multi_admin account by executing the
following commands for each server:
shell> mysql -u root -S /tmp/mysql.sock -p
Enter password:
mysql> GRANT SHUTDOWN ON *.*
-> TO 'multi_admin'@'localhost' IDENTIFIED BY 'multipass';
See Section 5.7.2, “How the Privilege System Works”. You have to do this
for each mysqld server. Change the
connection parameters appropriately when connecting to
each one. Note that the hostname part of the account
name must allow you to connect as
multi_admin from the host where you
want to run mysqld_multi.
The Unix socket file and the TCP/IP port number must be
different for every mysqld.
The --pid-file option is very important
if you are using mysqld_safe to start
mysqld (for example,
--mysqld=mysqld_safe) Every
mysqld should have its own process ID
file. The advantage of using
mysqld_safe instead of
mysqld is that
mysqld_safe monitors its
mysqld process and restarts it if the
process terminates due to a signal sent using
kill -9 or for other reasons, such as
a segmentation fault. Please note that the
mysqld_safe script might require that
you start it from a certain place. This means that you
might have to change location to a certain directory
before running mysqld_multi. If you
have problems starting, please see the
mysqld_safe script. Check especially
the lines:
----------------------------------------------------------------
MY_PWD=`pwd`
# Check if we are starting this relative (for the binary release)
if test -d $MY_PWD/data/mysql -a -f ./share/mysql/english/errmsg.sys -a \
-x ./bin/mysqld
----------------------------------------------------------------
You might want to use the --user option
for mysqld, but to do this you need
to run the mysqld_multi script as the
Unix root user. Having the option in
the option file doesn't matter; you just get a warning
if you are not the superuser and the
mysqld processes are started under
your own Unix account.
The following example shows how you might set up an option
file for use with mysqld_multi. The order
in which the mysqld programs are started
or stopped depends on the order in which they appear in the
option file. Group numbers need not form an unbroken
sequence. The first and fifth
[mysqldN]
groups were intentionally omitted from the example to
illustrate that you can have “gaps” in the
option file. This gives you more flexibility.
# This file should probably be in your home dir (~/.my.cnf)
# or /etc/my.cnf
# Version 2.1 by Jani Tolonen
[mysqld_multi]
mysqld = /usr/local/bin/mysqld_safe
mysqladmin = /usr/local/bin/mysqladmin
user = multi_admin
password = multipass
[mysqld2]
socket = /tmp/mysql.sock2
port = 3307
pid-file = /usr/local/mysql/var2/hostname.pid2
datadir = /usr/local/mysql/var2
language = /usr/local/share/mysql/english
user = john
[mysqld3]
socket = /tmp/mysql.sock3
port = 3308
pid-file = /usr/local/mysql/var3/hostname.pid3
datadir = /usr/local/mysql/var3
language = /usr/local/share/mysql/swedish
user = monty
[mysqld4]
socket = /tmp/mysql.sock4
port = 3309
pid-file = /usr/local/mysql/var4/hostname.pid4
datadir = /usr/local/mysql/var4
language = /usr/local/share/mysql/estonia
user = tonu
[mysqld6]
socket = /tmp/mysql.sock6
port = 3311
pid-file = /usr/local/mysql/var6/hostname.pid6
datadir = /usr/local/mysql/var6
language = /usr/local/share/mysql/japanese
user = jani
mysqlmanager is the MySQL Instance Manager
(IM). This program monitors and manages MySQL Database Server
instances. MySQL Instance Manager is available for Unix-like
operating systems, and also on Windows as of MySQL 5.0.13. It
runs as a daemon that listens on a TCP/IP port. On Unix, it
also listens on a Unix socket file.
MySQL Instance Manager is included in MySQL distributions from
version 5.0.3, and can be used in place of the
mysqld_safe script to start and stop one or
more instances of MySQL Server. Because Instance Manager can
manage multiple server instances, it can also be used in place
of the mysqld_multi script. Instance
Manager offers these capabilities:
Instance Manager can start and stop instances, and report
on the status of instances.
Server instances can be treated as guarded or unguarded:
When Instance Manager starts, it starts each guarded
instance. If the instance crashes, Instance Manager
detects this and restarts it. When Instance Manager
stops, it stops the instance.
A nonguarded instance is not started when Instance
Manager starts or monitored by it. If the instance
crashes after being started, Instance Manager does not
restart it. When Instance Manager exits, it does not
stop the instance if it is running.
Instances are guarded by default. An instance can be
designated as nonguarded by including the
nonguarded option in the configuration
file.
Instance Manager provides an interactive interface for
configuring instances, so that the need to edit the
configuration file manually is reduced or eliminated.
Instance Manager provides remote instance management. That
is, it runs on the host where you want to control MySQL
Server instances, but you can connect to it from a remote
host to perform instance-management operations.
The following sections describe MySQL Instance Manager
operation in more detail.
5.4.1. MySQL Instance Manager Command Options
The MySQL Instance Manager supports a number of command
options. For a brief listing, invoke
mysqlmanager with the
--help option. Options may be given on the
command line or in the Instance Manager configuration file. On
Windows, the standard configuration file is
my.ini in the directory where Instance
Manager is installed. On Unix, the standard file is
/etc/my.cnf. To specify a different
configuration file, start Instance Manager with the
--defaults-file option.
mysqlmanager supports the following
options:
--help, -?
Display a help message and exit.
--angel-pid-file=file_name
The file in which the angel process records its process ID
when mysqlmanager runs in daemon mode
(that is, when the --run-as-service
option is given). The default filename is
mysqlmanager.angel.pid.
If the --angel-pid-file option is not
given, the default angel PID file has the same name as the
PID file except that any PID file extension is replaced
with an extension of .angel.pid. (For
example, mysqlmanager.pid becomes
mysqlmanager.angel.pid.)
This option was added in MySQL 5.0.23.
--bind-address=IP
The IP address to bind to.
--default-mysqld-path=path
The pathname of the MySQL Server binary. This pathname is
used for all server instance sections in the configuration
file for which no mysqld-path option is
present. The default value of this option is the
compiled-in pathname, which depends on how the MySQL
distribution was configured. Example:
--default-mysqld-path=/usr/sbin/mysqld
--defaults-file=file_name
Read Instance Manager and MySQL Server settings from the
given file. All configuration changes made by the Instance
Manager will be written to this file. This must be the
first option on the command line if it is used, and the
file must exist.
If this option is not given, Instance Manager uses its
standard configuration file. On Windows, the standard file
is my.ini in the directory where
Instance Manager is installed. On Unix, the standard file
is /etc/my.cnf.
--install
On Windows, install Instance Manager as a Windows service.
The service name is MySQL Manager. This
option was added in MySQL 5.0.11.
--log=file_name
The path to the Instance Manager log file. This option has
no effect unless the --run-as-service
option is also given. If the filename specified for the
option is a relative name, the log file is created under
the directory from which Instance Manager is started. To
ensure that the file is created in a specific directory,
specify it as a full pathname.
If --run-as-service is given without
--log, the log file is
mysqlmanager.log in the data
directory.
If --run-as-service is not given, log
messages go to the standard output. To capture log output,
you can redirect Instance Manager output to a file:
mysqlmanager > im.log
--monitoring-interval=seconds
The interval in seconds for monitoring server instances.
The default value is 20 seconds. Instance Manager tries to
connect to each monitored (guarded) instance using the
non-existing MySQL_Instance_Manager
user account to check whether it is alive/not hanging. If
the result of the connection attempt indicates that the
instance is unavailable, Instance Manager performs several
attempts to restart the instance.
Normally, the MySQL_Instance_Manager
account does not exist, so the connection attempts by
Instance Manager cause the monitored instance to produce
messages in its general query log similar to the
following:
Access denied for user 'MySQL_Instance_M'@'localhost' (using password: YES)
The nonguarded option in the
appropriate server instance section disables monitoring
for a particular instance. If the instance dies after
being started, Instance Manager will not restart it.
Instance Manager tries to connect to a nonguarded instance
only when you request the instance's status (for example,
with the SHOW INSTANCES status.
Prepare an entry for the password file, print it to the
standard output, and exit. You can redirect the output
from Instance Manager to a file to save the entry in the
file.
--password-file=file_name
The name of the file where the Instance Manager looks for
users and passwords. On Windows, the default is
mysqlmanager.passwd in the directory
where Instance Manager is installed. On Unix, the default
file is /etc/mysqlmanager.passwd.
--pid-file=file_name
The process ID file to use. On Windows, the default file
is mysqlmanager.pid in the directory
where Instance Manager is installed. On Unix, the default
is mysqlmanager.pid in the data
directory.
--port=port_num
The port number to use when listening for TCP/IP
connections from clients. The default port number
(assigned by IANA) is 2273.
--print-defaults
Print the current defaults and exit. This must be the
first option on the command line if it is used.
--remove
On Windows, removes Instance Manager as a Windows service.
This assumes that Instance Manager has been run with
--install previously. This option was
added in MySQL 5.0.11.
--run-as-service
On Unix, daemonize and start an angel process. The angel
process monitors Instance Manager and restarts it if it
crashes. (The angel process itself is simple and unlikely
to crash.)
--socket=path
On Unix, the socket file to use for incoming connections.
The default file is named
/tmp/mysqlmanager.sock. This option
has no meaning on Windows.
--standalone
This option is used on Windows to run Instance Manager in
standalone mode. You should specify it when you start
Instance Manager from the command line. This option was
added in MySQL 5.0.13.
--user=user_name
On Unix, the username of the system account to use for
starting and running mysqlmanager. This
option generates a warning and has no effect unless you
start mysqlmanager as
root (so that it can change its
effective user ID), or as the named user. It is
recommended that you configure
mysqlmanager to run using the same
account used to run the mysqld server.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant
tables.)
--version, -V
Display version information and exit.
--wait-timeout=N
The number of seconds to wait for activity on an incoming
connection before closing it. The default is 28800 seconds
(8 hours).
This option was added in MySQL 5.0.19. Before that, the
timeout is 30 seconds and cannot be changed.
5.4.2. MySQL Instance Manager Configuration Files
Instance Manager uses its standard configuration file unless
it is started with a --defaults-file option
that specifies a different file. On Windows, the standard file
is my.ini in the directory where Instance
Manager is installed. On Unix, the standard file is
/etc/my.cnf. (Prior to MySQL 5.0.10, the
MySQL Instance Manager read the same configuration files as
the MySQL Server, including /etc/my.cnf,
~/.my.cnf, and so forth.)
Instance Manager reads options for itself from the
[manager] section of the configuration
file, and options for server instances from
[mysqld] or
[mysqldN]
sections. The [manager] section contains
any of the options listed in
Section 5.4.1, “MySQL Instance Manager Command Options”, except for
those specified as having to be given as the first option on
the command line. Here is a sample
[manager] section:
Each [mysqld] or
[mysqldN]
instance section specifies options given by Instance Manager
to a server instance at startup. These are mainly common MySQL
Server options (see Section 5.2.2, “Command Options”). In
addition, a
[mysqldN]
section can contain the options in the following list, which
are specific to Instance Manager. These options are
interpreted by Instance Manager itself; it does not pass them
to the server when it attempts to start that server.
Warning
The Instance Manager-specific options must not be used in a
[mysqld] section. If a server is started
without using Instance Manager, it will not recognize these
options and will fail to start properly.
mysqld-path =
path
The pathname of the mysqld server
binary to use for the server instance.
nonguarded
This option disables Instance Manager monitoring
functionality for the server instance. By default, an
instance is guarded: At Instance Manager start time, it
starts the instance. It also monitors the instance status
and attempts to restart it if it fails. At Instance
Manager exit time, it stops the instance. None of these
things happen for nonguarded instances.
shutdown-delay =
seconds
The number of seconds Instance Manager should wait for the
server instance to shut down. The default value is 35
seconds. After the delay expires, Instance Manager assumes
that the instance is hanging and attempts to terminate it.
If you use InnoDB with large tables,
you should increase this value.
5.4.3. Starting the MySQL Server with MySQL Instance Manager
This section discusses how Instance Manager starts server
instances when it starts. However, before you start Instance
Manager, you should set up a password file for it. Otherwise,
you will not be able to connect to Instance Manager to control
it after it starts. For details about creating Instance
Manager accounts, see
Section 5.4.4, “Instance Manager User and Password Management”.
On Unix, the mysqld MySQL database server
normally is started with the mysql.server
script, which usually resides in the
/etc/init.d/ directory. In MySQL 5.0.3,
this script invokes mysqlmanager (the MySQL
Instance Manager binary) to start MySQL. (In prior versions of
MySQL the mysqld_safe script is used for
this purpose.) Starting from MySQL 5.0.4, the behavior of the
startup script was changed again to incorporate both setup
schemes. In version 5.0.4, the startup script uses the old
scheme (invoking mysqld_safe) by default,
but one can set the use_mysqld_safe
variable in the script to 0 (zero) to use
the MySQL Instance Manager to start a server.
Starting with MySQL 5.0.19, you can use Instance Manager if
you modify the my.cnf configuration file
by adding use-manager to the
[mysql.server] section:
[mysql.server]
use-manager
When Instance Manager starts, it reads its configuration file
if it exists to find server instance sections and prepare a
list of instances. Instance sections have names of the form
[mysqld] or
[mysqldN], where
N is an unsigned integer (for
example, [mysqld1],
[mysqld2], and so forth).
After preparing the list of instances, Instance Manager starts
the guarded instances in the list. If there are no instances,
Instance Manager creates an instance named
mysqld and attempts to start it with
default (compiled-in) configuration values. This means that
the Instance Manager cannot find the mysqld
program if it is not installed in the default location.
(Section 2.4.6, “Installation Layouts”, describes default
locations for components of MySQL distributions.) If you have
installed the MySQL server in a non-standard location, you
should create the Instance Manager configuration file.
Instance Manager also stops all guarded server instances when
it shuts down.
The allowable options for
[mysqldN] server
instance sections are described in
Section 5.4.2, “MySQL Instance Manager Configuration Files”. In
these sections, you can use a special
mysqld-path=path-to-mysqld-binary
option that is recognized only by Instance Manager. Use this
option to let Instance Manager know where the
mysqld binary resides. If there are
multiple instances, it may also be necessary to set other
options such as datadir and
port, to ensure that each instance has a
different data directory and TCP/IP port number.
Section 5.12, “Running Multiple MySQL Servers on the Same Machine”, discusses the
configuration values that must differ for each instance when
you run multiple instance on the same machine.
Warning
The [mysqld] instance section, if it
exists, must not contain any Instance Manager-specific
options.
The typical Unix startup/shutdown cycle for a MySQL server
with the MySQL Instance Manager enabled is as follows:
The /etc/init.d/mysql script starts
MySQL Instance Manager.
Instance Manager starts the guarded server instances and
monitors them.
If a server instance fails, Instance Manager restarts it.
If Instance Manager is shut down (for example, with the
/etc/init.d/mysql stop command), it
shuts down all server instances.
5.4.4. Instance Manager User and Password Management
The Instance Manager stores its user information in a password
file. On Windows, the default is
mysqlmanager.passwd in the directory
where Instance Manager is installed. On Unix, the default file
is /etc/mysqlmanager.passwd. To specify a
different location for the password file, use the
--password-file option.
If the password file does not exist or contains no password
entries, you cannot connect to the Instance Manager.
Note
Any Instance Manager process that is running to monitor
server instances does not notice changes to the password
file. You must stop it and restart it after making password
entry changes.
Entries in the password file have the following format, where
the two fields are the account username and encrypted
password, separated by a colon:
petr:*35110DC9B4D8140F5DE667E28C72DD2597B5C848
Instance Manager password encryption is the same as that used
by MySQL Server. It is a one-way operation; no means are
provided for decrypting encrypted passwords.
Instance Manager accounts differ somewhat from MySQL Server
accounts:
Instance Manager accounts are associated with a username
and password only.
This means that a client can connect to Instance Manager with
a given username from any host. To limit connections so that
clients can connect only from the local host, start Instance
Manager with the --bind-address=127.0.0.1
option so that it listens only to the local network interface.
Remote clients will not be able to connect. Local clients can
connect like this:
shell> mysql -h 127.0.0.1 -P 2273
To generate a new entry, invoke Instance Manager with the
--passwd option and append the output to
the /etc/mysqlmanager.passwd file. Here
is an example:
shell> mysqlmanager --passwd >> /etc/mysqlmanager.passwd
Creating record for new user.
Enter user name: mike
Enter password: mikepass
Re-type password: mikepass
At the prompts, enter the username and password for the new
Instance Manager user. You must enter the password twice. It
does not echo to the screen, so double entry guards against
entering a different password than you intend (if the two
passwords do not match, no entry is generated).
The preceding command causes the following line to be added to
/etc/mysqlmanager.passwd:
mike:*BBF1F551DD9DD96A01E66EC7DDC073911BAD17BA
5.4.5. MySQL Server Instance Status Monitoring
To monitor the status of each guarded server instance, the
MySQL Instance Manager attempts to connect to the instance at
regular intervals using the
MySQL_Instance_Manager@localhost user
account with a password of
check_connection.
You are not required to create this
account for MySQL Server; in fact, it is expected that it will
not exist. Instance Manager can tell that a server is
operational if the server accepts the connection attempt but
refuses access for the account by returning a login error.
However, these failed connection attempts are logged by the
server to its general query log (see
Section 5.11.2, “The General Query Log”).
Instance Manager also attempts a connection to nonguarded
server instances when you use the SHOW
INSTANCES or SHOW INSTANCE STATUS
command. This is the only status monitoring done for
nonguarded instances.
Instance Manager knows if a server instance fails at startup
because it receives a status from the attempt. For an instance
that starts but later crashes, Instance Manager receives a
signal because it is the parent process of the instance.
5.4.6. Connecting to MySQL Instance Manager
After you set up a password file for the MySQL Instance
Manager and Instance Manager is running, you can connect to
it. The MySQL client-server protocol is used to communicate
with the Instance Manager. For example, you can connect to it
using the standard mysql client program:
shell> mysql --port=2273 --host=im.example.org --user=mysql --password
Instance Manager supports the version of the MySQL
client-server protocol used by the client tools and libraries
distributed with MySQL 4.1 or later, so other programs that
use the MySQL C API also can connect to it.
5.4.7. MySQL Instance Manager Commands
After you connect to MySQL Instance Manager, you can issue
commands. The following general principles apply to Instance
Manager command execution:
Commands that take an instance name fail if the name is
not a valid instance name.
Commands that take an instance name fail if the instance
does not exist.
Instance Manager maintains information about instance
configuration in an internal (in-memory) cache. Initially,
this information comes from the configuration file if it
exists, but some commands change the configuration of an
instance. Commands that modify the configuration file fail
if the file does not exist or is not accessible to
Instance Manager.
On Windows, the standard file is
my.ini in the directory where
Instance Manager is installed. On Unix, the standard
configuration file is /etc/my.cnf. To
specify a different configuration file, start Instance
Manager with the --defaults-file option.
If a [mysqld] instance section exists
in the configuration file, it must not contain any
Instance Manager-specific options (see
Section 5.4.2, “MySQL Instance Manager Configuration Files”).
Therefore, you must not add any of these options if you
change the configuration for an instance named
mysqld.
The following list describes the commands that Instance
Manager accepts, with examples.
START INSTANCE
instance_name
This command attempts to start an offline instance. The
command is asynchronous; it does not wait for the instance
to start.
The command lists all log files used by the instance. The
result set contains the path to the log file and the log
file size. If no log file path is specified in the
instance section of the configuration file (for example,
log=/var/mysql.log), the Instance
Manager tries to guess its placement. If Instance Manager
is unable to guess the log file placement you should
specify the log file location explicitly by using a log
option in the appropriate instance section of the
configuration file.
SHOW instance_name LOG
{ERROR | SLOW | GENERAL}
size[,offset_from_end]
This command retrieves a portion of the specified log
file. Because most users are interested in the latest log
messages, the size parameter
defines the number of bytes to retrieve from the end of
the log. To retrieve data from the middle of the log file,
specify the optional
offset_from_end parameter. The
following example retrieves 21 bytes of data, starting 23
bytes before the end of the log file and ending 2 bytes
before the end:
mysql> SHOW mysqld LOG GENERAL 21, 2;
+---------------------+
| Log |
+---------------------+
| using password: YES |
+---------------------+
SET
instance_name.option_name[=option_value]
This command edits the specified instance's configuration
section to change or add instance options. The option is
added to the section is it is not already present.
Otherwise, the new setting replaces the existing one.
mysql> SET mysqld2.port=3322;
Query OK, 0 rows affected (0.00 sec)
Changes made to the configuration file do not take effect
until the MySQL server is restarted. In addition, these
changes are not stored in the instance manager's local
cache of instance settings until a FLUSH
INSTANCES command is executed.
UNSET
instance_name.option_name
This command removes an option from an instance's
configuration section.
Changes made to the configuration file do not take effect
until the MySQL server is restarted. In addition, these
changes are not stored in the instance manager's local
cache of instance settings until a FLUSH
INSTANCES command is executed.
FLUSH INSTANCES
This command forces Instance Manager reread the
configuration file and to refresh internal structures.
This command should be performed after editing the
configuration file. The command does not restart
instances.
The programs in this section are used when installing or upgrading
MySQL.
5.5.1. comp_err — Compile MySQL Error Message File
comp_err creates the
errmsg.sys file that is used by
mysqld to determine the error messages to
display for different error codes.
comp_err normally is run automatically
when MySQL is built. It compiles the
errmsg.sys file from the plaintext file
located at sql/share/errmsg.txt in
MySQL source distributions.
comp_err also generates
mysqld_error.h,
mysqld_ername.h, and
sql_state.h header files.
For more information about how error messages are defined,
see the MySQL Internals Manual.
Invoke comp_err like this:
shell> comp_err [options]
comp_err understands the options
described in the following list.
--help, -?
Display a help message and exit.
--charset=path, -C
path
The character set directory. The default is
../sql/share/charsets.
--debug=debug_options,
-# debug_options
Write a debugging log. The
debug_options string often is
'd:t:O,file_name'.
The default is
'd:t:O,/tmp/comp_err.trace'.
--debug-info, -T
Print some debugging information when the program exits.
--header_file=file_name,
-H file_name
The name of the error header file. The default is
mysqld_error.h.
--in_file=file_name,
-F file_name
The name of the input file. The default is
../sql/share/errmsg.txt.
--name_file=file_name,
-N file_name
The name of the error name file. The default is
mysqld_ername.h.
--out_dir=path, -D
path
The name of the output base directory. The default is
../sql/share/.
--out_file=file_name,
-O file_name
The name of the output file. The default is
errmsg.sys.
--statefile=file_name,
-S file_name
The name for the SQLSTATE header file. The default is
sql_state.h.
--version, -V
Display version information and exit.
5.5.2. make_win_bin_dist — Package MySQL Distribution as ZIP Archive
This script is used on Windows after building a MySQL
distribution from source to create executable programs. It
packages the binaries and support files into a ZIP archive
that can be unpacked at the location where you want to
install MySQL.
make_win_bin_dist is a shell script, so
you must have Cygwin installed to use it.
This program's use is subject to change. Currently, you
invoke it as follows from the root directory of your source
distribution:
The package_basename argument
provides the basename for the resulting ZIP archive. This
name will be the name of the directory that results from
unpacking the archive.
Because you might want to include files of directories from
other builds, you can instruct this script do copy them in
for you, via copy_def arguments,
which of which is of the form
relative_dest_name=source_name.
If you specify a directory, the entire directory will be
copied.
make_win_bin_dist understands the
following options:
--debug
Pack the debug binaries and produce an error if they
were not built.
--embedded
Pack the embedded server and produce an error if it was
not built. The default is to pack it if it was built.
--exe-suffix=suffix
Add a suffix to the basename of the
mysql binary. For example, a suffix
of -abc produces a binary named
mysqld-abc.exe.
--no-debug
Don't pack the debug binaries even if they were built.
--no-embedded
Don't pack the embedded server even if it was built.
--only-debug
Use this option when the target for this build was
Debug, and you just want to replace
the normal binaries with debug versions (that is, do not
use separate debug directories).
5.5.3. make_win_src_distribution — Create Source Distribution for Windows
Invoke make_win_src_distribution like
this from the top-level directory of a MySQL source
distribution:
shell> make_win_src_distribution [options]
make_win_src_distribution understands the
following options:
--help
Display a help message and exit.
--debug
Print information about script operations; do not create
a package.
--tmp
Specify the temporary location.
--suffix
The suffix name for the package.
--dirname
Directory name to copy files (intermediate).
--silent
Do not print verbose list of files processed.
--tar
Create a tar.gz package instead of
a .zip package.
By default, make_win_src_distribution
creates a Zip-format archive with the name
mysql-VERSION-win-src.zip,
where VERSION represents the
version of your MySQL source tree.
5.5.4. mysql_fix_privilege_tables — Upgrade MySQL System Tables
Some releases of MySQL introduce changes to the structure of
the system tables in the mysql database
to add new privileges or support new features. When you
update to a new version of MySQL, you should update your
system tables as well to make sure that their structure is
up to date. Otherwise, there might be capabilities that you
cannot take advantage of. First, make a backup of your
mysql database, and then use the
following procedure.
On Unix or Unix-like systems, update the system tables by
running the mysql_fix_privilege_tables
script:
shell> mysql_fix_privilege_tables
You must run this script while the server is running. It
attempts to connect to the server running on the local host
as root. If your root
account requires a password, indicate the password on the
command line like this:
The mysql_fix_privilege_tables script
performs any actions necessary to convert your system tables
to the current format. You might see some Duplicate
column name warnings as it runs; you can ignore
them.
After running the script, stop the server and restart it.
On Windows systems, MySQL distributions include a
mysql_fix_privilege_tables.sql SQL
script that you can run using the mysql
client. For example, if your MySQL installation is located
at C:\Program Files\MySQL\MySQL Server
5.0, the commands look like this:
C:\> cd "C:\Program Files\MySQL\MySQL Server 5.0"
C:\> bin\mysql -u root -p mysql
mysql> SOURCE scripts/mysql_fix_privilege_tables.sql
The mysql command will prompt you for the
root password; enter it when prompted.
If your installation is located in some other directory,
adjust the pathnames appropriately.
As with the Unix procedure, you might see some
Duplicate column name warnings as
mysql processes the statements in the
mysql_fix_privilege_tables.sql script;
you can ignore them.
After running the script, stop the server and restart it.
5.5.5. mysql_install_db — MySQL Data Directory Initialization Script
mysql_install_db initializes the MySQL
data directory and creates the system tables that it
contains, if they do not exist. Because the MySQL server,
mysqld, needs to access the data
directory when it runs later, you should either run
mysql_install_db from the same account
that will be used for running mysqld or
run it as root and use the
--user option to indicate the username that
mysqld will run as.
To invoke mysql_install_db, use the
following syntax:
shell> mysql_install_db [options]
mysql_install_db needs to invoke
mysqld with the
--bootstrap and
--skip-grant-tables options (see
Section 2.4.14.2, “Typical configure Options”). If MySQL was
configured with the --disable-grant-options
option, --bootstrap and
--skip-grant-tables will be disabled. To
handle this, set the MYSQLD_BOOTSTRAP
environment variable to the full pathname of a server that
has all options enabled. mysql_install_db
will use that server.
mysql_install_db supports the following
options:
--basedir=path
The path to the MySQL installation directory.
--force
Causes mysql_install_db to run even
if DNS does not work. In that case, grant table entries
that normally use hostnames will use IP addresses.
--datadir=path,
--ldata=path
The path to the MySQL data directory.
--rpm
For internal use. This option is used by RPM files
during the MySQL installation process.
--skip-name-resolve
Use IP addresses rather than hostnames when creating
grant table entries. This option can be useful if your
DNS does not work.
--srcdir=path
For internal use. The directory under which
mysql_install_db looks for support
files such as the error message file and the file for
populating the help tables. This option was added in
MySQL 5.0.32.
--user=user_name
The login username to use for running
mysqld. Files and directories created
by mysqld will be owned by this user.
You must be root to use this option.
By default, mysqld runs using your
current login name and files and directories that it
creates will be owned by you.
--verbose
Verbose mode. Print more information about what the
program does.
--windows
For internal use. This option is used for creating
Windows distributions.
5.5.6. mysql_secure_installation — Improve MySQL Installation Security
This program enables you to improve the security of your
MySQL installation in the following ways:
You can set a password for root
accounts.
You can remove root accounts that are
accessible from outside the local host.
You can remove anonymous-user accounts.
You can remove the test database,
which by default can be accessed by anonymous users.
Invoke mysql_secure_installation without
arguments:
shell> mysql_secure_installation
The script will prompt you to determine which actions to
perform.
5.5.7. mysql_tzinfo_to_sql — Load the Time Zone Tables
The mysql_tzinfo_to_sql program loads the
time zone tables in the mysql database.
It is used on systems that have a
zoneinfo database (the set of files
describing time zones). Examples of such systems are Linux,
FreeBSD, Sun Solaris, and Mac OS X. One likely location for
these files is the /usr/share/zoneinfo
directory. If your system does not have a zoneinfo database,
you can use the downloadable package described in
Section 5.10.8, “MySQL Server Time Zone Support”.
For the first invocation syntax, pass the zoneinfo directory
pathname to mysql_tzinfo_to_sql and send
the output into the mysql program. For
example:
shell> mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
mysql_tzinfo_to_sql reads your system's
time zone files and generates SQL statements from them.
mysql processes those statements to load
the time zone tables.
The second syntax causes
mysql_tzinfo_to_sql to load a single time
zone file tz_file that
corresponds to a time zone name
tz_name:
shell> mysql_tzinfo_to_sql tz_filetz_name | mysql -u root mysql
If your time zone needs to account for leap seconds, invoke
mysql_tzinfo_to_sql using the third
syntax, which initializes the leap second information.
tz_file is the name of your time
zone file:
shell> mysql_tzinfo_to_sql --leap tz_file | mysql -u root mysql
5.5.8. mysql_upgrade — Check Tables for MySQL Upgrade
mysql_upgrade should be executed each
time you upgrade MySQL. It checks all tables in all
databases for incompatibilities with the current version of
MySQL Server. If a table is found to have a possible
incompatibility, it is checked. If any problems are found,
the table is repaired. mysql_upgrade also
upgrades the system tables so that you can take advantage of
new privileges or capabilities that might have been added.
