Table of Contents
Access denied
ErrorsThis chapter covers topics that deal with administering a MySQL installation, such as configuring the server, managing user accounts, and performing backups.
The MySQL server, mysqld, is the main program that does most of the work in a MySQL installation. The server is accompanied by several related scripts that perform setup operations when you install MySQL or that are helper programs to assist you in starting and stopping the server.
This section provides an overview of the server and related programs, and information about server startup scripts. Information about configuring the server itself is given in Section 5.3, “mysqld — The MySQL Server”.
All MySQL programs take many different options. However, every
MySQL program provides a --help
option that you
can use to get a description of the program's options. For
example, try mysqld --help.
You can override default options for all standard programs by specifying options on the command line or in an option file. Section 4.3, “Specifying Program Options”.
The following list briefly describes the MySQL server and server-related programs:
The SQL daemon (that is, the MySQL server). To use client programs, this program must be running, because clients gain access to databases by connecting to the server. See Section 5.3, “mysqld — The MySQL Server”.
A version of the server that includes additional features. See Section 5.1.2, “The mysqld-max Extended MySQL Server”.
A server startup script. mysqld_safe attempts to start mysqld-max if it exists, and mysqld otherwise. See Section 5.1.3, “mysqld_safe — MySQL Server Startup Script”.
A server startup script. This script is used on systems that use run directories containing scripts that start system services for particular run levels. It invokes mysqld_safe to start the MySQL server. See Section 5.1.4, “mysql.server — MySQL Server Startup Script”.
A server startup script that can start or stop multiple servers installed on the system. See Section 5.1.5, “mysqld_multi — Program for Managing Multiple MySQL Servers”.
This script creates the MySQL grant tables with default privileges. It is usually executed only once, when first installing MySQL on a system. See Section 2.9.2, “Unix Post-Installation Procedures”.
This script is used after an upgrade install operation, to update the grant tables with any changes that have been made in newer versions of MySQL. See Section 2.10.3, “Upgrading the Grant Tables”.
There are several other programs that also are run on the server host:
A utility to describe, check, optimize, and repair
MyISAM
tables.
myisamchk is described in
Section 5.9.5, “myisamchk — MyISAM Table-Maintenance Utility”.
This program makes a binary release of a compiled MySQL.
This could be sent by FTP to
/pub/mysql/upload/
on
ftp.mysql.com
for the convenience of
other MySQL users.
The MySQL bug reporting script. It can be used to send a bug report to the MySQL mailing list. (You can also visit http://bugs.mysql.com/ to file a bug report online. See Section 1.7.1.3, “How to Report Bugs or Problems”.)
A MySQL-Max server is a version of the mysqld MySQL server that has been built to include additional features.
The distribution to use depends on your platform:
For Windows, MySQL binary distributions include both the
standard server (mysqld.exe
) and the
MySQL-Max server (mysqld-max.exe), so you
need not get a special distribution. Just use a regular
Windows distribution, available at
http://dev.mysql.com/downloads/. See
Section 2.3, “Installing MySQL on Windows”.
For Linux, if you install MySQL using RPM distributions, use
the regular MySQL-server
RPM first to
install a standard server named mysqld.
Then use the MySQL-Max
RPM to install a
server named mysqld-max. The
MySQL-Max
RPM presupposes that you have
installed the regular server RPM. See
Section 2.4, “Installing MySQL on Linux” for more information on the
Linux RPM packages.
All other MySQL-Max distributions contain a single server that is named mysqld but that has the additional features included.
You can find the MySQL-Max binaries on the MySQL AB Web site at http://dev.mysql.com/downloads/.
MySQL AB builds the MySQL-Max servers by using the following configure options:
--with-server-suffix=-max
This option adds a -max
suffix to the
mysqld version string.
--with-innodb
This option enables support for the InnoDB storage engine. MySQL-Max servers always include InnoDB support. From MySQL 4.0 onwards, InnoDB is included by default in all binary distributions, so you do not need a MySQL-Max server merely to obtain InnoDB support.
--with-bdb
This option enables support for the Berkeley DB (BDB) storage engine.
--with-blackhole-storage-engine
This option enables support for the
BLACKHOLE
storage engine.
USE_SYMDIR
This define is enabled to turn on database symbolic link support for Windows. In MySQL 5.0, symbolic link support is available for all Windows servers, so a Max server is not needed to take advantage of this feature.
--with-ndbcluster
This option enables support for the NDB Cluster storage engine. Currently (as of 5.0.15), Cluster is supported on Linux, Solaris, and Mac OS X only. Some users have reported success in using MySQL Cluster built from source on BSD operating systems, but these are not officially supported at this time.
MySQL-Max binary distributions are a convenience for those who wish to install precompiled programs. If you build MySQL using a source distribution, you can build your own Max-like server by enabling the same features at configuration time that the MySQL-Max binary distributions are built with.
MySQL-Max servers include the BerkeleyDB (BDB) storage engine whenever possible, but not all platforms support BDB.
MySQL-Max servers for Solaris, Mac OS X, and Linux (on most
platforms) include support for the NDB Cluster storage engine.
Note that the server must be started with the
ndbcluster
option in order to run the server
as part of a MySQL Cluster. (For details, see
Section 16.4, “MySQL Cluster Configuration”.)
The following table shows on which platforms MySQL-Max binaries include support for BDB and/or NDB Cluster:
System | BDB Support | NDB Support |
AIX 4.3 | N | N |
HP-UX 11.0 | N | N |
Linux-Alpha | N | Y |
Linux-IA-64 | N | N |
Linux-Intel | Y | Y |
Mac OS X | N | N |
NetWare | N | N |
SCO OSR5 | Y | N |
Solaris-SPARC | Y | Y |
Solaris-Intel | N | Y |
UnixWare | Y | N |
Windows NT/2000/XP | Y | N |
To find out which storage engines your server supports, issue the following statement:
mysql> SHOW ENGINES;
+------------+---------+----------------------------------------------------------------+
| Engine | Support | Comment |
+------------+---------+----------------------------------------------------------------+
| MyISAM | DEFAULT | Default engine as of MySQL 3.23 with great performance |
| MEMORY | YES | Hash based, stored in memory, useful for temporary tables |
| HEAP | YES | Alias for MEMORY |
| MERGE | YES | Collection of identical MyISAM tables |
| MRG_MYISAM | YES | Alias for MERGE |
| ISAM | NO | Obsolete storage engine, now replaced by MyISAM |
| MRG_ISAM | NO | Obsolete storage engine, now replaced by MERGE |
| InnoDB | YES | Supports transactions, row-level locking, and foreign keys |
| INNOBASE | YES | Alias for INNODB |
| BDB | YES | Supports transactions and page-level locking |
| BERKELEYDB | YES | Alias for BDB |
| NDBCLUSTER | NO | Clustered, fault-tolerant, memory-based tables |
| NDB | NO | Alias for NDBCLUSTER |
| EXAMPLE | NO | Example storage engine |
| ARCHIVE | YES | Archive storage engine |
| CSV | NO | CSV storage engine |
| FEDERATED | YES | Federated MySQL storage engine |
| BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) |
+------------+---------+----------------------------------------------------------------+
18 rows in set (0.00 sec)
(See also Section 13.5.4.8, “SHOW ENGINES
Syntax”.)
You can also use the following statement instead of
SHOW ENGINES
, and check the value of the
variable for the storage engine in which you are interested:
mysql> SHOW VARIABLES LIKE 'have%';
+-----------------------+-------+
| Variable_name | Value |
+-----------------------+-------+
| have_archive | YES |
| have_bdb | YES |
| have_blackhole_engine | YES |
| have_compress | YES |
| have_crypt | NO |
| have_csv | NO |
| have_example_engine | NO |
| have_federated_engine | YES |
| have_geometry | YES |
| have_innodb | YES |
| have_isam | NO |
| have_ndbcluster | NO |
| have_openssl | YES |
| have_query_cache | YES |
| have_raid | NO |
| have_rtree_keys | YES |
| have_symlink | YES |
+-----------------------+-------+
17 rows in set (0.06 sec)
The precise output from these SHOW
commands
will vary according to the MySQL version used (and the features
which are enabled). The values in the second column indicate the
server's level of support for each feature, as shown here:
Value | Meaning |
YES | The feature is supported and is active. |
NO | The feature is not supported. |
DISABLED | The feature is supported but has been disabled. |
A value of NO
means that the server was
compiled without support for the feature, so it cannot be
activated at runtime.
A value of DISABLED
occurs either because the
server was started with an option that disables the feature, or
because not all options required to enable it were given. In the
latter case, the
error log file should contain a reason indicating why the option
is disabled.
host_name
.err
You might also see DISABLED
for the
InnoDB
or BDB
storage
engines if the server was compiled to support them, but was
started with the --skip-innodb
or
--skip-bdb
options at runtime. For the
NDB Cluster
storage engine,
DISABLED
means the the server was compiled
with support for MySQL Cluster, but was not started with the
--ndb-cluster
option.
All MySQL servers support MyISAM
tables,
because MyISAM
is the default storage engine.
mysqld_safe is the recommended way to start a mysqld server on Unix and NetWare. mysqld_safe adds some safety features such as restarting the server when an error occurs and logging runtime information to an error log file. NetWare-specific behaviors are listed later in this section.
Note: To preserve backward compatibility with older versions of MySQL, MySQL binary distributions still include safe_mysqld as a symbolic link to mysqld_safe. However, you should not rely on this as it almost certainly will be removed in future.
By default, mysqld_safe tries to start an executable named mysqld-max if it exists, or mysqld otherwise. Be aware of the implications of this behavior:
On Linux, the MySQL-Max
RPM relies on
this mysqld_safe behavior. The RPM
installs an executable named
mysqld-max, which causes
mysqld_safe to automatically use that
executable from that point on.
If you install a MySQL-Max distribution that includes a server named mysqld-max, then upgrade later to a non-Max version of MySQL, mysqld_safe still attempts to run the old mysqld-max server. If you perform such an upgrade, you should manually remove the old mysqld-max server to ensure that mysqld_safe runs the new mysqld server.
To override the default behavior and specify explicitly
which server you want to run, specify a
--mysqld
or
--mysqld-version
option to
mysqld_safe.
Many of the options to mysqld_safe are the same as the options to mysqld. See Section 5.3.1, “mysqld Command-Line Options”.
All options specified to mysqld_safe on
the command line are passed to mysqld. If
you want to use any options that are specific to
mysqld_safe and that
mysqld doesn't support, do not specify
them on the command line. Instead, list them in the
[mysqld_safe]
group of an option file.
See Section 4.3.2, “Using Option Files”.
mysqld_safe reads all options from the
[mysqld]
, [server]
,
and [mysqld_safe]
sections in option
files. For backward compatibility, it also reads
[safe_mysqld]
sections, although you
should rename such sections to
[mysqld_safe]
in MySQL 5.0.
mysqld_safe supports the following options:
--help
Display a help message and exit. (Added in MySQL 5.0.3)
--autoclose
(NetWare only) On NetWare, mysqld_safe provides a screen presence. When you unload (shut down) the mysqld_safe NLM, the screen does not by default go away. Instead, it prompts for user input:
*<NLM has terminated; Press any key to close the screen>*
If you want NetWare to close the screen automatically
instead, use the --autoclose
option to
mysqld_safe.
--basedir=
path
The path to the MySQL installation directory.
--core-file-size=
size
The size of the core file mysqld should be able to create. The option value is passed to ulimit -c.
--datadir=
path
The path to the data directory.
--defaults-extra-file=
path
The name of an option file to be read in addition to the usual option files. If given, this option must be first.
--defaults-file=
path
The name of an option file to be read instead of the usual option files. If given, this option must be first.
--ledir=
path
The path to the directory containing the mysqld program. Use this option to explicitly indicate the location of the server.
--log-error=
path
Write the error log to the given file. See Section 5.11.1, “The Error Log”.
--mysqld=
prog_name
The name of the server program (in the
ledir
directory) that you want to
start. This option is needed if you use the MySQL binary
distribution but have the data directory outside of the
binary distribution.
--mysqld-version=
suffix
This option is similar to the --mysqld
option, but you specify only the suffix for the server
program name. The basename is assumed to be
mysqld. For example, if you use
--mysqld-version=max
,
mysqld_safe starts the
mysqld-max program in the
ledir
directory. If the argument to
--mysqld-version
is empty,
mysqld_safe uses
mysqld in the
ledir
directory.
--nice=
priority
Use the nice
program to set the
server's scheduling priority to the given value.
--no-defaults
Do not read any option files. If given, this option must be first.
--open-files-limit=
count
The number of files mysqld should be
able to open. The option value is passed to
ulimit -n. Note that you need to
start mysqld_safe as
root
for this to work properly!
--pid-file=
path
The path to the process ID file.
--port=
port_num
The port number to use when listening for TCP/IP
connections. The port number must be
1024
or higher unless MySQL is run as
the root
system user.
--skip-character-set-client-handshake
Ignore character set information sent by the client and use the default server character set. (This option makes MySQL behave like MySQL 4.0.)
--socket=
path
The Unix socket file to use for local connections.
--timezone=
zone
Set the TZ
time zone environment
variable to the given option value. Consult your
operating system documentation for legal time zone
specification formats.
--user={
user_name
|
user_id
}
Run the mysqld server as the user
having the name user_name
or
the numeric user ID user_id
.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant
tables.)
When executing mysqld_safe, the
--defaults-file
or
--defaults-extra-option
must be given
first, or the option file will not be used. For example,
this command will not use the named option file:
mysqld_safe --port=port_num
--defaults-file=file_name
Instead, use the following command:
mysqld_safe --defaults-file=file_name
--port=port_num
The mysqld_safe script is written so that it normally can start a server that was installed from either a source or a binary distribution of MySQL, even though these types of distributions typically install the server in slightly different locations. (See Section 2.1.5, “Installation Layouts”.) mysqld_safe expects one of the following conditions to be true:
The server and databases can be found relative to the
directory from which mysqld_safe is
invoked. For binary distributions,
mysqld_safe looks under its working
directory for bin
and
data
directories. For source
distributions, it looks for libexec
and var
directories. This condition
should be met if you execute
mysqld_safe from your MySQL
installation directory (for example,
/usr/local/mysql
for a binary
distribution).