All checked and repaired tables are marked with the current
MySQL version number. This ensures that next time you run
mysql_upgrade with the same version of
the server, it can tell whether there is any need to check
or repair the table again.
mysql_upgrade also saves the MySQL
version number in a file named
mysql_upgrade.info in the data
directory. This is used to quickly check if all tables have
been checked for this release so that table-checking can be
skipped. To ignore this file, use the
--force option.
To check and repair tables and to upgrade the system tables,
mysql_upgrade executes the following
commands:
mysql_upgrade supersedes the older
mysql_fix_privilege_tables script. In
MySQL 5.0.19, mysql_upgrade was added as
a shell script and worked only for Unix systems. As of MySQL
5.0.25, mysql_upgrade is an executable
binary and is available on all systems. On systems older
than those supporting mysql_upgrade, you
can execute the mysqlcheck command
manually, and then upgrade your system tables as described
in Section 5.5.4, “mysql_fix_privilege_tables — Upgrade MySQL System Tables”.
For details about what is checked, see the description of
the FOR UPGRADE option of the
CHECK TABLE statement (see
Section 13.5.2.3, “CHECK TABLE Syntax”).
To use mysql_upgrade, make sure that the
server is running, and then invoke it like this:
shell> mysql_upgrade [options]
mysql_upgrade reads options from the
command line and from the [mysql_upgrade]
group in option files. It supports the following options:
--help
Display a short help message and exit.
--basedir=path
The path to the MySQL installation directory.
--datadir=path
The path to the data directory.
--force
Force execution of mysqlcheck even if
mysql_upgrade has already been
executed for the current version of MySQL. (In other
words, this option causes the
mysql_upgrade.info file to be
ignored.)
--user=user_name,
-u user_name
The MySQL username to use when connecting to the server.
The default username is root.
--verbose
Verbose mode. Print more information about what the
program does.
Other options are passed to mysqlcheck
and to mysql_fix_privilege_tables. For
example, it might be necessary to specify the
--password[=password]
option.
This section describes some general security issues to be aware of
and what you can do to make your MySQL installation more secure
against attack or misuse. For information specifically about the
access control system that MySQL uses for setting up user accounts
and checking database access, see
Section 5.7, “The MySQL Access Privilege System”.
Anyone using MySQL on a computer connected to the Internet
should read this section to avoid the most common security
mistakes.
In discussing security, we emphasize the necessity of fully
protecting the entire server host (not just the MySQL server)
against all types of applicable attacks: eavesdropping,
altering, playback, and denial of service. We do not cover all
aspects of availability and fault tolerance here.
MySQL uses security based on Access Control Lists (ACLs) for all
connections, queries, and other operations that users can
attempt to perform. There is also support for SSL-encrypted
connections between MySQL clients and servers. Many of the
concepts discussed here are not specific to MySQL at all; the
same general ideas apply to almost all applications.
When running MySQL, follow these guidelines whenever possible:
Do not ever give anyone (except MySQL
root accounts) access to the
user table in the
mysql database! This is
critical.
Learn the MySQL access privilege system. The
GRANT and REVOKE
statements are used for controlling access to MySQL. Do not
grant more privileges than necessary. Never grant privileges
to all hosts.
Checklist:
Try mysql -u root. If you are able to
connect successfully to the server without being asked
for a password, anyone can connect to your MySQL server
as the MySQL root user with full
privileges! Review the MySQL installation instructions,
paying particular attention to the information about
setting a root password. See
Section 2.4.15.3, “Securing the Initial MySQL Accounts”.
Use the SHOW GRANTS statement to
check which accounts have access to what. Then use the
REVOKE statement to remove those
privileges that are not necessary.
Do not store any plain-text passwords in your database. If
your computer becomes compromised, the intruder can take the
full list of passwords and use them. Instead, use
MD5(), SHA1(), or some
other one-way hashing function and store the hash value.
Do not choose passwords from dictionaries. Special programs
exist to break passwords. Even passwords like
“xfish98” are very bad. Much better is
“duag98” which contains the same word
“fish” but typed one key to the left on a
standard QWERTY keyboard. Another method is to use a
password that is taken from the first characters of each
word in a sentence (for example, “Mary had a little
lamb” results in a password of “Mhall”).
The password is easy to remember and type, but difficult to
guess for someone who does not know the sentence.
Invest in a firewall. This protects you from at least 50% of
all types of exploits in any software. Put MySQL behind the
firewall or in a demilitarized zone (DMZ).
Checklist:
Try to scan your ports from the Internet using a tool
such as nmap. MySQL uses port 3306 by
default. This port should not be accessible from
untrusted hosts. Another simple way to check whether or
not your MySQL port is open is to try the following
command from some remote machine, where
server_host is the hostname
or IP number of the host on which your MySQL server
runs:
shell> telnet server_host 3306
If you get a connection and some garbage characters, the
port is open, and should be closed on your firewall or
router, unless you really have a good reason to keep it
open. If telnet hangs or the
connection is refused, the port is blocked, which is how
you want it to be.
Do not trust any data entered by users of your applications.
They can try to trick your code by entering special or
escaped character sequences in Web forms, URLs, or whatever
application you have built. Be sure that your application
remains secure if a user enters something like
“; DROP DATABASE mysql;”.
This is an extreme example, but large security leaks and
data loss might occur as a result of hackers using similar
techniques, if you do not prepare for them.
A common mistake is to protect only string data values.
Remember to check numeric data as well. If an application
generates a query such as SELECT * FROM table WHERE
ID=234 when a user enters the value
234, the user can enter the value
234 OR 1=1 to cause the application to
generate the query SELECT * FROM table WHERE ID=234
OR 1=1. As a result, the server retrieves every
row in the table. This exposes every row and causes
excessive server load. The simplest way to protect from this
type of attack is to use single quotes around the numeric
constants: SELECT * FROM table WHERE
ID='234'. If the user enters extra information, it
all becomes part of the string. In a numeric context, MySQL
automatically converts this string to a number and strips
any trailing non-numeric characters from it.
Sometimes people think that if a database contains only
publicly available data, it need not be protected. This is
incorrect. Even if it is allowable to display any row in the
database, you should still protect against denial of service
attacks (for example, those that are based on the technique
in the preceding paragraph that causes the server to waste
resources). Otherwise, your server becomes unresponsive to
legitimate users.
Checklist:
Try to enter single and double quote marks
(‘'’ and
‘"’) in all of your Web
forms. If you get any kind of MySQL error, investigate
the problem right away.
Try to modify dynamic URLs by adding
%22
(‘"’),
%23
(‘#’), and
%27
(‘'’) to them.
Try to modify data types in dynamic URLs from numeric to
character types using the characters shown in the
previous examples. Your application should be safe
against these and similar attacks.
Try to enter characters, spaces, and special symbols
rather than numbers in numeric fields. Your application
should remove them before passing them to MySQL or else
generate an error. Passing unchecked values to MySQL is
very dangerous!
Check the size of data before passing it to MySQL.
Have your application connect to the database using a
username different from the one you use for
administrative purposes. Do not give your applications
any access privileges they do not need.
Many application programming interfaces provide a means of
escaping special characters in data values. Properly used,
this prevents application users from entering values that
cause the application to generate statements that have a
different effect than you intend:
MySQL C API: Use the
mysql_real_escape_string() API call.
MySQL++: Use the escape and
quote modifiers for query streams.
PHP: Use the
mysql_real_escape_string() function
(available as of PHP 4.3.0, prior to that PHP version
use mysql_escape_string(), and
prior to PHP 4.0.3, use
addslashes() ). Note that only
mysql_real_escape_string() is
character set-aware; the other functions can be
“bypassed” when using (invalid) multi-byte
character sets. In PHP 5, you can use the
mysqli extension, which supports the
improved MySQL authentication protocol and passwords, as
well as prepared statements with placeholders.
Perl DBI: Use placeholders or the
quote() method.
Ruby DBI: Use placeholders or the
quote() method.
Java JDBC: Use a PreparedStatement
object and placeholders.
Other programming interfaces might have similar
capabilities.
Do not transmit plain (unencrypted) data over the Internet.
This information is accessible to everyone who has the time
and ability to intercept it and use it for their own
purposes. Instead, use an encrypted protocol such as SSL or
SSH. MySQL supports internal SSL connections as of version
4.0. Another technique is to use SSH port-forwarding to
create an encrypted (and compressed) tunnel for the
communication.
Learn to use the tcpdump and
strings utilities. In most cases, you can
check whether MySQL data streams are unencrypted by issuing
a command like the following:
shell> tcpdump -l -i eth0 -w - src or dst port 3306 | strings
(This works under Linux and should work with small
modifications under other systems.) Warning: If you do not
see plaintext data, this doesn't always mean that the
information actually is encrypted. If you need high
security, you should consult with a security expert.
5.6.2. Making MySQL Secure Against Attackers
When you connect to a MySQL server, you should use a password.
The password is not transmitted in clear text over the
connection. Password handling during the client connection
sequence was upgraded in MySQL 4.1.1 to be very secure. If you
are still using pre-4.1.1-style passwords, the encryption
algorithm is not as strong as the newer algorithm. With some
effort, a clever attacker who can sniff the traffic between the
client and the server can crack the password. (See
Section 5.7.9, “Password Hashing as of MySQL 4.1”, for a discussion of the
different password handling methods.)
MySQL Enterprise
The MySQL Network Monitoring and Advisory Service enforces
best practices for maximizing the security of your servers.
For more information see
http://www.mysql.com/products/enterprise/advisors.html.
All other information is transferred as text, and can be read by
anyone who is able to watch the connection. If the connection
between the client and the server goes through an untrusted
network, and you are concerned about this, you can use the
compressed protocol to make traffic much more difficult to
decipher. You can also use MySQL's internal SSL support to make
the connection even more secure. See
Section 5.8.7, “Using Secure Connections”. Alternatively, use SSH to
get an encrypted TCP/IP connection between a MySQL server and a
MySQL client. You can find an Open Source SSH client at
http://www.openssh.org/, and a commercial SSH
client at http://www.ssh.com/.
To make a MySQL system secure, you should strongly consider the
following suggestions:
Require all MySQL accounts to have a password. A client
program does not necessarily know the identity of the person
running it. It is common for client/server applications that
the user can specify any username to the client program. For
example, anyone can use the mysql program
to connect as any other person simply by invoking it as
mysql -u other_userdb_name if
other_user has no password. If
all accounts have a password, connecting using another
user's account becomes much more difficult.
Never run the MySQL server as the Unix
root user. This is extremely dangerous,
because any user with the FILE privilege
is able to cause the server to create files as
root (for example,
~root/.bashrc). To prevent this,
mysqld refuses to run as
root unless that is specified explicitly
using the --user=root option.
mysqld can (and should) be run as an
ordinary, unprivileged user instead. You can create a
separate Unix account named mysql to make
everything even more secure. Use this account only for
administering MySQL. To start mysqld as a
different Unix user, add a user option
that specifies the username in the
[mysqld] group of the
my.cnf option file where you specify
server options. For example:
Running mysqld as a Unix user other than
root does not mean that you need to
change the root username in the
user table. Usernames for MySQL
accounts have nothing to do with usernames for Unix
accounts.
Do not allow the use of symlinks to tables. (This capability
can be disabled with the
--skip-symbolic-links option.) This is
especially important if you run mysqld as
root, because anyone that has write
access to the server's data directory then could delete any
file in the system! See
Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
Make sure that the only Unix user with read or write
privileges in the database directories is the user that
mysqld runs as.
Do not grant the PROCESS or
SUPER privilege to non-administrative
users. The output of mysqladmin
processlist and SHOW
PROCESSLIST shows the text of any statements
currently being executed, so any user who is allowed to see
the server process list might be able to see statements
issued by other users such as UPDATE user SET
password=PASSWORD('not_secure').
mysqld reserves an extra connection for
users who have the SUPER privilege, so
that a MySQL root user can log in and
check server activity even if all normal connections are in
use.
The SUPER privilege can be used to
terminate client connections, change server operation by
changing the value of system variables, and control
replication servers.
Do not grant the FILE privilege to
non-administrative users. Any user that has this privilege
can write a file anywhere in the filesystem with the
privileges of the mysqld daemon. To make
this a bit safer, files generated with SELECT ...
INTO OUTFILE do not overwrite existing files and
are writable by everyone.
The FILE privilege may also be used to
read any file that is world-readable or accessible to the
Unix user that the server runs as. With this privilege, you
can read any file into a database table. This could be
abused, for example, by using LOAD DATA
to load /etc/passwd into a table, which
then can be displayed with SELECT.
If you do not trust your DNS, you should use IP numbers
rather than hostnames in the grant tables. In any case, you
should be very careful about creating grant table entries
using hostname values that contain wildcards.
If you want to restrict the number of connections allowed to
a single account, you can do so by setting the
max_user_connections variable in
mysqld. The GRANT
statement also supports resource control options for
limiting the extent of server use allowed to an account. See
Section 13.5.1.3, “GRANT Syntax”.
--ssl*
Options that begin with --ssl specify
whether to allow clients to connect via SSL and indicate
where to find SSL keys and certificates. See
Section 5.8.7.3, “SSL Command Options”.
5.6.3. Security-Related mysqld Options
The following mysqld options affect security:
--allow-suspicious-udfs
This option controls whether user-defined functions that
have only an xxx symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded; this prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. For MySQL 5.0, this option was added in MySQL 5.0.3.
See Section 24.2.4.6, “User-Defined Function Security Precautions”.
Force the server to generate short (pre-4.1) password hashes
for new passwords. This is useful for compatibility when the
server must support older client programs. See
Section 5.7.9, “Password Hashing as of MySQL 4.1”.
MySQL Enterprise
The MySQL Network Monitoring and Advisory Service offers
advice on the security implications of using this option.
For subscription information see
http://www.mysql.com/products/enterprise/advisors.html.
--safe-show-database
(OBSOLETE)
In previous versions of MySQL, this option caused the
SHOW DATABASES statement to display the
names of only those databases for which the user had some
kind of privilege. In MySQL 5.0, this option is
no longer available as this is now the default behavior, and
there is a SHOW DATABASES privilege that
can be used to control access to database names on a
per-account basis. See Section 13.5.1.3, “GRANT Syntax”.
--safe-user-create
If this option is enabled, a user cannot create new MySQL
users by using the GRANT statement unless
the user has the INSERT privilege for the
mysql.user table or any column in the
table. If you want a user to have the ability to create new
users that have those privileges that the user has the right
to grant, you should grant the user the following privilege:
GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
This ensures that the user cannot change any privilege
columns directly, but has to use the
GRANT statement to give privileges to
other users.
--secure-auth
Disallow authentication for accounts that have old (pre-4.1)
passwords.
The mysql client also has a
--secure-auth option, which prevents
connections to a server if the server requires a password in
old format for the client account.
--secure-file-priv=path
This option limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in the
specified directory.
This option was added in MySQL 5.0.38.
--skip-grant-tables
This option causes the server not to use the privilege
system at all. This gives anyone with access to the server
unrestricted access to all
databases. You can cause a running server to
start using the grant tables again by executing
mysqladmin flush-privileges or
mysqladmin reload command from a system
shell, or by issuing a MySQL FLUSH
PRIVILEGES statement. This option also suppresses
loading of user-defined functions (UDFs).
--skip-name-resolve
Hostnames are not resolved. All Host
column values in the grant tables must be IP numbers or
localhost.
--skip-networking
Do not allow TCP/IP connections over the network. All
connections to mysqld must be made via
Unix socket files.
--skip-show-database
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES privilege, and the
statement displays all database names. Without this option,
SHOW DATABASES is allowed to all users,
but displays each database name only if the user has the
SHOW DATABASES privilege or some
privilege for the database. Note that any global privilege
is a privilege for the database.
5.6.4. Security Issues with LOAD DATA LOCAL
The LOAD DATA statement can load a file that
is located on the server host, or it can load a file that is
located on the client host when the LOCAL
keyword is specified.
There are two potential security issues with supporting the
LOCAL version of LOAD DATA
statements:
The transfer of the file from the client host to the server
host is initiated by the MySQL server. In theory, a patched
server could be built that would tell the client program to
transfer a file of the server's choosing rather than the
file named by the client in the LOAD DATA
statement. Such a server could access any file on the client
host to which the client user has read access.
In a Web environment where the clients are connecting from a
Web server, a user could use LOAD DATA
LOCAL to read any files that the Web server
process has read access to (assuming that a user could run
any command against the SQL server). In this environment,
the client with respect to the MySQL server actually is the
Web server, not the remote program being run by the user who
connects to the Web server.
To deal with these problems, we changed how LOAD DATA
LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2
(4.0.13 on Windows):
By default, all MySQL clients and libraries in binary
distributions are compiled with the
--enable-local-infile option, to be
compatible with MySQL 3.23.48 and before.
If you build MySQL from source but do not invoke
configure with the
--enable-local-infile option, LOAD
DATA LOCAL cannot be used by any client unless it
is written explicitly to invoke mysql_options(...
MYSQL_OPT_LOCAL_INFILE, 0). See
Section 22.2.3.49, “mysql_options()”.
You can disable all LOAD DATA LOCAL
commands from the server side by starting
mysqld with the
--local-infile=0 option.
For the mysql command-line client,
LOAD DATA LOCAL can be enabled by
specifying the --local-infile[=1] option,
or disabled with the --local-infile=0
option. Similarly, for mysqlimport, the
--local or -L option
enables local data file loading. In any case, successful use
of a local loading operation requires that the server is
enabled to allow it.
If you use LOAD DATA LOCAL in Perl
scripts or other programs that read the
[client] group from option files, you can
add the local-infile=1 option to that
group. However, to keep this from causing problems for
programs that do not understand
local-infile, specify it using the
loose- prefix:
[client]
loose-local-infile=1
If LOAD DATA LOCAL INFILE is disabled,
either in the server or the client, a client that attempts
to issue such a statement receives the following error
message:
ERROR 1148: The used command is not allowed with this MySQL version
MySQL Enterprise
Security advisors notify subscribers to the MySQL Network
Monitoring and Advisory Service whenever a server is started
with the --local-infile option enabled. For
more information see
http://www.mysql.com/products/enterprise/advisors.html.
5.6.5. How to Run MySQL as a Normal User
On Windows, you can run the server as a Windows service using a
normal user account.
On Unix, the MySQL server mysqld can be
started and run by any user. However, you should avoid running
the server as the Unix root user for security
reasons. To change mysqld to run as a normal
unprivileged Unix user user_name, you
must do the following:
Stop the server if it's running (use mysqladmin
shutdown).
Change the database directories and files so that
user_name has privileges to read
and write files in them (you might need to do this as the
Unix root user):
shell> chown -R user_name/path/to/mysql/datadir
If you do not do this, the server will not be able to access
databases or tables when it runs as
user_name.
If directories or files within the MySQL data directory are
symbolic links, you'll also need to follow those links and
change the directories and files they point to.
chown -R might not follow symbolic links
for you.
Start the server as user
user_name. If you are using MySQL
3.22 or later, another alternative is to start
mysqld as the Unix
root user and use the
--user=user_name
option. mysqld starts up, then switches
to run as the Unix user user_name
before accepting any connections.
To start the server as the given user automatically at
system startup time, specify the username by adding a
user option to the
[mysqld] group of the
/etc/my.cnf option file or the
my.cnf option file in the server's data
directory. For example:
[mysqld]
user=user_name
If your Unix machine itself isn't secured, you should assign
passwords to the MySQL root accounts in the
grant tables. Otherwise, any user with a login account on that
machine can run the mysql client with a
--user=root option and perform any operation.
(It is a good idea to assign passwords to MySQL accounts in any
case, but especially so when other login accounts exist on the
server host.) See Section 2.4.15, “Post-Installation Setup and Testing”.
MySQL has an advanced but non-standard security and privilege
system. The following discussion describes how it works.
5.7.1. What the Privilege System Does
The primary function of the MySQL privilege system is to
authenticate a user who connects from a given host and to
associate that user with privileges on a database such as
SELECT, INSERT,
UPDATE, and DELETE.
Additional functionality includes the ability to have anonymous
users and to grant privileges for MySQL-specific functions such
as LOAD DATA INFILE and administrative
operations.
5.7.2. How the Privilege System Works
The MySQL privilege system ensures that all users may perform
only the operations allowed to them. As a user, when you connect
to a MySQL server, your identity is determined by the
host from which you connect and the
username you specify. When you issue requests after
connecting, the system grants privileges according to your
identity and what you want to do.
MySQL considers both your hostname and username in identifying
you because there is little reason to assume that a given
username belongs to the same person everywhere on the Internet.
For example, the user joe who connects from
office.example.com need not be the same
person as the user joe who connects from
home.example.com. MySQL handles this by
allowing you to distinguish users on different hosts that happen
to have the same name: You can grant one set of privileges for
connections by joe from
office.example.com, and a different set of
privileges for connections by joe from
home.example.com.
MySQL access control involves two stages when you run a client
program that connects to the server:
Stage 1: The server checks whether it should allow you to
connect.
Stage 2: Assuming that you can connect, the server checks
each statement you issue to determine whether you have
sufficient privileges to perform it. For example, if you try
to select rows from a table in a database or drop a table
from the database, the server verifies that you have the
SELECT privilege for the table or the
DROP privilege for the database.
If your privileges are changed (either by yourself or someone
else) while you are connected, those changes do not necessarily
take effect immediately for the next statement that you issue.
See Section 5.7.7, “When Privilege Changes Take Effect”, for details.
The server stores privilege information in the grant tables of
the mysql database (that is, in the database
named mysql). The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.7.7, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
Normally, you manipulate the contents of the grant tables
indirectly by using statements such as GRANT
and REVOKE to set up accounts and control the
privileges available to each one. See
Section 13.5.1, “Account Management Statements”. The discussion here
describes the underlying structure of the grant tables and how
the server uses their contents when interacting with clients.
The server uses the user,
db, and host tables in the
mysql database at both stages of access
control. The columns in the user and
db tables are shown here. The
host table is similar to the
db table but has a specialized use as
described in Section 5.7.6, “Access Control, Stage 2: Request Verification”.
Table Name
user
db
Scope columns
Host
Host
User
Db
Password
User
Privilege columns
Select_priv
Select_priv
Insert_priv
Insert_priv
Update_priv
Update_priv
Delete_priv
Delete_priv
Index_priv
Index_priv
Alter_priv
Alter_priv
Create_priv
Create_priv
Drop_priv
Drop_priv
Grant_priv
Grant_priv
Create_view_priv
Create_view_priv
Show_view_priv
Show_view_priv
Create_routine_priv
Create_routine_priv
Alter_routine_priv
Alter_routine_priv
Execute_priv
Execute_priv
Create_tmp_table_priv
Create_tmp_table_priv
Lock_tables_priv
Lock_tables_priv
References_priv
References_priv
Reload_priv
Shutdown_priv
Process_priv
File_priv
Show_db_priv
Super_priv
Repl_slave_priv
Repl_client_priv
Create_user_priv
Security columns
ssl_type
ssl_cipher
x509_issuer
x509_subject
Resource control columns
max_questions
max_updates
max_connections
max_user_connections
Execute_priv was present in MySQL 5.0.0, but
did not become operational until MySQL 5.0.3.
The Create_view_priv and
Show_view_priv columns were added in MySQL
5.0.1.
The Create_routine_priv,
Alter_routine_priv, and
max_user_connections columns were added in
MySQL 5.0.3.
During the second stage of access control, the server performs
request verification to make sure that each client has
sufficient privileges for each request that it issues. In
addition to the user, db,
and host grant tables, the server may also
consult the tables_priv and
columns_priv tables for requests that involve
tables. The tables_priv and
columns_priv tables provide finer privilege
control at the table and column levels. They have the following
columns:
Table Name
tables_priv
columns_priv
Scope columns
Host
Host
Db
Db
User
User
Table_name
Table_name
Column_name
Privilege columns
Table_priv
Column_priv
Column_priv
Other columns
Timestamp
Timestamp
Grantor
The Timestamp and Grantor
columns currently are unused and are discussed no further here.
For verification of requests that involve stored routines, the
server may consult the procs_priv table. This
table has the following columns:
Table Name
procs_priv
Scope columns
Host
Db
User
Routine_name
Routine_type
Privilege columns
Proc_priv
Other columns
Timestamp
Grantor
The procs_priv table exists as of MySQL
5.0.3. The Routine_type column was added in
MySQL 5.0.6. It is an ENUM column with values
of 'FUNCTION' or
'PROCEDURE' to indicate the type of routine
the row refers to. This column allows privileges to be granted
separately for a function and a procedure with the same name.
The Timestamp and Grantor
columns currently are unused and are discussed no further here.
Each grant table contains scope columns and privilege columns:
Scope columns determine the scope of each row (entry) in the
tables; that is, the context in which the row applies. For
example, a user table row with
Host and User values
of 'thomas.loc.gov' and
'bob' would be used for authenticating
connections made to the server from the host
thomas.loc.gov by a client that specifies
a username of bob. Similarly, a
db table row with
Host, User, and
Db column values of
'thomas.loc.gov',
'bob' and 'reports'
would be used when bob connects from the
host thomas.loc.gov to access the
reports database. The
tables_priv and
columns_priv tables contain scope columns
indicating tables or table/column combinations to which each
row applies. The procs_priv scope columns
indicate the stored routine to which each row applies.
Privilege columns indicate which privileges are granted by a
table row; that is, what operations can be performed. The
server combines the information in the various grant tables
to form a complete description of a user's privileges.
Section 5.7.6, “Access Control, Stage 2: Request Verification”, describes the rules that
are used to do this.
Scope columns contain strings. They are declared as shown here;
the default value for each is the empty string:
Column Name
Type
Host
CHAR(60)
User
CHAR(16)
Password
CHAR(16)
Db
CHAR(64)
Table_name
CHAR(64)
Column_name
CHAR(64)
Routine_name
CHAR(64)
For access-checking purposes, comparisons of
Host values are case-insensitive.
User, Password,
Db, and Table_name values
are case sensitive. Column_name and
Routine_name values are case insensitive.
In the user, db, and
host tables, each privilege is listed in a
separate column that is declared as ENUM('N','Y')
DEFAULT 'N'. In other words, each privilege can be
disabled or enabled, with the default being disabled.
In the tables_priv,
columns_priv, and
procs_priv tables, the privilege columns are
declared as SET columns. Values in these
columns can contain any combination of the privileges controlled
by the table:
Briefly, the server uses the grant tables in the following
manner:
The user table scope columns determine
whether to reject or allow incoming connections. For allowed
connections, any privileges granted in the
user table indicate the user's global
(superuser) privileges. Any privilege granted in this table
applies to all databases on the server.
Note: Because any global
privilege is considered a privilege for all databases, any
global privilege enables a user to see all database names
with SHOW DATABASES or by examining the
SCHEMATA table of
INFORMATION_SCHEMA.
The db table scope columns determine
which users can access which databases from which hosts. The
privilege columns determine which operations are allowed. A
privilege granted at the database level applies to the
database and to all its tables.
The host table is used in conjunction
with the db table when you want a given
db table row to apply to several hosts.
For example, if you want a user to be able to use a database
from several hosts in your network, leave the
Host value empty in the user's
db table row, then populate the
host table with a row for each of those
hosts. This mechanism is described more detail in
Section 5.7.6, “Access Control, Stage 2: Request Verification”.
Note: The
host table must be modified directly with
statements such as INSERT,
UPDATE, and DELETE. It
is not affected by statements such as
GRANT and REVOKE that
modify the grant tables indirectly. Most MySQL installations
need not use this table at all.
The tables_priv and
columns_priv tables are similar to the
db table, but are more fine-grained: They
apply at the table and column levels rather than at the
database level. A privilege granted at the table level
applies to the table and to all its columns. A privilege
granted at the column level applies only to a specific
column.
The procs_priv table applies to stored
routines. A privilege granted at the routine level applies
only to a single routine.
Administrative privileges (such as RELOAD or
SHUTDOWN) are specified only in the
user table. The reason for this is that
administrative operations are operations on the server itself
and are not database-specific, so there is no reason to list
these privileges in the other grant tables. In fact, to
determine whether you can perform an administrative operation,
the server need consult only the user table.
The FILE privilege also is specified only in
the user table. It is not an administrative
privilege as such, but your ability to read or write files on
the server host is independent of the database you are
accessing.
The mysqld server reads the contents of the
grant tables into memory when it starts. You can tell it to
re-read the tables by issuing a FLUSH
PRIVILEGES statement or executing a
mysqladmin flush-privileges or
mysqladmin reload command. Changes to the
grant tables take effect as indicated in
Section 5.7.7, “When Privilege Changes Take Effect”.
When you modify the contents of the grant tables, it is a good
idea to make sure that your changes set up privileges the way
you want. To check the privileges for a given account, use the
SHOW GRANTS statement. (See
Section 13.5.4.12, “SHOW GRANTS Syntax”.) For example, to determine the
privileges that are granted to an account with
Host and User values of
pc84.example.com and bob,
issue this statement:
Information about account privileges is stored in the
user, db,
host, tables_priv,
columns_priv, and
procs_priv tables in the
mysql database. The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.7.7, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
The names used in the GRANT and
REVOKE statements to refer to privileges are
shown in the following table, along with the column name
associated with each privilege in the grant tables and the
context in which the privilege applies. Further information
about the meaning of each privilege may be found at
Section 13.5.1.3, “GRANT Syntax”.
Privilege
Column
Context
CREATE
Create_priv
databases, tables, or indexes
DROP
Drop_priv
databases or tables
GRANT OPTION
Grant_priv
databases, tables, or stored routines
REFERENCES
References_priv
databases or tables
ALTER
Alter_priv
tables
DELETE
Delete_priv
tables
INDEX
Index_priv
tables
INSERT
Insert_priv
tables
SELECT
Select_priv
tables
UPDATE
Update_priv
tables
CREATE VIEW
Create_view_priv
views
SHOW VIEW
Show_view_priv
views
ALTER ROUTINE
Alter_routine_priv
stored routines
CREATE ROUTINE
Create_routine_priv
stored routines
EXECUTE
Execute_priv
stored routines
FILE
File_priv
file access on server host
CREATE TEMPORARY TABLES
Create_tmp_table_priv
server administration
LOCK TABLES
Lock_tables_priv
server administration
CREATE USER
Create_user_priv
server administration
PROCESS
Process_priv
server administration
RELOAD
Reload_priv
server administration
REPLICATION CLIENT
Repl_client_priv
server administration
REPLICATION SLAVE
Repl_slave_priv
server administration
SHOW DATABASES
Show_db_priv
server administration
SHUTDOWN
Shutdown_priv
server administration
SUPER
Super_priv
server administration
Some releases of MySQL introduce changes to the structure of the
grant tables to add new privileges or features. Whenever you
update to a new version of MySQL, you should update your grant
tables to make sure that they have the current structure so that
you can take advantage of any new capabilities. See
Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”.
CREATE VIEW and SHOW VIEW
were added in MySQL 5.0.1. CREATE USER,
CREATE ROUTINE, and ALTER
ROUTINE were added in MySQL 5.0.3. Although
EXECUTE was present in MySQL 5.0.0, it did
not become operational until MySQL 5.0.3.
The CREATE and DROP
privileges allow you to create new databases and tables, or to
drop (remove) existing databases and tables. If you
grant the DROP privilege for the
mysql database to a user, that user can drop
the database in which the MySQL access privileges are
stored.
The SELECT, INSERT,
UPDATE, and DELETE
privileges allow you to perform operations on rows in existing
tables in a database. INSERT is also required
for the ANALYZE TABLE, OPTIMIZE
TABLE, and REPAIR TABLE
table-maintenance statements.
SELECT statements require the
SELECT privilege only if they actually
retrieve rows from a table. Some SELECT
statements do not access tables and can be executed without
permission for any database. For example, you can use the
mysql client as a simple calculator to
evaluate expressions that make no reference to tables:
SELECT 1+1;
SELECT PI()*2;
The INDEX privilege enables you to create or
drop (remove) indexes. INDEX applies to
existing tables. If you have the CREATE
privilege for a table, you can include index definitions in the
CREATE TABLE statement.
The ALTER privilege enables you to use
ALTER TABLE to change the structure of or
rename tables.
MySQL Enterprise
In some circumstances the ALTER privilege
is entirely unnecessary — on slaves where there are no
non-replicated tables, for instance. The MySQL Network
Monitoring and Advisory Service notifies subscribers when
accounts have inappropriate privileges. For more information
see http://www.mysql.com/products/enterprise/advisors.html.
The CREATE ROUTINE privilege is needed for
creating stored routines (functions and procedures).
ALTER ROUTINE privilege is needed for
altering or dropping stored routines, and
EXECUTE is needed for executing stored
routines.
The GRANT privilege enables you to give to
other users those privileges that you yourself possess. It can
be used for databases, tables, and stored routines.
The FILE privilege gives you permission to
read and write files on the server host using the LOAD
DATA INFILE and SELECT ... INTO
OUTFILE statements. A user who has the
FILE privilege can read any file on the
server host that is either world-readable or readable by the
MySQL server. (This implies the user can read any file in any
database directory, because the server can access any of those
files.) The FILE privilege also enables the
user to create new files in any directory where the MySQL server
has write access. As a security measure, the server will not
overwrite existing files.
The remaining privileges are used for administrative operations.
Many of them can be performed by using the
mysqladmin program or by issuing SQL
statements. The following table shows which
mysqladmin commands each administrative
privilege enables you to execute:
The reload command tells the server to
re-read the grant tables into memory.
flush-privileges is a synonym for
reload. The refresh
command closes and reopens the log files and flushes all tables.
The other
flush-xxx commands
perform functions similar to refresh, but are
more specific and may be preferable in some instances. For
example, if you want to flush just the log files,
flush-logs is a better choice than
refresh.
The shutdown command shuts down the server.
There is no corresponding SQL statement.
The processlist command displays information
about the threads executing within the server (that is,
information about the statements being executed by clients). The
kill command terminates server threads. You
can always display or kill your own threads, but you need the
PROCESS privilege to display threads
initiated by other users and the SUPER
privilege to kill them. See Section 13.5.5.3, “KILL Syntax”.
The CREATE TEMPORARY TABLES privilege enables
the use of the keyword TEMPORARY in
CREATE TABLE statements.
The LOCK TABLES privilege enables the use of
explicit LOCK TABLES statements to lock
tables for which you have the SELECT
privilege. This includes the use of write locks, which prevents
anyone else from reading the locked table.
The REPLICATION CLIENT privilege enables the
use of SHOW MASTER STATUS and SHOW
SLAVE STATUS.
The REPLICATION SLAVE privilege should be
granted to accounts that are used by slave servers to connect to
the current server as their master. Without this privilege, the
slave cannot request updates that have been made to databases on
the master server.
The SHOW DATABASES privilege allows the
account to see database names by issuing the SHOW
DATABASE statement. Accounts that do not have this
privilege see only databases for which they have some
privileges, and cannot use the statement at all if the server
was started with the --skip-show-database
option. Note that any global privilege is a
privilege for the database.
It is a good idea to grant to an account only those privileges
that it needs. You should exercise particular caution in
granting the FILE and administrative
privileges:
The FILE privilege can be abused to read
into a database table any files that the MySQL server can
read on the server host. This includes all world-readable
files and files in the server's data directory. The table
can then be accessed using SELECT to
transfer its contents to the client host.
The GRANT privilege enables users to give
their privileges to other users. Two users that have
different privileges and with the GRANT
privilege are able to combine privileges.
The ALTER privilege may be used to
subvert the privilege system by renaming tables.
The SHUTDOWN privilege can be abused to
deny service to other users entirely by terminating the
server.
The PROCESS privilege can be used to view
the plain text of currently executing statements, including
statements that set or change passwords.
The SUPER privilege can be used to
terminate other clients or change how the server operates.
Privileges granted for the mysql database
itself can be used to change passwords and other access
privilege information. Passwords are stored encrypted, so a
malicious user cannot simply read them to know the plain
text password. However, a user with write access to the
user table Password
column can change an account's password, and then connect to
the MySQL server using that account.
MySQL Enterprise
Accounts with unnecessary global privileges constitute a
security risk. Subscribers to the MySQL Network Monitoring
and Advisory Service are automatically alerted to the
existence of such accounts. For detailed information see
http://www.mysql.com/products/enterprise/advisors.html.
There are some things that you cannot do with the MySQL
privilege system:
You cannot explicitly specify that a given user should be
denied access. That is, you cannot explicitly match a user
and then refuse the connection.
You cannot specify that a user has privileges to create or
drop tables in a database but not to create or drop the
database itself.
A password applies globally to an account. You cannot
associate a password with a specific object such as a
database, table, or routine.
5.7.4. Connecting to the MySQL Server
MySQL client programs generally expect you to specify certain
connection parameters when you want to access a MySQL server:
The name of the host where the MySQL server is running
Your username
Your password
For example, the mysql client can be started
as follows from a command-line prompt (indicated here by
shell>):
shell> mysql -h host_name -u user_name -pyour_pass
Alternative forms of the -h,
-u, and -p options are
--host=host_name,
--user=user_name,
and
--password=your_pass.
Note that there is no space between
-p or --password= and the
password following it.
If you use a -p or --password
option but do not specify the password value, the client program
prompts you to enter the password. The password is not displayed
as you enter it. This is more secure than giving the password on
the command line. Any user on your system may be able to see a
password specified on the command line by executing a command
such as ps auxw. See
Section 5.8.6, “Keeping Your Password Secure”.
MySQL client programs use default values for any connection
parameter option that you do not specify:
The default hostname is localhost.
The default username is ODBC on Windows
and your Unix login name on Unix.
No password is supplied if neither -p nor
--passwordis given.
Thus, for a Unix user with a login name of
joe, all of the following commands are
equivalent:
shell> mysql -h localhost -u joe
shell> mysql -h localhost
shell> mysql -u joe
shell> mysql
Other MySQL clients behave similarly.
You can specify different default values to be used when you
make a connection so that you need not enter them on the command
line each time you invoke a client program. This can be done in
a couple of ways:
You can specify connection parameters in the
[client] section of an option file. The
relevant section of the file might look like this:
You can specify some connection parameters using environment
variables. The host can be specified for
mysql using
MYSQL_HOST. The MySQL username can be
specified using USER (this is for Windows
and NetWare only). The password can be specified using
MYSQL_PWD, although this is insecure; see
Section 5.8.6, “Keeping Your Password Secure”. For a list of
variables, see Section 2.4.19, “Environment Variables”.
When you attempt to connect to a MySQL server, the server
accepts or rejects the connection based on your identity and
whether you can verify your identity by supplying the correct
password. If not, the server denies access to you completely.
Otherwise, the server accepts the connection, and then enters
Stage 2 and waits for requests.
Your identity is based on two pieces of information:
The client host from which you connect
Your MySQL username
Identity checking is performed using the three
user table scope columns
(Host, User, and
Password). The server accepts the connection
only if the Host and User
columns in some user table row match the
client hostname and username and the client supplies the
password specified in that row.
Host values in the user
table may be specified as follows:
A Host value may be a hostname or an IP
number, or 'localhost' to indicate the
local host.
You can use the wildcard characters
‘%’ and
‘_’ in
Host column values. These have the same
meaning as for pattern-matching operations performed with
the LIKE operator. For example, a
Host value of '%'
matches any hostname, whereas a value of
'%.mysql.com' matches any host in the
mysql.com domain.
MySQL Enterprise
An overly broad host specifier such as
‘%’ constitutes a security
risk. The MySQL Network Monitoring and Advisory Service
provides safeguards against this kind of vulnerability.
For more information see
http://www.mysql.com/products/enterprise/advisors.html.
For Host values specified as IP numbers,
you can specify a netmask indicating how many address bits
to use for the network number. For example:
GRANT ALL PRIVILEGES ON db.* TO david@'192.58.197.0/255.255.255.0';
This allows david to connect from any
client host having an IP number client_ip
for which the following condition is true:
client_ip & netmask = host_ip
That is, for the GRANT statement just
shown:
client_ip & 255.255.255.0 = 192.58.197.0
IP numbers that satisfy this condition and can connect to
the MySQL server are those in the range from
192.58.197.0 to
192.58.197.255.
Note: The netmask can only be used to tell the server to use
8, 16, 24, or 32 bits of the address. Examples:
192.0.0.0/255.0.0.0: anything on the
192 class A network
192.168.0.0/255.255.0.0: anything on
the 192.168 class B network
192.168.1.0/255.255.255.0: anything
on the 192.168.1 class C network
192.168.1.1: only this specific IP
The following netmask (28 bits) will not work:
192.168.0.1/255.255.255.240
A blank Host value in a
db table row means that its privileges
should be combined with those in the row in the
host table that matches the client
hostname. The privileges are combined using an AND
(intersection) operation, not OR (union).
Section 5.7.6, “Access Control, Stage 2: Request Verification”, discusses use of the
host table further.
A blank Host value in the other grant
tables is the same as '%'.
Because you can use IP wildcard values in the
Host column (for example,
'144.155.166.%' to match every host on a
subnet), someone could try to exploit this capability by naming
a host 144.155.166.somewhere.com. To foil
such attempts, MySQL disallows matching on hostnames that start
with digits and a dot. Thus, if you have a host named something
like 1.2.foo.com, its name never matches the
Host column of the grant tables. An IP
wildcard value can match only IP numbers, not hostnames.
In the User column, wildcard characters are
not allowed, but you can specify a blank value, which matches
any name. If the user table row that matches
an incoming connection has a blank username, the user is
considered to be an anonymous user with no name, not a user with
the name that the client actually specified. This means that a
blank username is used for all further access checking for the
duration of the connection (that is, during Stage 2).
The Password column can be blank. This is not
a wildcard and does not mean that any password matches. It means
that the user must connect without specifying a password.
Non-blank Password values in the
user table represent encrypted passwords.
MySQL does not store passwords in plaintext form for anyone to
see. Rather, the password supplied by a user who is attempting
to connect is encrypted (using the PASSWORD()
function). The encrypted password then is used during the
connection process when checking whether the password is
correct. (This is done without the encrypted password ever
traveling over the connection.) From MySQL's point of view, the
encrypted password is the real password, so
you should never give anyone access to it. In particular,
do not give non-administrative users read access to
tables in the mysql database.
MySQL 5.0 employs the stronger authentication
method (first implemented in MySQL 4.1) that has better password
protection during the connection process than in earlier
versions. It is secure even if TCP/IP packets are sniffed or the
mysql database is captured.
Section 5.7.9, “Password Hashing as of MySQL 4.1”, discusses password
encryption further.
The following table shows how various combinations of
Host and User values in
the user table apply to incoming connections.
HostValue
UserValue
Allowable Connections
'thomas.loc.gov'
'fred'
fred, connecting from
thomas.loc.gov
'thomas.loc.gov'
''
Any user, connecting from thomas.loc.gov
'%'
'fred'
fred, connecting from any host
'%'
''
Any user, connecting from any host
'%.loc.gov'
'fred'
fred, connecting from any host in the
loc.gov domain
'x.y.%'
'fred'
fred, connecting from x.y.net,
x.y.com, x.y.edu,
and so on (this is probably not useful)
'144.155.166.177'
'fred'
fred, connecting from the host with IP address
144.155.166.177
'144.155.166.%'
'fred'
fred, connecting from any host in the
144.155.166 class C subnet
'144.155.166.0/255.255.255.0'
'fred'
Same as previous example
It is possible for the client hostname and username of an
incoming connection to match more than one row in the
user table. The preceding set of examples
demonstrates this: Several of the entries shown match a
connection from thomas.loc.gov by
fred.
When multiple matches are possible, the server must determine
which of them to use. It resolves this issue as follows:
Whenever the server reads the user table
into memory, it sorts the rows.
When a client attempts to connect, the server looks through
the rows in sorted order.
The server uses the first row that matches the client
hostname and username.
To see how this works, suppose that the user
table looks like this:
When the server reads the table into memory, it orders the rows
with the most-specific Host values first.
Literal hostnames and IP numbers are the most specific. The
pattern '%' means “any host” and
is least specific. Rows with the same Host
value are ordered with the most-specific User
values first (a blank User value means
“any user” and is least specific). For the
user table just shown, the result after
sorting looks like this:
When a client attempts to connect, the server looks through the
sorted rows and uses the first match found. For a connection
from localhost by jeffrey,
two of the rows from the table match: the one with
Host and User values of
'localhost' and '', and
the one with values of '%' and
'jeffrey'. The 'localhost'
row appears first in sorted order, so that is the one the server
uses.
Here is another example. Suppose that the
user table looks like this:
A connection by jeffrey from
thomas.loc.gov is matched by the first row,
whereas a connection by jeffrey from
whitehouse.gov is matched by the second.
It is a common misconception to think that, for a given
username, all rows that explicitly name that user are used first
when the server attempts to find a match for the connection.
This is simply not true. The previous example illustrates this,
where a connection from thomas.loc.gov by
jeffrey is first matched not by the row
containing 'jeffrey' as the
User column value, but by the row with no
username. As a result, jeffrey is
authenticated as an anonymous user, even though he specified a
username when connecting.
If you are able to connect to the server, but your privileges
are not what you expect, you probably are being authenticated as
some other account. To find out what account the server used to
authenticate you, use the CURRENT_USER()
function. (See Section 12.10.3, “Information Functions”.) It
returns a value in
user_name@host_name
format that indicates the User and
Host values from the matching
user table row. Suppose that
jeffrey connects and issues the following
query:
The result shown here indicates that the matching
user table row had a blank
User column value. In other words, the server
is treating jeffrey as an anonymous user.
Another thing you can do to diagnose authentication problems is
to print out the user table and sort it by
hand to see where the first match is being made.
After you establish a connection, the server enters Stage 2 of
access control. For each request that you issue via that
connection, the server determines what operation you want to
perform, then checks whether you have sufficient privileges to
do so. This is where the privilege columns in the grant tables
come into play. These privileges can come from any of the
user, db,
host, tables_priv,
columns_priv, or
procs_priv tables. (You may find it helpful
to refer to Section 5.7.2, “How the Privilege System Works”, which lists the
columns present in each of the grant tables.)
The user table grants privileges that are
assigned to you on a global basis and that apply no matter what
the default database is. For example, if the
user table grants you the
DELETE privilege, you can delete rows from
any table in any database on the server host! In other words,
user table privileges are superuser
privileges. It is wise to grant privileges in the
user table only to superusers such as
database administrators. For other users, you should leave all
privileges in the user table set to
'N' and grant privileges at more specific
levels only. You can grant privileges for particular databases,
tables, columns, or routines.
The db and host tables
grant database-specific privileges. Values in the scope columns
of these tables can take the following forms:
The wildcard characters ‘%’
and ‘_’ can be used in the
Host and Db columns of
either table. These have the same meaning as for
pattern-matching operations performed with the
LIKE operator. If you want to use either
character literally when granting privileges, you must
escape it with a backslash. For example, to include the
underscore character (‘_’) as
part of a database name, specify it as
‘\_’ in the
GRANT statement.
A '%'Host value in
the db table means “any
host.” A blank Host value in the
db table means “consult the
host table for further
information” (a process that is described later in
this section).
A '%' or blank Host
value in the host table means “any
host.”
A '%' or blank Db
value in either table means “any database.”
A blank User value in either table
matches the anonymous user.
The server reads the db and
host tables into memory and sorts them at the
same time that it reads the user table. The
server sorts the db table based on the
Host, Db, and
User scope columns, and sorts the
host table based on the
Host and Db scope columns.
As with the user table, sorting puts the
most-specific values first and least-specific values last, and
when the server looks for matching entries, it uses the first
match that it finds.
The tables_privcolumns_priv, and
procs_priv tables grant table-specific,
column-specific, and routine-specific privileges. Values in the
scope columns of these tables can take the following forms:
The wildcard characters ‘%’
and ‘_’ can be used in the
Host column. These have the same meaning
as for pattern-matching operations performed with the
LIKE operator.
A '%' or blank Host
value means “any host.”
The Db, Table_name,
and Column_name columns cannot contain
wildcards or be blank.
The server sorts the tables_priv,
columns_priv, and
procs_priv tables based on the
Host, Db, and
User columns. This is similar to
db table sorting, but simpler because only
the Host column can contain wildcards.
The server uses the sorted tables to verify each request that it
receives. For requests that require administrative privileges
such as SHUTDOWN or
RELOAD, the server checks only the
user table row because that is the only table
that specifies administrative privileges. The server grants
access if the row allows the requested operation and denies
access otherwise. For example, if you want to execute
mysqladmin shutdown but your
user table row doesn't grant the
SHUTDOWN privilege to you, the server denies
access without even checking the db or
host tables. (They contain no
Shutdown_priv column, so there is no need to
do so.)
For database-related requests (INSERT,
UPDATE, and so on), the server first checks
the user's global (superuser) privileges by looking in the
user table row. If the row allows the
requested operation, access is granted. If the global privileges
in the user table are insufficient, the
server determines the user's database-specific privileges by
checking the db and host
tables:
The server looks in the db table for a
match on the Host, Db,
and User columns. The
Host and User columns
are matched to the connecting user's hostname and MySQL
username. The Db column is matched to the
database that the user wants to access. If there is no row
for the Host and User,
access is denied.
If there is a matching db table row and
its Host column is not blank, that row
defines the user's database-specific privileges.
If the matching db table row's
Host column is blank, it signifies that
the host table enumerates which hosts
should be allowed access to the database. In this case, a
further lookup is done in the host table
to find a match on the Host and
Db columns. If no host
table row matches, access is denied. If there is a match,
the user's database-specific privileges are computed as the
intersection (not the union!) of the
privileges in the db and
host table entries; that is, the
privileges that are 'Y' in both entries.
(This way you can grant general privileges in the
db table row and then selectively
restrict them on a host-by-host basis using the
host table entries.)
After determining the database-specific privileges granted by
the db and host table
entries, the server adds them to the global privileges granted
by the user table. If the result allows the
requested operation, access is granted. Otherwise, the server
successively checks the user's table and column privileges in
the tables_priv and
columns_priv tables, adds those to the user's
privileges, and allows or denies access based on the result. For
stored routine operations, the server uses the
procs_priv table rather than
tables_priv and
columns_priv.
Expressed in boolean terms, the preceding description of how a
user's privileges are calculated may be summarized like this:
global privileges
OR (database privileges AND host privileges)
OR table privileges
OR column privileges
OR routine privileges
It may not be apparent why, if the global
user row privileges are initially found to be
insufficient for the requested operation, the server adds those
privileges to the database, table, and column privileges later.
The reason is that a request might require more than one type of
privilege. For example, if you execute an INSERT INTO
... SELECT statement, you need both the
INSERT and the SELECT
privileges. Your privileges might be such that the
user table row grants one privilege and the
db table row grants the other. In this case,
you have the necessary privileges to perform the request, but
the server cannot tell that from either table by itself; the
privileges granted by the entries in both tables must be
combined.
The host table is not affected by the
GRANT or REVOKE
statements, so it is unused in most MySQL installations. If you
modify it directly, you can use it for some specialized
purposes, such as to maintain a list of secure servers. For
example, at TcX, the host table contains a
list of all machines on the local network. These are granted all
privileges.
You can also use the host table to indicate
hosts that are not secure. Suppose that you
have a machine public.your.domain that is
located in a public area that you do not consider secure. You
can allow access to all hosts on your network except that
machine by using host table entries like
this:
+--------------------+----+-
| Host | Db | ...
+--------------------+----+-
| public.your.domain | % | ... (all privileges set to 'N')
| %.your.domain | % | ... (all privileges set to 'Y')
+--------------------+----+-
Naturally, you should always test your changes to the grant
tables (for example, by using SHOW GRANTS) to
make sure that your access privileges are actually set up the
way you think they are.
5.7.7. When Privilege Changes Take Effect
When mysqld starts, it reads all grant table
contents into memory. The in-memory tables become effective for
access control at that point.
When the server reloads the grant tables, privileges for
existing client connections are affected as follows:
Table and column privilege changes take effect with the
client's next request.
Database privilege changes take effect at the next
USE db_name
statement.
Note: Client applications
may cache the database name; thus, this effect may not be
visible to them without actually changing to a different
database or executing a FLUSH PRIVILEGES
statement.
Changes to global privileges and passwords take effect the
next time the client connects.
If you modify the grant tables indirectly using statements such
as GRANT, REVOKE, or
SET PASSWORD, the server notices these
changes and loads the grant tables into memory again
immediately.
If you modify the grant tables directly using statements such as
INSERT, UPDATE, or
DELETE, your changes have no effect on
privilege checking until you either restart the server or tell
it to reload the tables. To reload the grant tables manually,
issue a FLUSH PRIVILEGES statement or execute
a mysqladmin flush-privileges or
mysqladmin reload command.
If you change the grant tables directly but forget to reload
them, your changes have no effect until you
restart the server. This may leave you wondering why your
changes do not seem to make any difference!
5.7.8. Causes of Access denied Errors
If you encounter problems when you try to connect to the MySQL
server, the following items describe some courses of action you
can take to correct the problem.
Make sure that the server is running. If it is not running,
you cannot connect to it. For example, if you attempt to
connect to the server and see a message such as one of those
following, one cause might be that the server is not
running:
shell> mysql
ERROR 2003: Can't connect to MySQL server on 'host_name' (111)
shell> mysql
ERROR 2002: Can't connect to local MySQL server through socket
'/tmp/mysql.sock' (111)
It might also be that the server is running, but you are
trying to connect using a TCP/IP port, named pipe, or Unix
socket file different from the one on which the server is
listening. To correct this when you invoke a client program,
specify a --port option to indicate the
proper port number, or a --socket option to
indicate the proper named pipe or Unix socket file. To find
out where the socket file is, you can use this command:
shell> netstat -ln | grep mysql
The grant tables must be properly set up so that the server
can use them for access control. For some distribution types
(such as binary distributions on Windows, or RPM
distributions on Linux), the installation process
initializes the mysql database containing
the grant tables. For distributions that do not do this, you
must initialize the grant tables manually by running the
mysql_install_db script. For details, see
Section 2.4.15.2, “Unix Post-Installation Procedures”.
One way to determine whether you need to initialize the
grant tables is to look for a mysql
directory under the data directory. (The data directory
normally is named data or
var and is located under your MySQL
installation directory.) Make sure that you have a file
named user.MYD in the
mysql database directory. If you do
not, execute the mysql_install_db script.
After running this script and starting the server, test the
initial privileges by executing this command:
shell> mysql -u root test
The server should let you connect without error.
After a fresh installation, you should connect to the server
and set up your users and their access permissions:
shell> mysql -u root mysql
The server should let you connect because the MySQL
root user has no password initially. That
is also a security risk, so setting the password for the
root accounts is something you should do
while you're setting up your other MySQL accounts. For
instructions on setting the initial passwords, see
Section 2.4.15.3, “Securing the Initial MySQL Accounts”.
MySQL Enterprise
The MySQL Network Monitoring and Advisory Service enforces
security-related best practices. For example, subscribers
are alerted whenever there is any account without a
password. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
If you have updated an existing MySQL installation to a
newer version, did you run the
mysql_upgrade script? If not, do so. The
structure of the grant tables changes occasionally when new
capabilities are added, so after an upgrade you should
always make sure that your tables have the current
structure. For instructions, see
Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”.
If a client program receives the following error message
when it tries to connect, it means that the server expects
passwords in a newer format than the client is capable of
generating:
shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
If you try to connect as root and get the
following error, it means that you do not have a row in the
user table with a User
column value of 'root' and that
mysqld cannot resolve the hostname for
your client:
Access denied for user ''@'unknown' to database mysql
In this case, you must restart the server with the
--skip-grant-tables option and edit your
/etc/hosts file or
\windows\hosts file to add an entry for
your host.
Remember that client programs use connection parameters
specified in option files or environment variables. If a
client program seems to be sending incorrect default
connection parameters when you have not specified them on
the command line, check your environment and any applicable
option files. For example, if you get Access
denied when you run a client without any options,
make sure that you have not specified an old password in any
of your option files!
You can suppress the use of option files by a client program
by invoking it with the --no-defaults
option. For example:
If you get the following error, it means that you are using
an incorrect root password:
shell> mysqladmin -u root -pxxxx ver
Access denied for user 'root'@'localhost' (using password: YES)
If the preceding error occurs even when you have not
specified a password, it means that you have an incorrect
password listed in some option file. Try the
--no-defaults option as described in the
previous item.
If you change a password by using SET
PASSWORD, INSERT, or
UPDATE, you must encrypt the password
using the PASSWORD() function. If you do
not use PASSWORD() for these statements,
the password will not work. For example, the following
statement sets a password, but fails to encrypt it, so the
user is not able to connect afterward:
SET PASSWORD FOR 'abe'@'host_name' = 'eagle';
Instead, set the password like this:
SET PASSWORD FOR 'abe'@'host_name' = PASSWORD('eagle');
The PASSWORD() function is unnecessary
when you specify a password using the
GRANT or (beginning with MySQL 5.0.2)
CREATE USER statements, or the
mysqladmin password command. Each of
those automatically uses PASSWORD() to
encrypt the password. See Section 5.8.5, “Assigning Account Passwords”, and
Section 13.5.1.1, “CREATE USER Syntax”.
localhost is a synonym for your local
hostname, and is also the default host to which clients try
to connect if you specify no host explicitly.
To avoid this problem on such systems, you can use a
--host=127.0.0.1 option to name the server
host explicitly. This will make a TCP/IP connection to the
local mysqld server. You can also use
TCP/IP by specifying a --host option that
uses the actual hostname of the local host. In this case,
the hostname must be specified in a user
table row on the server host, even though you are running
the client program on the same host as the server.
If you get an Access denied error when
trying to connect to the database with mysql -u
user_name, you may have
a problem with the user table. Check this
by executing mysql -u root mysql and
issuing this SQL statement:
SELECT * FROM user;
The result should include a row with the
Host and User columns
matching your computer's hostname and your MySQL username.
The Access denied error message tells you
who you are trying to log in as, the client host from which
you are trying to connect, and whether you were using a
password. Normally, you should have one row in the
user table that exactly matches the
hostname and username that were given in the error message.
For example, if you get an error message that contains
using password: NO, it means that you
tried to log in without a password.
If the following error occurs when you try to connect from a
host other than the one on which the MySQL server is
running, it means that there is no row in the
user table with a Host
value that matches the client host:
Host ... is not allowed to connect to this MySQL server
You can fix this by setting up an account for the
combination of client hostname and username that you are
using when trying to connect.
If you do not know the IP number or hostname of the machine
from which you are connecting, you should put a row with
'%' as the Host column
value in the user table. After trying to
connect from the client machine, use a SELECT
USER() query to see how you really did connect.
(Then change the '%' in the
user table row to the actual hostname
that shows up in the log. Otherwise, your system is left
insecure because it allows connections from any host for the
given username.)
On Linux, another reason that this error might occur is that
you are using a binary MySQL version that is compiled with a
different version of the glibc library
than the one you are using. In this case, you should either
upgrade your operating system or glibc,
or download a source distribution of MySQL version and
compile it yourself. A source RPM is normally trivial to
compile and install, so this is not a big problem.
If you specify a hostname when trying to connect, but get an
error message where the hostname is not shown or is an IP
number, it means that the MySQL server got an error when
trying to resolve the IP number of the client host to a
name:
shell> mysqladmin -u root -pxxxx -h some_hostname ver
Access denied for user 'root'@'' (using password: YES)
This indicates a DNS problem. To fix it, execute
mysqladmin flush-hosts to reset the
internal DNS hostname cache. See Section 7.5.7, “How MySQL Uses DNS”.