If the server and databases cannot be found relative to
the working directory, mysqld_safe
attempts to locate them by absolute pathnames. Typical
locations are /usr/local/libexec
and /usr/local/var
. The actual
locations are determined from the values configured into
the distribution at the time it was built. They should
be correct if MySQL is installed in the location
specified at configuration time.
Because mysqld_safe tries to find the server and databases relative to its own working directory, you can install a binary distribution of MySQL anywhere, as long as you run mysqld_safe from the MySQL installation directory:
shell>cd mysql_installation_directory
shell>bin/mysqld_safe &
If mysqld_safe fails, even when invoked
from the MySQL installation directory, you can specify the
--ledir
and --datadir
options to indicate the directories in which the server and
databases are located on your system.
Normally, you should not edit the
mysqld_safe script. Instead, configure
mysqld_safe by using command-line options
or options in the [mysqld_safe]
section
of a my.cnf
option file. In rare cases,
it might be necessary to edit mysqld_safe
to get it to start the server properly. However, if you do
this, your modified version of
mysqld_safe might be overwritten if you
upgrade MySQL in the future, so you should make a copy of
your edited version that you can reinstall.
On NetWare, mysqld_safe is a NetWare Loadable Module (NLM) that is ported from the original Unix shell script. It does the following:
Runs a number of system and option checks.
Runs a check on MyISAM
tables.
Provides a screen presence for the MySQL server.
Starts mysqld, monitors it, and restarts it if it terminates in error.
Sends error messages from mysqld to
the
file in the data directory.
host_name
.err
Sends mysqld_safe screen output to
the
file in the data directory.
host_name
.safe
MySQL distributions on Unix include a script named mysql.server. It can be used on systems such as Linux and Solaris that use System V-style run directories to start and stop system services. It is also used by the Mac OS X Startup Item for MySQL.
mysql.server can be found in the
support-files
directory under your
MySQL installation directory or in a MySQL source tree.
If you use the Linux server RPM package
(MySQL-server-
),
the mysql.server script will be installed
in the VERSION
.rpm/etc/init.d
directory with the
name mysql
. You need not install it
manually. See Section 2.4, “Installing MySQL on Linux” for more
information on the Linux RPM packages.
Some vendors provide RPM packages that install a startup script under a different name such as mysqld.
If you install MySQL from a source distribution or using a binary distribution format that does not install mysql.server automatically, you can install it manually. Instructions are provided in Section 2.9.2.2, “Starting and Stopping MySQL Automatically”.
mysql.server reads options from the
[mysql.server]
and
[mysqld]
sections of option files. (For
backward compatibility, it also reads
[mysql_server]
sections, although you
should rename such sections to
[mysql.server]
when using MySQL
5.0.)
mysqld_multi is meant for managing several mysqld processes that listen for connections on different Unix socket files and TCP/IP ports. It can start or stop servers, or report their current status.
The program searches for groups named
[mysqld
in
N
]my.cnf
(or in the file named by the
--config-file
option).
N
can be any positive integer.
This number is referred to in the following discussion as
the option group number, or GNR
.
Group numbers distinguish option groups from one another and
are used as arguments to mysqld_multi to
specify which servers you want to start, stop, or obtain a
status report for. Options listed in these groups are the
same that you would use in the [mysqld]
group used for starting mysqld. (See, for
example, Section 2.9.2.2, “Starting and Stopping MySQL Automatically”.) However, when
using multiple servers it is necessary that each one use its
own value for options such as the Unix socket file and
TCP/IP port number. For more information on which options
must be unique per server in a multiple-server environment,
see Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
To invoke mysqld_multi, use the following syntax:
shell> mysqld_multi [options
] {start|stop|report} [GNR
[,GNR
] ...]
start
, stop
, and
report
indicate which operation you want
to perform. You can perform the designated operation on a
single server or multiple servers, depending on the
GNR
list that follows the option
name. If there is no list, mysqld_multi
performs the operation for all servers in the option file.
Each GNR
value represents an
option group number or range of group numbers. The value
should be the number at the end of the group name in the
option file. For example, the GNR
for a group named [mysqld17]
is
17
. To specify a range of numbers,
separate the first and last numbers by a dash. The
GNR
value
10-13
represents groups
[mysqld10]
through
[mysqld13]
. Multiple groups or group
ranges can be specified on the command line, separated by
commas. There must be no whitespace characters (spaces or
tabs) in the GNR
list; anything
after a whitespace character is ignored.
This command starts a single server using option group
[mysqld17]
:
shell> mysqld_multi start 17
This command stops several servers, using option groups
[mysql8]
and
[mysqld10]
through
[mysqld13]
:
shell> mysqld_multi stop 8,10-13
For an example of how you might set up an option file, use this command:
shell> mysqld_multi --example
mysqld_multi supports the following options:
Specify the name of an alternative option file. This
affects where mysqld_multi looks for
[mysqld
option groups. Without this option, all options are read
from the usual N
]my.cnf
file. The
option does not affect where
mysqld_multi reads its own options,
which are always taken from the
[mysqld_multi]
group in the usual
my.cnf
file.
Display a sample option file.
Display a help message and exit.
Specify the name of the log file. If the file exists, log output is appended to it.
The mysqladmin binary to be used to stop servers.
The mysqld binary to be used. Note
that you can specify mysqld_safe as
the value for this option also. The options are passed
to mysqld. Just make sure that you
have the directory where mysqld is
located in your PATH
environment
variable setting or fix mysqld_safe.
Print log information to stdout rather than to the log file. By default, output goes to the log file.
The password of the MySQL account to use when invoking mysqladmin. Note that the password value is not optional for this option, unlike for other MySQL programs.
Disable warnings.
Connect to each MySQL server via the TCP/IP port instead
of the Unix socket file. (If a socket file is missing,
the server might still be running, but accessible only
via the TCP/IP port.) By default, connections are made
using the Unix socket file. This option affects
stop
and report
operations.
The username of the MySQL account to use when invoking mysqladmin.
Be more verbose.
Display version information and exit.
Some notes about mysqld_multi:
Make sure that the MySQL account used for stopping the
mysqld servers (with the
mysqladmin program) has the same
username and password for each server. Also, make sure
that the account has the SHUTDOWN
privilege. If the servers that you want to manage have
many different usernames or passwords for the
administrative accounts, you might want to create an
account on each server that has the same username and
password. For example, you might set up a common
multi_admin
account by executing the
following commands for each server:
shell>mysql -u root -S /tmp/mysql.sock -p
mysql>root_password
GRANT SHUTDOWN ON *.*
->TO 'multi_admin'@'localhost' IDENTIFIED BY 'multipass';
See Section 5.7.2, “How the Privilege System Works”. You have to do this
for each mysqld server. Change the
connection parameters appropriately when connecting to
each one. Note that the host part of the account name
must allow you to connect as
multi_admin
from the host where you
want to run mysqld_multi.
The --pid-file
option is very important
if you are using mysqld_safe to start
mysqld (for example,
--mysqld=mysqld_safe
) Every
mysqld should have its own process ID
file. The advantage of using
mysqld_safe instead of
mysqld is that
mysqld_safe “guards” its
mysqld process and restarts it if the
process terminates due to a signal sent using
kill -9
or for other reasons, such as
a segmentation fault. Please note that the
mysqld_safe script might require that
you start it from a certain place. This means that you
might have to change location to a certain directory
before running mysqld_multi. If you
have problems starting, please see the
mysqld_safe script. Check especially
the lines:
---------------------------------------------------------------- MY_PWD=`pwd` # Check if we are starting this relative (for the binary release) if test -d $MY_PWD/data/mysql -a -f ./share/mysql/english/errmsg.sys -a \ -x ./bin/mysqld ----------------------------------------------------------------
See Section 5.1.3, “mysqld_safe — MySQL Server Startup Script”. The test performed by these lines should be successful, or you might encounter problems.
The Unix socket file and the TCP/IP port number must be different for every mysqld.
You might want to use the --user
option
for mysqld, but in order to do this
you need to run the mysqld_multi
script as the Unix root
user. Having
the option in the option file doesn't matter; you just
get a warning if you are not the superuser and the
mysqld processes are started under
your own Unix account.
Important: Make sure that the data directory is fully accessible to the Unix account that the specific mysqld process is started as. Do not use the Unix root account for this, unless you know what you are doing.
Most important: Before using mysqld_multi be sure that you understand the meanings of the options that are passed to the mysqld servers and why you would want to have separate mysqld processes. Beware of the dangers of using multiple mysqld servers with the same data directory. Use separate data directories, unless you know what you are doing. Starting multiple servers with the same data directory does not give you extra performance in a threaded system. See Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
The following example shows how you might set up an option
file for use with mysqld_multi. The first
and fifth
[mysqld
group were intentionally left out from the example to
illustrate that you can have “gaps” in the
option file. This gives you more flexibility. The order in
which the mysqld programs are started or
stopped depends on the order in which they appear in the
option file.
N
]
# This file should probably be in your home dir (~/.my.cnf) # or /etc/my.cnf # Version 2.1 by Jani Tolonen [mysqld_multi] mysqld = /usr/local/bin/mysqld_safe mysqladmin = /usr/local/bin/mysqladmin user = multi_admin password = multipass [mysqld2] socket = /tmp/mysql.sock2 port = 3307 pid-file = /usr/local/mysql/var2/hostname.pid2 datadir = /usr/local/mysql/var2 language = /usr/local/share/mysql/english user = john [mysqld3] socket = /tmp/mysql.sock3 port = 3308 pid-file = /usr/local/mysql/var3/hostname.pid3 datadir = /usr/local/mysql/var3 language = /usr/local/share/mysql/swedish user = monty [mysqld4] socket = /tmp/mysql.sock4 port = 3309 pid-file = /usr/local/mysql/var4/hostname.pid4 datadir = /usr/local/mysql/var4 language = /usr/local/share/mysql/estonia user = tonu [mysqld6] socket = /tmp/mysql.sock6 port = 3311 pid-file = /usr/local/mysql/var6/hostname.pid6 datadir = /usr/local/mysql/var6 language = /usr/local/share/mysql/japanese user = jani
The MySQL Instance Manager (IM) is a daemon running on a TCP/IP port, which serves for monitoring and management of MySQL Database Server instances. MySQL Instance Manager is available for Unix-like operating systems, and also on Windows as of MySQL 5.0.13.
MySQL Instance Manager is included in MySQL distributions from
version 5.0.3, and can be used in place of the
mysqld_safe
script to start and stop the
MySQL Server, even from a remote
host. MySQL Instance Manager also implements the
functionality (and most of the syntax) of the
mysqld_multi script. A more detailed
description of MySQL Instance Manager follows.
Normally, the MySQL Database Server is started with the
mysql.server script, which usually resides
in the /etc/init.d/
folder. In MySQL 5.0.3
this script invokes mysqlmanager (the MySQL
Instance Manager binary) to start MySQL. (In prior versions of
MySQL the mysqld_safe script is used for
this purpose.) Starting from MySQL 5.0.4 the behavior of the
init script was changed again to incorporate both setup
schemes. In version 5.0.4, the init startup script uses the
old scheme (invoking mysqld_safe) by
default, but one can set the
use_mysqld_safe
variable in the script to
0
(zero) in order to use the MySQL Instance
Manager to start a server.
The Instance Manager's behavior in this case depends on the
options given in the MySQL configuration file. If there is no
configuration file, the MySQL Instance Manager creates an
instance named mysqld
and attempts to start
it with default (compiled-in) configuration values. This means
that the IM cannot guess the placement of
mysqld if it is not installed in the
default location. If you have installed the MySQL server in a
non-standard location you should use a configuration file. See
Section 2.1.5, “Installation Layouts”.
If there is a configuration file, the IM will parse the
configuration file in search of [mysqld]
sections (E.g. [mysqld]
,
[mysqld1]
, [mysqld2]
,
etc.) Each such section specifies an instance. At startup the
IM will start all found instances. The IM stops all instances
at shutdown by default.
Note that there is a special option
mysqld-path
(mysqld-path =
)
which is recognized only by the IM. Use this variable to let
the IM know where the mysqld binary
resides. You should also set path-to-mysqld-binary
basedir
and
datadir
options for the server.
The typical startup/shutdown cycle for a MySQL server with the MySQL Instance Manager enabled is as follows:
The MySQL Instance Manager is started with /etc/init.d/mysql script.
The MySQL Instance Manager starts all instances and monitors them.
If a server instance fails the MySQL Instance Manager restarts it.
If the MySQL Instance Manager is shut down (for instance with the /etc/init.d/mysql stop command), all instances are shut down by the MySQL Instance Manager.
Communication with the MySQL Instance Manager is handled using the MySQL client-server protocol. As such, you can connect to the IM using the standard mysql client program, as well as the MySQL C API. The IM supports the version of the MySQL client-server protocol used by the client tools and libraries distributed along with mysql-4.1 or later.
The IM stores its user information in a password file. Default
placement for the password file is
/etc/mysqlmanager.passwd
Password entries look like the following:
petr:*35110DC9B4D8140F5DE667E28C72DD2597B5C848
To generate such an entry one should invoke IM with the
--passwd option. Then the output can be
redirected to the
/etc/mysqlmanager.passwd
file to add a
new user. A sample command is given below.
./mysqlmanager --passwd >> /etc/mysqlmanager.passwd Creating record for new user. Enter user name: mike Enter password: <password> Re-type password: <password>
The following line is added to
/etc/mysqlmanager.passwd
:
mike:*00A51F3F48415C7D4E8908980D443C29C69B60C9
If there are no entries in the
/etc/mysqlmanager.passwd
file one cannot
connect to the IM.
The MySQL Instance Manager supports a number of command line options. A brief listing is available by executing the ./mysqlmanager --help command. The following options are available:
--help
, -?
Display the help message and exit.
--bind-address=
name
Bind address to use for connections.
--default-mysqld-path=
name
On Unix, where to look for the MySQL Server binary, if no
path was provided in the instance section. Example:
default-mysqld-path = /usr/sbin/mysqld
--defaults-file=
file_name
Read Instance Manager and MySQL Server settings from the given file. All configuration changes by the Instance Manager will be made to this file. This should be used only as the first option to Instance Manager.
--install
On Windows, install Instance Manager as a Windows service. This option was added in MySQL 5.0.11.
--log=
name
The path to the IM log file. This is used with the --run-as-service option.