Some permanent solutions are:
Determine what is wrong with your DNS server and fix it.
Specify IP numbers rather than hostnames in the MySQL
grant tables.
Put an entry for the client machine name in
/etc/hosts or
\windows\hosts.
Start mysqld with the
--skip-name-resolve option.
Start mysqld with the
--skip-host-cache option.
On Unix, if you are running the server and the client on
the same machine, connect to
localhost. Unix connections to
localhost use a Unix socket file
rather than TCP/IP.
On Windows, if you are running the server and the client
on the same machine and the server supports named pipe
connections, connect to the hostname
. (period). Connections to
. use a named pipe rather than
TCP/IP.
If mysql -u root test works but
mysql -h your_hostname
-u root test results in Access
denied (where
your_hostname is the actual
hostname of the local host), you may not have the correct
name for your host in the user table. A
common problem here is that the Host
value in the user table row specifies an
unqualified hostname, but your system's name resolution
routines return a fully qualified domain name (or vice
versa). For example, if you have an entry with host
'tcx' in the user
table, but your DNS tells MySQL that your hostname is
'tcx.subnet.se', the entry does not work.
Try adding an entry to the user table
that contains the IP number of your host as the
Host column value. (Alternatively, you
could add an entry to the user table with
a Host value that contains a wildcard;
for example, 'tcx.%'. However, use of
hostnames ending with ‘%’ is
insecure and is
not recommended!)
If mysql -u user_name
test works but mysql -u
user_nameother_db_name does not,
you have not granted database access for
other_db_name to the given user.
If mysql -u
user_name works when
executed on the server host, but mysql -h
host_name -u
user_name does not work
when executed on a remote client host, you have not enabled
access to the server for the given username from the remote
host.
If you cannot figure out why you get Access
denied, remove from the user
table all entries that have Host values
containing wildcards (entries that contain
‘%’ or
‘_’). A very common error is
to insert a new entry with
Host='%' and
User='some_user',
thinking that this allows you to specify
localhost to connect from the same
machine. The reason that this does not work is that the
default privileges include an entry with
Host='localhost' and
User=''. Because that
entry has a Host value
'localhost' that is more specific than
'%', it is used in preference to the new
entry when connecting from localhost! The
correct procedure is to insert a second entry with
Host='localhost' and
User='some_user',
or to delete the entry with
Host='localhost' and
User=''. After
deleting the entry, remember to issue a FLUSH
PRIVILEGES statement to reload the grant tables.
If you get the following error, you may have a problem with
the db or host table:
Access to database denied
If the entry selected from the db table
has an empty value in the Host column,
make sure that there are one or more corresponding entries
in the host table specifying which hosts
the db table entry applies to.
If you are able to connect to the MySQL server, but get an
Access denied message whenever you issue
a SELECT ... INTO OUTFILE or
LOAD DATA INFILE statement, your entry in
the user table does not have the
FILE privilege enabled.
If you change the grant tables directly (for example, by
using INSERT, UPDATE,
or DELETE statements) and your changes
seem to be ignored, remember that you must execute a
FLUSH PRIVILEGES statement or a
mysqladmin flush-privileges command to
cause the server to re-read the privilege tables. Otherwise,
your changes have no effect until the next time the server
is restarted. Remember that after you change the
root password with an
UPDATE command, you won't need to specify
the new password until after you flush the privileges,
because the server won't know you've changed the password
yet!
If your privileges seem to have changed in the middle of a
session, it may be that a MySQL administrator has changed
them. Reloading the grant tables affects new client
connections, but it also affects existing connections as
indicated in Section 5.7.7, “When Privilege Changes Take Effect”.
If you have access problems with a Perl, PHP, Python, or
ODBC program, try to connect to the server with
mysql -u user_namedb_name or
mysql -u user_name
-pyour_passdb_name. If you are
able to connect using the mysql client,
the problem lies with your program, not with the access
privileges. (There is no space between -p
and the password; you can also use the
--password=your_pass
syntax to specify the password. If you use the
-p--passwordoption with
no password value, MySQL prompts you for the password.)
For testing, start the mysqld server with
the --skip-grant-tables option. Then you
can change the MySQL grant tables and use the
mysqlaccess script to check whether your
modifications have the desired effect. When you are
satisfied with your changes, execute mysqladmin
flush-privileges to tell the
mysqld server to start using the new
grant tables. (Reloading the grant tables overrides the
--skip-grant-tables option. This enables
you to tell the server to begin using the grant tables again
without stopping and restarting it.)
If everything else fails, start the
mysqld server with a debugging option
(for example, --debug=d,general,query).
This prints host and user information about attempted
connections, as well as information about each command
issued. See
MySQL
Internals: Porting.
If you have any other problems with the MySQL grant tables
and feel you must post the problem to the mailing list,
always provide a dump of the MySQL grant tables. You can
dump the tables with the mysqldump mysql
command. To file a bug report, see the instructions at
Section 1.8, “How to Report Bugs or Problems”. In some cases, you may need
to restart mysqld with
--skip-grant-tables to run
mysqldump.
MySQL user accounts are listed in the user
table of the mysql database. Each MySQL
account is assigned a password, although what is stored in the
Password column of the
user table is not the plaintext version of
the password, but a hash value computed from it. Password hash
values are computed by the PASSWORD()
function.
MySQL uses passwords in two phases of client/server
communication:
When a client attempts to connect to the server, there is an
initial authentication step in which the client must present
a password that has a hash value matching the hash value
stored in the user table for the account
that the client wants to use.
After the client connects, it can (if it has sufficient
privileges) set or change the password hashes for accounts
listed in the user table. The client can
do this by using the PASSWORD() function
to generate a password hash, or by using the
GRANT or SET PASSWORD
statements.
In other words, the server uses hash values
during authentication when a client first attempts to connect.
The server generates hash values if a
connected client invokes the PASSWORD()
function or uses a GRANT or SET
PASSWORD statement to set or change a password.
The password hashing mechanism was updated in MySQL 4.1 to
provide better security and to reduce the risk of passwords
being intercepted. However, this new mechanism is understood
only by MySQL 4.1 (and newer) servers and clients, which can
result in some compatibility problems. A 4.1 or newer client can
connect to a pre-4.1 server, because the client understands both
the old and new password hashing mechanisms. However, a pre-4.1
client that attempts to connect to a 4.1 or newer server may run
into difficulties. For example, a 3.23 mysql
client that attempts to connect to a 5.0 server may
fail with the following error message:
shell> mysql -h localhost -u root
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
The following discussion describes the differences between the
old and new password mechanisms, and what you should do if you
upgrade your server but need to maintain backward compatibility
with pre-4.1 clients. Additional information can be found in
Section B.1.2.3, “Client does not support authentication protocol”. This information is of particular
importance to PHP programmers migrating MySQL databases from
version 4.0 or lower to version 4.1 or higher.
Note: This discussion contrasts
4.1 behavior with pre-4.1 behavior, but the 4.1 behavior
described here actually begins with 4.1.1. MySQL 4.1.0 is an
“odd” release because it has a slightly different
mechanism than that implemented in 4.1.1 and up. Differences
between 4.1.0 and more recent versions are described further in
MySQL 3.23, 4.0, 4.1 Reference Manual.
Prior to MySQL 4.1, password hashes computed by the
PASSWORD() function are 16 bytes long. Such
hashes look like this:
Accordingly, the Password column in the
user table also must be 41 bytes long to
store these values:
If you perform a new installation of MySQL 5.0,
the Password column is made 41 bytes long
automatically.
Upgrading from MySQL 4.1 (4.1.1 or later in the 4.1 series)
to MySQL 5.0 should not give rise to any issues
in this regard because both versions use the same password
hashing mechanism. If you wish to upgrade an older release
of MySQL to version 5.0, you should upgrade to
version 4.1 first, then upgrade the 4.1 installation to
5.0.
A widened Password column can store password
hashes in both the old and new formats. The format of any given
password hash value can be determined two ways:
The obvious difference is the length (16 bytes versus 41
bytes).
A second difference is that password hashes in the new
format always begin with a
‘*’ character, whereas
passwords in the old format never do.
The longer password hash format has better cryptographic
properties, and client authentication based on long hashes is
more secure than that based on the older short hashes.
The differences between short and long password hashes are
relevant both for how the server uses passwords during
authentication and for how it generates password hashes for
connected clients that perform password-changing operations.
The way in which the server uses password hashes during
authentication is affected by the width of the
Password column:
If the column is short, only short-hash authentication is
used.
If the column is long, it can hold either short or long
hashes, and the server can use either format:
Pre-4.1 clients can connect, although because they know
only about the old hashing mechanism, they can
authenticate only using accounts that have short hashes.
4.1 and later clients can authenticate using accounts
that have short or long hashes.
Even for short-hash accounts, the authentication process is
actually a bit more secure for 4.1 and later clients than for
older clients. In terms of security, the gradient from least to
most secure is:
Pre-4.1 client authenticating with short password hash
4.1 or later client authenticating with short password hash
4.1 or later client authenticating with long password hash
The way in which the server generates password hashes for
connected clients is affected by the width of the
Password column and by the
--old-passwords option. A 4.1 or later server
generates long hashes only if certain conditions are met: The
Password column must be wide enough to hold
long values and the --old-passwords option must
not be given. These conditions apply as follows:
The Password column must be wide enough
to hold long hashes (41 bytes). If the column has not been
updated and still has the pre-4.1 width of 16 bytes, the
server notices that long hashes cannot fit into it and
generates only short hashes when a client performs
password-changing operations using
PASSWORD(), GRANT, or
SET PASSWORD. This is the behavior that
occurs if you have upgraded to 4.1 but have not yet run the
mysql_fix_privilege_tables script to
widen the Password column.
If the Password column is wide, it can
store either short or long password hashes. In this case,
PASSWORD(), GRANT, and
SET PASSWORD generate long hashes unless
the server was started with the
--old-passwords option. That option forces
the server to generate short password hashes instead.
The purpose of the --old-passwords option is to
enable you to maintain backward compatibility with pre-4.1
clients under circumstances where the server would otherwise
generate long password hashes. The option doesn't affect
authentication (4.1 and later clients can still use accounts
that have long password hashes), but it does prevent creation of
a long password hash in the user table as the
result of a password-changing operation. Were that to occur, the
account no longer could be used by pre-4.1 clients. Without the
--old-passwords option, the following
undesirable scenario is possible:
An old client connects to an account that has a short
password hash.
The client changes its own password. Without
--old-passwords, this results in the
account having a long password hash.
The next time the old client attempts to connect to the
account, it cannot, because the account has a long password
hash that requires the new hashing mechanism during
authentication. (Once an account has a long password hash in
the user table, only 4.1 and later clients can authenticate
for it, because pre-4.1 clients do not understand long
hashes.)
This scenario illustrates that, if you must support older
pre-4.1 clients, it is dangerous to run a 4.1 or newer server
without using the --old-passwords option. By
running the server with --old-passwords,
password-changing operations do not generate long password
hashes and thus do not cause accounts to become inaccessible to
older clients. (Those clients cannot inadvertently lock
themselves out by changing their password and ending up with a
long password hash.)
The downside of the --old-passwords option is
that any passwords you create or change use short hashes, even
for 4.1 clients. Thus, you lose the additional security provided
by long password hashes. If you want to create an account that
has a long hash (for example, for use by 4.1 clients), you must
do so while running the server without
--old-passwords.
The following scenarios are possible for running a 4.1 or later
server:
Scenario 1: Short
Password column in user table:
Only short hashes can be stored in the
Password column.
The server uses only short hashes during client
authentication.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
The --old-passwords option can be used but
is superfluous because with a short
Password column, the server generates
only short password hashes anyway.
Scenario 2: Long
Password column; server not started with
--old-passwords option:
Short or long hashes can be stored in the
Password column.
4.1 and later clients can authenticate using accounts that
have short or long hashes.
Pre-4.1 clients can authenticate only using accounts that
have short hashes.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use long hashes exclusively. A change to an account's
password results in that account having a long password
hash.
As indicated earlier, a danger in this scenario is that it is
possible for accounts that have a short password hash to become
inaccessible to pre-4.1 clients. A change to such an account's
password made via GRANT,
PASSWORD(), or SET
PASSWORD results in the account being given a long
password hash. From that point on, no pre-4.1 client can
authenticate to that account until the client upgrades to 4.1.
To deal with this problem, you can change a password in a
special way. For example, normally you use SET
PASSWORD as follows to change an account password:
SET PASSWORD FOR 'some_user'@'some_host' = PASSWORD('mypass');
To change the password but create a short hash, use the
OLD_PASSWORD() function instead:
SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('mypass');
OLD_PASSWORD() is useful for situations in
which you explicitly want to generate a short hash.
Scenario 3: Long
Password column; 4.1 or newer server started
with --old-passwords option:
Short or long hashes can be stored in the
Password column.
4.1 and later clients can authenticate for accounts that
have short or long hashes (but note that it is possible to
create long hashes only when the server is started without
--old-passwords).
Pre-4.1 clients can authenticate only for accounts that have
short hashes.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
In this scenario, you cannot create accounts that have long
password hashes, because the --old-passwords
option prevents generation of long hashes. Also, if you create
an account with a long hash before using the
--old-passwords option, changing the account's
password while --old-passwords is in effect
results in the account being given a short password, causing it
to lose the security benefits of a longer hash.
The disadvantages for these scenarios may be summarized as
follows:
In scenario 1, you cannot take advantage of longer hashes that
provide more secure authentication.
In scenario 2, accounts with short hashes become inaccessible to
pre-4.1 clients if you change their passwords without explicitly
using OLD_PASSWORD().
In scenario 3, --old-passwords prevents
accounts with short hashes from becoming inaccessible, but
password-changing operations cause accounts with long hashes to
revert to short hashes, and you cannot change them back to long
hashes while --old-passwords is in effect.
5.7.9.1. Implications of Password Hashing Changes for Application Programs
An upgrade to MySQL version 4.1 or later can cause
compatibility issues for applications that use
PASSWORD() to generate passwords for their
own purposes. Applications really should not do this, because
PASSWORD() should be used only to manage
passwords for MySQL accounts. But some applications use
PASSWORD() for their own purposes anyway.
If you upgrade to 4.1 or later from a pre-4.1 version of MySQL
and run the server under conditions where it generates long
password hashes, an application using
PASSWORD() for its own passwords breaks.
The recommended course of action in such cases is to modify
the application to use another function, such as
SHA1() or MD5(), to
produce hashed values. If that is not possible, you can use
the OLD_PASSWORD() function, which is
provided for generate short hashes in the old format. However,
you should note that OLD_PASSWORD() may one
day no longer be supported.
If the server is running under circumstances where it
generates short hashes, OLD_PASSWORD() is
available but is equivalent to PASSWORD().
PHP programmers migrating their MySQL databases from version
4.0 or lower to version 4.1 or higher should see
Section 22.3, “MySQL PHP API”.
This section describes how to set up accounts for clients of your
MySQL server. It discusses the following topics:
The meaning of account names and passwords as used in MySQL
and how that compares to names and passwords used by your
operating system
How to set up new accounts and remove existing accounts
How to change passwords
Guidelines for using passwords securely
How to use secure connections with SSL
5.8.1. MySQL Usernames and Passwords
A MySQL account is defined in terms of a username and the client
host or hosts from which the user can connect to the server. The
account also has a password. There are several distinctions
between the way usernames and passwords are used by MySQL and
the way they are used by your operating system:
Usernames, as used by MySQL for authentication purposes,
have nothing to do with usernames (login names) as used by
Windows or Unix. On Unix, most MySQL clients by default try
to log in using the current Unix username as the MySQL
username, but that is for convenience only. The default can
be overridden easily, because client programs allow any
username to be specified with a -u or
--user option. Because this means that
anyone can attempt to connect to the server using any
username, you cannot make a database secure in any way
unless all MySQL accounts have passwords. Anyone who
specifies a username for an account that has no password is
able to connect successfully to the server.
MySQL usernames can be up to 16 characters long. This limit
is hard-coded in the MySQL servers and clients, and trying
to circumvent it by modifying the definitions of the tables
in the mysql database does not
work.
Note: You should
never alter any of the tables in the
mysql database in any manner whatsoever
except by means of the procedure prescribed by MySQL AB that
is described in Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”. Attempting
to redefine MySQL's system tables in any other fashion
results in undefined (and unsupported!) behavior.
Operating system usernames are completely unrelated to MySQL
usernames and may even be of a different maximum length. For
example, Unix usernames typically are limited to eight
characters.
MySQL passwords have nothing to do with passwords for
logging in to your operating system. There is no necessary
connection between the password you use to log in to a
Windows or Unix machine and the password you use to access
the MySQL server on that machine.
MySQL encrypts passwords using its own algorithm. This
encryption is different from that used during the Unix login
process. MySQL password encryption is the same as that
implemented by the PASSWORD() SQL
function. Unix password encryption is the same as that
implemented by the ENCRYPT() SQL
function. See the descriptions of the
PASSWORD() and
ENCRYPT() functions in
Section 12.10.2, “Encryption and Compression Functions”. From version 4.1 on,
MySQL employs a stronger authentication method that has
better password protection during the connection process
than in earlier versions. It is secure even if TCP/IP
packets are sniffed or the mysql database
is captured. (In earlier versions, even though passwords are
stored in encrypted form in the user
table, knowledge of the encrypted password value could be
used to connect to the MySQL server.)
When you install MySQL, the grant tables are populated with an
initial set of accounts. These accounts have names and access
privileges that are described in
Section 2.4.15.3, “Securing the Initial MySQL Accounts”, which also discusses how
to assign passwords to them. Thereafter, you normally set up,
modify, and remove MySQL accounts using statements such as
GRANT and REVOKE. See
Section 13.5.1, “Account Management Statements”.
When you connect to a MySQL server with a command-line client,
you should specify the username and password for the account
that you want to use:
shell> mysql --user=monty --password=guessdb_name
If you prefer short options, the command looks like this:
The preceding commands include the password value on the command
line, which can be a security risk. See
Section 5.8.6, “Keeping Your Password Secure”. To avoid this problem,
specify the --password or -p
option without any following password value:
shell> mysql --user=monty --password db_name
shell> mysql -u monty -p db_name
When the password option has no password value, the client
program prints a prompt and waits for you to enter the password.
(In these examples, db_name is
not interpreted as a password because it is
separated from the preceding password option by a space.)
On some systems, the library routine that MySQL uses to prompt
for a password automatically limits the password to eight
characters. That is a problem with the system library, not with
MySQL. Internally, MySQL doesn't have any limit for the length
of the password. To work around the problem, change your MySQL
password to a value that is eight or fewer characters long, or
put your password in an option file.
5.8.2. Adding New User Accounts to MySQL
You can create MySQL accounts in two ways:
By using statements intended for creating accounts, such as
CREATE USER or GRANT
By manipulating the MySQL grant tables directly with
statements such as INSERT,
UPDATE, or DELETE
Another option for creating accounts is to use one of several
available third-party programs that offer capabilities for MySQL
account administration. phpMyAdmin is one
such program.
The following examples show how to use the
mysql client program to set up new users.
These examples assume that privileges are set up according to
the defaults described in Section 2.4.15.3, “Securing the Initial MySQL Accounts”.
This means that to make changes, you must connect to the MySQL
server as the MySQL root user, and the
root account must have the
INSERT privilege for the
mysql database and the
RELOAD administrative privilege.
As noted in the examples where appropriate, some of the
statements will fail if you have the server's SQL mode has been
set to enable certain restrictions. In particular, strict mode
(STRICT_TRANS_TABLES,
STRICT_ALL_TABLES) and
NO_AUTO_CREATE_USER will prevent the server
from accepting some of the statements. Workarounds are indicated
for these cases. For more information about SQL modes and their
effect on grant table manipulation, see
Section 5.2.6, “SQL Modes”, and Section 13.5.1.3, “GRANT Syntax”.
First, use the mysql program to connect to
the server as the MySQL root user:
shell> mysql --user=root mysql
If you have assigned a password to the root
account, you'll also need to supply a
--password or -p option for
this mysql command and also for those later
in this section.
After connecting to the server as root, you
can add new accounts. The following statements use
GRANT to set up four new accounts:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';
mysql> GRANT USAGE ON *.* TO 'dummy'@'localhost';
The accounts created by these GRANT
statements have the following properties:
Two of the accounts have a username of
monty and a password of
some_pass. Both accounts are superuser
accounts with full privileges to do anything. One account
('monty'@'localhost') can be used only
when connecting from the local host. The other
('monty'@'%') can be used to connect from
any other host. Note that it is necessary to have both
accounts for monty to be able to connect
from anywhere as monty. Without the
localhost account, the anonymous-user
account for localhost that is created by
mysql_install_db would take precedence
when monty connects from the local host.
As a result, monty would be treated as an
anonymous user. The reason for this is that the
anonymous-user account has a more specific
Host column value than the
'monty'@'%' account and thus comes
earlier in the user table sort order.
(user table sorting is discussed in
Section 5.7.5, “Access Control, Stage 1: Connection Verification”.)
One account has a username of admin and
no password. This account can be used only by connecting
from the local host. It is granted the
RELOAD and PROCESS
administrative privileges. These privileges allow the
admin user to execute the
mysqladmin reload, mysqladmin
refresh, and mysqladmin
flush-xxx commands, as
well as mysqladmin processlist . No
privileges are granted for accessing any databases. You
could add such privileges later by issuing additional
GRANT statements.
One account has a username of dummy and
no password. This account can be used only by connecting
from the local host. No privileges are granted. The
USAGE privilege in the
GRANT statement enables you to create an
account without giving it any privileges. It has the effect
of setting all the global privileges to
'N'. It is assumed that you will grant
specific privileges to the account later.
The statements that create accounts with no password will
fail if the NO_AUTO_CREATE_USER SQL mode
is enabled. To deal with this, use an IDENTIFIED
BY clause that specifies a non-empty password.
As an alternative to GRANT, you can create
the same accounts directly by issuing INSERT
statements and then telling the server to reload the grant
tables using FLUSH PRIVILEGES:
shell> mysql --user=root mysql
mysql> INSERT INTO user
-> VALUES('localhost','monty',PASSWORD('some_pass'),
-> 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO user
-> VALUES('%','monty',PASSWORD('some_pass'),
-> 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
-> 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
-> '','','','',0,0,0,0);
mysql> INSERT INTO user SET Host='localhost',User='admin',
-> Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('localhost','dummy','');
mysql> FLUSH PRIVILEGES;
The reason for using FLUSH PRIVILEGES when
you create accounts with INSERT is to tell
the server to re-read the grant tables. Otherwise, the changes
go unnoticed until you restart the server. With
GRANT, FLUSH PRIVILEGES is
unnecessary.
The reason for using the PASSWORD() function
with INSERT is to encrypt the password. The
GRANT statement encrypts the password for
you, so PASSWORD() is unnecessary.
The 'Y' values enable privileges for the
accounts. Depending on your MySQL version, you may have to use a
different number of 'Y' values in the first
two INSERT statements. For the
admin account, you may also employ the more
readable extended INSERT syntax using
SET.
In the INSERT statement for the
dummy account, only the
Host, User, and
Password columns in the
user table row are assigned values. None of
the privilege columns are set explicitly, so MySQL assigns them
all the default value of 'N'. This is
equivalent to what GRANT USAGE does.
If strict SQL mode is enabled, all columns that have no default
value must have a value specified. In this case,
INSERT statements must explicitly specify
values for the ssl_cipher,
x509_issuer, and
x509_subject columns.
Note that to set up a superuser account, it is necessary only to
create a user table entry with the privilege
columns set to 'Y'. user
table privileges are global, so no entries in any of the other
grant tables are needed.
The next examples create three accounts and give them access to
specific databases. Each of them has a username of
custom and password of
obscure.
To create the accounts with GRANT, use the
following statements:
shell> mysql --user=root mysql
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
-> ON bankaccount.*
-> TO 'custom'@'localhost'
-> IDENTIFIED BY 'obscure';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
-> ON expenses.*
-> TO 'custom'@'whitehouse.gov'
-> IDENTIFIED BY 'obscure';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
-> ON customer.*
-> TO 'custom'@'server.domain'
-> IDENTIFIED BY 'obscure';
The three accounts can be used as follows:
The first account can access the
bankaccount database, but only from the
local host.
The second account can access the
expenses database, but only from the host
whitehouse.gov.
The third account can access the customer
database, but only from the host
server.domain.
To set up the custom accounts without
GRANT, use INSERT
statements as follows to modify the grant tables directly:
shell> mysql --user=root mysql
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('localhost','custom',PASSWORD('obscure'));
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('whitehouse.gov','custom',PASSWORD('obscure'));
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('server.domain','custom',PASSWORD('obscure'));
mysql> INSERT INTO db
-> (Host,Db,User,Select_priv,Insert_priv,
-> Update_priv,Delete_priv,Create_priv,Drop_priv)
-> VALUES('localhost','bankaccount','custom',
-> 'Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO db
-> (Host,Db,User,Select_priv,Insert_priv,
-> Update_priv,Delete_priv,Create_priv,Drop_priv)
-> VALUES('whitehouse.gov','expenses','custom',
-> 'Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO db
-> (Host,Db,User,Select_priv,Insert_priv,
-> Update_priv,Delete_priv,Create_priv,Drop_priv)
-> VALUES('server.domain','customer','custom',
-> 'Y','Y','Y','Y','Y','Y');
mysql> FLUSH PRIVILEGES;
The first three INSERT statements add
user table entries that allow the user
custom to connect from the various hosts with
the given password, but grant no global privileges (all
privileges are set to the default value of
'N'). The next three
INSERT statements add db
table entries that grant privileges to custom
for the bankaccount,
expenses, and customer
databases, but only when accessed from the proper hosts. As
usual when you modify the grant tables directly, you must tell
the server to reload them with FLUSH
PRIVILEGES so that the privilege changes take effect.
If you want to give a specific user access from all machines in
a given domain (for example, mydomain.com),
you can issue a GRANT statement that uses the
‘%’ wildcard character in the
host part of the account name:
mysql> GRANT ...
-> ON *.*
-> TO 'myname'@'%.mydomain.com'
-> IDENTIFIED BY 'mypass';
To do the same thing by modifying the grant tables directly, do
this:
mysql> INSERT INTO user (Host,User,Password,...)
-> VALUES('%.mydomain.com','myname',PASSWORD('mypass'),...);
mysql> FLUSH PRIVILEGES;
One means of limiting use of MySQL server resources is to set
the max_user_connections system variable to a
non-zero value. However, this method is strictly global, and
does not allow for management of individual accounts. In
addition, it limits only the number of simultaneous connections
made using a single account, and not what a client can do once
connected. Both types of control are of interest to many MySQL
administrators, particularly those working for Internet Service
Providers.
In MySQL 5.0, you can limit the following server
resources for individual accounts:
The number of queries that an account can issue per hour
The number of updates that an account can issue per hour
The number of times an account can connect to the server per
hour
Any statement that a client can issue counts against the query
limit. Only statements that modify databases or tables count
against the update limit.
From MySQL 5.0.3 on, it is also possible to limit the number of
simultaneous connections to the server on a per-account basis.
An account in this context is a single row in the
user table. Each account is uniquely
identified by its User and
Host column values.
As a prerequisite for using this feature, the
user table in the mysql
database must contain the resource-related columns. Resource
limits are stored in the max_questions,
max_updates,
max_connections, and
max_user_connections columns. If your
user table doesn't have these columns, it
must be upgraded; see Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”.
To set resource limits with a GRANT
statement, use a WITH clause that names each
resource to be limited and a per-hour count indicating the limit
value. For example, to create a new account that can access the
customer database, but only in a limited
fashion, issue this statement:
mysql> GRANT ALL ON customer.* TO 'francis'@'localhost'
-> IDENTIFIED BY 'frank'
-> WITH MAX_QUERIES_PER_HOUR 20
-> MAX_UPDATES_PER_HOUR 10
-> MAX_CONNECTIONS_PER_HOUR 5
-> MAX_USER_CONNECTIONS 2;
The limit types need not all be named in the
WITH clause, but those named can be present
in any order. The value for each per-hour limit should be an
integer representing a count per hour. If the
GRANT statement has no
WITH clause, the limits are each set to the
default value of zero (that is, no limit). For
MAX_USER_CONNECTIONS, the limit is an integer
indicating the maximum number of simultaneous connections the
account can make at any one time. If the limit is set to the
default value of zero, the
max_user_connections system variable
determines the number of simultaneous connections for the
account.
To set or change limits for an existing account, use a
GRANT USAGE statement at the global level
(ON *.*). The following statement changes the
query limit for francis to 100:
mysql> GRANT USAGE ON *.* TO 'francis'@'localhost'
-> WITH MAX_QUERIES_PER_HOUR 100;
This statement leaves the account's existing privileges
unchanged and modifies only the limit values specified.
To remove an existing limit, set its value to zero. For example,
to remove the limit on how many times per hour
francis can connect, use this statement:
mysql> GRANT USAGE ON *.* TO 'francis'@'localhost'
-> WITH MAX_CONNECTIONS_PER_HOUR 0;
Resource-use counting takes place when any account has a
non-zero limit placed on its use of any of the resources.
As the server runs, it counts the number of times each account
uses resources. If an account reaches its limit on number of
connections within the last hour, further connections for the
account are rejected until that hour is up. Similarly, if the
account reaches its limit on the number of queries or updates,
further queries or updates are rejected until the hour is up. In
all such cases, an appropriate error message is issued.
Resource counting is done per account, not per client. For
example, if your account has a query limit of 50, you cannot
increase your limit to 100 by making two simultaneous client
connections to the server. Queries issued on both connections
are counted together.
Queries for which results are served from the query cache do not
count against the MAX_QUERIES_PER_HOUR limit.