--monitoring-interval=
seconds
Interval to monitor instances in seconds. Instance manager
will try to connect to each of monitored instances to
check whether they are alive/not hanging. In the case of a
failure IM will perform several (in fact many) attempts to
restart the instance. One can disable this behavior for
particular instances with the
nonguarded
option in the appropriate
instance section. If no value was given, the default of 20
seconds will be used.
--passwd
, -P
Prepare entry for passwd file and exit.
--password-file=
name
Look for the Instance Manager users and passwords in this
file. The default file is
/etc/mysqlmanager.passwd
.
--pid-file=
name
The process ID file to use. By default, this file is named
mysqlmanager.pid
.
--port=
port_num
The port number to use for connections. (The default port number, assigned by IANA, is 2273).
--print-defaults
Print the current defaults and exit. This should be used only as the first option to Instance Manager.
--remove
On Windows, removes Instance Manager as a Windows service.
This assumes that Instance Manager has been run with
--install
previously. This option was
added in MySQL 5.0.11.
--run-as-service
Daemonize and start the angel process. The angel process is simple and unlikely to crash. It will restart the IM itself in case of a failure.
--socket=
name
On Unix, the socket file to use for the connection. By
default, the file is named
/tmp/mysqlmanager.sock
.
--standalone
On Windows, run Instance Manager in standalone mode. This option was added in MySQL 5.0.13.
--user=
name
Username to start and run the mysqlmanager under. It is recommended to run mysqlmanager under the same user account used to run the mysqld server.
--version
, -V
Output version information and exit.
Instance Manager uses the standard my.cnf
file. It uses the [manager]
section to read
options for itself and the [mysqld]
sections to create instances. The [manager]
section contains any of the options listed above. An example
[manager]
section is given below:
# MySQL Instance Manager options section [manager] default-mysqld-path = /usr/local/mysql/libexec/mysqld socket=/tmp/manager.sock pid-file=/tmp/manager.pid password-file = /home/cps/.mysqlmanager.passwd monitoring-interval = 2 port = 1999 bind-address = 192.168.1.5
Prior to MySQL 5.0.10, the MySQL Instance Manager read the
same configuration files as the MySQL Server, including
/etc/my.cnf
,
~/.my.cnf
, etc. As of MySQL 5.0.10, the
MySQL Instance Manager reads and manages the
/etc/my.cnf
file only on Unix. On
Windows, MySQL Instance Manager reads the
my.ini
file in the directory where
Instance Manager is installed. The default option file
location can be changed with the
--defaults-file=
option.
file_name
Instance sections specify options given to each instance at startup. These are mainly common MySQL server options, but there are some IM-specific options:
mysqld-path =
<path-to-mysqld-binary>
The path to the mysqld server binary.
shutdown-delay =
seconds
The number of seconds IM should wait for the instance to
shut down. The default is 35 seconds. After the delay
expires, the IM assumes that the instance is hanging and
attempts to kill -9
it. If you use
InnoDB with large tables, you should increase this value.
nonguarded
This option should be set if you want to disable IM monitoring functionality for a certain instance.
Several sample instance sections are given below.
[mysqld] mysqld-path=/usr/local/mysql/libexec/mysqld socket=/tmp/mysql.sock port=3307 server_id=1 skip-stack-trace core-file skip-bdb log-bin log-error log=mylog log-slow-queries [mysqld2] nonguarded port=3308 server_id=2 mysqld-path= /home/cps/mysql/trees/mysql-4.1/sql/mysqld socket = /tmp/mysql.sock4 pid-file = /tmp/hostname.pid4 datadir= /home/cps/mysql_data/data_dir1 language=/home/cps/mysql/trees/mysql-4.1/sql/share/english log-bin log=/tmp/fordel.log
Once you've set up a password file for the MySQL Instance Manager and the IM is running, you can connect to it. You can use the mysql client tool connect through a standard MySQL API. Below goes the list of commands the MySQL Instance Manager currently accepts, with samples.
START INSTANCE <instance_name>
This command will attempt to start an instance:
mysql> START INSTANCE mysqld4;
Query OK, 0 rows affected (0,00 sec)
STOP INSTANCE <instance_name>
This will attempt to stop an instance:
mysql> STOP INSTANCE mysqld4;
Query OK, 0 rows affected (0,00 sec)
SHOW INSTANCES
Show the names of all loaded instances:
mysql> show instances;
+---------------+---------+
| instance_name | status |
+---------------+---------+
| mysqld3 | offline |
| mysqld4 | online |
| mysqld2 | offline |
+---------------+---------+
3 rows in set (0,04 sec)
SHOW INSTANCE STATUS
<instance_name>
Show the status and the version info of selected instance:
mysql> SHOW INSTANCE STATUS mysqld3;
+---------------+--------+---------+
| instance_name | status | version |
+---------------+--------+---------+
| mysqld3 | online | unknown |
+---------------+--------+---------+
1 row in set (0.00 sec)
SHOW INSTANCE OPTIONS
<instance_name>
Show options used by an instance:
mysql> SHOW INSTANCE OPTIONS mysqld3;
+---------------+---------------------------------------------------+
| option_name | value |
+---------------+---------------------------------------------------+
| instance_name | mysqld3 |
| mysqld-path | /home/cps/mysql/trees/mysql-4.1/sql/mysqld |
| port | 3309 |
| socket | /tmp/mysql.sock3 |
| pid-file | hostname.pid3 |
| datadir | /home/cps/mysql_data/data_dir1/ |
| language | /home/cps/mysql/trees/mysql-4.1/sql/share/english |
+---------------+---------------------------------------------------+
7 rows in set (0.01 sec)
SHOW <instance_name> LOG FILES
The command provides a listing of all log files used by
the instance. The result set contains the path to the log
file and the log file size. If no log file path is
specified in the configuration file (i.e.
log=/var/mysql.log
), the IM tries to
guess its placement. If the IM is unable to guess the
logfile placement you should specify the log file location
explicitly.
mysql> SHOW mysqld LOG FILES;
+-------------+------------------------------------+----------+
| Logfile | Path | Filesize |
+-------------+------------------------------------+----------+
| ERROR LOG | /home/cps/var/mysql/owlet.err | 9186 |
| GENERAL LOG | /home/cps/var/mysql/owlet.log | 471503 |
| SLOW LOG | /home/cps/var/mysql/owlet-slow.log | 4463 |
+-------------+------------------------------------+----------+
3 rows in set (0.01 sec)
SHOW <instance_name> LOG {ERROR | SLOW |
GENERAL} size[,offset_from_end]
This command retrieves a portion of the specified log
file. Because most users are interested in the latest log
messages, the size
parameter defines
the number of bytes you would like to retrieve starting
from the log end. You can retrieve data from the middle of
the log file by specifying the optional
offset_from_end
parameter. The
following example retrieves 21 bytes of data, starting 23
bytes from the end of the log file and ending 2 bytes from
the end of the log file:
mysql> SHOW mysqld LOG GENERAL 21, 2;
+---------------------+
| Log |
+---------------------+
| using password: YES |
+---------------------+
1 row in set (0.00 sec)
SET
instance_name.option_name=option_value
This commands edits the specified instance's configuration
file to change/add instance options. The IM assumes that
the configuration file is located at
/etc/my.cnf
. You should check that
the file exists and has appropriate permissions.
mysql> SET mysqld2.port=3322;
Query OK, 0 rows affected (0.00 sec)
Changes made to the configuration file will not take
effect until the MySQL server is restarted. In addition,
these changes are not stored in the instance manager's
local cache of instance settings until a FLUSH
INSTANCES
command is executed.
UNSET instance_name.option_name
This command removes an option from an instance's configuration file.
mysql> UNSET mysqld2.port;
Query OK, 0 rows affected (0.00 sec)
Changes made to the configuration file will not take
effect until the MySQL server is restarted. In addition,
these changes are not stored in the instance manager's
local cache of instance settings until a FLUSH
INSTANCES
command is executed.
FLUSH INSTANCES
This command forces IM to reread the configuration file and to refresh internal structures. This command should be performed after editing the configuration file. This command does not restart instances:
mysql> FLUSH INSTANCES;
Query OK, 0 rows affected (0.04 sec)
mysqld is the MySQL server. The following discussion covers these MySQL server configuration topics:
Startup options that the server supports
How to set the server SQL mode
Server system variables
Server status variables
When you start the mysqld server, you can specify program options using any of the methods described in Section 4.3, “Specifying Program Options”. The most common methods are to provide options in an option file or on the command line. However, in most cases it is desirable to make sure that the server uses the same options each time it runs. The best way to ensure this is to list them in an option file. See Section 4.3.2, “Using Option Files”.
mysqld reads options from the
[mysqld]
and [server]
groups. mysqld_safe reads options from the
[mysqld]
, [server]
,
[mysqld_safe]
, and
[safe_mysqld]
groups.
mysql.server reads options from the
[mysqld]
and
[mysql.server]
groups. An embedded MySQL
server usually reads options from the
[server]
, [embedded]
,
and
[
groups, where xxxxx
_SERVER]xxxxx
is the name of
the application into which the server is embedded.
mysqld accepts many command-line options. For a brief list, execute mysqld --help. To see the full list, use mysqld --verbose --help.
The following list shows some of the most common server options. Additional options are described elsewhere:
Options that affect security: See Section 5.6.3, “Startup Options for mysqld Concerning Security”.
SSL-related options: See Section 5.8.7.6, “SSL Command-Line Options”.
Binary log control options: See Section 5.11.3, “The Binary Log”.
Replication-related options: See Section 6.8, “Replication Startup Options”.
Options specific to particular storage engines: See
Section 14.1.1, “MyISAM
Startup Options”,
Section 14.4.3, “BDB
Startup Options”, and
Section 15.4, “InnoDB
Startup Options”.
You can also set the value of a server system variable by using the variable name as an option, as described later in this section.
--help
, -?
Display a short help message and exit. Use both the
--verbose
and --help
options to see the full message.
--allow-suspicious-udfs
This option controls whether user-defined functions that
have only an xxx
symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded. This prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. In the MySQL 5.0 series of releases,
this option was added in version 5.0.3. See
Section 25.2.3.6, “User-Defined Function Security Precautions”.
--ansi
Use standard (ANSI) SQL syntax instead of MySQL syntax.
See Section 1.8.3, “Running MySQL in ANSI Mode”. For more precise control
over the server SQL mode, use the
--sql-mode
option instead.
--basedir=
path
, -b
path
The path to the MySQL installation directory. All paths are usually resolved relative to this.
--bind-address=
IP
The IP address to bind to.
--bootstrap
This option is used by the mysql_install_db script to create the MySQL privilege tables without having to start a full MySQL server.
--console
Write error log messages to stderr
and
stdout
even if
--log-error
is specified. On Windows,
mysqld does not close the console
screen if this option is used.
--character-sets-dir=
path
The directory where character sets are installed. See Section 5.10.1, “The Character Set Used for Data and Sorting”.
--chroot=
path
Put the mysqld server in a closed
environment during startup by using the
chroot()
system call. This is a
recommended security measure. Note that use of this option
somewhat limits LOAD DATA INFILE
and
SELECT ... INTO OUTFILE
.
--character-set-server=
charset
Use charset
as the default
server character set. See
Section 5.10.1, “The Character Set Used for Data and Sorting”.
--core-file
Write a core file if mysqld dies. For
some systems, you must also specify the
--core-file-size
option to
mysqld_safe. See
Section 5.1.3, “mysqld_safe — MySQL Server Startup Script”. Note that on some systems,
such as Solaris, you do not get a core file if you are
also using the --user
option.
--collation-server=
collation
Use collation
as the default
server collation. See Section 5.10.1, “The Character Set Used for Data and Sorting”.
--datadir=
path
, -h
path
The path to the data directory.
--debug[=
,
debug_options
]-#
[
debug_options
]
If MySQL is configured with --with-debug
,
you can use this option to get a trace file of what
mysqld is doing. The
debug_options
string often is
'd:t:o,
.
See Section E.1.2, “Creating Trace Files”.
file_name
'
(DEPRECATED)
--default-character-set=
charset
Use charset
as the default
character set. This option is deprecated in favor of
--character-set-server
. See
Section 5.10.1, “The Character Set Used for Data and Sorting”.
--default-collation=
collation
Use collation
as the default
collation. This option is deprecated in favor of
--collation-server
. See
Section 5.10.1, “The Character Set Used for Data and Sorting”.
--default-storage-engine=
type
This option is a synonym for
--default-table-type
.
--default-table-type=
type
Set the default table type for tables. See Chapter 14, Storage Engines and Table Types.
--default-time-zone=
type
Set the default server time zone. This option sets the
global time_zone
system variable. If
this option is not given, the default time zone is the
same as the system time zone (given by the value of the
system_time_zone
system variable.
--delay-key-write[= OFF | ON | ALL]
How the DELAYED KEYS
option should be
used. Delayed key writing causes key buffers not to be
flushed between writes for MyISAM
tables. OFF
disables delayed key
writes. ON
enables delayed key writes
for those tables that were created with the
DELAYED KEYS
option.
ALL
delays key writes for all
MyISAM
tables. See
Section 7.5.2, “Tuning Server Parameters”. See
Section 14.1.1, “MyISAM
Startup Options”.
Note: If you set this
variable to ALL
, you should not use
MyISAM
tables from within another
program (such as from another MySQL server or with
myisamchk) when the table is in use.
Doing so leads to index corruption.
--des-key-file=
file_name
Read the default keys used by
DES_ENCRYPT()
and
DES_DECRYPT()
from this file.
--enable-named-pipe
Enable support for named pipes. This option applies only on Windows NT, 2000, XP, and 2003 systems, and can be used only with the mysqld-nt and mysqld-max-nt servers that support named pipe connections.
--exit-info[=
,
flags
]-T [
flags
]
This is a bit mask of different flags you can use for debugging the mysqld server. Do not use this option unless you know exactly what it does!
--external-locking
Enable system locking. Note that if you use this option on
a system on which lockd
does not fully
work (as on Linux), it is easy for
mysqld to deadlock. This option
previously was named --enable-locking
.
Note: If you use this
option to enable updates to MyISAM
tables from many MySQL processes, you have to ensure that
these conditions are satisfied:
You should not use the query cache for queries that use tables that are updated by another process.
You should not use
--delay-key-write=ALL
or
DELAY_KEY_WRITE=1
on any shared
tables.
The easiest way to ensure this is to always use
--external-locking
together with
--delay-key-write=OFF
--query-cache-size=0
.