The current per-hour resource-use counts can be reset globally
for all accounts, or individually for a given account:
To reset the current counts to zero for all accounts, issue
a FLUSH USER_RESOURCES statement. The
counts also can be reset by reloading the grant tables (for
example, with a FLUSH PRIVILEGES
statement or a mysqladmin reload
command).
The counts for an individual account can be set to zero by
re-granting it any of its limits. To do this, use
GRANT USAGE as described earlier and
specify a limit value equal to the value that the account
currently has.
Counter resets do not affect the
MAX_USER_CONNECTIONS limit.
All counts begin at zero when the server starts; counts are not
carried over through a restart.
5.8.5. Assigning Account Passwords
Passwords may be assigned from the command line by using the
mysqladmin command:
The account for which this command resets the password is the
one with a user table row that matches
user_name in the
User column and the client host
from which you connect in the
Host column.
Another way to assign a password to an account is to issue a
SET PASSWORD statement:
mysql> SET PASSWORD FOR 'jeffrey'@'%' = PASSWORD('biscuit');
Only users such as root that have update
access to the mysql database can change the
password for other users. If you are not connected as an
anonymous user, you can change your own password by omitting the
FOR clause:
mysql> SET PASSWORD = PASSWORD('biscuit');
You can also use a GRANT USAGE statement at
the global level (ON *.*) to assign a
password to an account without affecting the account's current
privileges:
mysql> GRANT USAGE ON *.* TO 'jeffrey'@'%' IDENTIFIED BY 'biscuit';
Although it is generally preferable to assign passwords using
one of the preceding methods, you can also do so by modifying
the user table directly:
To establish a password when creating a new account, provide
a value for the Password column:
shell> mysql -u root mysql
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('%','jeffrey',PASSWORD('biscuit'));
mysql> FLUSH PRIVILEGES;
To change the password for an existing account, use
UPDATE to set the
Password column value:
shell> mysql -u root mysql
mysql> UPDATE user SET Password = PASSWORD('bagel')
-> WHERE Host = '%' AND User = 'francis';
mysql> FLUSH PRIVILEGES;
When you assign an account a non-empty password using
SET PASSWORD, INSERT, or
UPDATE, you must use the
PASSWORD() function to encrypt it.
PASSWORD() is necessary because the
user table stores passwords in encrypted
form, not as plaintext. If you forget that fact, you are likely
to set passwords like this:
shell> mysql -u root mysql
mysql> INSERT INTO user (Host,User,Password)
-> VALUES('%','jeffrey','biscuit');
mysql> FLUSH PRIVILEGES;
The result is that the literal value
'biscuit' is stored as the password in the
user table, not the encrypted value. When
jeffrey attempts to connect to the server
using this password, the value is encrypted and compared to the
value stored in the user table. However, the
stored value is the literal string 'biscuit',
so the comparison fails and the server rejects the connection:
shell> mysql -u jeffrey -pbiscuit test
Access denied
If you assign passwords using the GRANT ... IDENTIFIED
BY statement or the mysqladmin
password command, they both take care of encrypting
the password for you. In these cases, using
PASSWORD() function is unnecessary.
On an administrative level, you should never grant access to the
user grant table to any non-administrative
accounts.
When you run a client program to connect to the MySQL server, it
is inadvisable to specify your password in a way that exposes it
to discovery by other users. The methods you can use to specify
your password when you run client programs are listed here,
along with an assessment of the risks of each method:
Use a
-pyour_pass or
--password=your_pass
option on the command line. For example:
shell> mysql -u francis -pfrank db_name
This is convenient but insecure,
because your password becomes visible to system status
programs such as ps that may be invoked
by other users to display command lines. MySQL clients
typically overwrite the command-line password argument with
zeros during their initialization sequence. However, there
is still a brief interval during which the value is visible.
On some systems this strategy is ineffective, anyway, and
the password remains visible to ps.
(SystemV Unix systems and perhaps others are subject to this
problem.)
Use the -p or --password
option with no password value specified. In this case, the
client program solicits the password from the terminal:
shell> mysql -u francis -p db_name
Enter password: ********
The ‘*’ characters indicate
where you enter your password. The password is not displayed
as you enter it.
It is more secure to enter your password this way than to
specify it on the command line because it is not visible to
other users. However, this method of entering a password is
suitable only for programs that you run interactively. If
you want to invoke a client from a script that runs
non-interactively, there is no opportunity to enter the
password from the terminal. On some systems, you may even
find that the first line of your script is read and
interpreted (incorrectly) as your password.
Store your password in an option file. For example, on Unix
you can list your password in the
[client] section of the
.my.cnf file in your home directory:
[client]
password=your_pass
If you store your password in .my.cnf,
the file should not be accessible to anyone but yourself. To
ensure this, set the file access mode to
400 or 600. For
example:
Store your password in the MYSQL_PWD
environment variable. This method of specifying your MySQL
password must be considered extremely
insecure and should not be used. Some versions of
ps include an option to display the
environment of running processes. If you set
MYSQL_PWD, your password is exposed to
any other user who runs ps. Even on
systems without such a version of ps, it
is unwise to assume that there are no other methods by which
users can examine process environments. See
Section 2.4.19, “Environment Variables”.
All in all, the safest methods are to have the client program
prompt for the password or to specify the password in a properly
protected option file.
MySQL supports secure (encrypted) connections between MySQL
clients and the server using the Secure Sockets Layer (SSL)
protocol. This section discusses how to use SSL connections. It
also describes a way to set up SSH on Windows. For information
on how to require users to use SSL connections, see the
discussion of the REQUIRE clause of the
GRANT statement in Section 13.5.1.3, “GRANT Syntax”.
The standard configuration of MySQL is intended to be as fast as
possible, so encrypted connections are not used by default.
Doing so would make the client/server protocol much slower.
Encrypting data is a CPU-intensive operation that requires the
computer to do additional work and can delay other MySQL tasks.
For applications that require the security provided by encrypted
connections, the extra computation is warranted.
MySQL allows encryption to be enabled on a per-connection basis.
You can choose a normal unencrypted connection or a secure
encrypted SSL connection according the requirements of
individual applications.
Secure connections are based on the OpenSSL API and are
available through the MySQL C API. Replication uses the C API,
so secure connections can be used between master and slave
servers.
5.8.7.1. Basic SSL Concepts
To understand how MySQL uses SSL, it is necessary to explain
some basic SSL and X509 concepts. People who are familiar with
these can skip this part of the discussion.
By default, MySQL uses unencrypted connections between the
client and the server. This means that someone with access to
the network could watch all your traffic and look at the data
being sent or received. They could even change the data while
it is in transit between client and server. To improve
security a little, you can compress client/server traffic by
using the --compress option when invoking
client programs. However, this does not foil a determined
attacker.
When you need to move information over a network in a secure
fashion, an unencrypted connection is unacceptable. Encryption
is the way to make any kind of data unreadable. In fact,
today's practice requires many additional security elements
from encryption algorithms. They should resist many kind of
known attacks such as changing the order of encrypted messages
or replaying data twice.
SSL is a protocol that uses different encryption algorithms to
ensure that data received over a public network can be
trusted. It has mechanisms to detect any data change, loss, or
replay. SSL also incorporates algorithms that provide identity
verification using the X509 standard.
X509 makes it possible to identify someone on the Internet. It
is most commonly used in e-commerce applications. In basic
terms, there should be some company called a
“Certificate Authority” (or CA) that assigns
electronic certificates to anyone who needs them. Certificates
rely on asymmetric encryption algorithms that have two
encryption keys (a public key and a secret key). A certificate
owner can show the certificate to another party as proof of
identity. A certificate consists of its owner's public key.
Any data encrypted with this public key can be decrypted only
using the corresponding secret key, which is held by the owner
of the certificate.
If you need more information about SSL, X509, or encryption,
use your favorite Internet search engine to search for the
keywords in which you are interested.
5.8.7.2. Using SSL Connections
To use SSL connections between the MySQL server and client
programs, your system must support either OpenSSL or yaSSL and
your version of MySQL must be built with SSL support.
To make it easier to use secure connections, MySQL is bundled
with yaSSL as of MySQL 5.0.10. (MySQL and yaSSL employ the
same licensing model, whereas OpenSSL uses an Apache-style
license.) yaSSL support initially was available only for a few
platforms, but now it is available on all platforms supported
by MySQL AB.
To get secure connections to work with MySQL and SSL, you must
do the following:
If you are not using a binary (precompiled) version of
MySQL that has been built with SSL support, and you are
going to use OpenSSL rather than the bundled yaSSL
library, install OpenSSL if it has not already been
installed. We have tested MySQL with OpenSSL 0.9.6. To
obtain OpenSSL, visit
http://www.openssl.org.
If you are not using a binary (precompiled) version of
MySQL that has been built with SSL support, configure a
MySQL source distribution to use SSL. When you configure
MySQL, invoke the configure script with
the appropriate option to select the SSL library that you
want to use.
For yaSSL:
shell> ./configure --with-yassl
For OpenSSL:
shell> ./configure --with-openssl
Before MySQL 5.0, it was also neccessary to use
--with-vio, but that option is no longer
required.
Note that yaSSL support on Unix platforms requires that
either /dev/urandom or
/dev/random be available to retrieve
true random numbers. For additional information
(especially regarding yaSSL on Solaris versions prior to
2.8 and HP-UX), see Bug#13164.
Make sure that you have upgraded your grant tables to
include the SSL-related columns in the
mysql.user table. This is necessary if
your grant tables date from a version of MySQL older than
4.0. The upgrade procedure is described in
Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”.
To check whether a server binary is compiled with SSL
support, invoke it with the --ssl option.
An error will occur if the server does not support SSL:
To check whether a running mysqld
server supports SSL, examine the value of the
have_openssl system variable:
mysql> SHOW VARIABLES LIKE 'have_openssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
+---------------+-------+
If the value is YES, the server
supports SSL connections. If the value is
DISABLED, the server supports SSL
connections but was not started with the appropriate
--ssl-xxx
options (described later in this section). If the value is
YES, the server supports SSL
connections.
To start the MySQL server so that it allows clients to connect
via SSL, use the options that identify the key and certificate
files the server needs when establishing a secure connection:
--ssl-ca identifies the Certificate
Authority (CA) certificate.
--ssl-cert identifies the server public
key. This can be sent to the client and authenticated
against the CA certificate that it has.
--ssl-key identifies the server private
key.
To establish a secure connection to a MySQL server with SSL
support, the options that a client must specify depend on the
SSL requirements of the user account that the client uses.
(See the discussion of the REQUIRE clause
in Section 13.5.1.3, “GRANT Syntax”.)
If the account has no special SSL requirements or was created
using a GRANT statement that includes the
REQUIRE SSL option, a client can connect
securely by using just the --ssl-ca option:
shell> mysql --ssl-ca=cacert.pem
To require that a client certificate also be specified, create
the account using the REQUIRE X509 option.
Then the client must also specify the proper client key and
certificate files or the server will reject the connection:
shell> mysql --ssl-ca=cacert.pem \--ssl-cert=client-cert.pem \--ssl-key=client-key.pem
In other words, the options are similar to those used for the
server. Note that the Certificate Authority certificate has to
be the same.
A client can determine whether the current connection with the
server uses SSL by checking the value of the
Ssl_cipher status variable. The value of
Ssl_cipher is non-empty if SSL is used, and
empty otherwise. For example:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
For the mysql client, you can use the
STATUS or \s command and
check the SSL line:
mysql> \s
...
SSL: Not in use
...
Or:
mysql> \s
...
SSL: Cipher in use is DHE-RSA-AES256-SHA
...
To establish a secure connection from within an application
program, use the mysql_ssl_set() C API
function to set the appropriate certificate options before
calling mysql_real_connect(). See
Section 22.2.3.67, “mysql_ssl_set()”. After the connection is
established, you can use
mysql_get_ssl_cipher() to determine whether
SSL is in use. A non-NULL return value
indicates a secure connection and names the SSL cipher used
for encryption. A NULL return value
indicates that SSL is not being used. See
Section 22.2.3.33, “mysql_get_ssl_cipher()”.
5.8.7.3. SSL Command Options
The following list describes options that are used for
specifying the use of SSL, certificate files, and key files.
They can be given on the command line or in an option file.
These options are not available unless MySQL has been built
with SSL support. See Section 5.8.7.2, “Using SSL Connections”.
(There are also --master-ssl* options that
can be used for setting up a secure connection from a slave
replication server to a master server; see
Section 6.8, “Replication Startup Options”.)
--ssl
For the server, this option specifies that the server
allows SSL connections. For a client program, it allows
the client to connect to the server using SSL. This option
is not sufficient in itself to cause an SSL connection to
be used. You must also specify the
--ssl-ca option, and possibly the
--ssl-cert and --ssl-key
options.
This option is more often used in its opposite form to
override any other SSL options and indicate that SSL
should not be used. To do this,
specify the option as --skip-ssl or
--ssl=0.
Note that use of --ssl does not
require an SSL connection. For
example, if the server or client is compiled without SSL
support, a normal unencrypted connection is used.
The secure way to require use of an SSL connection is to
create an account on the server that includes a
REQUIRE SSL clause in the
GRANT statement. Then use that account
to connect to the server, where both the server and the
client have SSL support enabled.
The REQUIRE clause allows other
SSL-related restrictions as well. The description of
REQUIRE in Section 13.5.1.3, “GRANT Syntax”,
provides additional detail about which SSL command options
may or must be specified by clients that connect using
accounts that are created using the various
REQUIRE options.
--ssl-ca=file_name
The path to a file that contains a list of trusted SSL
CAs.
--ssl-capath=directory_name
The path to a directory that contains trusted SSL CA
certificates in PEM format.
--ssl-cert=file_name
The name of the SSL certificate file to use for
establishing a secure connection.
--ssl-cipher=cipher_list
A list of allowable ciphers to use for SSL encryption.
cipher_list has the same format
as the openssl ciphers command.
Example: --ssl-cipher=ALL:-AES:-EXP
--ssl-key=file_name
The name of the SSL key file to use for establishing a
secure connection.
--ssl-verify-server-cert
This option is available for client programs. It causes
the server's Common Name value in its certificate to be
verified against the hostname used when connecting to the
server, and the connection is rejected if there is a
mismatch. This feature can be used to prevent
man-in-the-middle attacks. Verification is disabled by
default. This option was added in MySQL 5.0.23.
As of MySQL 5.0.40, if you use SSL when establishing a client
connection, you can tell the client not to authenticate the
server certificate by specifying neither
--ssl-ca nor --ssl-capath.
The server still verifies the client according to any
applicable requirements established via
GRANT statements for the client, and it
still uses any
--ssl-ca/--ssl-capath values
that were passed to server at startup time.
5.8.7.4. Setting Up SSL Certificates for MySQL
This section demonstrates how to set up SSL certificate and
key files for use by MySQL servers and clients. The first
example shows a simplified procedure such as you might use
from the command line. The second shows a script that contains
more detail. Both examples use the openssl
command that is part of OpenSSL.
The following example shows a set of commands to create MySQL
server and client certificate and key files. You will need to
respond to several prompts by the openssl
commands. For testing, you can press Enter to all prompts. For
production use, you should provide non-empty responses.
Here is an example script that shows how to set up SSL
certificates for MySQL:
DIR=`pwd`/openssl
PRIV=$DIR/private
mkdir $DIR $PRIV $DIR/newcerts
cp /usr/share/ssl/openssl.cnf $DIR
replace ./demoCA $DIR -- $DIR/openssl.cnf
# Create necessary files: $database, $serial and $new_certs_dir
# directory (optional)
touch $DIR/index.txt
echo "01" > $DIR/serial
#
# Generation of Certificate Authority(CA)
#
openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \
-config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ................++++++
# .........++++++
# writing new private key to '/home/monty/openssl/private/cakey.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL admin
# Email Address []:
#
# Create server request and key
#
openssl req -new -keyout $DIR/server-key.pem -out \
$DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ..++++++
# ..........++++++
# writing new private key to '/home/monty/openssl/server-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL server
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:
#
# Remove the passphrase from the key (optional)
#
openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem
#
# Sign server cert
#
openssl ca -policy policy_anything -out $DIR/server-cert.pem \
-config $DIR/openssl.cnf -infiles $DIR/server-req.pem
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName :PRINTABLE:'FI'
# organizationName :PRINTABLE:'MySQL AB'
# commonName :PRINTABLE:'MySQL admin'
# Certificate is to be certified until Sep 13 14:22:46 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated
#
# Create client request and key
#
openssl req -new -keyout $DIR/client-key.pem -out \
$DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# .....................................++++++
# .............................................++++++
# writing new private key to '/home/monty/openssl/client-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL user
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:
#
# Remove a passphrase from the key (optional)
#
openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem
#
# Sign client cert
#
openssl ca -policy policy_anything -out $DIR/client-cert.pem \
-config $DIR/openssl.cnf -infiles $DIR/client-req.pem
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName :PRINTABLE:'FI'
# organizationName :PRINTABLE:'MySQL AB'
# commonName :PRINTABLE:'MySQL user'
# Certificate is to be certified until Sep 13 16:45:17 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated
#
# Create a my.cnf file that you can use to test the certificates
#
cnf=""
cnf="$cnf [client]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/client-cert.pem"
cnf="$cnf ssl-key=$DIR/client-key.pem"
cnf="$cnf [mysqld]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/server-cert.pem"
cnf="$cnf ssl-key=$DIR/server-key.pem"
echo $cnf | replace " " '
' > $DIR/my.cnf
To test SSL connections, start the server as follows, where
$DIR is the pathname to the directory where
the sample my.cnf option file is located:
shell> mysqld --defaults-file=$DIR/my.cnf &
Then invoke a client program using the same option file:
shell> mysql --defaults-file=$DIR/my.cnf
If you have a MySQL source distribution, you can also test
your setup by modifying the preceding
my.cnf file to refer to the demonstration
certificate and key files in the SSL
directory of the distribution.
5.8.7.5. Connecting to MySQL Remotely from Windows with SSH
Here is a note that describes how to get a secure connection
to a remote MySQL server with SSH (by David Carlson
<dcarlson@mplcomm.com>):
Start your Windows SSH client. Set Host_Name =
yourmysqlserver_URL_or_IP.
Set
userid=your_userid
to log in to your server. This userid
value might not be the same as the username of your MySQL
account.
Set up port forwarding. Either do a remote forward (Set
local_port: 3306, remote_host:
yourmysqlservername_or_ip,
remote_port: 3306 ) or a local forward
(Set port: 3306, host:
localhost, remote port:
3306).
Save everything, otherwise you will have to redo it the
next time.
Log in to your server with the SSH session you just
created.
On your Windows machine, start some ODBC application (such
as Access).
Create a new file in Windows and link to MySQL using the
ODBC driver the same way you normally do, except type in
localhost for the MySQL host server,
not yourmysqlservername.
At this point, you should have an ODBC connection to MySQL,
encrypted using SSH.
This section discusses how to make database backups (full and
incremental) and how to perform table maintenance. The syntax of
the SQL statements described here is given in
Chapter 13, SQL Statement Syntax. Much of the information here
pertains primarily to MyISAM tables. Additional
information about InnoDB backup procedures is
given in Section 14.2.8, “Backing Up and Recovering an InnoDB Database”.
5.9.1. Database Backups
Because MySQL tables are stored as files, it is easy to do a
backup. To get a consistent backup, do a LOCK
TABLES on the relevant tables, followed by
FLUSH TABLES for the tables. See
Section 13.4.5, “LOCK TABLES and UNLOCK TABLES
Syntax”, and Section 13.5.5.2, “FLUSH Syntax”. You
need only a read lock; this allows other clients to continue to
query the tables while you are making a copy of the files in the
database directory. The FLUSH TABLES
statement is needed to ensure that the all active index pages
are written to disk before you start the backup.
To make an SQL-level backup of a table, you can use
SELECT INTO ... OUTFILE. For this statement,
the output file cannot already exist because allowing files to
be overwritten would constitute a security risk. See
Section 13.2.7, “SELECT Syntax”.
You can also create a binary backup simply by copying all
table files (*.frm,
*.MYD, and *.MYI
files), as long as the server isn't updating anything. The
mysqlhotcopy script uses this method.
(But note that these methods do not work if your database
contains InnoDB tables.
InnoDB does not store table contents in
database directories, and mysqlhotcopy
works only for MyISAM tables.)
Stop mysqld if it is running, then start
it with the
--log-bin[=file_name]
option. See Section 5.11.3, “The Binary Log”. The binary log
files provide you with the information you need to replicate
changes to the database that are made subsequent to the
point at which you executed mysqldump.
MySQL supports incremental backups: You need to start the server
with the --log-bin option to enable binary
logging; see Section 5.11.3, “The Binary Log”. At the moment you
want to make an incremental backup (containing all changes that
happened since the last full or incremental backup), you should
rotate the binary log by using FLUSH LOGS.
This done, you need to copy to the backup location all binary
logs which range from the one of the moment of the last full or
incremental backup to the last but one. These binary logs are
the incremental backup; at restore time, you apply them as
explained further below. The next time you do a full backup, you
should also rotate the binary log using FLUSH
LOGS, mysqldump --flush-logs, or
mysqlhotcopy --flushlog. See
Section 8.13, “mysqldump — A Database Backup Program”, and Section 8.14, “mysqlhotcopy — A Database Backup Program”.
If your MySQL server is a slave replication server, then
regardless of the backup method you choose, you should also back
up the master.info and
relay-log.info files when you back up your
slave's data. These files are always needed to resume
replication after you restore the slave's data. If your slave is
subject to replicating LOAD DATA INFILE
commands, you should also back up any
SQL_LOAD-* files that may exist in the
directory specified by the --slave-load-tmpdir
option. (This location defaults to the value of the
tmpdir variable if not specified.) The slave
needs these files to resume replication of any interrupted
LOAD DATA INFILE operations.
MySQL Enterprise
The MySQL Network Monitoring and Advisory Service provides
numerous advisors that issue immediate warnings should
replication issues arise. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
If you have to restore MyISAM tables, try to
recover them using REPAIR TABLE or
myisamchk -r first. That should work in 99.9%
of all cases. If myisamchk fails, try the
following procedure. Note that it works only if you have enabled
binary logging by starting MySQL with the
--log-bin option.
Restore the original mysqldump backup, or
binary backup.
Execute the following command to re-run the updates in the
binary logs:
shell> mysqlbinlog binlog.[0-9]* | mysql
In some cases, you may want to re-run only certain binary
logs, from certain positions (usually you want to re-run all
binary logs from the date of the restored backup, excepting
possibly some incorrect statements). See
Section 8.11, “mysqlbinlog — Utility for Processing Binary Log Files”, for more information on the
mysqlbinlog utility and how to use it.
You can also make selective backups of individual files:
To dump the table, use SELECT * INTO OUTFILE
'file_name' FROM
tbl_name.
To reload the table, use LOAD DATA INFILE
'file_name' REPLACE
.... To avoid duplicate rows, the table must have
a PRIMARY KEY or a
UNIQUE index. The
REPLACE keyword causes old rows to be
replaced with new ones when a new row duplicates an old row
on a unique key value.
If you have performance problems with your server while making
backups, one strategy that can help is to set up replication and
perform backups on the slave rather than on the master. See
Section 6.1, “Introduction to Replication”.
If you are using a Veritas filesystem, you can make a backup
like this:
From a client program, execute FLUSH TABLES WITH
READ LOCK.
This section discusses a procedure for performing backups that
allows you to recover data after several types of crashes:
Operating system crash
Power failure
Filesystem crash
Hardware problem (hard drive, motherboard, and so forth)
The example commands do not include options such as
--user and --password for the
mysqldump and mysql
programs. You should include such options as necessary so that
the MySQL server allows you to connect to it.
We assume that data is stored in the InnoDB
storage engine, which has support for transactions and automatic
crash recovery. We also assume that the MySQL server is under
load at the time of the crash. If it were not, no recovery would
ever be needed.
For cases of operating system crashes or power failures, we can
assume that MySQL's disk data is available after a restart. The
InnoDB data files might not contain
consistent data due to the crash, but InnoDB
reads its logs and finds in them the list of pending committed
and non-committed transactions that have not been flushed to the
data files. InnoDB automatically rolls back
those transactions that were not committed, and flushes to its
data files those that were committed. Information about this
recovery process is conveyed to the user through the MySQL error
log. The following is an example log excerpt:
InnoDB: Database was not shut down normally.
InnoDB: Starting recovery from log files...
InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 0 13674004
InnoDB: Doing recovery: scanned up to log sequence number 0 13739520
InnoDB: Doing recovery: scanned up to log sequence number 0 13805056
InnoDB: Doing recovery: scanned up to log sequence number 0 13870592
InnoDB: Doing recovery: scanned up to log sequence number 0 13936128
...
InnoDB: Doing recovery: scanned up to log sequence number 0 20555264
InnoDB: Doing recovery: scanned up to log sequence number 0 20620800
InnoDB: Doing recovery: scanned up to log sequence number 0 20664692
InnoDB: 1 uncommitted transaction(s) which must be rolled back
InnoDB: Starting rollback of uncommitted transactions
InnoDB: Rolling back trx no 16745
InnoDB: Rolling back of trx no 16745 completed
InnoDB: Rollback of uncommitted transactions completed
InnoDB: Starting an apply batch of log records to the database...
InnoDB: Apply batch completed
InnoDB: Started
mysqld: ready for connections
For the cases of filesystem crashes or hardware problems, we can
assume that the MySQL disk data is not
available after a restart. This means that MySQL fails to start
successfully because some blocks of disk data are no longer
readable. In this case, it is necessary to reformat the disk,
install a new one, or otherwise correct the underlying problem.
Then it is necessary to recover our MySQL data from backups,
which means that we must already have made backups. To make sure
that is the case, we should design a backup policy.
5.9.2.1. Backup Policy
We all know that backups must be scheduled periodically. A
full backups (a snapshot of the data at a point in time) can
be done in MySQL with several tools. For example,
InnoDB Hot Backup provides online
non-blocking physical backup of the InnoDB
data files, and mysqldump provides online
logical backup. This discussion uses
mysqldump.
Assume that we make a backup on Sunday at 1 p.m., when load is
low. The following command makes a full backup of all our
InnoDB tables in all databases:
This is an online, non-blocking backup that does not disturb
the reads and writes on the tables. We assumed earlier that
our tables are InnoDB tables, so
--single-transaction uses a consistent read
and guarantees that data seen by mysqldump
does not change. (Changes made by other clients to
InnoDB tables are not seen by the
mysqldump process.) If we do also have
other types of tables, we must assume that they are not
changed during the backup. For example, for the
MyISAM tables in the
mysql database, we must assume that no
administrative changes are being made to MySQL accounts during
the backup.
The resulting .sql file produced by
mysqldump contains a set of SQL
INSERT statements that can be used to
reload the dumped tables at a later time.
Full backups are necessary, but they are not always
convenient. They produce large backup files and take time to
generate. They are not optimal in the sense that each
successive full backup includes all data, even that part that
has not changed since the previous full backup. After we have
made the initial full backup, it is more efficient to make
incremental backups. They are smaller and take less time to
produce. The tradeoff is that, at recovery time, you cannot
restore your data just by reloading the full backup. You must
also process the incremental backups to recover the
incremental changes.
To make incremental backups, we need to save the incremental
changes. The MySQL server should always be started with the
--log-bin option so that it stores these
changes in a file while it updates data. This option enables
binary logging, so that the server writes each SQL statement
that updates data into a file called a MySQL binary log.
Looking at the data directory of a MySQL server that was
started with the --log-bin option and that
has been running for some days, we find these MySQL binary log
files:
-rw-rw---- 1 guilhem guilhem 1277324 Nov 10 23:59 gbichot2-bin.000001
-rw-rw---- 1 guilhem guilhem 4 Nov 10 23:59 gbichot2-bin.000002
-rw-rw---- 1 guilhem guilhem 79 Nov 11 11:06 gbichot2-bin.000003
-rw-rw---- 1 guilhem guilhem 508 Nov 11 11:08 gbichot2-bin.000004
-rw-rw---- 1 guilhem guilhem 220047446 Nov 12 16:47 gbichot2-bin.000005
-rw-rw---- 1 guilhem guilhem 998412 Nov 14 10:08 gbichot2-bin.000006
-rw-rw---- 1 guilhem guilhem 361 Nov 14 10:07 gbichot2-bin.index
Each time it restarts, the MySQL server creates a new binary
log file using the next number in the sequence. While the
server is running, you can also tell it to close the current
binary log file and begin a new one manually by issuing a
FLUSH LOGS SQL statement or with a
mysqladmin flush-logs command.
mysqldump also has an option to flush the
logs. The .index file in the data directory
contains the list of all MySQL binary logs in the directory.
This file is used for replication.
The MySQL binary logs are important for recovery because they
form the set of incremental backups. If you make sure to flush
the logs when you make your full backup, then any binary log
files created afterward contain all the data changes made
since the backup. Let's modify the previous
mysqldump command a bit so that it flushes
the MySQL binary logs at the moment of the full backup, and so
that the dump file contains the name of the new current binary
log:
After executing this command, the data directory contains a
new binary log file, gbichot2-bin.000007.
The resulting .sql file includes these
lines:
-- Position to start replication or point-in-time recovery from
-- CHANGE MASTER TO MASTER_LOG_FILE='gbichot2-bin.000007',MASTER_LOG_POS=4;
Because the mysqldump command made a full
backup, those lines mean two things:
The .sql file contains all changes
made before any changes written to the
gbichot2-bin.000007 binary log file
or newer.
All data changes logged after the backup are not present
in the .sql, but are present in the
gbichot2-bin.000007 binary log file
or newer.
On Monday at 1 p.m., we can create an incremental backup by
flushing the logs to begin a new binary log file. For example,
executing a mysqladmin flush-logs command
creates gbichot2-bin.000008. All changes
between the Sunday 1 p.m. full backup and Monday 1 p.m. will
be in the gbichot2-bin.000007 file. This
incremental backup is important, so it is a good idea to copy
it to a safe place. (For example, back it up on tape or DVD,
or copy it to another machine.) On Tuesday at 1 p.m., execute
another mysqladmin flush-logs command. All
changes between Monday 1 p.m. and Tuesday 1 p.m. will be in
the gbichot2-bin.000008 file (which also
should be copied somewhere safe).