(This is not done by default because in many setups it's useful to have a mixture of the above options.)
--flush
Flush all changes to disk after each SQL statement. Normally MySQL does a write of all changes to disk only after each SQL statement and lets the operating system handle the synching to disk. See Section A.4.2, “What to Do If MySQL Keeps Crashing”.
--init-file=
file
Read SQL statements from this file at startup. Each statement must be on a single line and should not include comments.
--innodb-safe-binlog
Adds consistency guarantees between the content of
InnoDB
tables and the binary log. See
Section 5.11.3, “The Binary Log”. This option was removed in
MySQL 5.0.3, having been made obsolete by the introduction
of XA transaction support.
--language=
lang_name
,
-L lang_name
Client error messages in given language.
lang_name
can be given as the
language name or as the full pathname to the directory
where the language files are installed. See
Section 5.10.2, “Setting the Error Message Language”.
--large-pages
Some hardware/operating system architectures support memory pages greater than the default (usually 4 KB). The actual implementation of this support depends on the underlying hardware and OS. Applications that perform a lot of memory access may obtain performance improvements by using large pages due to reduced Translation Lookaside Buffer (TLB) misses.
Currently, MySQL supports only the Linux implementation of large pages support (which is called HugeTLB in Linux). We have plans to extend this support to FreeBSD, Solaris and possibly other platforms.
Before large pages can be used on Linux, it is necessary
to configure the HugeTLB memory pool. For reference,
consult the hugetlbpage.txt
file in
the Linux kernel source.
This option is disabled by default. It was added in MySQL 5.0.3.
--log[=
,
file
]-l [
file
]
Log connections and queries to this file. See
Section 5.11.2, “The General Query Log”. If you don't specify a
filename, MySQL uses
as the filename.
host_name
.log
--log-bin=[
file
]
The binary log file. Log all queries that change data to
this file. Used for backup and replication. See
Section 5.11.3, “The Binary Log”. It is recommended to specify
a filename (see Section A.8.1, “Open Issues in MySQL” for the
reason) otherwise MySQL uses
as the log file basename.
host_name
-bin
--log-bin-index[=
file
]
The index file for binary log filenames. See
Section 5.11.3, “The Binary Log”. If you don't specify a
filename, and if you didn't specify one in
--log-bin
, MySQL uses
as the filename.
host_name
-bin.index
--log-bin-trust-routine-creators[={0|1}]
With no argument or an argument of 1, this option sets the
log_bin_trust_routine_creators
system
variable to 1. With an argument of 0, this option sets the
system variable to 0.
log_bin_trust_routine_creators
affects
how MySQL enforces restrictions on stored routine
creation. See Section 18.4, “Binary Logging of Stored Routines and Triggers”.
This option was added in MySQL 5.0.6.
--log-error[=
file
]
Log errors and startup messages to this file. See
Section 5.11.1, “The Error Log”. If you don't specify a
filename, MySQL uses
as the filename. If the filename has no extension, an
extension of host_name
.err.err
is added to the
name.
--log-isam[=
file
]
Log all MyISAM
changes to this file
(used only when debugging MyISAM
).
(DEPRECATED)
--log-long-format
Log extra information to whichever of the update log,
binary update log, and slow queries log that have been
activated. For example, username and timestamp are logged
for all queries. This option is deprecated in MySQL
5.0, as it now represents the default logging
behavior. (See the description for
--log-short-format
.) The
--log-queries-not-using-indexes
option is
available for the purpose of logging queries that do not
use indexes to the slow query log.
--log-queries-not-using-indexes
If you are using this option with
--log-slow-queries
, then queries that are
not using indexes also are logged to the slow query log.
See Section 5.11.4, “The Slow Query Log”.
--log-short-format
Log less information to whichever of the update log, binary update log, and slow queries log that have been activated. For example, the username and timestamp are not logged for queries.
--log-slow-admin-statements
Log slow administrative statements such as
OPTIMIZE TABLE
, ANALYZE
TABLE
, and ALTER TABLE
to the
slow query log.
--log-slow-queries[=
file
]
Log all queries that have taken more than
long_query_time
seconds to execute to
this file. See Section 5.11.4, “The Slow Query Log”. See the
descriptions of the --log-long-format
and
--log-short-format
options for details.
--log-warnings
, -W
Print out warnings such as Aborted
connection...
to the error log. Enabling this
option is recommended, for example, if you use replication
(you get more information about what is happening, such as
messages about network failures and reconnections). This
option is enabled by default in MySQL 5.0; to
disable it, use --skip-log-warnings
.
Aborted connections are not logged to the error log unless
the value is greater than 1. See
Section A.2.10, “Communication Errors and Aborted Connections”.
--low-priority-updates
Table-modifying operations (INSERT
,
REPLACE
, DELETE
,
UPDATE
) have lower priority than
selects. This can also be done via {INSERT |
REPLACE | DELETE | UPDATE} LOW_PRIORITY ...
to
lower the priority of only one query, or by SET
LOW_PRIORITY_UPDATES=1
to change the priority in
one thread. See Section 7.3.2, “Table Locking Issues”.
--memlock
Lock the mysqld process in memory. This
works on systems such as Solaris that support the
mlockall()
system call. This might help
if you have a problem where the operating system is
causing mysqld to swap on disk. Note
that use of this option requires that you run the server
as root
, which is normally not a good
idea for security reasons.
--myisam-recover
[=
option
[,option
...]]]
Set the MyISAM
storage engine recovery
mode. The option value is any combination of the values of
DEFAULT
, BACKUP
,
FORCE
, or QUICK
. If
you specify multiple values, separate them by commas. You
can also use a value of ""
to disable
this option. If this option is used,
mysqld, when it opens a
MyISAM
table, checks whether the table
is marked as crashed or wasn't closed properly. (The last
option works only if you are running with
--skip-external-locking
.) If this is the
case, mysqld runs a check on the table.
If the table was corrupted, mysqld
attempts to repair it.
The following options affect how the repair works:
Option | Description |
DEFAULT | The same as not giving any option to --myisam-recover . |
BACKUP | If the data file was changed during recovery, save a backup of the
file as
. |
FORCE | Run recovery even if we would lose more than one row from the
.MYD file. |
QUICK | Don't check the rows in the table if there aren't any delete blocks. |
Before a table is automatically repaired, MySQL adds a
note about this in the error log. If you want to be able
to recover from most problems without user intervention,
you should use the options
BACKUP,FORCE
. This forces a repair of a
table even if some rows would be deleted, but it keeps the
old data file as a backup so that you can later examine
what happened.
--ndb-connectstring=
connect_string
When using the NDB
storage engine, it
is possible to point out the management server that
distributes the cluster configuration by setting the
connect string option. See
Section 16.4.4.2, “The MySQL Cluster connectstring
” for syntax.
--ndbcluster
If the binary includes support for the NDB
Cluster
storage engine, the default disabling of
support for MySQL Cluster can be overruled by using this
option. See Chapter 16, MySQL Cluster.
--old-passwords
Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.7.9, “Password Hashing in MySQL 4.1”.
--one-thread
Only use one thread (for debugging under Linux). This option is available only if the server is built with debugging enabled. See Section E.1, “Debugging a MySQL Server”.
--open-files-limit=
count
To change the number of file descriptors available to
mysqld. If this is not set or set to 0,
then mysqld uses this value to reserve
file descriptors to use with
setrlimit()
. If this value is 0 then
mysqld reserves
max_connections*5
or
max_connections + table_cache*2
(whichever is larger) number of files. You should try
increasing this if mysqld gives you the
error "Too many open files."
--pid-file=
path
The path to the process ID file used by mysqld_safe.
--port=
port_num
, -P
port_num
The port number to use when listening for TCP/IP connections.
--safe-mode
Skip some optimization stages.
(DEPRECATED)
--safe-show-database
--safe-user-create
If this is enabled, a user can't create new users with the
GRANT
statement, if the user doesn't
have the INSERT
privilege for the
mysql.user
table or any column in the
table.
--secure-auth
Disallow authentication for accounts that have old (pre-4.1) passwords.
--shared-memory
Enable shared-memory connections by local clients. This option is available only on Windows.
--shared-memory-base-name=
name
The name to use for shared-memory connections. This option is available only on Windows.
--skip-bdb
Disable the BDB
storage engine. This
saves memory and might speed up some operations. Do not
use this option if you require BDB
tables.
--skip-concurrent-insert
Turn off the ability to select and insert at the same time
on MyISAM
tables. (This is to be used
only if you think you have found a bug in this feature.)
--skip-external-locking
Don't use system locking. To use
myisamchk, you must shut down the
server. (See Section 1.4.3, “MySQL Stability”.) To avoid this
requirement, use CHECK TABLE
and
REPAIR TABLE
from the MySQL Monitor to
check and repair MyISAM
tables.
--skip-grant-tables
This option causes the server not to use the privilege
system at all. This gives anyone with access to the server
unrestricted access to all
databases. You can cause a running server to
start using the grant tables again by executing
mysqladmin flush-privileges or
mysqladmin reload command from a system
shell, or by issuing a MySQL FLUSH
PRIVILEGES
statement.
--skip-host-cache
Do not use the internal hostname cache for faster name-to-IP resolution. Instead, query the DNS server every time a client connects. See Section 7.5.6, “How MySQL Uses DNS”.
--skip-innodb
Disable the InnoDB
storage engine. This
saves memory and disk space and might speed up some
operations. Do not use this option if you require
InnoDB
tables.
--skip-name-resolve
Do not resolve hostnames when checking client connections.
Use only IP numbers. If you use this option, all
Host
column values in the grant tables
must be IP numbers or localhost
. See
Section 7.5.6, “How MySQL Uses DNS”.
--skip-ndbcluster
Disable the NDB Cluster
storage engine.
This is the default for binaries that were built with
NDB Cluster
storage engine support,
this means that the system allocates memory and other
resources for this storage engine only if
--skip-ndbcluster
is explicitly
overridden using the --ndbcluster
option.
See Section 16.4.3, “Quick Test Setup of MySQL Cluster” for an example
of usage.
--skip-networking
Don't listen for TCP/IP connections at all. All interaction with mysqld must be made via named pipes or shared memory (on Windows) or Unix socket files (on Unix). This option is highly recommended for systems where only local clients are allowed. See Section 7.5.6, “How MySQL Uses DNS”.
--standalone
Windows-NT based systems only; instructs the MySQL server not to run as a service.
--symbolic-links
,
--skip-symbolic-links
Enable or disable symbolic link support. This option has different effects on Windows and Unix:
On Windows, enabling symbolic links allows you to
establish a symbolic link to a database directory by
creating a directory.sym
file that
contains the path to the real directory. See
Section 7.6.1.3, “Using Symbolic Links for Databases on Windows”.
On Unix, enabling symbolic links means that you can
link a MyISAM
index file or data
file to another directory with the INDEX
DIRECTORY
or DATA
DIRECTORY
options of the CREATE
TABLE
statement. If you delete or rename the
table, the files that its symbolic links point to also
are deleted or renamed. See
Section 13.1.5, “CREATE TABLE
Syntax”.
--skip-safemalloc
If MySQL is configured with
--with-debug=full
, all MySQL programs
check for memory overruns during each memory allocation
and memory freeing operation. This checking is very slow,
so for the server you can avoid it when you don't need it
by using the --skip-safemalloc
option.
--skip-show-database
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES
privilege, and the
statement displays all database names. Without this
option, SHOW DATABASES
is allowed to
all users, but displays each database name only if the
user has the SHOW DATABASES
privilege
or some privilege for the database. Note that any global
privilege is a privilege for the database.
--skip-stack-trace
Don't write stack traces. This option is useful when you are running mysqld under a debugger. On some systems, you also must use this option to get a core file. See Section E.1, “Debugging a MySQL Server”.
--skip-thread-priority
Disable using thread priorities for faster response time.
--socket=
path
On Unix, this option specifies the Unix socket file to use
for local connections. The default value is
/tmp/mysql.sock
. On Windows, the
option specifies the pipe name to use for local
connections that use a named pipe. The default value is
MySQL
.
--sql-mode=
value
[,value
[,value
...]]
Set the SQL mode for MySQL. See Section 5.3.2, “The Server SQL Mode”.
--temp-pool
This option causes most temporary files created by the server to use a small set of names, rather than a unique name for each new file. This works around a problem in the Linux kernel dealing with creating many new files with different names. With the old behavior, Linux seems to “leak” memory, because it's being allocated to the directory entry cache rather than to the disk cache.
--transaction-isolation=
level
Sets the default transaction isolation level, which can be
READ-UNCOMMITTED
,
READ-COMMITTED
,
REPEATABLE-READ
, or
SERIALIZABLE
. See
Section 13.4.6, “SET TRANSACTION
Syntax”.
--tmpdir=
path
, -t
path
The path of the directory to use for creating temporary
files. It might be useful if your default
/tmp
directory resides on a partition
that is too small to hold temporary tables. In MySQL
5.0, this option accepts several paths that
are used in round-robin fashion. Paths should be separated
by colon characters (‘:
’)
on Unix and semicolon characters
(‘;
’) on Windows, NetWare,
and OS/2. If the MySQL server is acting as a replication
slave, you should not set --tmpdir
to
point to a directory on a memory-based filesystem or to a
directory that is cleared when the server host restarts. A
replication slave needs some of its temporary files to
survive a machine restart so that it can replicate
temporary tables or LOAD DATA INFILE
operations. If files in the temporary file directory are
lost when the server restarts, replication fails.
--user={
user_name
|
user_id
}, -u
{user_name
|
user_id
}
Run the mysqld server as the user
having the name user_name
or
the numeric user ID user_id
.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant
tables.)
This option is mandatory when
starting mysqld as
root
. The server changes its user ID
during its startup sequence, causing it to run as that
particular user rather than as root
.
See Section 5.6.1, “General Security Guidelines”.
To avoid a possible security hole where a user adds a
--user=root
option to a
my.cnf
file (thus causing the server
to run as root
),
mysqld uses only the first
--user
option specified and produces a
warning if there are multiple --user
options. Options in /etc/my.cnf
and
$MYSQL_HOME/my.cnf
are processed
before command-line options, so it is recommended that you
put a --user
option in
/etc/my.cnf
and specify a value other
than root
. The option in
/etc/my.cnf
is found before any other
--user
options, which ensures that the
server runs as a user other than root
,
and that a warning results if any other
--user
option is found.
--version
, -V
Display version information and exit.
In MySQL 5.0, you can assign a value to a server
system variable by using an option of the form
--
.
For example, var_name
=value
--key_buffer_size=32M
sets the
key_buffer_size
variable to a value of
32MB.
Note that when setting a variable to a value, MySQL might automatically correct it to stay within a given range, or adjust the value to the closest allowable value if only certain values are allowed.
It is also possible to set variables by using
--set-variable=
or var_name
=value
-O
syntax. However, this syntax is now deprecated.
var_name
=value
You can find a full description for all variables in Section 5.3.3, “Server System Variables”. The section on tuning server parameters includes information on how to optimize them. See Section 7.5.2, “Tuning Server Parameters”.
You can change the values of most system variables for a
running server with the SET
statement. See
Section 13.5.3, “SET
Syntax”.
If you want to restrict the maximum value that a startup
option can be set to with SET
, you can
define this by using the
--maximum-
command-line option.
var_name
The MySQL server can operate in different SQL modes, and can apply these modes differently for different clients. This allows each application to tailor the server's operating mode to its own requirements.
Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform. This makes it easier to use MySQL in different environments and to use MySQL together with other database servers.
You can set the default SQL mode by starting
mysqld with the
--sql-mode="
option. The value also can be empty
(modes
"--sql-mode=""
) if you want to reset it.
In MySQL 5.0, you can also change the SQL mode
after startup time by setting the sql_mode
variable using a SET [SESSION|GLOBAL]
sql_mode='
statement. Setting the modes
'GLOBAL
variable
requires the SUPER
privilege and affects
the operation of all clients that connect from that time on.
Setting the SESSION
variable affects only
the current client. Any client can change its own session
sql_mode
value at any time.
modes
is a list of different modes
separated by comma (‘,
’)
characters. You can retrieve the current mode by issuing a
SELECT @@sql_mode
statement. The default
value is empty (no modes set).
The most important sql_mode
values are
probably these:
Change syntax and behavior to be more conformant to standard SQL.
If a value could not be inserted as given into a transactional table, abort the statement. For a non-transactional table, abort the statement if the value occurs in a single-row statement or the first row of a multiple-row statement. More detail is given later in this section. (Implemented in MySQL 5.0.2)
Make MySQL behave like a “traditional” SQL
database system. A simple description of this mode is
“give an error instead of a warning” when
inserting an incorrect value into a column.
Note: The
INSERT
/UPDATE
aborts
as soon as the error is noticed. This may not be what you
want if you are using a non-transactional storage engine,
because data changes made prior to the error are not be
rolled back, resulting in a “partially done”
update. (Added in MySQL 5.0.2)
When this manual refers to “strict mode,” it
means a mode where at least one of
STRICT_TRANS_TABLES
or
STRICT_ALL_TABLES
is enabled.
The following list describes all supported modes:
Don't do full checking of dates in strict mode. Check only
that the month is in the range from 1 to 12 and the day is
in the range from 1 to 31. This is very convenient for Web
applications where you obtain year, month, and day in
three different fields and you want to store exactly what
the user inserted (without date validation). This mode
applies to DATE
and
DATETIME
columns. It does not apply
TIMESTAMP
columns, which always require
a valid date.
This mode is implemented in MySQL 5.0.2. Before 5.0.2,
this was the default MySQL date-handling mode. As of
5.0.2, enabling strict mode causes the server to require
that month and day values be legal, and not merely in the
range 1 to 12 and 1 to 31, respectively. For example,
'2004-04-31'
is legal with strict mode
disabled, but illegal with strict mode enabled. To allow
such dates in strict mode, enable
ALLOW_INVALID_DATES
as well.
Treat ‘"
’ as an identifier
quote character (like the
‘`
’ quote character) and
not as a string quote character. You can still use
‘`
’ to quote identifiers in
ANSI mode. With ANSI_QUOTES
enabled,
you cannot use double quotes to quote a literal string,
because it is interpreted as an identifier.
Produce an error in strict mode (otherwise a warning) when
we encounter a division by zero (or
MOD(X,0)
) during an
INSERT
or UPDATE
. If
this mode is not given, MySQL instead returns
NULL
for divisions by zero. If used in
INSERT IGNORE
or UPDATE
IGNORE
, MySQL generates a warning for divisions
by zero, but the result of the operation is
NULL
. (Implemented in MySQL 5.0.2)
From MySQL 5.0.2 on, the NOT
operator
precedence is handled so that expressions such as
NOT a BETWEEN b AND c
are parsed as
NOT (a BETWEEN b AND c)
. Before MySQL
5.0.2, the expression is parsed as (NOT a)
BETWEEN b AND c
. The old higher-precedence
behavior can be obtained by enabling the
HIGH_NOT_PRECEDENCE
SQL mode. (Added in
MySQL 5.0.2)
mysql>SET sql_mode = '';
mysql>SELECT NOT 1 BETWEEN -5 AND 5;
-> 0 mysql>SET sql_mode = 'broken_not';
mysql>SELECT NOT 1 BETWEEN -5 AND 5;
-> 1
Allow spaces between a function name and the
‘(
’ character. This forces
all function names to be treated as reserved words. As a
result, if you want to access any database, table, or
column name that is a reserved word, you must quote it.
For example, because there is a USER()
function, the name of the user
table in
the mysql
database and the
User
column in that table become
reserved, so you must quote them:
SELECT "User" FROM mysql."user";
Prevent GRANT
from automatically
creating new users if it would otherwise do so, unless a
password also is specified. (Added in MySQL 5.0.2)
NO_AUTO_VALUE_ON_ZERO
affects handling
of AUTO_INCREMENT
columns. Normally,
you generate the next sequence number for the column by
inserting either NULL
or
0
into it.
NO_AUTO_VALUE_ON_ZERO
suppresses this
behavior for 0
so that only
NULL
generates the next sequence
number.
This mode can be useful if 0
has been
stored in a table's AUTO_INCREMENT
column. (This is not a recommended practice, by the way.)
For example, if you dump the table with
mysqldump and then reload it, MySQL
normally generates new sequence numbers when it encounters
the 0
values, resulting in a table with
different contents than the one that was dumped. Enabling
NO_AUTO_VALUE_ON_ZERO
before reloading
the dump file solves this problem. In MySQL
5.0, mysqldump
automatically includes in its output a statement enabling
NO_AUTO_VALUE_ON_ZERO
.
Disable the use of the backslash character
(‘\
’) as an escape
character within strings. With this mode enabled,
backslash becomes any ordinary character like any other.
(Implemented in MySQL 5.0.1)
When creating a table, ignore all INDEX
DIRECTORY
and DATA DIRECTORY
directives. This option is useful on slave replication
servers.
NO_ENGINE_SUBSTITUTION
Prevents automatic substitution of storage engine when the requested storage engine is disabled or not compiled in.
Don't print MySQL-specific column options in the output of
SHOW CREATE TABLE
. This mode is used by
mysqldump in portability mode.
Don't print MySQL-specific index options in the output of
SHOW CREATE TABLE
. This mode is used by
mysqldump in portability mode.
Don't print MySQL-specific table options (such as
ENGINE
) in the output of SHOW
CREATE TABLE
. This mode is used by
mysqldump in portability mode.
In subtraction operations, don't mark the result as
UNSIGNED
if one of the operands is
unsigned. Note that this makes UNSIGNED
BIGINT
not 100% usable in all contexts. See
Section 12.8, “Cast Functions and Operators”.
In strict mode, don't allow
'0000-00-00'
as a valid date. You can
still insert zero dates with the IGNORE
option. When not in strict mode, the date is accepted but
a warning is generated. (Added in MySQL 5.0.2)
In strict mode, don't accept dates where the month or day
part is 0. If used with the IGNORE
option, we insert a '0000-00-00'
date
for any such date. When not in strict mode, the date is
accepted but a warning is generated. (Added in MySQL
5.0.2)
Do not allow queries that in the GROUP
BY
part refer to a column that is not selected.
Treat ||
as a string concatenation
operator (same as CONCAT()
) rather than
as a synonym for OR
.
Treat REAL
as a synonym for
FLOAT
rather than as a synonym for
DOUBLE
.
Enable strict mode for all storage engines. Invalid data values are rejected. Additional detail follows. (Added in MySQL 5.0.2)
Enable strict mode for transactional storage engines, and when possible for non-transactional storage engines. Additional details follow. (Implemented in MySQL 5.0.2)
Strict mode controls how MySQL handles input values that are
invalid or missing. A value can be invalid for several
reasons. For example, it might have the wrong data type for
the column, or it might be out of range. A value is missing
when a new row to be inserted does not contain a value for a
column that has no explicit DEFAULT
clause
in its definition.
For transactional tables, an error occurs for invalid or
missing values in a statement when either of the
STRICT_ALL_TABLES
or
STRICT_TRANS_TABLES
modes are enabled. The
statement is aborted and rolled back.
For non-transactional tables, the behavior is the same for either mode, if the bad value occurs in the first row to be inserted or updated. The statement is aborted and the table remains unchanged. If the statement inserts or modifies multiple rows and the bad value occurs in the second or later row, the result depends on which strict option is enabled:
For STRICT_ALL_TABLES
, MySQL returns an
error and ignores the rest of the rows. However, in this
case, the earlier rows still have been inserted or
updated. This means that you might get a partial update,
which might not be what you want. To avoid this, it's best
to use single-row statements because these can be aborted
without changing the table.
For STRICT_TRANS_TABLES
, MySQL converts
an invalid value to the closest valid value for the column
and insert the adjusted value. If a value is missing,
MySQL inserts the implicit default value for the column
data type. In either case, MySQL generates a warning
rather than an error and continues processing the
statement. Implicit defaults are described in
Section 13.1.5, “CREATE TABLE
Syntax”.
Strict mode disallows invalid date values such as
'2004-04-31'
. It does not disallow dates
with zero parts such as 2004-04-00'
or
“zero” dates. To disallow these as well, enable
the NO_ZERO_IN_DATE
and
NO_ZERO_DATE
SQL modes in addition to
strict mode.
If you are not using strict mode (that is, neither
STRICT_TRANS_TABLES
nor
STRICT_ALL_TABLES
is enabled), MySQL
inserts adjusted values for invalid or missing values and
produces warnings. In strict mode, you can produce this
behavior by using INSERT IGNORE
or
UPDATE IGNORE
. See
Section 13.5.4.22, “SHOW WARNINGS
Syntax”.
The following special modes are provided as shorthand for
combinations of mode values from the preceding list. All are
available in MySQL 5.0 beginning with version
5.0.0, except for TRADITIONAL
, which was
implemented in MySQL 5.0.2.
The descriptions include all mode values that are available in the most recent version of MySQL. For older versions, a combination mode does not include individual mode values that are not available except in newer versions.
Equivalent to REAL_AS_FLOAT
,
PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
. Before MySQL 5.0.3,
ANSI
also includes
ONLY_FULL_GROUP_BY
. See
Section 1.8.3, “Running MySQL in ANSI Mode”.
Equivalent to PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
,
NO_KEY_OPTIONS
,
NO_TABLE_OPTIONS
,
NO_FIELD_OPTIONS
.
Equivalent to PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
,
NO_KEY_OPTIONS
,
NO_TABLE_OPTIONS
,
NO_FIELD_OPTIONS
,
NO_AUTO_CREATE_USER
.
Equivalent to PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
,
NO_KEY_OPTIONS
,
NO_TABLE_OPTIONS
,
NO_FIELD_OPTIONS
.
Equivalent to NO_FIELD_OPTIONS
,
HIGH_NOT_PRECEDENCE
.
Equivalent to NO_FIELD_OPTIONS
,
HIGH_NOT_PRECEDENCE
.
Equivalent to PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
,
NO_KEY_OPTIONS
,
NO_TABLE_OPTIONS
,
NO_FIELD_OPTIONS
,
NO_AUTO_CREATE_USER
.
Equivalent to PIPES_AS_CONCAT
,
ANSI_QUOTES
,
IGNORE_SPACE
,
NO_KEY_OPTIONS
,
NO_TABLE_OPTIONS
,
NO_FIELD_OPTIONS
.
Equivalent to STRICT_TRANS_TABLES
,
STRICT_ALL_TABLES
,
NO_ZERO_IN_DATE
,
NO_ZERO_DATE
,
ERROR_FOR_DIVISION_BY_ZERO
,
NO_AUTO_CREATE_USER
.
The server maintains many system variables that indicate how
it is configured. All of them have default values. They can be
set at server startup using options on the command line or in
option files. Most of them can be set at runtime using the
SET
statement.
The mysqld server maintains two kinds of variables. Global variables affect the overall operation of the server. Session variables affect its operation for individual client connections.
When the server starts, it initializes all global variables to
their default values. These defaults can be changed by options
specified in option files or on the command line. After the
server starts, those global variables that are dynamic can be
changed by connecting to the server and issuing a SET
GLOBAL
statement. To change a global variable, you must have the
var_name
SUPER
privilege.
The server also maintains a set of session variables for each
client that connects. The client's session variables are
initialized at connect time using the current values of the
corresponding global variables. For those session variables
that are dynamic, the client can change them by issuing a
SET SESSION
statement.
Setting a session variable requires no special privilege, but
a client can change only its own session variables, not those
of any other client.
var_name
A change to a global variable is visible to any client that
accesses that global variable. However, it affects the
corresponding session variable that is initialized from the
global variable only for clients that connect after the
change. It does not affect the session variable for any client
that is currently connected (not even that of the client that
issues the SET GLOBAL
statement).
When setting a variable using a startup option, variable
values can be given with a suffix of K
,
M
, or G
to indicate
kilobytes, megabytes, or gigabytes, respectively. For example,
the following command starts the server with a key buffer size
of 16 megabytes:
mysqld --key_buffer_size=16M
The lettercase of suffix letters does not matter;
16M
and 16m
are
equivalent.
At runtime, use the SET
statement to set
system variables. In this context, suffix letters cannot be
used, but the value can take the form of an expression:
mysql> SET sort_buffer_size = 10 * 1024 * 1024;
To specify explicitly whether to set the global or session
variable, use the GLOBAL
or
SESSION
options:
mysql>SET GLOBAL sort_buffer_size = 10 * 1024 * 1024;
mysql>SET SESSION sort_buffer_size = 10 * 1024 * 1024;
Without either option, the statement sets the session variable.