The MySQL binary logs take up disk space. To free up space,
purge them from time to time. One way to do this is by
deleting the binary logs that are no longer needed, such as
when we make a full backup:
Note: Deleting the MySQL
binary logs with mysqldump
--delete-master-logs can be dangerous if your server
is a replication master server, because slave servers might
not yet fully have processed the contents of the binary log.
The description for the PURGE MASTER LOGS
statement explains what should be verified before deleting the
MySQL binary logs. See Section 13.6.1.1, “PURGE MASTER LOGS Syntax”.
5.9.2.2. Using Backups for Recovery
Now, suppose that we have a catastrophic crash on Wednesday at
8 a.m. that requires recovery from backups. To recover, first
we restore the last full backup we have (the one from Sunday 1
p.m.). The full backup file is just a set of SQL statements,
so restoring it is very easy:
shell> mysql < backup_sunday_1_PM.sql
At this point, the data is restored to its state as of Sunday
1 p.m.. To restore the changes made since then, we must use
the incremental backups; that is, the
gbichot2-bin.000007 and
gbichot2-bin.000008 binary log files.
Fetch the files if necessary from where they were backed up,
and then process their contents like this:
shell> mysqlbinlog gbichot2-bin.000007 gbichot2-bin.000008 | mysql
We now have recovered the data to its state as of Tuesday 1
p.m., but still are missing the changes from that date to the
date of the crash. To not lose them, we would have needed to
have the MySQL server store its MySQL binary logs into a safe
location (RAID disks, SAN, ...) different from the place where
it stores its data files, so that these logs were not on the
destroyed disk. (That is, we can start the server with a
--log-bin option that specifies a location on
a different physical device from the one on which the data
directory resides. That way, the logs are safe even if the
device containing the directory is lost.) If we had done this,
we would have the gbichot2-bin.000009
file at hand, and we could apply it using
mysqlbinlog and mysql to
restore the most recent data changes with no loss up to the
moment of the crash.
5.9.2.3. Backup Strategy Summary
In case of an operating system crash or power failure,
InnoDB itself does all the job of
recovering data. But to make sure that you can sleep well,
observe the following guidelines:
Always run the MySQL server with the
--log-bin option, or even
--log-bin=log_name,
where the log file name is located on some safe media
different from the drive on which the data directory is
located. If you have such safe media, this technique can
also be good for disk load balancing (which results in a
performance improvement).
Make periodic full backups, using the
mysqldump command shown earlier in
Section 5.9.2.1, “Backup Policy”, that makes an online,
non-blocking backup.
Make periodic incremental backups by flushing the logs
with FLUSH LOGS or mysqladmin
flush-logs.
If a MySQL server was started with the
--log-bin option to enable binary logging, you
can use the mysqlbinlog utility to recover
data from the binary log files, starting from a specified point
in time (for example, since your last backup) until the present
or another specified point in time. For information on enabling
the binary log and using mysqlbinlog, see
Section 5.11.3, “The Binary Log”, and Section 8.11, “mysqlbinlog — Utility for Processing Binary Log Files”.
MySQL Enterprise
For maximum data recovery, MySQL Network Monitoring and
Advisory Service advises subscribers to synchronize to disk at
each write. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
To restore data from a binary log, you must know the location
and name of the current binary log file. By default, the server
creates binary log files in the data directory, but a pathname
can be specified with the --log-bin option to
place the files in a different location. Typically the option is
given in an option file (that is, my.cnf or
my.ini, depending on your system). It can
also be given on the command line when the server is started. To
determine the name of the current binary log file, issue the
following statement:
mysql> SHOW BINLOG EVENTS\G
If you prefer, you can execute the following command from the
command line instead:
shell> mysql -u root -p -E -e "SHOW BINLOG EVENTS"
Enter the root password for your server when
mysql prompts you for it.
5.9.3.1. Specifying Times for Recovery
To indicate the start and end times for recovery, specify the
--start-date and --stop-date
options for mysqlbinlog, in
DATETIME format. As an example, suppose
that exactly at 10:00 a.m. on April 20, 2005 an SQL statement
was executed that deleted a large table. To restore the table
and data, you could restore the previous night's backup, and
then execute the following command:
shell> mysqlbinlog --stop-date="2005-04-20 9:59:59" \/var/log/mysql/bin.123456 | mysql -u root -p
This command recovers all of the data up until the date and
time given by the --stop-date option. If you
did not detect the erroneous SQL statement that was entered
until hours later, you will probably also want to recover the
activity that occurred afterward. Based on this, you could run
mysqlbinlog again with a start date and
time, like so:
shell> mysqlbinlog --start-date="2005-04-20 10:01:00" \/var/log/mysql/bin.123456 | mysql -u root -p
In this command, the SQL statements logged from 10:01 a.m. on
will be re-executed. The combination of restoring of the
previous night's dump file and the two
mysqlbinlog commands restores everything up
until one second before 10:00 a.m. and everything from 10:01
a.m. on. You should examine the log to be sure of the exact
times to specify for the commands. To display the log file
contents without executing them, use this command:
Then open the file with a text editor to examine it.
5.9.3.2. Specifying Positions for Recovery
Instead of specifying dates and times, the
--start-position and
--stop-position options for
mysqlbinlog can be used for specifying log
positions. They work the same as the start and stop date
options, except that you specify log position numbers rather
than dates. Using positions may enable you to be more precise
about which part of the log to recover, especially if many
transactions occurred around the same time as a damaging SQL
statement. To determine the position numbers, run
mysqlbinlog for a range of times near the
time when the unwanted transaction was executed, but redirect
the results to a text file for examination. This can be done
like so:
This command creates a small text file in the
/tmp directory that contains the SQL
statements around the time that the deleterious SQL statement
was executed. Open this file with a text editor and look for
the statement that you don't want to repeat. Determine the
positions in the binary log for stopping and resuming the
recovery and make note of them. Positions are labeled as
log_pos followed by a number. After
restoring the previous backup file, use the position numbers
to process the binary log file. For example, you would use
commands something like these:
shell> mysqlbinlog --stop-position="368312" /var/log/mysql/bin.123456 \| mysql -u root -p
shell> mysqlbinlog --start-position="368315" /var/log/mysql/bin.123456 \| mysql -u root -p
The first command recovers all the transactions up until the
stop position given. The second command recovers all
transactions from the starting position given until the end of
the binary log. Because the output of
mysqlbinlog includes SET
TIMESTAMP statements before each SQL statement
recorded, the recovered data and related MySQL logs will
reflect the original times at which the transactions were
executed.
This section discusses how to use myisamchk
to check or repair MyISAM tables (tables that
have .MYD and .MYI
files for storing data and indexes). For general
myisamchk background, see
Section 8.5, “myisamchk — MyISAM Table-Maintenance Utility”.
You can use myisamchk to get information
about your database tables or to check, repair, or optimize
them. The following sections describe how to perform these
operations and how to set up a table maintenance schedule.
Even though table repair with myisamchk is
quite secure, it is always a good idea to make a backup
before doing a repair or any maintenance
operation that could make a lot of changes to a table.
myisamchk operations that affect indexes can
cause FULLTEXT indexes to be rebuilt with
full-text parameters that are incompatible with the values used
by the MySQL server. To avoid this problem, follow the
guidelines in Section 8.5.1, “myisamchk General Options”.
In many cases, you may find it simpler to do
MyISAM table maintenance using the SQL
statements that perform operations that
myisamchk can do:
To check or repair MyISAM tables, use
CHECK TABLE or REPAIR
TABLE.
This section describes how to check for and deal with data
corruption in MySQL databases. If your tables become corrupted
frequently, you should try to find the reason why. See
Section B.1.4.2, “What to Do If MySQL Keeps Crashing”.
If you run mysqld with external locking
disabled (which is the default as of MySQL 4.0), you cannot
reliably use myisamchk to check a table
when mysqld is using the same table. If you
can be certain that no one will access the tables through
mysqld while you run
myisamchk, you only have to execute
mysqladmin flush-tables before you start
checking the tables. If you cannot guarantee this, you must
stop mysqld while you check the tables. If
you run myisamchk to check tables that
mysqld is updating at the same time, you
may get a warning that a table is corrupt even when it is not.
If the server is run with external locking enabled, you can
use myisamchk to check tables at any time.
In this case, if the server tries to update a table that
myisamchk is using, the server will wait
for myisamchk to finish before it
continues.
If you use myisamchk to repair or optimize
tables, you must always ensure that the
mysqld server is not using the table (this
also applies if external locking is disabled). If you don't
stop mysqld, you should at least do a
mysqladmin flush-tables before you run
myisamchk. Your tables may become
corrupted if the server and
myisamchk access the tables simultaneously.
When performing crash recovery, it is important to understand
that each MyISAM table
tbl_name in a database corresponds
to three files in the database directory:
File
Purpose
tbl_name.frm
Definition (format) file
tbl_name.MYD
Data file
tbl_name.MYI
Index file
Each of these three file types is subject to corruption in
various ways, but problems occur most often in data files and
index files.
myisamchk works by creating a copy of the
.MYD data file row by row. It ends the
repair stage by removing the old .MYD
file and renaming the new file to the original file name. If
you use --quick, myisamchk
does not create a temporary .MYD file,
but instead assumes that the .MYD file is
correct and generates only a new index file without touching
the .MYD file. This is safe, because
myisamchk automatically detects whether the
.MYD file is corrupt and aborts the
repair if it is. You can also specify the
--quick option twice to
myisamchk. In this case,
myisamchk does not abort on some errors
(such as duplicate-key errors) but instead tries to resolve
them by modifying the .MYD file. Normally
the use of two --quick options is useful only
if you have too little free disk space to perform a normal
repair. In this case, you should at least make a backup of the
table before running myisamchk.
5.9.4.2. How to Check MyISAM Tables for Errors
To check a MyISAM table, use the following
commands:
myisamchk
tbl_name
This finds 99.99% of all errors. What it cannot find is
corruption that involves only the
data file (which is very unusual). If you want to check a
table, you should normally run
myisamchk without options or with the
-s (silent) option.
myisamchk -m
tbl_name
This finds 99.999% of all errors. It first checks all
index entries for errors and then reads through all rows.
It calculates a checksum for all key values in the rows
and verifies that the checksum matches the checksum for
the keys in the index tree.
myisamchk -e
tbl_name
This does a complete and thorough check of all data
(-e means “extended check”).
It does a check-read of every key for each row to verify
that they indeed point to the correct row. This may take a
long time for a large table that has many indexes.
Normally, myisamchk stops after the
first error it finds. If you want to obtain more
information, you can add the -v (verbose)
option. This causes myisamchk to keep
going, up through a maximum of 20 errors.
myisamchk -e -i
tbl_name
This is like the previous command, but the
-i option tells
myisamchk to print additional
statistical information.
In most cases, a simple myisamchk command
with no arguments other than the table name is sufficient to
check a table.
5.9.4.3. How to Repair Tables
The discussion in this section describes how to use
myisamchk on MyISAM
tables (extensions .MYI and
.MYD).
Symptoms of corrupted tables include queries that abort
unexpectedly and observable errors such as these:
tbl_name.frm
is locked against change
Can't find file
tbl_name.MYI
(Errcode: nnn)
Unexpected end of file
Record file is crashed
Got error nnn from table
handler
To get more information about the error, run
perrornnn,
where nnn is the error number. The
following example shows how to use perror
to find the meanings for the most common error numbers that
indicate a problem with a table:
shell> perror 126 127 132 134 135 136 141 144 145
MySQL error code 126 = Index file is crashed
MySQL error code 127 = Record-file is crashed
MySQL error code 132 = Old database file
MySQL error code 134 = Record was already deleted (or record file crashed)
MySQL error code 135 = No more room in record file
MySQL error code 136 = No more room in index file
MySQL error code 141 = Duplicate unique key or constraint on write or update
MySQL error code 144 = Table is crashed and last repair failed
MySQL error code 145 = Table was marked as crashed and should be repaired
Note that error 135 (no more room in record file) and error
136 (no more room in index file) are not errors that can be
fixed by a simple repair. In this case, you must use
ALTER TABLE to increase the
MAX_ROWS and
AVG_ROW_LENGTH table option values:
ALTER TABLE tbl_name MAX_ROWS=xxx AVG_ROW_LENGTH=yyy;
If you do not know the current table option values, use
SHOW CREATE TABLE.
For the other errors, you must repair your tables.
myisamchk can usually detect and fix most
problems that occur.
The repair process involves up to four stages, described here.
Before you begin, you should change location to the database
directory and check the permissions of the table files. On
Unix, make sure that they are readable by the user that
mysqld runs as (and to you, because you
need to access the files you are checking). If it turns out
you need to modify files, they must also be writable by you.
If you are going to repair a table from the command line, you
must first stop the mysqld server. Note
that when you do mysqladmin shutdown on a
remote server, the mysqld server is still
alive for a while after mysqladmin returns,
until all statement-processing has stopped and all index
changes have been flushed to disk.
Stage 1: Checking your tables
Run myisamchk *.MYI or myisamchk
-e *.MYI if you have more time. Use the
-s (silent) option to suppress unnecessary
information.
If the mysqld server is stopped, you should
use the --update-state option to tell
myisamchk to mark the table as
“checked.”
You have to repair only those tables for which
myisamchk announces an error. For such
tables, proceed to Stage 2.
If you get unexpected errors when checking (such as
out of memory errors), or if
myisamchk crashes, go to Stage 3.
Stage 2: Easy safe repair
First, try myisamchk -r -q
tbl_name (-r
-q means “quick recovery mode”). This
attempts to repair the index file without touching the data
file. If the data file contains everything that it should and
the delete links point at the correct locations within the
data file, this should work, and the table is fixed. Start
repairing the next table. Otherwise, use the following
procedure:
Make a backup of the data file before continuing.
Use myisamchk -r
tbl_name
(-r means “recovery mode”).
This removes incorrect rows and deleted rows from the data
file and reconstructs the index file.
If the preceding step fails, use myisamchk
--safe-recover
tbl_name. Safe
recovery mode uses an old recovery method that handles a
few cases that regular recovery mode does not (but is
slower).
Note: If you want a repair operation to go much faster, you
should set the values of the
sort_buffer_size and
key_buffer_size variables each to about 25%
of your available memory when running
myisamchk.
If you get unexpected errors when repairing (such as
out of memory errors), or if
myisamchk crashes, go to Stage 3.
Stage 3: Difficult repair
You should reach this stage only if the first 16KB block in
the index file is destroyed or contains incorrect information,
or if the index file is missing. In this case, it is necessary
to create a new index file. Do so as follows:
Move the data file to a safe place.
Use the table description file to create new (empty) data
and index files:
shell> mysql db_name
mysql> SET AUTOCOMMIT=1;
mysql> TRUNCATE TABLE tbl_name;
mysql> quit
Copy the old data file back onto the newly created data
file. (Do not just move the old file back onto the new
file. You want to retain a copy in case something goes
wrong.)
Go back to Stage 2. myisamchk -r -q should
work. (This should not be an endless loop.)
You can also use the REPAIR TABLE
tbl_name USE_FRM SQL
statement, which performs the whole procedure automatically.
There is also no possibility of unwanted interaction between a
utility and the server, because the server does all the work
when you use REPAIR TABLE. See
Section 13.5.2.6, “REPAIR TABLE Syntax”.
Stage 4: Very difficult
repair
You should reach this stage only if the
.frm description file has also crashed.
That should never happen, because the description file is not
changed after the table is created:
Restore the description file from a backup and go back to
Stage 3. You can also restore the index file and go back
to Stage 2. In the latter case, you should start with
myisamchk -r.
If you do not have a backup but know exactly how the table
was created, create a copy of the table in another
database. Remove the new data file, and then move the
.frm description and
.MYI index files from the other
database to your crashed database. This gives you new
description and index files, but leaves the
.MYD data file alone. Go back to
Stage 2 and attempt to reconstruct the index file.
5.9.4.4. Table Optimization
To coalesce fragmented rows and eliminate wasted space that
results from deleting or updating rows, run
myisamchk in recovery mode:
shell> myisamchk -r tbl_name
You can optimize a table in the same way by using the
OPTIMIZE TABLE SQL statement.
OPTIMIZE TABLE does a table repair and a
key analysis, and also sorts the index tree so that key
lookups are faster. There is also no possibility of unwanted
interaction between a utility and the server, because the
server does all the work when you use OPTIMIZE
TABLE. See Section 13.5.2.5, “OPTIMIZE TABLE Syntax”.
myisamchk has a number of other options
that you can use to improve the performance of a table:
To obtain a description of a table or statistics about it, use
the commands shown here. We explain some of the information in
more detail later.
myisamchk -d
tbl_name
Runs myisamchk in “describe
mode” to produce a description of your table. If
you start the MySQL server with external locking disabled,
myisamchk may report an error for a
table that is updated while it runs. However, because
myisamchk does not change the table in
describe mode, there is no risk of destroying data.
myisamchk -d -v
tbl_name
Adding -v runs
myisamchk in verbose mode so that it
produces more information about what it is doing.
myisamchk -eis
tbl_name
Shows only the most important information from a table.
This operation is slow because it must read the entire
table.
myisamchk -eiv
tbl_name
This is like -eis, but tells you what is
being done.
Sample output for some of these commands follows. They are
based on a table with these data and index file sizes:
-rw-rw-r-- 1 monty tcx 317235748 Jan 12 17:30 company.MYD
-rw-rw-r-- 1 davida tcx 96482304 Jan 12 18:35 company.MYI
Example of myisamchk -d output:
MyISAM file: company.MYI
Record format: Fixed length
Data records: 1403698 Deleted blocks: 0
Recordlength: 226
table description:
Key Start Len Index Type
1 2 8 unique double
2 15 10 multip. text packed stripped
3 219 8 multip. double
4 63 10 multip. text packed stripped
5 167 2 multip. unsigned short
6 177 4 multip. unsigned long
7 155 4 multip. text
8 138 4 multip. unsigned long
9 177 4 multip. unsigned long
193 1 text
Example of myisamchk -d -v output:
MyISAM file: company
Record format: Fixed length
File-version: 1
Creation time: 1999-10-30 12:12:51
Recover time: 1999-10-31 19:13:01
Status: checked
Data records: 1403698 Deleted blocks: 0
Datafile parts: 1403698 Deleted data: 0
Datafile pointer (bytes): 3 Keyfile pointer (bytes): 3
Max datafile length: 3791650815 Max keyfile length: 4294967294
Recordlength: 226
table description:
Key Start Len Index Type Rec/key Root Blocksize
1 2 8 unique double 1 15845376 1024
2 15 10 multip. text packed stripped 2 25062400 1024
3 219 8 multip. double 73 40907776 1024
4 63 10 multip. text packed stripped 5 48097280 1024
5 167 2 multip. unsigned short 4840 55200768 1024
6 177 4 multip. unsigned long 1346 65145856 1024
7 155 4 multip. text 4995 75090944 1024
8 138 4 multip. unsigned long 87 85036032 1024
9 177 4 multip. unsigned long 178 96481280 1024
193 1 text
Example of myisamchk -eis output:
Checking MyISAM file: company
Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4
Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4
Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4
Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3
Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3
Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3
Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3
Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3
Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4
Total: Keyblocks used: 98% Packed: 17%
Records: 1403698 M.recordlength: 226
Packed: 0%
Recordspace used: 100% Empty space: 0%
Blocks/Record: 1.00
Record blocks: 1403698 Delete blocks: 0
Recorddata: 317235748 Deleted data: 0
Lost space: 0 Linkdata: 0
User time 1626.51, System time 232.36
Maximum resident set size 0, Integral resident set size 0
Non physical pagefaults 0, Physical pagefaults 627, Swaps 0
Blocks in 0 out 0, Messages in 0 out 0, Signals 0
Voluntary context switches 639, Involuntary context switches 28966
Example of myisamchk -eiv output:
Checking MyISAM file: company
Data records: 1403698 Deleted blocks: 0
- check file-size
- check delete-chain
block_size 1024:
index 1:
index 2:
index 3:
index 4:
index 5:
index 6:
index 7:
index 8:
index 9:
No recordlinks
- check index reference
- check data record references index: 1
Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4
- check data record references index: 2
Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4
- check data record references index: 3
Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4
- check data record references index: 4
Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3
- check data record references index: 5
Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3
- check data record references index: 6
Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3
- check data record references index: 7
Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3
- check data record references index: 8
Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3
- check data record references index: 9
Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4
Total: Keyblocks used: 9% Packed: 17%
- check records and index references
*** LOTS OF ROW NUMBERS DELETED ***
Records: 1403698 M.recordlength: 226 Packed: 0%
Recordspace used: 100% Empty space: 0% Blocks/Record: 1.00
Record blocks: 1403698 Delete blocks: 0
Recorddata: 317235748 Deleted data: 0
Lost space: 0 Linkdata: 0
User time 1639.63, System time 251.61
Maximum resident set size 0, Integral resident set size 0
Non physical pagefaults 0, Physical pagefaults 10580, Swaps 0
Blocks in 4 out 0, Messages in 0 out 0, Signals 0
Voluntary context switches 10604, Involuntary context switches 122798
Explanations for the types of information
myisamchk produces are given here.
“Keyfile” refers to the index file.
“Record” and “row” are synonymous.
For dynamic-row format, this indicates how many data
blocks there are. For an optimized table without
fragmented rows, this is the same as Data
records.
Deleted data
How many bytes of unreclaimed deleted data there are. You
can optimize your table to minimize this space. See
Section 5.9.4.4, “Table Optimization”.
Datafile pointer
The size of the data file pointer, in bytes. It is usually
2, 3, 4, or 5 bytes. Most tables manage with 2 bytes, but
this cannot be controlled from MySQL yet. For fixed
tables, this is a row address. For dynamic tables, this is
a byte address.
Keyfile pointer
The size of the index file pointer, in bytes. It is
usually 1, 2, or 3 bytes. Most tables manage with 2 bytes,
but this is calculated automatically by MySQL. It is
always a block address.
Max datafile length
How long the table data file can become, in bytes.
Max keyfile length
How long the table index file can become, in bytes.
Recordlength
How much space each row takes, in bytes.
Record format
The format used to store table rows. The preceding
examples use Fixed length. Other
possible values are Compressed and
Packed.
table description
A list of all keys in the table. For each key,
myisamchk displays some low-level
information:
Key
This key's number.
Start
Where in the row this portion of the index starts.
Len
How long this portion of the index is. For packed
numbers, this should always be the full length of the
column. For strings, it may be shorter than the full
length of the indexed column, because you can index a
prefix of a string column.
Index
Whether a key value can exist multiple times in the
index. Possible values are unique
or multip. (multiple).
Type
What data type this portion of the index has. This is
a MyISAM data type with the
possible values packed,
stripped, or
empty.
Root
Address of the root index block.
Blocksize
The size of each index block. By default this is 1024,
but the value may be changed at compile time when
MySQL is built from source.
Rec/key
This is a statistical value used by the optimizer. It
tells how many rows there are per value for this
index. A unique index always has a value of 1. This
may be updated after a table is loaded (or greatly
changed) with myisamchk -a. If this
is not updated at all, a default value of 30 is given.
For the table shown in the examples, there are two
table description lines for the ninth
index. This indicates that it is a multiple-part index
with two parts.
Keyblocks used
What percentage of the keyblocks are used. When a table
has just been reorganized with
myisamchk, as for the table in the
examples, the values are very high (very near the
theoretical maximum).
Packed
MySQL tries to pack key values that have a common suffix.
This can only be used for indexes on
CHAR and VARCHAR
columns. For long indexed strings that have similar
leftmost parts, this can significantly reduce the space
used. In the third of the preceding examples, the fourth
key is 10 characters long and a 60% reduction in space is
achieved.
Max levels
How deep the B-tree for this key is. Large tables with
long key values get high values.
Records
How many rows are in the table.
M.recordlength
The average row length. This is the exact row length for
tables with fixed-length rows, because all rows have the
same length.
Packed
MySQL strips spaces from the end of strings. The
Packed value indicates the percentage
of savings achieved by doing this.
Recordspace used
What percentage of the data file is used.
Empty space
What percentage of the data file is unused.
Blocks/Record
Average number of blocks per row (that is, how many links
a fragmented row is composed of). This is always 1.0 for
fixed-format tables. This value should stay as close to
1.0 as possible. If it gets too large, you can reorganize
the table. See Section 5.9.4.4, “Table Optimization”.
Recordblocks
How many blocks (links) are used. For fixed-format tables,
this is the same as the number of rows.
Deleteblocks
How many blocks (links) are deleted.
Recorddata
How many bytes in the data file are used.
Deleted data
How many bytes in the data file are deleted (unused).
Lost space
If a row is updated to a shorter length, some space is
lost. This is the sum of all such losses, in bytes.
Linkdata
When the dynamic table format is used, row fragments are
linked with pointers (4 to 7 bytes each).
Linkdata is the sum of the amount of
storage used by all such pointers.
Another way to check tables is to use
myisamchk. For maintenance purposes, you
can use myisamchk -s. The
-s option (short for
--silent) causes myisamchk
to run in silent mode, printing messages only when errors
occur.
It is also a good idea to enable automatic
MyISAM table checking. For example,
whenever the machine has done a restart in the middle of an
update, you usually need to check each table that could have
been affected before it is used further. (These are
“expected crashed tables.”) To check
MyISAM tables automatically, start the
server with the --myisam-recover option. See
Section 5.2.2, “Command Options”.
You should also check your tables regularly during normal
system operation. At MySQL AB, we run a
cron job to check all our important tables
once a week, using a line like this in a
crontab file:
This prints out information about crashed tables so that we
can examine and repair them when needed.
Because we have not had any unexpectedly crashed tables
(tables that become corrupted for reasons other than hardware
trouble) for several years, once a week is more than
sufficient for us.
We recommend that to start with, you execute
myisamchk -s each night on all tables that
have been updated during the last 24 hours, until you come to
trust MySQL as much as we do.
Normally, MySQL tables need little maintenance. If you are
performing many updates to MyISAM tables
with dynamic-sized rows (tables with
VARCHAR, BLOB, or
TEXT columns) or have tables with many
deleted rows you may want to defragment/reclaim space from the
tables from time to time. You can do this by using
OPTIMIZE TABLE on the tables in question.
Alternatively, if you can stop the mysqld
server for a while, change location into the data directory
and use this command while the server is stopped:
This section describes how to configure the server to use
different character sets. It also discusses how to set the
server's time zone and enable per-connection time zone support.
5.10.1. The Character Set Used for Data and Sorting
By default, MySQL uses the latin1 (cp1252
West European) character set and the
latin1_swedish_ci collation that sorts
according to Swedish/Finnish rules. These defaults are suitable
for the United States and most of Western Europe.
All MySQL binary distributions are compiled with
--with-extra-charsets=complex. This adds code
to all standard programs that enables them to handle
latin1 and all multi-byte character sets
within the binary. Other character sets are loaded from a
character-set definition file when needed.
The character set determines what characters are allowed in
identifiers. The collation determines how strings are sorted by
the ORDER BY and GROUP BY
clauses of the SELECT statement.
You can change the default server character set and collation
with the --character-set-server and
--collation-server options when you start the
server. The collation must be a legal collation for the default
character set. (Use the SHOW COLLATION
statement to determine which collations are available for each
character set.) See Section 5.2.2, “Command Options”.
The character sets available depend on the
--with-charset=charset_name
and
--with-extra-charsets=list-of-charsets
| complex | all | none options to
configure, and the character set
configuration files listed in
SHAREDIR/charsets/Index.
See Section 2.4.14.2, “Typical configure Options”.
If you change the character set when running MySQL, that may
also change the sort order. Consequently, you must run
myisamchk -r -q
--set-collation=collation_name
on all MyISAM tables, or your indexes may not
be ordered correctly.
When a client connects to a MySQL server, the server indicates
to the client what the server's default character set is. The
client switches to this character set for this connection.
You should use mysql_real_escape_string()
when escaping strings for an SQL query.
mysql_real_escape_string() is identical to
the old mysql_escape_string() function,
except that it takes the MYSQL connection
handle as the first parameter so that the appropriate character
set can be taken into account when escaping characters.
If the client is compiled with paths that differ from where the
server is installed and the user who configured MySQL didn't
include all character sets in the MySQL binary, you must tell
the client where it can find the additional character sets it
needs if the server runs with a different character set from the
client. You can do this by specifying a
--character-sets-dir option to indicate the
path to the directory in which the dynamic MySQL character sets
are stored. For example, you can put the following in an option
file:
You can force the client to use specific character set as
follows:
[client]
default-character-set=charset_name
This is normally unnecessary, however.
5.10.1.1. Using the German Character Set
In MySQL 5.0, character set and collation are
specified separately. This means that if you want German sort
order, you should select the latin1
character set and either the
latin1_german1_ci or
latin1_german2_ci collation. For example,
to start the server with the
latin1_german1_ci collation, use the
--character-set-server=latin1 and
--collation-server=latin1_german1_ci options.
By default, mysqld produces error messages in
English, but they can also be displayed in any of these other
languages: Czech, Danish, Dutch, Estonian, French, German,
Greek, Hungarian, Italian, Japanese, Korean, Norwegian,
Norwegian-ny, Polish, Portuguese, Romanian, Russian, Slovak,
Spanish, or Swedish.
To start mysqld with a particular language
for error messages, use the --language or
-L option. The option value can be a language
name or the full path to the error message file. For example:
shell> mysqld --language=swedish
Or:
shell> mysqld --language=/usr/local/share/swedish
The language name should be specified in lowercase.
By default, the language files are located in the
share/LANGUAGE
directory under the MySQL base directory.
You can also change the content of the error messages produced
by the server. Details can be found in the MySQL Internals
manual, available at
http://forge.mysql.com/wiki/MySQL_Internals_Error_Messages.