The variables that can be set at runtime are listed in Section 5.3.3.1, “Dynamic System Variables”.
If you want to restrict the maximum value to which a system
variable can be set with the SET
statement,
you can specify this maximum by using an option of the form
--maximum-
at server startup. For example, to prevent the value of
var_name
query_cache_size
from being increased to
more than 32MB at runtime, use the option
--maximum-query_cache_size=32M
.
You can view system variables and their values by using the
SHOW VARIABLES
statement. See
Section 9.4, “System Variables” for more information.
mysql> SHOW VARIABLES;
+---------------------------------+--------------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+--------------------------------------------------------------+
| auto_increment_increment | 1 |
| auto_increment_offset | 1 |
| automatic_sp_privileges | ON |
| back_log | 50 |
| basedir | / |
| bdb_cache_size | 8388600 |
| bdb_home | /var/lib/mysql/ |
| bdb_log_buffer_size | 32768 |
| bdb_logdir | |
| bdb_max_lock | 10000 |
| bdb_shared_data | OFF |
| bdb_tmpdir | /tmp/ |
| binlog_cache_size | 32768 |
| bulk_insert_buffer_size | 8388608 |
| character_set_client | latin1 |
| character_set_connection | latin1 |
| character_set_database | latin1 |
| character_set_results | latin1 |
| character_set_server | latin1 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
| collation_connection | latin1_swedish_ci |
| collation_database | latin1_swedish_ci |
| collation_server | latin1_swedish_ci |
| completion_type | 0 |
| concurrent_insert | 1 |
| connect_timeout | 5 |
| datadir | /var/lib/mysql/ |
| date_format | %Y-%m-%d |
| datetime_format | %Y-%m-%d %H:%i:%s |
| default_week_format | 0 |
| delay_key_write | ON |
| delayed_insert_limit | 100 |
| delayed_insert_timeout | 300 |
| delayed_queue_size | 1000 |
| div_precision_increment | 4 |
| engine_condition_pushdown | OFF |
| expire_logs_days | 0 |
| flush | OFF |
| flush_time | 0 |
| ft_boolean_syntax | + -><()~*:""&| |
| ft_max_word_len | 84 |
| ft_min_word_len | 4 |
| ft_query_expansion_limit | 20 |
| ft_stopword_file | (built-in) |
| group_concat_max_len | 1024 |
| have_archive | YES |
| have_bdb | YES |
| have_blackhole_engine | YES |
| have_compress | YES |
| have_crypt | YES |
| have_csv | YES |
| have_example_engine | YES |
| have_federated_engine | YES |
| have_geometry | YES |
| have_innodb | YES |
| have_isam | NO |
| have_ndbcluster | DISABLED |
| have_openssl | NO |
| have_query_cache | YES |
| have_raid | NO |
| have_rtree_keys | YES |
| have_symlink | YES |
| init_connect | |
| init_file | |
| init_slave | |
| innodb_additional_mem_pool_size | 1048576 |
| innodb_autoextend_increment | 8 |
| innodb_buffer_pool_awe_mem_mb | 0 |
| innodb_buffer_pool_size | 8388608 |
| innodb_checksums | ON |
| innodb_commit_concurrency | 0 |
| innodb_concurrency_tickets | 500 |
| innodb_data_file_path | ibdata1:10M:autoextend |
| innodb_data_home_dir | |
| innodb_doublewrite | ON |
| innodb_fast_shutdown | 1 |
| innodb_file_io_threads | 4 |
| innodb_file_per_table | OFF |
| innodb_flush_log_at_trx_commit | 1 |
| innodb_flush_method | |
| innodb_force_recovery | 0 |
| innodb_lock_wait_timeout | 50 |
| innodb_locks_unsafe_for_binlog | OFF |
| innodb_log_arch_dir | |
| innodb_log_archive | OFF |
| innodb_log_buffer_size | 1048576 |
| innodb_log_file_size | 5242880 |
| innodb_log_files_in_group | 2 |
| innodb_log_group_home_dir | ./ |
| innodb_max_dirty_pages_pct | 90 |
| innodb_max_purge_lag | 0 |
| innodb_mirrored_log_groups | 1 |
| innodb_open_files | 300 |
| innodb_support_xa | ON |
| innodb_sync_spin_loops | 20 |
| innodb_table_locks | ON |
| innodb_thread_concurrency | 20 |
| innodb_thread_sleep_delay | 10000 |
| interactive_timeout | 28800 |
| join_buffer_size | 131072 |
| key_buffer_size | 8388600 |
| key_cache_age_threshold | 300 |
| key_cache_block_size | 1024 |
| key_cache_division_limit | 100 |
| language | /usr/share/mysql/english/ |
| large_files_support | ON |
| large_page_size | 0 |
| large_pages | OFF |
| license | GPL |
| local_infile | ON |
| locked_in_memory | OFF |
| log | OFF |
| log_bin | OFF |
| log_bin_trust_routine_creators | OFF |
| log_error | |
| log_slave_updates | OFF |
| log_slow_queries | OFF |
| log_warnings | 1 |
| long_query_time | 10 |
| low_priority_updates | OFF |
| lower_case_file_system | OFF |
| lower_case_table_names | 0 |
| max_allowed_packet | 1048576 |
| max_binlog_cache_size | 4294967295 |
| max_binlog_size | 1073741824 |
| max_connect_errors | 10 |
| max_connections | 100 |
| max_delayed_threads | 20 |
| max_error_count | 64 |
| max_heap_table_size | 16777216 |
| max_insert_delayed_threads | 20 |
| max_join_size | 4294967295 |
| max_length_for_sort_data | 1024 |
| max_relay_log_size | 0 |
| max_seeks_for_key | 4294967295 |
| max_sort_length | 1024 |
| max_tmp_tables | 32 |
| max_user_connections | 0 |
| max_write_lock_count | 4294967295 |
| multi_range_count | 256 |
| myisam_data_pointer_size | 6 |
| myisam_max_sort_file_size | 2147483647 |
| myisam_recover_options | OFF |
| myisam_repair_threads | 1 |
| myisam_sort_buffer_size | 8388608 |
| ndb_autoincrement_prefetch_sz | 32 |
| ndb_force_send | ON |
| ndb_use_exact_count | ON |
| ndb_use_transactions | ON |
| ndb_cache_check_time | 0 |
| net_buffer_length | 16384 |
| net_read_timeout | 30 |
| net_retry_count | 10 |
| net_write_timeout | 60 |
| new | OFF |
| old_passwords | OFF |
| open_files_limit | 1024 |
| optimizer_prune_level | 1 |
| optimizer_search_depth | 62 |
| pid_file | /var/lib/mysql/mothra.pid |
| port | 3306 |
| preload_buffer_size | 32768 |
| protocol_version | 10 |
| query_alloc_block_size | 8192 |
| query_cache_limit | 1048576 |
| query_cache_min_res_unit | 4096 |
| query_cache_size | 0 |
| query_cache_type | ON |
| query_cache_wlock_invalidate | OFF |
| query_prealloc_size | 8192 |
| range_alloc_block_size | 2048 |
| read_buffer_size | 131072 |
| read_only | OFF |
| read_rnd_buffer_size | 262144 |
| relay_log_purge | ON |
| relay_log_space_limit | 0 |
| rpl_recovery_rank | 0 |
| secure_auth | OFF |
| server_id | 0 |
| skip_external_locking | ON |
| skip_networking | OFF |
| skip_show_database | OFF |
| slave_compressed_protocol | OFF |
| slave_load_tmpdir | /tmp/ |
| slave_net_timeout | 3600 |
| slave_skip_errors | OFF |
| slave_transaction_retries | 10 |
| slow_launch_time | 2 |
| socket | /var/lib/mysql/mysql.sock |
| sort_buffer_size | 2097144 |
| sql_mode | |
| sql_notes | ON |
| sql_warnings | ON |
| storage_engine | MyISAM |
| sync_binlog | 0 |
| sync_frm | ON |
| sync_replication | 0 |
| sync_replication_slave_id | 0 |
| sync_replication_timeout | 10 |
| system_time_zone | EST |
| table_cache | 64 |
| table_lock_wait_timeout | 50 |
| table_type | MyISAM |
| thread_cache_size | 0 |
| thread_stack | 196608 |
| time_format | %H:%i:%s |
| time_zone | SYSTEM |
| timed_mutexes | OFF |
| tmp_table_size | 33554432 |
| tmpdir | |
| transaction_alloc_block_size | 8192 |
| transaction_prealloc_size | 4096 |
| tx_isolation | REPEATABLE-READ |
| updatable_views_with_limit | YES |
| version | 5.0.13-rc-Max |
| version_bdb | Sleepycat Software: Berkeley DB 4.1.24: (September 22, 2005) |
| version_comment | MySQL Community Edition - Max (GPL) |
| version_compile_machine | i686 |
| version_compile_os | pc-linux-gnu |
| wait_timeout | 28800 |
+---------------------------------+--------------------------------------------------------------+
221 rows in set (0.01 sec)
Most system variables are described here. Variables with no
version indicated are present in all MySQL 5.0
releases. For historical information concerning their
implementation, please see
MySQL 4.1 Reference Manual.
InnoDB
system variables are listed in
Section 15.4, “InnoDB
Startup Options”.
Values for buffer sizes, lengths, and stack sizes are given in bytes unless otherwise specified.
Information on tuning these variables can be found in Section 7.5.2, “Tuning Server Parameters”.
auto_increment_increment
auto_increment_increment
and
auto_increment_offset
are intended for
use with master-to-master replication, and can be used to
control the operation of AUTO_INCREMENT
columns. Both variables can be set globally or locally,
and each can assume an integer value between 1 and 65,535
inclusive. Setting the value of either of these two
variables to 0 will cause its value to be set to 1
instead. Attempting to set the value of either of these
two variables to an integer greater than 65,535 or less
than 0 will cause its value to be set to 65,535 instead.
Attempting to set the value of
auto_increment_increment
or of
auto_increment_offset
to a non-integer
value gives rise to an error, and the actual value of the
variable remains unchanged in such a case.
These two variables effect
AUTO_INCREMENT
column behavior as
follows:
auto_increment_increment
controls
the interval by which the column value is incremented.
For example:
mysql> SHOW VARIABLES LIKE 'auto_inc%'; +--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 1 | | auto_increment_offset | 1 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql> CREATE TABLE autoinc1 (col INT NOT NULL AUTO_INCREMENT PRIMARY KEY); Query OK, 0 rows affected (0.04 sec) mysql> SET @auto_increment_increment=10; Query OK, 0 rows affected (0.00 sec) mysql> SHOW VARIABLES LIKE 'auto_inc%'; +--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 1 | +--------------------------+-------+ 2 rows in set (0.01 sec) mysql> INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL); Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql> SELECT col FROM autoinc1; +-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | +-----+ 4 rows in set (0.00 sec)
(Note how SHOW VARIABLES
is used
here to obtain the current values for these
variables.)
auto_increment_offset
determines
the starting point for the
AUTO_INCREMENT
column value.
Consider the following, assuming that these commands
are executed during the same session as the previous
example:
mysql> SET @auto_increment_offset=5; Query OK, 0 rows affected (0.00 sec) mysql> SHOW VARIABLES LIKE 'auto_inc%'; +--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 5 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql> CREATE TABLE autoinc2 (col INT NOT NULL AUTO_INCREMENT PRIMARY KEY); Query OK, 0 rows affected (0.06 sec) mysql> INSERT INTO autoinc2 VALUES (NULL), (NULL), (NULL), (NULL); Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql> SELECT col FROM autoinc2; +-----+ | col | +-----+ | 5 | | 15 | | 25 | | 35 | +-----+ 4 rows in set (0.02 sec)
If the value of
auto_increment_offset
is greater
than that of
auto_increment_increment
, then the
value of auto_increment_offset
is
ignored.
Should one or both of these variables be changed and then
new rows inserted into a table containing an
AUTO_INCREMENT
column, the results may
seem counterintuitive, as the series of
AUTO_INCREMENT
values is calculated
without regard to any values already present in the
column, and the next value inserted is the least value in
the series that is greater than the maximum existing value
in the AUTO_INCREMENT
column. In other
words, the series is calculated like so:
auto_increment_offset +
N
*
auto_increment_increment
where N
is a positive integer
value in the series [1, 2, 3, ...]. For example:
mysql>SHOW VARIABLES LIKE 'auto_inc%';
+--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 5 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql>SELECT col FROM autoinc1;
+-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | +-----+ 4 rows in set (0.00 sec) mysql>INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL);
Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql>SELECT col FROM autoinc1;
+-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | | 35 | | 45 | | 55 | | 65 | +-----+ 8 rows in set (0.00 sec)
The values shown for
auto_increment_increment
and
auto_increment_offset
generate the
series 5 + N
* 10, that is, [5,
15, 25, 35, 45, ...]. The greatest value present in the
col
column prior to the
INSERT
is 31, and the next available
value in the AUTO_INCREMENT
series is
35, so the inserted values for col
begin at that point and the results are as shown for the
SELECT
query.
It is important to remember that it is not possible to
confine the effects of these two variables to a single
table, and thus they do not take the place of the
sequences offered by some other database management
systems; these variables control the behavior of all
AUTO_INCREMENT
columns in
all tables on the MySQL
server. If one of these variables is set globally, then
its effects persist until the global value is changed or
overridden by setting them locally, or until
mysqld is restarted; if set locally,
then the new value affects
AUTO_INCREMENT
columns for all tables
into which new rows are inserted by the current user for
the duration of the session, unless the values are changed
during that session.
The auto_increment_increment
variable
was added in MySQL 5.0.2. Its default value is 1. See
Section 6.12, “Auto-Increment in Multi-Master Replication”.
auto_increment_offset
This variable was introduced in MySQL 5.0.2. Its default
value is 1. For particulars, see the description for
auto_increment_increment
.
back_log
The number of outstanding connection requests MySQL can
have. This comes into play when the main MySQL thread gets
very many connection requests in a very short time. It
then takes some time (although very little) for the main
thread to check the connection and start a new thread. The
back_log
value indicates how many
requests can be stacked during this short time before
MySQL momentarily stops answering new requests. You need
to increase this only if you expect a large number of
connections in a short period of time.