If you upgrade to a newer version of MySQL after changing the
error messages, remember to repeat your changes after the
upgrade.
5.10.3. Adding a New Character Set
This section discusses the procedure for adding a new character
set to MySQL. You must have a MySQL source distribution to use
these instructions. To choose the proper procedure, determine
whether the character set is simple or complex:
If the character set does not need to use special string
collating routines for sorting and does not need multi-byte
character support, it is simple.
If it needs either of those features, it is complex.
For example, latin1 and
danish are simple character sets, whereas
big5 and czech are complex
character sets.
In the following instructions, the name of the character set is
represented by MYSET.
For a simple character set, do the following:
Add MYSET to the end of the
sql/share/charsets/Index file. Assign a
unique number to it.
Create the file
sql/share/charsets/MYSET.conf.
(You can use a copy of
sql/share/charsets/latin1.conf as the
basis for this file.)
The syntax for the file is very simple:
Comments start with a ‘#’
character and continue to the end of the line.
Words are separated by arbitrary amounts of whitespace.
When defining the character set, every word must be a
number in hexadecimal format.
The ctype array takes up the first
257 words. The to_lower[],
to_upper[] and
sort_order[] arrays take up 256 words
each after that.
Add the character set name to the
CHARSETS_AVAILABLE and
COMPILED_CHARSETS lists in
configure.in.
Reconfigure, recompile, and test.
For a complex character set, do the following:
Create the file
strings/ctype-MYSET.c
in the MySQL source distribution.
Add MYSET to the end of the
sql/share/charsets/Index file. Assign a
unique number to it.
Look at one of the existing ctype-*.c
files (such as strings/ctype-big5.c) to
see what needs to be defined. Note that the arrays in your
file must have names like
ctype_MYSET,
to_lower_MYSET,
and so on. These correspond to the arrays for a simple
character set. See Section 5.10.4, “The Character Definition Arrays”.
Near the top of the file, place a special comment like this:
/*
* This comment is parsed by configure to create ctype.c,
* so don't change it unless you know what you are doing.
*
* .configure. number_MYSET=MYNUMBER
* .configure. strxfrm_multiply_MYSET=N
* .configure. mbmaxlen_MYSET=N
*/
The configure program uses this comment
to include the character set into the MySQL library
automatically.
The strxfrm_multiply and
mbmaxlen lines are explained in the
following sections. You need include them only if you need
the string collating functions or the multi-byte character
set functions, respectively.
You should then create some of the following functions:
Add the character set name to the
CHARSETS_AVAILABLE and
COMPILED_CHARSETS lists in
configure.in.
Reconfigure, recompile, and test.
The sql/share/charsets/README file includes
additional instructions.
If you want to have the character set included in the MySQL
distribution, mail a patch to the MySQL
internals mailing list. See
Section 1.7.1, “MySQL Mailing Lists”.
5.10.4. The Character Definition Arrays
to_lower[] and to_upper[]
are simple arrays that hold the lowercase and uppercase
characters corresponding to each member of the character set.
For example:
to_lower['A'] should contain 'a'
to_upper['a'] should contain 'A'
sort_order[] is a map indicating how
characters should be ordered for comparison and sorting
purposes. Quite often (but not for all character sets) this is
the same as to_upper[], which means that
sorting is case-insensitive. MySQL sorts characters based on the
values of sort_order[] elements. For more
complicated sorting rules, see the discussion of string
collating in Section 5.10.5, “String Collating Support”.
ctype[] is an array of bit values, with one
element for one character. (Note that
to_lower[], to_upper[],
and sort_order[] are indexed by character
value, but ctype[] is indexed by character
value + 1. This is an old legacy convention for handling
EOF.)
You can find the following bitmask definitions in
m_ctype.h:
The ctype[] entry for each character should
be the union of the applicable bitmask values that describe the
character. For example, 'A' is an uppercase
character (_U) as well as a hexadecimal digit
(_X), so ctype['A'+1]
should contain the value:
_U + _X = 01 + 0200 = 0201
5.10.5. String Collating Support
If the sorting rules for your language are too complex to be
handled with the simple sort_order[] table,
you need to use the string collating functions.
The best documentation for this is the existing character sets.
Look at the big5, czech,
gbk, sjis, and
tis160 character sets for examples.
You must specify the
strxfrm_multiply_MYSET=N
value in the special comment at the top of the file.
N should be set to the maximum ratio
the strings may grow during
my_strxfrm_MYSET
(it must be a positive integer).
5.10.6. Multi-Byte Character Support
If you want to add support for a new character set that includes
multi-byte characters, you need to use the multi-byte character
functions.
The best documentation for this is the existing character sets.
Look at the euc_kr,
gb2312, gbk,
sjis, and ujis character
sets for examples. These are implemented in the
ctype-charset_name.c
files in the strings directory.
You must specify the
mbmaxlen_MYSET=N
value in the special comment at the top of the source file.
N should be set to the size in bytes
of the largest character in the set.
5.10.7. Problems With Character Sets
If you try to use a character set that is not compiled into your
binary, you might run into the following problems:
Your program uses an incorrect path to determine where the
character sets are stored. (Default
/usr/local/mysql/share/mysql/charsets).
This can be fixed by using the
--character-sets-dir option when you run
the program in question.
The character set is a multi-byte character set that cannot
be loaded dynamically. In this case, you must recompile the
program with support for the character set.
The character set is a dynamic character set, but you do not
have a configure file for it. In this case, you should
install the configure file for the character set from a new
MySQL distribution.
If your Index file does not contain the
name for the character set, your program displays the
following error message:
ERROR 1105: File '/usr/local/share/mysql/charsets/?.conf'
not found (Errcode: 2)
In this case, you should either get a new
Index file or manually add the name of
any missing character sets to the current file.
For MyISAM tables, you can check the
character set name and number for a table with
myisamchk -dvv
tbl_name.
5.10.8. MySQL Server Time Zone Support
The MySQL server maintains several time zone settings:
The system time zone. When the server starts, it attempts to
determine the time zone of the host machine and uses it to
set the system_time_zone system variable.
The value does not change thereafter.
You can set the system time zone for MySQL Server at startup
with the
--timezone=timezone_name
option to mysqld_safe. You can also set
it by setting the TZ environment variable
before you start mysqld. The allowable
values for --timezone or
TZ are system-dependent. Consult your
operating system documentation to see what values are
acceptable.
The server's current time zone. The global
time_zone system variable indicates the
time zone the server currently is operating in. The initial
value for time_zone is
'SYSTEM', which indicates that the server
time zone is the same as the system time zone.
The initial global server time zone value can be specified
explicitly at startup with the
--default-time-zone=timezone
option on the command line, or you can use the following
line in an option file:
default-time-zone='timezone'
If you have the SUPER privilege, you can
set the global server time zone value at runtime with this
statement:
mysql> SET GLOBAL time_zone = timezone;
Per-connection time zones. Each client that connects has its
own time zone setting, given by the session
time_zone variable. Initially, the
session variable takes its value from the global
time_zone variable, but the client can
change its own time zone with this statement:
mysql> SET time_zone = timezone;
The current session time zone setting affects display and
storage of time values that are zone-sensitive. This includes
the values displayed by functions such as
NOW() or CURTIME(), and
values stored in and retrieved from TIMESTAMP
columns. Values for TIMESTAMP columns are
converted from the current time zone to UTC for storage, and
from UTC to the current time zone for retrieval. The current
time zone setting does not affect values displayed by functions
such as UTC_TIMESTAMP() or values in
DATE, TIME, or
DATETIME columns.
The current values of the global and client-specific time zones
can be retrieved like this:
timezone values can be given in
several formats, none of which are case sensitive:
The value 'SYSTEM' indicates that the
time zone should be the same as the system time zone.
The value can be given as a string indicating an offset from
UTC, such as '+10:00' or
'-6:00'.
The value can be given as a named time zone, such as
'Europe/Helsinki',
'US/Eastern', or
'MET'. Named time zones can be used only
if the time zone information tables in the
mysql database have been created and
populated.
The MySQL installation procedure creates the time zone tables in
the mysql database, but does not load them.
You must do so manually using the following instructions. (If
you are upgrading to MySQL 4.1.3 or later from an earlier
version, you can create the tables by upgrading your
mysql database. Use the instructions in
Section 5.5.8, “mysql_upgrade — Check Tables for MySQL Upgrade”. After creating the tables, you
can load them.)
Note
Loading the time zone information is not necessarily a
one-time operation because the information changes
occasionally. For example, the rules for Daylight Saving Time
in the United States, Mexico, and parts of Canada changed in
2007. When such changes occur, applications that use the old
rules become out of date and you may find it necessary to
reload the time zone tables to keep the information used by
your MySQL server current. See the notes at the end of this
section.
If your system has its own zoneinfo
database (the set of files describing time zones), you should
use the mysql_tzinfo_to_sql program for
filling the time zone tables. Examples of such systems are
Linux, FreeBSD, Sun Solaris, and Mac OS X. One likely location
for these files is the /usr/share/zoneinfo
directory. If your system does not have a zoneinfo database, you
can use the downloadable package described later in this
section.
The mysql_tzinfo_to_sql program is used to
load the time zone tables. On the command line, pass the
zoneinfo directory pathname to
mysql_tzinfo_to_sql and send the output into
the mysql program. For example:
shell> mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
mysql_tzinfo_to_sql reads your system's time
zone files and generates SQL statements from them.
mysql processes those statements to load the
time zone tables.
mysql_tzinfo_to_sql also can be used to load
a single time zone file or to generate leap second information:
To load a single time zone file
tz_file that corresponds to a
time zone name tz_name, invoke
mysql_tzinfo_to_sql like this:
shell> mysql_tzinfo_to_sql tz_filetz_name | mysql -u root mysql
With this approach, you must execute a separate command to
load the time zone file for each named zone that the server
needs to know about.
If your time zone needs to account for leap seconds,
initialize the leap second information like this, where
tz_file is the name of your time
zone file:
shell> mysql_tzinfo_to_sql --leap tz_file | mysql -u root mysql
If your system is one that has no zoneinfo database (for
example, Windows or HP-UX), you can use the package of pre-built
time zone tables that is available for download at the MySQL
Developer Zone:
This time zone package contains .frm,
.MYD, and .MYI files
for the MyISAM time zone tables. These tables
should be part of the mysql database, so you
should place the files in the mysql
subdirectory of your MySQL server's data directory. The server
should be stopped while you do this and restarted afterward.
Warning: Do not use the
downloadable package if your system has a zoneinfo database. Use
the mysql_tzinfo_to_sql utility instead.
Otherwise, you may cause a difference in datetime handling
between MySQL and other applications on your system.
As mentioned earlier, when the time zone rules change,
applications that use the old rules become out of date. To stay
current, it is necessary to make sure that your system uses
current time zone information is used. For MySQL, there are two
factors to consider in staying current:
The operating system time affects the value that the MySQL
server uses for times if its time zone is set to
SYSTEM. Make sure that your operating
system is using the latest time zone information. For most
operating systems, the latest update or service pack
prepares your system for the time changes. Check the Web
site for your operating system vendor for an update that
addresses the time changes.
If you replace the system's
/etc/localtime timezone file with a
verion that uses rules differing from those in effect at
mysqld startup, you should restart
mysqld so that it uses the updated rules.
Otherwise, mysqld might not notice when
the system changes its time.
If you use named time zones with MySQL, make sure that the
time zone tables in the mysql database
are up to date. If your system has its own zoneinfo
database, you should reload the MySQL time zone tables
whenever the zoneinfo database is updated, using the
instructions given earlier in this section. For systems that
do not have their own zoneinfo database, check the MySQL
Developer Zone for updates. When a new update is available,
download it and use it to replace your current time zone
tables. mysqld caches time zone
information that it looks up, so after replacing the time
zone tables, you should restart mysqld to
make sure that it does not continue to serve outdated time
zone data.
If you are uncertain whether named time zones are available, for
use either as the server's time zone setting or by clients that
set their own time zone, check whether your time zone tables are
empty. The following query determines whether the table that
contains time zone names has any rows:
A count of zero indicates that the table is empty. In this case,
no one can be using named time zones, and you don't need to
update the tables. A count greater than zero indicates that the
table is not empty and that its contents are available to be
used for named time zone support. In this case, you should be
sure to reload your time zone tables so that anyone who uses
named time zones will get correct query results.
To check whether your MySQL installation is updated properly for
a change in Daylight Saving Time rules, use a test like the one
following. The example uses values that are appropriate for the
2007 DST 1-hour change that occurs in the United States on March
11 at 2 a.m.
The two time values indicate the times at which the DST change
occurs, and the use of named time zones requires that the time
zone tables be used. The desired result is that both queries
return the same result (the input time, converted to the
equivalent value in the 'US/Central' time zone).
Before updating the time zone tables, you would see an incorrect
result like this:
Beginning with MySQL 5.0.25, the locale indicated by the
lc_time_names system variable controls the
language used to display day and month names and abbreviations.
This variable affects the output from the
DATE_FORMAT(), DAYNAME()
and MONTHNAME() functions.
Locale names are POSIX-style values such as
'ja_JP' or 'pt_BR'. The
default value is 'en_US' regardless of your
system's locale setting, but any client can examine or set its
lc_time_names value as shown in the following
example:
mysql> SET NAMES 'utf8';
Query OK, 0 rows affected (0.09 sec)
mysql> SELECT @@lc_time_names;
+-----------------+
| @@lc_time_names |
+-----------------+
| en_US |
+-----------------+
1 row in set (0.00 sec)
mysql> SELECT DAYNAME('2010-01-01'), MONTHNAME('2010-01-01');
+-----------------------+-------------------------+
| DAYNAME('2010-01-01') | MONTHNAME('2010-01-01') |
+-----------------------+-------------------------+
| Friday | January |
+-----------------------+-------------------------+
1 row in set (0.00 sec)
mysql> SELECT DATE_FORMAT('2010-01-01','%W %a %M %b');
+-----------------------------------------+
| DATE_FORMAT('2010-01-01','%W %a %M %b') |
+-----------------------------------------+
| Friday Fri January Jan |
+-----------------------------------------+
1 row in set (0.00 sec)
mysql> SET lc_time_names = 'es_MX';
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT @@lc_time_names;
+-----------------+
| @@lc_time_names |
+-----------------+
| es_MX |
+-----------------+
1 row in set (0.00 sec)
mysql> SELECT DAYNAME('2010-01-01'), MONTHNAME('2010-01-01');
+-----------------------+-------------------------+
| DAYNAME('2010-01-01') | MONTHNAME('2010-01-01') |
+-----------------------+-------------------------+
| viernes | enero |
+-----------------------+-------------------------+
1 row in set (0.00 sec)
mysql> SELECT DATE_FORMAT('2010-01-01','%W %a %M %b');
+-----------------------------------------+
| DATE_FORMAT('2010-01-01','%W %a %M %b') |
+-----------------------------------------+
| viernes vie enero ene |
+-----------------------------------------+
1 row in set (0.00 sec)
The day or month name for each of the affected functions is
converted from utf8 to the character set
indicated by the character_set_connection
system variable.
lc_time_names may be set to any of the
following locale values:
ar_AE: Arabic - United Arab Emirates
ar_BH: Arabic - Bahrain
ar_DZ: Arabic - Algeria
ar_EG: Arabic - Egypt
ar_IN: Arabic - Iran
ar_IQ: Arabic - Iraq
ar_JO: Arabic - Jordan
ar_KW: Arabic - Kuwait
ar_LB: Arabic - Lebanon
ar_LY: Arabic - Libya
ar_MA: Arabic - Morocco
ar_OM: Arabic - Oman
ar_QA: Arabic - Qatar
ar_SA: Arabic - Saudi Arabia
ar_SD: Arabic - Sudan
ar_SY: Arabic - Syria
ar_TN: Arabic - Tunisia
ar_YE: Arabic - Yemen
be_BY: Belarusian - Belarus
bg_BG: Bulgarian - Bulgaria
ca_ES: Catalan - Catalan
cs_CZ: Czech - Czech Republic
da_DK: Danish - Denmark
de_AT: German - Austria
de_BE: German - Belgium
de_CH: German - Switzerland
de_DE: German - Germany
de_LU: German - Luxembourg
EE: Estonian - Estonia
en_AU: English - Australia
en_CA: English - Canada
en_GB: English - United Kingdom
en_IN: English - India
en_NZ: English - New Zealand
en_PH: English - Philippines
en_US: English - United States
en_ZA: English - South Africa
en_ZW: English - Zimbabwe
es_AR: Spanish - Argentina
es_BO: Spanish - Bolivia
es_CL: Spanish - Chile
es_CO: Spanish - Columbia
es_CR: Spanish - Costa Rica
es_DO: Spanish - Dominican Republic
es_EC: Spanish - Ecuador
es_ES: Spanish - Spain
es_GT: Spanish - Guatemala
es_HN: Spanish - Honduras
es_MX: Spanish - Mexico
es_NI: Spanish - Nicaragua
es_PA: Spanish - Panama
es_PE: Spanish - Peru
es_PR: Spanish - Puerto Rico
es_PY: Spanish - Paraguay
es_SV: Spanish - El Salvador
es_US: Spanish - United States
es_UY: Spanish - Uruguay
es_VE: Spanish - Venezuela
eu_ES: Basque - Basque
fi_FI: Finnish - Finland
fo_FO: Faroese - Faroe Islands
fr_BE: French - Belgium
fr_CA: French - Canada
fr_CH: French - Switzerland
fr_FR: French - France
fr_LU: French - Luxembourg
gl_ES: Galician - Galician
gu_IN: Gujarati - India
he_IL: Hebrew - Israel
hi_IN: Hindi - India
hr_HR: Croatian - Croatia
hu_HU: Hungarian - Hungary
id_ID: Indonesian - Indonesia
is_IS: Icelandic - Iceland
it_CH: Italian - Switzerland
it_IT: Italian - Italy
ja_JP: Japanese - Japan
ko_KR: Korean - Korea
lt_LT: Lithuanian - Lithuania
lv_LV: Latvian - Latvia
mk_MK: Macedonian - FYROM
mn_MN: Mongolia - Mongolian
ms_MY: Malay - Malaysia
nb_NO: Norwegian(Bokml) - Norway
nl_BE: Dutch - Belgium
nl_NL: Dutch - The Netherlands
no_NO: Norwegian - Norway
pl_PL: Polish - Poland
pt_BR: Portugese - Brazil
pt_PT: Portugese - Portugal
ro_RO: Romanian - Romania
ru_RU: Russian - Russia
ru_UA: Russian - Ukraine
sk_SK: Slovak - Slovakia
sl_SI: Slovenian - Slovenia
sq_AL: Albanian - Albania
sr_YU: Serbian - Yugoslavia
sv_FI: Swedish - Finland
sv_SE: Swedish - Sweden
ta_IN: Tamil - India
te_IN: Telugu - India
th_TH: Thai - Thailand
tr_TR: Turkish - Turkey
uk_UA: Ukrainian - Ukraine
ur_PK: Urdu - Pakistan
vi_VN: Vietnamese - Vietnam
zh_CN: Chinese - Peoples Republic of China
zh_HK: Chinese - Hong Kong SAR
zh_TW: Chinese - Taiwan
lc_time_names currently does not affect the
STR_TO_DATE() or
GET_FORMAT() function.
MySQL has several different logs that can help you find out what
is going on inside mysqld:
Log Type
Information Written to Log
The error log
Problems encountered starting, running, or stopping
mysqld
The general query log
Established client connections and statements received from clients
The binary log
All statements that change data (also used for replication)
The slow query log
All queries that took more than long_query_time
seconds to execute or didn't use indexes
By default, all log files are created in the
mysqld data directory. You can force
mysqld to close and reopen the log files (or in
some cases switch to a new log) by flushing the logs. Log flushing
occurs when you issue a FLUSH LOGS statement or
execute mysqladmin flush-logs or
mysqladmin refresh. See
Section 13.5.5.2, “FLUSH Syntax”, and Section 8.10, “mysqladmin — Client for Administering a MySQL Server”.
If you are using MySQL replication capabilities, slave replication
servers maintain additional log files called relay logs.
Chapter 6, Replication, discusses relay log contents and
configuration.
MySQL Enterprise
The MySQL Network Monitoring and Advisory Service provides a
number of advisors specifically related to the various log
files. For more information see
http://www.mysql.com/products/enterprise/advisors.html.
5.11.1. The Error Log
The error log file contains information indicating when
mysqld was started and stopped and also any
critical errors that occur while the server is running. If
mysqld notices a table that needs to be
automatically checked or repaired, it writes a message to the
error log.
On some operating systems, the error log contains a stack trace
if mysqld dies. The trace can be used to
determine where mysqld died. See
MySQL
Internals: Porting.
If mysqld_safe is used to start
mysqld and mysqld dies
unexpectedly, mysqld_safe notices that it
needs to restart mysqld and writes a
restarted mysqld message to the error log.
You can specify where mysqld stores the error
log file with the
--log-error[=file_name]
option. If no file_name value is
given, mysqld uses the name
host_name.err
and writes the file in the data directory. If you execute
FLUSH LOGS, the error log is renamed with the
suffix -old and mysqld
creates a new empty log file. (No renaming occurs if the
--log-error option was not given.)
If you do not specify --log-error, or (on
Windows) if you use the --console option,
errors are written to stderr, the standard
error output. Usually this is your terminal.
On Windows, error output is always written to the
.err file if --console is
not given.
The --log-warnings option or
log_warnings system variable can be used to
control warning logging to the error log. The default value is
enabled (1). Warning logging can be disabled using a value of 0.
Aborted connections are not logged to the error log unless the
value is greater than 1. See
Section B.1.2.10, “Communication Errors and Aborted Connections”.
5.11.2. The General Query Log
The general query log is a general record of what
mysqld is doing. The server writes
information to this log when clients connect or disconnect, and
it logs each SQL statement received from clients. The general
query log can be very useful when you suspect an error in a
client and want to know exactly what the client sent to
mysqld.
mysqld writes statements to the query log in
the order that it receives them, which might differ from the
order in which they are executed. This logging order contrasts
to the binary log, for which statements are written after they
are executed but before any locks are released. (Also, the query
log contains all statements, whereas the binary log does not
contain statements that only select data.)
To enable the general query log, start mysqld
with the
--log[=file_name] or
-l [file_name]
option.
If no file_name value is given for
--log or -l, the default name
is host_name.log
in the data directory.
Server restarts and log flushing do not cause a new general
query log file to be generated (although flushing closes and
reopens it). On Unix, you can rename the file and create a new
one by using the following commands:
On Windows, you cannot rename the log file while the server has
it open. You must stop the server and rename the file, and then
restart the server to create a new log file.
5.11.3. The Binary Log
The binary log contains all statements that update data or
potentially could have updated it (for example, a
DELETE which matched no rows). Statements are
stored in the form of “events” that describe the
modifications. The binary log also contains information about
how long each statement took that updated data.
Note: The binary log has
replaced the old update log, which is no longer available as of
MySQL 5.0. The binary log contains all information that is
available in the update log in a more efficient format and in a
manner that is transaction-safe. If you are using transactions,
you must use the MySQL binary log for backups instead of the old
update log.
The binary log is not used for statements such as
SELECT or SHOW that do not
modify data. If you want to log all statements (for example, to
identify a problem query), use the general query log. See
Section 5.11.2, “The General Query Log”.
The primary purpose of the binary log is to be able to update
databases during a restore operation as fully as possible,
because the binary log contains all updates done after a backup
was made. The binary log is also used on master replication
servers as a record of the statements to be sent to slave
servers. See Chapter 6, Replication.
MySQL Enterprise
The binary log can also be used to track significant DDL
events. Analyzing the binary log in this way is an integral
part of the MySQL Network Monitoring and Advisory Service. For
more information see
http://www.mysql.com/products/enterprise/advisors.html.
Running the server with the binary log enabled makes performance
about 1% slower. However, the benefits of the binary log for
restore operations and in allowing you to set up replication
generally outweigh this minor performance decrement.
When started with the
--log-bin[=base_name]
option, mysqld writes a log file containing
all SQL commands that update data. If no
base_name value is given, the default
name is the name of the host machine followed by
-bin. If the basename is given, but not as an
absolute pathname, the server writes the file in the data
directory. It is recommended that you specify a basename; see
Section B.1.8.1, “Open Issues in MySQL”, for the reason.
If you supply an extension in the log name (for example,
--log-bin=base_name.extension),
the extension is silently removed and ignored.
mysqld appends a numeric extension to the
binary log basename. The number increases each time the server
creates a new log file, thus creating an ordered series of
files. The server creates a new binary log file each time it
starts or flushes the logs. The server also creates a new binary
log file automatically when the current log's size reaches
max_binlog_size. A binary log file may become
larger than max_binlog_size if you are using
large transactions because a transaction is written to the file
in one piece, never split between files.
To keep track of which binary log files have been used,
mysqld also creates a binary log index file
that contains the names of all used binary log files. By default
this has the same basename as the binary log file, with the
extension '.index'. You can change the name
of the binary log index file with the
--log-bin-index[=file_name]
option. You should not manually edit this file while
mysqld is running; doing so would confuse
mysqld.
Replication slave servers by default do not write to their own
binary log any statements that are received from the replication
master. To cause these statements to be logged, start the slave
with the --log-slave-updates option.
You can use the following options to mysqld
to affect what is logged to the binary log. See also the
discussion that follows this option list.
If you are using replication, the options described here affect
which statements are sent by a master server to its slaves.
There are also options for slave servers that control which
statements received from the master to execute or ignore. For
details, see Section 6.8, “Replication Startup Options”.
--binlog-do-db=db_name
Tell the server to restrict binary logging to updates for
which the default database is
db_name (that is, the database
selected by USE). All other databases
that are not explicitly mentioned are ignored. If you use
this option, you should ensure that you do updates only in
the default database.
There is an exception to this for CREATE
DATABASE, ALTER DATABASE, and
DROP DATABASE statements. The server uses
the database named in the statement (not the default
database) to decide whether it should log the statement.
An example of what does not work as you might expect: If the
server is started with
binlog-do-db=sales, and you run
USE prices; UPDATE sales.january SET
amount=amount+1000;, this statement is
not written into the binary log.
To log multiple databases, use multiple options, specifying
the option once for each database.
--binlog-ignore-db=db_name
Tell the server to suppress binary logging of updates for
which the default database is
db_name (that is, the database
selected by USE). If you use this option,
you should ensure that you do updates only in the default
database.
As with the --binlog-do-db option, there is
an exception for the CREATE DATABASE,
ALTER DATABASE, and DROP
DATABASE statements. The server uses the database
named in the statement (not the default database) to decide
whether it should log the statement.
An example of what does not work as you might expect: If the
server is started with
binlog-ignore-db=sales, and you run
USE prices; UPDATE sales.january SET
amount=amount+1000;, this statement
is written into the binary log.
To ignore multiple databases, use multiple options,
specifying the option once for each database.
The server evaluates the options for logging or ignoring updates
to the binary log according to the following rules. As described
previously, there is an exception for the CREATE
DATABASE, ALTER DATABASE, and
DROP DATABASE statements. In those cases, the
database being created, altered, or dropped
replaces the default database in the following rules:
Are there --binlog-do-db or
--binlog-ignore-db rules?
No: Write the statement to the binary log and exit.
Yes: Go to the next step.
There are some rules (--binlog-do-db,
--binlog-ignore-db, or both). Is there a
default database (has any database been selected by
USE?)?
No: Do not write the statement, and
exit.
Yes: Go to the next step.
There is a default database. Are there some
--binlog-do-db rules?
Yes: Does the default database match any of the
--binlog-do-db rules?
Yes: Write the statement and exit.
No: Do not write the statement,
and exit.
No: Go to the next step.
There are some --binlog-ignore-db rules.
Does the default database match any of the
--binlog-ignore-db rules?
Yes: Do not write the statement, and exit.
No: Write the query and exit.
For example, a slave running with only
--binlog-do-db=sales does not write to the
binary log any statement for which the default database is
different from sales (in other words,
--binlog-do-db can sometimes mean “ignore
other databases”).
If you are using replication, you should not delete old binary
log files until you are sure that no slave still needs to use
them. For example, if your slaves never run more than three days
behind, once a day you can execute mysqladmin
flush-logs on the master and then remove any logs that
are more than three days old. You can remove the files manually,
but it is preferable to use PURGE MASTER
LOGS, which also safely updates the binary log index
file for you (and which can take a date argument). See
Section 13.6.1.1, “PURGE MASTER LOGS Syntax”.
A client that has the SUPER privilege can
disable binary logging of its own statements by using a
SET SQL_LOG_BIN=0 statement. See
Section 13.5.3, “SET Syntax”.
You can display the contents of binary log files with the
mysqlbinlog utility. This can be useful when
you want to reprocess statements in the log. For example, you
can update a MySQL server from the binary log as follows:
shell> mysqlbinlog log_file | mysql -h server_name
Binary logging is done immediately after a statement completes
but before any locks are released or any commit is done. This
ensures that the log is logged in execution order.
Updates to non-transactional tables are stored in the binary log
immediately after execution. Within an uncommitted transaction,
all updates (UPDATE,
DELETE, or INSERT) that
change transactional tables such as BDB or
InnoDB tables are cached until a
COMMIT statement is received by the server.
At that point, mysqld writes the entire
transaction to the binary log before the
COMMIT is executed. When the thread that
handles the transaction starts, it allocates a buffer of
binlog_cache_size to buffer statements. If a
statement is bigger than this, the thread opens a temporary file
to store the transaction. The temporary file is deleted when the
thread ends.
Modifications to non-transactional tables cannot be rolled back.
If a transaction that is rolled back includes modifications to
non-transactional tables, the entire transaction is logged with
a ROLLBACK statement at the end to ensure
that the modifications to those tables are replicated.