In other words, this value is the size of the listen queue
for incoming TCP/IP connections. Your operating system has
its own limit on the size of this queue. The manual page
for the Unix listen()
system call
should have more details. Check your OS documentation for
the maximum value for this variable. Attempting to set
back_log
higher than your operating
system limit is ineffective.
basedir
The MySQL installation base directory. This variable can
be set with the --basedir
option.
bdb_cache_size
The size of the buffer that is allocated for caching
indexes and rows for BDB
tables. If you
don't use BDB
tables, you should start
mysqld with --skip-bdb
to not waste memory for this cache.
bdb_home
The base directory for BDB
tables. This
should be assigned the same value as the
datadir
variable.
bdb_log_buffer_size
The size of the buffer that is allocated for caching
indexes and rows for BDB
tables. If you
don't use BDB
tables, you should set
this to 0 or start mysqld with
--skip-bdb
to not waste memory for this
cache.
bdb_logdir
The directory where the BDB
storage
engine writes its log files. This variable can be set with
the --bdb-logdir
option.
bdb_max_lock
The maximum number of locks you can have active on a
BDB
table (10,000 by default). You
should increase this if errors such as the following occur
when you perform long transactions or when
mysqld has to examine many rows to
calculate a query:
bdb: Lock table is out of available locks Got error 12 from ...
bdb_shared_data
This is ON
if you are using
--bdb-shared-data
.
bdb_tmpdir
The value of the --bdb-tmpdir
option.
binlog_cache_size
The size of the cache to hold the SQL statements for the
binary log during a transaction. A binary log cache is
allocated for each client if the server supports any
transactional storage engines and if the server has binary
log enabled (--log-bin
option). If you
often use big, multiple-statement transactions, you can
increase this to get more performance. The
Binlog_cache_use
and
Binlog_cache_disk_use
status variables
can be useful for tuning the size of this variable. See
Section 5.11.3, “The Binary Log”.
bulk_insert_buffer_size
MyISAM
uses a special tree-like cache
to make bulk inserts faster for INSERT ...
SELECT
, INSERT ... VALUES (...), (...),
...
, and LOAD DATA INFILE
.
This variable limits the size of the cache tree in bytes
per thread. Setting it to 0 disables this optimization.
Note: This cache is used
only when adding data to a non-empty table. The default
value is 8MB.
character_set_client
The character set for statements that arrive from the client.
character_set_connection
The character set used for literals that do not have a character set introducer and for number-to-string conversion.
character_set_database
The character set used by the default database. The server
sets this variable whenever the default database changes.
If there is no default database, the variable has the same
value as character_set_server
.
character_set_results
The character set used for returning query results to the client.
character_set_server
The server's default character set.
character_set_system
The character set used by the server for storing
identifiers. The value is always utf8
.
character_sets_dir
The directory where character sets are installed.
collation_connection
The collation of the connection character set.
collation_database
The collation used by the default database. The server
sets this variable whenever the default database changes.
If there is no default database, the variable has the same
value as collation_server
.
collation_server
The server's default collation.
completion_type
The transaction completion type:
If the value is 0 (the default),
COMMIT
and
ROLLBACK
are unaffected.
If the value is 1, COMMIT
and
ROLLBACK
are equivalent to
COMMIT AND CHAIN
and
ROLLBACK AND CHAIN
, respectively.
(A new transaction starts immediately with the same
isolation level as the just-terminated transaction.)
If the value is 2, COMMIT
and
ROLLBACK
are equivalent to
COMMIT RELEASE
and
ROLLBACK RELEASE
, respectively.
(The server disconnects after terminating the
transaction.)
This variable was added in MySQL 5.0.3
concurrent_insert
If ON
(the default), MySQL allows
INSERT
and SELECT
statements to run concurrently for
MyISAM
tables that have no free blocks
in the middle. You can turn this option off by starting
mysqld with --safe
or
--skip-new
.
In MySQL 5.0.6 this variable was changed to an integer that takes 3 values:
Value | Description |
0 | Off |
1 | (Default) Enables concurrent insert for MyISAM tables that don't have holes |
2 | Enables concurrent inserts for all MyISAM tables. If table has a hole and is in use by another thread the new row will be inserted at end of table. If table is not in use then MySQL will do a normal read lock and insert the new row into the hole. |
The number of seconds the mysqld server
waits for a connect packet before responding with
Bad handshake
.
datadir
The MySQL data directory. This variable can be set with
the --datadir
option.
date_format
This variable is not implemented.
datetime_format
This variable is not implemented.
default_week_format
The default mode value to use for the
WEEK()
function.
delay_key_write
This option applies only to MyISAM
tables. It can have one of the following values to affect
handling of the DELAY_KEY_WRITE
table
option that can be used in CREATE TABLE
statements.
Option | Description |
OFF | DELAY_KEY_WRITE is ignored. |
ON | MySQL honors the DELAY_KEY_WRITE option for
CREATE TABLE . This is the
default value. |
ALL | All new opened tables are treated as if they were created with the
DELAY_KEY_WRITE option enabled. |
If DELAY_KEY_WRITE
is enabled, this
means that the key buffer for tables with this option are
not flushed on every index update, but only when a table
is closed. This speeds up writes on keys a lot, but if you
use this feature, you should add automatic checking of all
MyISAM
tables by starting the server
with the --myisam-recover
option (for
example, --myisam-recover=BACKUP,FORCE
).
See Section 5.3.1, “mysqld Command-Line Options” and
Section 14.1.1, “MyISAM
Startup Options”.
Note that --external-locking
doesn't
offer any protection against index corruption for tables
that use delayed key writes.
delayed_insert_limit
After inserting delayed_insert_limit
delayed rows, the INSERT DELAYED
handler thread checks whether there are any
SELECT
statements pending. If so, it
allows them to execute before continuing to insert delayed
rows.
delayed_insert_timeout
How long an INSERT DELAYED
handler
thread should wait for INSERT
statements before terminating.
delayed_queue_size
This is a per-table limit on the number of rows to queue
when handling INSERT DELAYED
statements. If the queue becomes full, any client that
issues an INSERT DELAYED
statement
waits until there is room in the queue again.
div_precision_increment
This variable indicates the number of digits of precision
by which to increase the result of division operations
performed with the /
operator. The
default value is 4. The minimum and maximum values are 0
and 30, respectively. The following example illustrates
the effect of increasing the default value.
mysql>SELECT 1/7;
+--------+ | 1/7 | +--------+ | 0.1429 | +--------+ mysql>SET div_precision_increment = 12;
mysql>SELECT 1/7;
+----------------+ | 1/7 | +----------------+ | 0.142857142857 | +----------------+
This variable was added in MySQL 5.0.6.
engine_condition_pushdown
This variable applies to NDB. By default it is 0
(OFF
): If you execute a query such as
SELECT * FROM t WHERE mycol = 42
, where
mycol
is an unindexed column, the query
is executed as a full table scan on every NDB node. Each
node sends every row to the MySQL server, which applies
the WHERE
condition. If
engine_condition_pushdown
is set to 1
(ON
), the condition is “pushed
down” to the storage engine and sent to the NDB
nodes. Each node performs the scan, and only sends back to
the MySQL server the rows that match the condition.
This variable was added in MySQL 5.0.3. Before that, the
default NDB
behavior is the same as for
a value of OFF
.
expire_logs_days
The number of days for automatic binary log removal. The default is 0, which means “no automatic removal”. Possible removals happen at startup and at binary log rotation.
flush
This is ON
if you have started
mysqld with the
--flush
option.
flush_time
If this is set to a non-zero value, all tables are closed
every flush_time
seconds to free up
resources and sync unflushed data to disk. We recommend
that this option be used only on Windows 9x or Me, or on
systems with minimal resources.
ft_boolean_syntax
The list of operators supported by boolean full-text
searches performed using IN BOOLEAN
MODE
. See Section 12.7.1, “Boolean Full-Text Searches”.
The default variable value is '+
-><()~*:""&|'
. The rules for changing
the value are as follows:
Operator function is determined by position within the string.
The replacement value must be 14 characters.
Each character must be an ASCII non-alphanumeric character.
Either the first or second character must be a space.
No duplicates are allowed except the phrase quoting operators in positions 11 and 12. These two characters are not required to be the same, but they are the only two that may be.
Positions 10, 13, and 14 (which by default are set to
‘:
’,
‘&
’, and
‘|
’) are reserved for
future extensions.
ft_max_word_len
The maximum length of the word to be included in a
FULLTEXT
index.
Note:
FULLTEXT
indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
.
tbl_name
QUICK
ft_min_word_len
The minimum length of the word to be included in a
FULLTEXT
index.
Note:
FULLTEXT
indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
.
tbl_name
QUICK
ft_query_expansion_limit
The number of top matches to use for full-text searches
performed using WITH QUERY EXPANSION
.
ft_stopword_file
The file from which to read the list of stopwords for
full-text searches. All the words from the file are used;
comments are not honored. By default,
a built-in list of stopwords is used (as defined in the
myisam/ft_static.c
file). Setting
this variable to the empty string (''
)
disables stopword filtering.
Note:
FULLTEXT
indexes must be rebuilt after
changing this variable or the contents of the stopword
file. Use REPAIR TABLE
.
tbl_name
QUICK
group_concat_max_len
The maximum allowed result length for the
GROUP_CONCAT()
function.
have_archive
YES
if mysqld
supports ARCHIVE
tables,
NO
if not.
have_bdb
YES
if mysqld
supports BDB
tables.
DISABLED
if --skip-bdb
is used.
have_blackhole_engine
YES
if mysqld
supports BLACKHOLE
tables,
NO
if not.
have_compress
Whether the zlib
compression library is
available to the server. If not, the
COMPRESS()
and
UNCOMPRESS()
functions cannot be used.
have_crypt
Whether the crypt()
system call is
available to the server. If not, the
CRYPT()
function cannot be used.
have_csv
YES
if mysqld
supports ARCHIVE
tables,
NO
if not.
have_example_engine
YES
if mysqld
supports EXAMPLE
tables,
NO
if not.
have_federated_engine
YES
if mysqld
supports FEDERATED
tables,
NO
if not. This variable was added in
MySQL 5.0.3.
have_geometry
Whether the server supports spatial data types.
have_innodb
YES
if mysqld
supports InnoDB
tables.
DISABLED
if
--skip-innodb
is used.
have_isam
In MySQL 5.0, this appears only for reasons
of backwards compatibility, and is always
NO
, as ISAM
tables
are no longer supported.
have_ndbcluster
YES
if mysqld
supports NDB Cluster
tables.
DISABLED
if
--skip-ndbcluster
is used.
have_openssl
YES
if mysqld
supports SSL (encryption) of the client/server protocol.
have_query_cache
YES
if mysqld
supports the query cache.
have_raid
YES
if mysqld
supports the RAID
option.
have_rtree_keys
Whether RTREE
indexes are available.
(These are used for spatial indexes in
MyISAM
tables.)
have_symlink
Whether symbolic link support is enabled. This is required
on Unix for support of the DATA
DIRECTORY
and INDEX DIRECTORY
table options.
init_connect
A string to be executed by the server for each client that
connects. The string consists of one or more SQL
statements. To specify multiple statements, separate them
by semicolon characters. For example, each client begins
by default with autocommit mode enabled. There is no
global server variable to specify that autocommit should
be disabled by default, but
init_connect
can be used to achieve the
same effect:
SET GLOBAL init_connect='SET AUTOCOMMIT=0';
This variable can also be set on the command line or in an option file. To set the variable as just shown using an option file, include these lines:
[mysqld] init_connect='SET AUTOCOMMIT=0'
Note that the content of init_connect
is not executed for users having the
SUPER
privilege; this is in case that
content has been wrongly set (contains a wrong query, for
example with a syntax error), thus making all connections
fail. Not executing it for SUPER
users
enables those to open a connection and fix
init_connect
.
init_file
The name of the file specified with the
--init-file
option when you start the
server. This is a file containing SQL statements that you
want the server to execute when it starts. Each statement
must be on a single line and should not include comments.
init_slave
This variable is similar to
init_connect
, but is a string to be
executed by a slave server each time the SQL thread
starts. The format of the string is the same as for the
init_connect
variable.
innodb_
xxx
The InnoDB
system variables are listed
at Section 15.4, “InnoDB
Startup Options”.
interactive_timeout
The number of seconds the server waits for activity on an
interactive connection before closing it. An interactive
client is defined as a client that uses the
CLIENT_INTERACTIVE
option to
mysql_real_connect()
. See also
wait_timeout
.
join_buffer_size
The size of the buffer that is used for full joins (joins
that do not use indexes). Normally the best way to get
fast joins is to add indexes. Increase the value of
join_buffer_size
to get a faster full
join when adding indexes is not possible. One join buffer
is allocated for each full join between two tables. For a
complex join between several tables for which indexes are
not used, multiple join buffers might be necessary.
Index blocks for MyISAM
tables are
buffered and are shared by all threads.
key_buffer_size
is the size of the
buffer used for index blocks. The key buffer is also known
as the key cache.
The maximum allowable setting for
key_buffer_size
is 4GB. The effective
maximum size might be less, depending on your available
physical RAM and per-process RAM limits imposed by your
operating system or hardware platform.
Increase the value to get better index handling (for all reads and multiple writes) to as much as you can afford. Using a value that is 25% of total memory on a machine that mainly runs MySQL is quite common. However, if you make the value too large (for example, more than 50% of your total memory) your system might start to page and become extremely slow. MySQL relies on the operating system to perform filesystem caching for data reads, so you must leave some room for the filesystem cache.
For even more speed when writing many rows at the same
time, use LOCK TABLES
. See
Section 13.4.5, “LOCK TABLES
and UNLOCK TABLES
Syntax”.
You can check the performance of the key buffer by issuing
a SHOW STATUS
statement and examining
the Key_read_requests
,
Key_reads
,
Key_write_requests
, and
Key_writes
status variables. See
Section 13.5.4, “SHOW
Syntax”.
The Key_reads/Key_read_requests
ratio
should normally be less than 0.01. The
Key_writes/Key_write_requests
ratio is
usually near 1 if you are using mostly updates and
deletes, but might be much smaller if you tend to do
updates that affect many rows at the same time or if you
are using the DELAY_KEY_WRITE
table
option.
The fraction of the key buffer in use can be determined
using key_buffer_size
in conjunction
with the Key_blocks_unused
status
variable and the buffer block size. The buffer block size
is available from the
key_cache_block_size
server variable.