The Binlog_cache_use status variable shows
the number of transactions that used this buffer (and possibly a
temporary file) for storing statements. The
Binlog_cache_disk_use status variable shows
how many of those transactions actually had to use a temporary
file. These two variables can be used for tuning
binlog_cache_size to a large enough value
that avoids the use of temporary files.
The max_binlog_cache_size system variable
(default 4GB, which is also the maximum) can be used to restrict
the total size used to cache a multiple-statement transaction.
If a transaction is larger than this many bytes, it fails and
rolls back. The minimum value is 4096.
If you are using the binary log, concurrent inserts are
converted to normal inserts for CREATE ...
SELECT or INSERT ... SELECT
statement. This is done to ensure that you can re-create an
exact copy of your tables by applying the log during a backup
operation.
By default, the binary log is not synchronized to disk at each
write. So if the operating system or machine (not only the MySQL
server) crashes, there is a chance that the last statements of
the binary log are lost. To prevent this, you can make the
binary log be synchronized to disk after every
N writes to the binary log, with the
sync_binlog system variable. See
Section 5.2.3, “System Variables”. 1 is the safest value
for sync_binlog, but also the slowest. Even
with sync_binlog set to 1, there is still the
chance of an inconsistency between the table content and binary
log content in case of a crash. For example, if you are using
InnoDB tables and the MySQL server processes
a COMMIT statement, it writes the whole
transaction to the binary log and then commits this transaction
into InnoDB. If the server crashes between
those two operations, the transaction is rolled back by
InnoDB at restart but still exists in the
binary log. This problem can be solved with the
--innodb-safe-binlog option, which adds
consistency between the content of InnoDB
tables and the binary log. (Note:
--innodb-safe-binlog is unneeded as of MySQL
5.0; it was made obsolete by the introduction of XA transaction
support.)
For this option to provide a greater degree of safety, the MySQL
server should also be configured to synchronize the binary log
and the InnoDB logs to disk at every
transaction. The InnoDB logs are synchronized
by default, and sync_binlog=1 can be used to
synchronize the binary log. The effect of this option is that at
restart after a crash, after doing a rollback of transactions,
the MySQL server cuts rolled back InnoDB
transactions from the binary log. This ensures that the binary
log reflects the exact data of InnoDB tables,
and so, that the slave remains in synchrony with the master (not
receiving a statement which has been rolled back).
Note that --innodb-safe-binlog can be used even
if the MySQL server updates other storage engines than
InnoDB. Only statements and transactions that
affect InnoDB tables are subject to removal
from the binary log at InnoDB's crash
recovery. If the MySQL server discovers at crash recovery that
the binary log is shorter than it should have been, it lacks at
least one successfully committed InnoDB
transaction. This should not happen if
sync_binlog=1 and the disk/filesystem do an
actual sync when they are requested to (some don't), so the
server prints an error message The binary log
<name> is shorter than its expected size. In
this case, this binary log is not correct and replication should
be restarted from a fresh snapshot of the master's data.
5.11.4. The Slow Query Log
The slow query log consists of all SQL statements that took more
than long_query_time seconds to execute. The
time to acquire the initial table locks is not counted as
execution time. mysqld writes a statement to
the slow query log after it has been executed and after all
locks have been released, so log order might be different from
execution order. The minimum and default values of
long_query_time are 1 and 10, respectively.
To enable the slow query log, start mysqld
with the
--log-slow-queries[=file_name]
option.
If no file_name value is given for
--log-slow-queries, the default name is
host_name-slow.log.
If a filename is given, but not as an absolute pathname, the
server writes the file in the data directory.
The slow query log can be used to find queries that take a long
time to execute and are therefore candidates for optimization.
However, examining a long slow query log can become a difficult
task. To make this easier, you can process the slow query log
using the mysqldumpslow command to summarize
the queries that appear in the log. Use mysqldumpslow
--help to see the options that this command supports.
In MySQL 5.0, queries that do not use indexes are
logged in the slow query log if the
--log-queries-not-using-indexes option is
specified. See Section 5.2.2, “Command Options”.
MySQL Enterprise
Excessive table scans are indicative of missing or poorly
optimized indexes. Using an advisor specifically designed for
the task, the MySQL Network Monitoring and Advisory Service
can identify such problems and offer advice on resolution. For
more information see
http://www.mysql.com/products/enterprise/advisors.html.
In MySQL 5.0, the
--log-slow-admin-statements server option
enables you to request logging of slow administrative statements
such as OPTIMIZE TABLE, ANALYZE
TABLE, and ALTER TABLE to the slow
query log.
Queries handled by the query cache are not added to the slow
query log, nor are queries that would not benefit from the
presence of an index because the table has zero rows or one row.
5.11.5. Server Log Maintenance
MySQL Server can create a number of different log files that
make it easy to see what is going on. See
Section 5.11, “MySQL Server Logs”. However, you must clean up these
files regularly to ensure that the logs do not take up too much
disk space.
When using MySQL with logging enabled, you may want to back up
and remove old log files from time to time and tell MySQL to
start logging to new files. See Section 5.9.1, “Database Backups”.
On a Linux (Red Hat) installation, you can use the
mysql-log-rotate script for this. If you
installed MySQL from an RPM distribution, this script should
have been installed automatically. You should be careful with
this script if you are using the binary log for replication. You
should not remove binary logs until you are certain that their
contents have been processed by all slaves.
On other systems, you must install a short script yourself that
you start from cron (or its equivalent) for
handling log files.
For the binary log, you can set the
expire_logs_days system variable to expire
binary log files automatically after a given number of days (see
Section 5.2.3, “System Variables”). If you are using
replication, you should set the variable no lower than the
maximum number of days your slaves might lag behind the master.
If general query logging (--log) or slow
query logging (--log-slow-queries) to a log
file is enabled, the server closes and reopens the general
query log file or slow query log file.
If binary logging (--log-bin) is used, the
server closes the current log file and opens a new log file
with the next sequence number.
If the server was given an error log filename with the
--log-error option, it renames the error
log with the suffix -old and creates a
new empty error log file.
The server creates a new binary log file when you flush the
logs. However, it just closes and reopens the general and slow
query log files. To cause new files to be created on Unix,
rename the current logs before flushing them. At flush time, the
server will open new logs with the original names. For example,
if the general and slow query logs are named
mysql.log and
mysql-slow.log, you can use a series of
commands like this:
At this point, you can make a backup of
mysql.old and
mysql-slow.log and then remove them from
disk.
On Windows, you cannot rename log files while the server has
them open. You must stop the server and rename them, and then
restart the server to create new logs.
The session sql_log_off variable can be set
to ON or OFF to disable or
enable general query logging for the current connection.
5.12. Running Multiple MySQL Servers on the Same Machine
In some cases, you might want to run multiple
mysqld servers on the same machine. You might
want to test a new MySQL release while leaving your existing
production setup undisturbed. Or you might want to give different
users access to different mysqld servers that
they manage themselves. (For example, you might be an Internet
Service Provider that wants to provide independent MySQL
installations for different customers.)
To run multiple servers on a single machine, each server must have
unique values for several operating parameters. These can be set
on the command line or in option files. See
Section 4.3, “Specifying Program Options”.
At least the following options must be different for each server:
--port=port_num
--port controls the port number for TCP/IP
connections.
--socket=path
--socket controls the Unix socket file path
on Unix and the name of the named pipe on Windows. On Windows,
it is necessary to specify distinct pipe names only for those
servers that support named-pipe connections.
--shared-memory-base-name=name
This option currently is used only on Windows. It designates
the shared-memory name used by a Windows server to allow
clients to connect via shared memory. It is necessary to
specify distinct shared-memory names only for those servers
that support shared-memory connections.
--pid-file=file_name
This option is used only on Unix. It indicates the pathname of
the file in which the server writes its process ID.
If you use the following log file options, they must be different
for each server:
For better performance, you can specify the following options
differently for each server, to spread the load between several
physical disks:
--tmpdir=path
--bdb-tmpdir=path
Having different temporary directories is also recommended to make
it easier to determine which MySQL server created any given
temporary file.
With very limited exceptions, each server should use a different
data directory, which is specified using the
--datadir=path option.
Warning: Normally, you should
never have two servers that update data in the same databases.
This may lead to unpleasant surprises if your operating system
does not support fault-free system locking. If (despite this
warning) you run multiple servers using the same data directory
and they have logging enabled, you must use the appropriate
options to specify log filenames that are unique to each server.
Otherwise, the servers try to log to the same files. Please note
that this kind of setup only works with MyISAM
and MERGE tables, and not with any of the other
storage engines.
The warning against sharing a data directory among servers also
applies in an NFS environment. Allowing multiple MySQL servers to
access a common data directory over NFS is a very bad
idea.
The primary problem is that NFS is the speed bottleneck. It is
not meant for such use.
Another risk with NFS is that you must devise a way to ensure
that two or more servers do not interfere with each other.
Usually NFS file locking is handled by the
lockd daemon, but at the moment there is no
platform that performs locking 100% reliably in every
situation.
Make it easy for yourself: Forget about sharing a data directory
among servers over NFS. A better solution is to have one computer
that contains several CPUs and use an operating system that
handles threads efficiently.
If you have multiple MySQL installations in different locations,
you can specify the base installation directory for each server
with the
--basedir=path option
to cause each server to use a different data directory, log files,
and PID file. (The defaults for all these values are determined
relative to the base directory). In that case, the only other
options you need to specify are the --socket and
--port options. For example, suppose that you
install different versions of MySQL using tar
file binary distributions. These install in different locations,
so you can start the server for each installation using the
command bin/mysqld_safe under its corresponding
base directory. mysqld_safe determines the
proper --basedir option to pass to
mysqld, and you need specify only the
--socket and --port options to
mysqld_safe.
As discussed in the following sections, it is possible to start
additional servers by setting environment variables or by
specifying appropriate command-line options. However, if you need
to run multiple servers on a more permanent basis, it is more
convenient to use option files to specify for each server those
option values that must be unique to it. The
--defaults-file option is useful for this
purpose.
You can run multiple servers on Windows by starting them
manually from the command line, each with appropriate operating
parameters. You also have the option of installing several
servers as Windows services and running them that way. General
instructions for running MySQL servers from the command line or
as services are given in Section 2.4.8, “Installing MySQL on Windows”.
This section describes how to make sure that you start each
server with different values for those startup options that must
be unique per server, such as the data directory. These options
are described in Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
5.12.1.1. Starting Multiple Windows Servers at the Command Line
To start multiple servers manually from the command line, you
can specify the appropriate options on the command line or in
an option file. It is more convenient to place the options in
an option file, but it is necessary to make sure that each
server gets its own set of options. To do this, create an
option file for each server and tell the server the filename
with a --defaults-file option when you run
it.
Suppose that you want to run mysqld on port
3307 with a data directory of C:\mydata1,
and mysqld-debug on port 3308 with a data
directory of C:\mydata2. (To do this,
make sure that before you start the servers, each data
directory exists and has its own copy of the
mysql database that contains the grant
tables.) Then create two option files. For example, create one
file named C:\my-opts1.cnf that looks
like this:
[mysqld]
datadir = C:/mydata1
port = 3307
Create a second file named
C:\my-opts2.cnf that looks like this:
Each server starts in the foreground (no new prompt appears
until the server exits later), so you will need to issue those
two commands in separate console windows.
To shut down the servers, you must connect to each using the
appropriate port number:
Servers configured as just described allow clients to connect
over TCP/IP. If your version of Windows supports named pipes
and you also want to allow named-pipe connections, use the
mysqld-nt or
mysqld-debug server and specify options
that enable the named pipe and specify its name. Each server
that supports named-pipe connections must use a unique pipe
name. For example, the C:\my-opts1.cnf
file might be written like this:
Modify C:\my-opts2.cnf similarly for use
by the second server.
A similar procedure applies for servers that you want to
support shared-memory connections. Enable such connections
with the --shared-memory option and specify a
unique shared-memory name for each server with the
--shared-memory-base-name option.
5.12.1.2. Starting Multiple Windows Servers as Services
You can also install multiple MySQL servers as services. In
this case, you must make sure that each server uses a
different service name in addition to all the other parameters
that must be unique for each server.
For the following instructions, assume that you want to run
the mysqld-nt server from two different
versions of MySQL that are installed at
C:\mysql-4.1.8 and
C:\mysql-5.0.42, respectively.
(This might be the case if you're running 4.1.8 as your
production server, but also want to conduct tests using
5.0.42.)
The following principles apply when installing a MySQL service
with the --install or
--install-manual option:
If you specify no service name, the server uses the
default service name of MySQL and the
server reads options from the [mysqld]
group in the standard option files.
If you specify a service name after the
--install option, the server ignores the
[mysqld] option group and instead reads
options from the group that has the same name as the
service. The server reads options from the standard option
files.
If you specify a --defaults-file option
after the service name, the server ignores the standard
option files and reads options only from the
[mysqld] group of the named file.
Note: Before MySQL 4.0.17,
only a server installed using the default service name
(MySQL) or one installed explicitly with a
service name of mysqld will read the
[mysqld] group in the standard option
files. As of 4.0.17, all servers read the
[mysqld] group if they read the standard
option files, even if they are installed using another service
name. This allows you to use the [mysqld]
group for options that should be used by all MySQL services,
and an option group named after each service for use by the
server installed with that service name.
Based on the preceding information, you have several ways to
set up multiple services. The following instructions describe
some examples. Before trying any of them, be sure that you
shut down and remove any existing MySQL services first.
Approach 1: Specify the
options for all services in one of the standard option
files. To do this, use a different service name for each
server. Suppose that you want to run the 4.1.8
mysqld-nt using the service name of
mysqld1 and the 5.0.42
mysqld-nt using the service name
mysqld2. In this case, you can use the
[mysqld1] group for 4.1.8 and the
[mysqld2] group for 5.0.42.
For example, you can set up C:\my.cnf
like this:
# options for mysqld1 service
[mysqld1]
basedir = C:/mysql-4.1.8
port = 3307
enable-named-pipe
socket = mypipe1
# options for mysqld2 service
[mysqld2]
basedir = C:/mysql-5.0.42
port = 3308
enable-named-pipe
socket = mypipe2
Install the services as follows, using the full server
pathnames to ensure that Windows registers the correct
executable program for each service:
To start the services, use the services manager, or use
NET START with the appropriate service
names:
C:\> NET START mysqld1
C:\> NET START mysqld2
To stop the services, use the services manager, or use
NET STOP with the appropriate service
names:
C:\> NET STOP mysqld1
C:\> NET STOP mysqld2
Approach 2: Specify
options for each server in separate files and use
--defaults-file when you install the
services to tell each server what file to use. In this
case, each file should list options using a
[mysqld] group.
With this approach, to specify options for the 4.1.8
mysqld-nt, create a file
C:\my-opts1.cnf that looks like this:
To use a --defaults-file option when you
install a MySQL server as a service, you must precede the
option with the service name.
After installing the services, start and stop them the
same way as in the preceding example.
To remove multiple services, use mysqld
--remove for each one, specifying a service name
following the --remove option. If the service
name is the default (MySQL), you can omit
it.
5.12.2. Running Multiple Servers on Unix
The easiest way is to run multiple servers on Unix is to compile
them with different TCP/IP ports and Unix socket files so that
each one is listening on different network interfaces. Compiling
in different base directories for each installation also results
automatically in a separate, compiled-in data directory, log
file, and PID file location for each server.
Assume that an existing 4.1.8 server is configured for the
default TCP/IP port number (3306) and Unix socket file
(/tmp/mysql.sock). To configure a new
5.0.42 server to have different operating parameters,
use a configure command something like this:
Here, port_number and
file_name must be different from the
default TCP/IP port number and Unix socket file pathname, and
the --prefix value should specify an
installation directory different from the one under which the
existing MySQL installation is located.
If you have a MySQL server listening on a given port number, you
can use the following command to find out what operating
parameters it is using for several important configurable
variables, including the base directory and Unix socket
filename:
With the information displayed by that command, you can tell
what option values not to use when
configuring an additional server.
Note that if you specify localhost as a
hostname, mysqladmin defaults to using a Unix
socket file connection rather than TCP/IP. From MySQL 4.1
onward, you can explicitly specify the connection protocol to
use by using the
--protocol={TCP|SOCKET|PIPE|MEMORY} option.
You don't have to compile a new MySQL server just to start with
a different Unix socket file and TCP/IP port number. It is also
possible to use the same server binary and start each invocation
of it with different parameter values at runtime. One way to do
so is by using command-line options:
To start a second server, provide different
--socket and --port option
values, and pass a
--datadir=path
option to mysqld_safe so that the server uses
a different data directory.
Another way to achieve a similar effect is to use environment
variables to set the Unix socket filename and TCP/IP port
number:
This is a quick way of starting a second server to use for
testing. The nice thing about this method is that the
environment variable settings apply to any client programs that
you invoke from the same shell. Thus, connections for those
clients are automatically directed to the second server.
For automatic server execution, the startup script that is
executed at boot time should execute the following command once
for each server with an appropriate option file path for each
command:
shell> mysqld_safe --defaults-file=file_name
Each option file should contain option values specific to a
given server.
5.12.3. Using Client Programs in a Multiple-Server Environment
To connect with a client program to a MySQL server that is
listening to different network interfaces from those compiled
into your client, you can use one of the following methods:
Start the client with
--host=host_name
--port=port_number to
connect via TCP/IP to a remote server, with
--host=127.0.0.1
--port=port_number to
connect via TCP/IP to a local server, or with
--host=localhost
--socket=file_name to
connect to a local server via a Unix socket file or a
Windows named pipe.
As of MySQL 4.1, start the client with
--protocol=tcp to connect via TCP/IP,
--protocol=socket to connect via a Unix
socket file, --protocol=pipe to connect via
a named pipe, or --protocol=memory to
connect via shared memory. For TCP/IP connections, you may
also need to specify --host and
--port options. For the other types of
connections, you may need to specify a
--socket option to specify a Unix socket
file or Windows named-pipe name, or a
--shared-memory-base-name option to specify
the shared-memory name. Shared-memory connections are
supported only on Windows.
On Unix, set the MYSQL_UNIX_PORT and
MYSQL_TCP_PORT environment variables to
point to the Unix socket file and TCP/IP port number before
you start your clients. If you normally use a specific
socket file or port number, you can place commands to set
these environment variables in your
.login file so that they apply each
time you log in. See
Section 2.4.19, “Environment Variables”.
Specify the default Unix socket file and TCP/IP port number
in the [client] group of an option file.
For example, you can use C:\my.cnf on
Windows, or the .my.cnf file in your
home directory on Unix. See Section 4.3.2, “Using Option Files”.
In a C program, you can specify the socket file or port
number arguments in the
mysql_real_connect() call. You can also
have the program read option files by calling
mysql_options(). See
Section 22.2.3, “C API Function Descriptions”.
If you are using the Perl DBD::mysql
module, you can read options from MySQL option files. For
example:
Other programming interfaces may provide similar
capabilities for reading option files.
MySQL Enterprise
Subscribers to MySQL Enterprise will find additional
information on running multiple MySQL servers on one machine
in the MySQL Enterprise Knowledge Base article found at
https://kb.mysql.com/view.php?id=4926.
The query cache stores the text of a SELECT
statement together with the corresponding result that was sent to
the client. If an identical statement is received later, the
server retrieves the results from the query cache rather than
parsing and executing the statement again.
The query cache is extremely useful in an environment where you
have tables that do not change very often and for which the server
receives many identical queries. This is a typical situation for
many Web servers that generate many dynamic pages based on
database content.
Note: The query cache does not
return stale data. When tables are modified, any relevant entries
in the query cache are flushed.
Note: The query cache does not
work in an environment where you have multiple
mysqld servers updating the same
MyISAM tables.
Note: The query cache is not used
for server-side prepared statements. If you're using server-side
prepared statements consider that these statement won't be
satisfied by the query cache. See
Section 22.2.4, “C API Prepared Statements”.
Some performance data for the query cache follows. These results
were generated by running the MySQL benchmark suite on a Linux
Alpha 2×500MHz system with 2GB RAM and a 64MB query cache.
If all the queries you are performing are simple (such as
selecting a row from a table with one row), but still differ
so that the queries cannot be cached, the overhead for having
the query cache active is 13%. This could be regarded as the
worst case scenario. In real life, queries tend to be much
more complicated, so the overhead normally is significantly
lower.
Searches for a single row in a single-row table are 238%
faster with the query cache than without it. This can be
regarded as close to the minimum speedup to be expected for a
query that is cached.
To disable the query cache at server startup, set the
query_cache_size system variable to 0. By
disabling the query cache code, there is no noticeable overhead.
If you build MySQL from source, query cache capabilities can be
excluded from the server entirely by invoking
configure with the
--without-query-cache option.
Incoming queries are compared to those in the query cache before
parsing, so the following two queries are regarded as different
by the query cache:
SELECT * FROM tbl_name
Select * from tbl_name
Queries must be exactly the same (byte for
byte) to be seen as identical. In addition, query strings that
are identical may be treated as different for other reasons.
Queries that use different databases, different protocol
versions, or different default character sets are considered
different queries and are cached separately.
Because comparison of a query against those in the cache occurs
before parsing, the cache is not used for queries of the
following types:
Prepared statements
Queries that are a subquery of an outer query
Queries executed within the body of a stored procedure,
stored function, or trigger
Before a query result is fetched from the query cache, MySQL
checks that the user has SELECT privilege for
all databases and tables involved. If this is not the case, the
cached result is not used.
If a table changes, all cached queries that use the table become
invalid and are removed from the cache. This includes queries
that use MERGE tables that map to the changed
table. A table can be changed by many types of statements, such
as INSERT, UPDATE,
DELETE, TRUNCATE,
ALTER TABLE, DROP TABLE,
or DROP DATABASE.
The query cache also works within transactions when using
InnoDB tables.
In MySQL 5.0, queries generated by views are
cached.
Before MySQL 5.0, a query that began with a leading
comment could be cached, but could not be fetched from the
cache. This problem is fixed in MySQL 5.0.
The query cache works for SELECT SQL_CALC_FOUND_ROWS
... queries and stores a value that is returned by a
following SELECT FOUND_ROWS() query.
FOUND_ROWS() returns the correct value even
if the preceding query was fetched from the cache because the
number of found rows is also stored in the cache. The
SELECT FOUND_ROWS() query itself cannot be
cached.
A query cannot be cached if it contains any of the functions
shown in the following table:
BENCHMARK()
CONNECTION_ID()
CURDATE()
CURRENT_DATE()
CURRENT_TIME()
CURRENT_TIMESTAMP()
CURTIME()
DATABASE()
ENCRYPT() with one parameter
FOUND_ROWS()
GET_LOCK()
LAST_INSERT_ID()
LOAD_FILE()
MASTER_POS_WAIT()
NOW()
RAND()
RELEASE_LOCK()
SYSDATE()
UNIX_TIMESTAMP() with no parameters
USER()
A query also is not cached under these conditions:
It refers to user-defined functions (UDFs) or stored
functions.
It refers to user variables.
It refers to tables in the mysql system
database.
It is of any of the following forms:
SELECT ... IN SHARE MODE
SELECT ... FOR UPDATE
SELECT ... INTO OUTFILE ...
SELECT ... INTO DUMPFILE ...
SELECT * FROM ... WHERE autoincrement_col IS NULL
The last form is not cached because it is used as the ODBC
workaround for obtaining the last insert ID value. See the
MyODBC section of Chapter 23, Connectors.
It was issued as a prepared statement, even if no
placeholders were employed. For example, the query used here
is not cached:
char *my_sql_stmt = "SELECT a, b FROM table_c";
/* ... */
mysql_stmt_prepare(stmt, my_sql_stmt, strlen(my_sql_stmt));
The user has a column-level privilege for any of the
involved tables.
5.13.2. Query Cache SELECT Options
Two query cache-related options may be specified in
SELECT statements:
SQL_CACHE
The query result is cached if the value of the
query_cache_type system variable is
ON or DEMAND.
SQL_NO_CACHE
The query result is not cached.
Examples:
SELECT SQL_CACHE id, name FROM customer;
SELECT SQL_NO_CACHE id, name FROM customer;
5.13.3. Query Cache Configuration
The have_query_cache server system variable
indicates whether the query cache is available:
mysql> SHOW VARIABLES LIKE 'have_query_cache';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| have_query_cache | YES |
+------------------+-------+
When using a standard MySQL binary, this value is always
YES, even if query caching is disabled.
Several other system variables control query cache operation.
These can be set in an option file or on the command line when
starting mysqld. The query cache system
variables all have names that begin with
query_cache_. They are described briefly in
Section 5.2.3, “System Variables”, with additional
configuration information given here.
To set the size of the query cache, set the
query_cache_size system variable. Setting it
to 0 disables the query cache. The default size is 0, so the
query cache is disabled by default.
When using the Windows Configuration Wizard to install or
configure MySQL, the default value for
query_cache_size will be configured
automatically for you based on the different configuration
types available. When using the Windows Configuration Wizard,
the query cache may be enabled (i.e. set to a non-zero value)
due to the selected configuration. The query cache is also
controlled by the setting of the
query_cache_type variable. You should check
the values of these variables as set in your
my.ini file after configuration has taken
place.
When you set query_cache_size to a non-zero
value, keep in mind that the query cache needs a minimum size of
about 40KB to allocate its structures. (The exact size depends
on system architecture.) If you set the value too small, you'll
get a warning, as in this example:
mysql> SET GLOBAL query_cache_size = 40000;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> SHOW WARNINGS\G
*************************** 1. row ***************************
Level: Warning
Code: 1282
Message: Query cache failed to set size 39936; new query cache size is 0
mysql> SET GLOBAL query_cache_size = 41984;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE 'query_cache_size';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| query_cache_size | 41984 |
+------------------+-------+
For the query cache to actually be able to hold any query
results, its size must be set larger:
mysql> SET GLOBAL query_cache_size = 1000000;
Query OK, 0 rows affected (0.04 sec)
mysql> SHOW VARIABLES LIKE 'query_cache_size';
+------------------+--------+
| Variable_name | Value |
+------------------+--------+
| query_cache_size | 999424 |
+------------------+--------+
1 row in set (0.00 sec)
The query_cache_size will be aligned to the
nearest 1024 byte block. The value reported may therefore be
different from the value that you set.
If the query cache size is greater than 0, the
query_cache_type variable influences how it
works. This variable can be set to the following values:
A value of 0 or OFF
prevents caching or retrieval of cached results.
A value of 1 or ON
allows caching except of those statements that begin with
SELECT SQL_NO_CACHE.
A value of 2 or DEMAND
causes caching of only those statements that begin with
SELECT SQL_CACHE.
Setting the GLOBALquery_cache_type value determines query cache
behavior for all clients that connect after the change is made.
Individual clients can control cache behavior for their own
connection by setting the SESSIONquery_cache_type value. For example, a client
can disable use of the query cache for its own queries like
this:
mysql> SET SESSION query_cache_type = OFF;
To control the maximum size of individual query results that can
be cached, set the query_cache_limit system
variable. The default value is 1MB.
When a query is to be cached, its result (the data sent to the
client) is stored in the query cache during result retrieval.
Therefore the data usually is not handled in one big chunk. The
query cache allocates blocks for storing this data on demand, so
when one block is filled, a new block is allocated. Because
memory allocation operation is costly (timewise), the query
cache allocates blocks with a minimum size given by the
query_cache_min_res_unit system variable.
When a query is executed, the last result block is trimmed to
the actual data size so that unused memory is freed. Depending
on the types of queries your server executes, you might find it
helpful to tune the value of
query_cache_min_res_unit:
The default value of
query_cache_min_res_unit is 4KB. This
should be adequate for most cases.
If you have a lot of queries with small results, the default
block size may lead to memory fragmentation, as indicated by
a large number of free blocks. Fragmentation can force the
query cache to prune (delete) queries from the cache due to
lack of memory. In this case, you should decrease the value
of query_cache_min_res_unit. The number
of free blocks and queries removed due to pruning are given
by the values of the Qcache_free_blocks
and Qcache_lowmem_prunes status
variables.
If most of your queries have large results (check the
Qcache_total_blocks and
Qcache_queries_in_cache status
variables), you can increase performance by increasing
query_cache_min_res_unit. However, be
careful to not make it too large (see the previous item).
MySQL Enterprise
If the query cache is under-utilized, performance will suffer.
Advice on avoiding this problem is provided to subscribers to
the MySQL Network Monitoring and Advisory Service. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
5.13.4. Query Cache Status and Maintenance
You can check whether the query cache is present in your MySQL
server using the following statement:
mysql> SHOW VARIABLES LIKE 'have_query_cache';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| have_query_cache | YES |
+------------------+-------+
You can defragment the query cache to better utilize its memory
with the FLUSH QUERY CACHE statement. The
statement does not remove any queries from the cache.
The RESET QUERY CACHE statement removes all
query results from the query cache. The FLUSH
TABLES statement also does this.
To monitor query cache performance, use SHOW
STATUS to view the cache status variables:
The total number of SELECT queries is given
by this formula:
Com_select
+ Qcache_hits
+ queries with errors found by parser
The Com_select value is given by this
formula:
Qcache_inserts
+ Qcache_not_cached
+ queries with errors found during the column-privileges check
The query cache uses variable-length blocks, so
Qcache_total_blocks and
Qcache_free_blocks may indicate query cache
memory fragmentation. After FLUSH QUERY
CACHE, only a single free block remains.
Every cached query requires a minimum of two blocks (one for the
query text and one or more for the query results). Also, every
table that is used by a query requires one block. However, if
two or more queries use the same table, only one table block
needs to be allocated.
The information provided by the
Qcache_lowmem_prunes status variable can help
you tune the query cache size. It counts the number of queries
that have been removed from the cache to free up memory for
caching new queries. The query cache uses a least recently used
(LRU) strategy to decide which queries to remove from the cache.
Tuning information is given in
Section 5.13.3, “Query Cache Configuration”.
At Alden Hosting we eat and breathe Secure FTP (sFTP)! We are the industry leader in providing
affordable, quality and efficient Secure FTP (sFTP) hosting in the shared hosting marketplace.