The fraction of the buffer in use is:
1 - ((Key_blocks_unused * key_cache_block_size) / key_buffer_size)
This value is an approximation because some space in the key buffer may be allocated internally for administrative structures.
In MySQL 5.0, it is possible to create
multiple MyISAM key caches. The size limit of 4GB applies
to each cache individually, not as a group. See
Section 7.4.6, “The MyISAM
Key Cache”.
key_cache_age_threshold
This value controls the demotion of buffers from the hot
sub-chain of a key cache to the warm sub-chain. Lower
values cause demotion to happen more quickly. The minimum
value is 100. The default value is 300. See
Section 7.4.6, “The MyISAM
Key Cache”.
key_cache_block_size
The size in bytes of blocks in the key cache. The default
value is 1024. See Section 7.4.6, “The MyISAM
Key Cache”.
key_cache_division_limit
The division point between the hot and warm sub-chains of
the key cache buffer chain. The value is the percentage of
the buffer chain to use for the warm sub-chain. Allowable
values range from 1 to 100. The default value is 100. See
Section 7.4.6, “The MyISAM
Key Cache”.
language
The language used for error messages.
large_file_support
Whether mysqld was compiled with options for large file support.
large_pages
Indicates whether large page support is enabled. This variable was added in MySQL 5.0.3.
license
The type of license the server has.
local_infile
Whether LOCAL
is supported for
LOAD DATA INFILE
statements.
locked_in_memory
Whether mysqld was locked in memory
with --memlock
.
log
Whether logging of all queries to the general query log is enabled. See Section 5.11.2, “The General Query Log”.
log_bin
Whether the binary log is enabled. See Section 5.11.3, “The Binary Log”.
log_bin_trust_routine_creators
This variable applies when binary logging is enabled. It
controls whether stored routine creators can be trusted
not to create stored routines that will cause unsafe
events to be written to the binary log. If set to 0 (the
default), users are not allowed to create or alter stored
routines unless they have the SUPER
privilege in addition to the CREATE
ROUTINE
or ALTER ROUTINE
privilege.
A setting of 0 also enforces the restriction that a
routine must be declared with the
DETERMINISTIC
characteristic, or with
the READS SQL DATA
or NO
SQL
characteristic. If the variable is set to 1,
MySQL does not enforce these restrictions on stored
routine creation.
See Section 18.4, “Binary Logging of Stored Routines and Triggers”.
This variable was added in MySQL 5.0.6.
log_error
The location of the error log.
log_slave_updates
Whether updates received by a slave server from a master server should be logged to the slave's own binary log. Binary logging must be enabled on the slave for this to have any effect. See Section 6.8, “Replication Startup Options”.
log_slow_queries
Whether slow queries should be logged. “Slow”
is determined by the value of the
long_query_time
variable. See
Section 5.11.4, “The Slow Query Log”.
log_warnings
Whether to produce additional warning messages. It is enabled by default. Aborted connections are not logged to the error log unless the value is greater than 1.
long_query_time
If a query takes longer than this many seconds, the
Slow_queries
status variable is
incremented. If you are using the
--log-slow-queries
option, the query is
logged to the slow query log file. This value is measured
in real time, not CPU time, so a query that is under the
threshold on a lightly loaded system might be above the
threshold on a heavily loaded one. See
Section 5.11.4, “The Slow Query Log”.
low_priority_updates
If set to 1
, all
INSERT
, UPDATE
,
DELETE
, and LOCK TABLE
WRITE
statements wait until there is no pending
SELECT
or LOCK TABLE
READ
on the affected table. This variable
previously was named
sql_low_priority_updates
.
lower_case_file_system
This variable indicates whether the filesystem where the
data directory is located has case insensitive filenames.
ON
means filenames are case
insensitive, OFF
means they are case
sensitive.
lower_case_table_names
If set to 1, table names are stored in lowercase on disk and table name comparisons are not case sensitive. If set to 2 table names are stored as given but compared in lowercase. This option also applies to database names and table aliases. See Section 9.2.2, “Identifier Case Sensitivity”.
If you are using InnoDB
tables, you
should set this variable to 1 on all platforms to force
names to be converted to lowercase.
You should not set this variable to 0
if you are running MySQL on a system that does not have
case-sensitive filenames (such as Windows or Mac OS X). If
this variable is not set at startup and the filesystem on
which the data directory is located does not have
case-sensitive filenames, MySQL automatically sets
lower_case_table_names
to 2.
max_allowed_packet
The maximum size of one packet or any generated/intermediate string.
The packet message buffer is initialized to
net_buffer_length
bytes, but can grow
up to max_allowed_packet
bytes when
needed. This value by default is small, to catch big
(possibly wrong) packets.
You must increase this value if you are using big
BLOB
columns or long strings. It should
be as big as the biggest BLOB
you want
to use. In MySQL 5.0, the protocol limit for
max_allowed_packet
is 1GB.
max_binlog_cache_size
If a multiple-statement transaction requires more than
this amount of memory, you get the error
Multi-statement transaction required more than
'max_binlog_cache_size' bytes of storage
.
max_binlog_size
If a write to the binary log exceeds the given value, rotate the binary logs. You cannot set this variable to more than 1GB or to less than 4096 bytes. The default value is 1GB.
Note if you are using transactions: A transaction is
written in one chunk to the binary log, hence it is never
split between several binary logs. Therefore, if you have
big transactions, you might see binary logs bigger than
max_binlog_size
.
If max_relay_log_size
is 0, the value
of max_binlog_size
applies to relay
logs as well.
max_connect_errors
If there are more than this number of interrupted
connections from a host, that host is blocked from further
connections. You can unblock blocked hosts with the
FLUSH HOSTS
statement.
max_connections
The number of simultaneous client connections allowed.
Increasing this value increases the number of file
descriptors that mysqld requires. See
Section 7.4.9, “How MySQL Opens and Closes Tables” for comments on file
descriptor limits. Also see
Section A.2.6, “Too many connections
”.
max_delayed_threads
Don't start more than this number of threads to handle
INSERT DELAYED
statements. If you try
to insert data into a new table after all INSERT
DELAYED
threads are in use, the row is inserted
as if the DELAYED
attribute wasn't
specified. If you set this to 0, MySQL never creates a
thread to handle DELAYED
rows; in
effect, this disables DELAYED
entirely.
max_error_count
The maximum number of error, warning, and note messages to
be stored for display by SHOW ERRORS
or
SHOW WARNINGS
.
max_heap_table_size
This variable sets the maximum size to which
MEMORY
(HEAP
) tables
are allowed to grow. The value of the variable is used to
calculate MEMORY
table
MAX_ROWS
values. Setting this variable
has no effect on any existing MEMORY
table, unless the table is re-created with a statement
such as CREATE TABLE
or
TRUNCATE TABLE
, or altered with
ALTER TABLE
.
max_insert_delayed_threads
This variable is a synonym for
max_delayed_threads
.
max_join_size
Don't allow SELECT
statements that
probably need to examine more than
max_join_size
rows (for single-table
statements) or row combinations (for multiple-table
statements) or that are likely to do more than
max_join_size
disk seeks. By setting
this value, you can catch SELECT
statements where keys are not used properly and that would
probably take a long time. Set it if your users tend to
perform joins that lack a WHERE
clause,
that take a long time, or that return millions of rows.
Setting this variable to a value other than
DEFAULT
resets the value of
SQL_BIG_SELECTS
to
0
. If you set the
SQL_BIG_SELECTS
value again, the
max_join_size
variable is ignored.
If a query result is in the query cache, no result size check is performed, because the result has previously been computed and it does not burden the server to send it to the client.
This variable previously was named
sql_max_join_size
.
max_length_for_sort_data
The cutoff on the size of index values that determines
which filesort
algorithm to use. See
Section 7.2.12, “How MySQL Optimizes ORDER BY
”.
max_relay_log_size
If a write by a replication slave to its relay log exceeds
the given value, rotate the relay log. This variable
enables you to put different size constraints on relay
logs and binary logs. However, setting the variable to 0
makes MySQL use max_binlog_size
for
both binary logs and relay logs. You must set
max_relay_log_size
to between 4096
bytes and 1GB (inclusive), or to 0. The default value is
0. See
Section 6.3, “Replication Implementation Details”.
max_seeks_for_key
Limit the assumed maximum number of seeks when looking up
rows based on a key. The MySQL optimizer assumes that no
more than this number of key seeks are required when
searching for matching rows in a table by scanning a key,
regardless of the actual cardinality of the key (see
Section 13.5.4.11, “SHOW INDEX
Syntax”). By setting this to a low
value (100?), you can force MySQL to prefer keys instead
of table scans.
max_sort_length
The number of bytes to use when sorting
BLOB
or TEXT
values.
Only the first max_sort_length
bytes of
each value are used; the rest are ignored.
max_tmp_tables
The maximum number of temporary tables a client can keep open at the same time. (This option doesn't yet do anything.)
max_user_connections
The maximum number of simultaneous connections allowed to any given MySQL account. A value of 0 means “no limit.”
Before MySQL 5.0.3, this variable has only global scope.
Beginning with MySQL 5.0.3, it also has a read-only
session scope. The session variable has the same value as
the global variable unless the current account has a
non-zero MAX_USER_CONNECTIONS
resource
limit. In that case, the session value reflects the
account limit.
max_write_lock_count
After this many write locks, allow some read locks to run in between.
myisam_data_pointer_size
The default pointer size in bytes, to be used by
CREATE TABLE
for
MyISAM
tables when no
MAX_ROWS
option is specified. This
variable cannot be less than 2 or larger than 7. The
default value is 6 (4 before MySQL 5.0.6). This variable
was added in MySQL 4.1.2. See
Section A.2.11, “The table is full
”.
(DEPRECATED)
myisam_max_extra_sort_file_size
If the temporary file used for fast
MyISAM
index creation would be larger
than using the key cache by the amount specified here,
prefer the key cache method. This is mainly used to force
long character keys in large tables to use the slower key
cache method to create the index. The value is given in
bytes.
Note: This variable was removed in MySQL 5.0.6.
myisam_max_sort_file_size
The maximum size of the temporary file MySQL is allowed to
use while re-creating a MyISAM
index
(during REPAIR TABLE
, ALTER
TABLE
, or LOAD DATA INFILE
).
If the file size would be bigger than this value, the
index is created using the key cache instead, which is
slower. The value is given in bytes.
myisam_recover_options
The value of the --myisam-recover
option.
myisam_repair_threads
If this value is greater than 1, MyISAM
table indexes are created in parallel (each index in its
own thread) during the Repair by
sorting
process. The default value is 1.
Note: Multi-threaded
repair is still alpha quality code.
myisam_sort_buffer_size
The buffer that is allocated when sorting
MyISAM
indexes during a REPAIR
TABLE
or when creating indexes with
CREATE INDEX
or ALTER
TABLE
.
myisam_stats_method
How the server treats NULL
values when
collecting statistics about the distribution of index
values for MyISAM
tables. This variable
has two possible values, nulls_equal
and nulls_unequal
. For
nulls_equal
, all
NULL
index values are considered equal
and form a single value group that has a size equal to the
number of NULL
values. For
nulls_unequal
, NULL
values are considered unequal, and each
NULL
forms a distinct value group of
size 1.
The method that is used for generating table statistics
influences how the optimizer chooses indexes for query
execution, as described in
Section 7.4.7, “MyISAM
Index Statistics Collection”.
This variable was added in MySQL 5.0.14. For older
versions, the statistics collection method is equivalent
to nulls_equal
.
multi_read_range
Specifies the maximum number of ranges to send to a
storage engine during range selects. The default value is
256. Sending multiple ranges to an engine is a feature
that can improve the performance of certain selects
dramatically, particularly for
NDBCLUSTER
. This engine needs to send
the range requests to all nodes, and sending many of those
requests at once reduces the communication costs
significantly. This variable was added in MySQL 5.0.3.
named_pipe
(Windows only.) Indicates whether the server supports connections over named pipes.
net_buffer_length
The communication buffer is reset to this size between
queries. This should not normally be changed, but if you
have very little memory, you can set it to the expected
length of SQL statements sent by clients. If statements
exceed this length, the buffer is automatically enlarged,
up to max_allowed_packet
bytes.
net_read_timeout
The number of seconds to wait for more data from a
connection before aborting the read. When the server is
reading from the client,
net_read_timeout
is the timeout value
controlling when to abort. When the server is writing to
the client, net_write_timeout
is the
timeout value controlling when to abort. See also
slave_net_timeout
.
net_retry_count
If a read on a communication port is interrupted, retry this many times before giving up. This value should be set quite high on FreeBSD because internal interrupts are sent to all threads.
net_write_timeout
The number of seconds to wait for a block to be written to
a connection before aborting the write. See also
net_read_timeout
.
new
This variable was used in MySQL 4.0 to turn on some 4.1
behaviors, and is retained for backwards compatibility. In
MySQL 5.0, its value is always
OFF
.
old_passwords
Whether the server should use pre-4.1-style passwords for
MySQL user accounts. See Section A.2.3, “Client does not support authentication protocol
”.
one_shot
This is not a variable, but it can be used when setting
some variables. It's described in
Section 13.5.3, “SET
Syntax”.
one_shot
This is not a variable, but it can be used when setting
some variables. It's described in
Section 13.5.3, “SET
Syntax”.
open_files_limit
The number of files that the operating system allows mysqld to open. This is the real value allowed by the system and might be different from the value you gave mysqld as a startup option. The value is 0 on systems where MySQL can't change the number of open files.
optimizer_prune_level
Controls the heuristics applied during query optimization to prune less-promising partial plans from the optimizer search space. A value of 0 disables heuristics so that the optimizer performs an exhaustive search. A value of 1 causes the optimizer to prune plans based on the number of rows retrieved by intermediate plans. This variable was added in MySQL 5.0.1.
optimizer_search_depth
The maximum depth of search performed by the query optimizer. Values larger than the number of relations in a query result in better query plans, but take longer to generate an execution plan for a query. Values smaller than the number of relations in a query return an execution plan quicker, but the resulting plan may be far from being optimal. If set to 0, the system automatically picks a reasonable value. If set to the maximum number of tables used in a query plus 2, the optimizer switches to the algorithm used in MySQL 5.0.0 (and previous versions) for performing searches. This variable was added in MySQL 5.0.1.
pid_file
The pathname of the process ID (PID) file. This variable
can be set with the --pid-file
option.
port
The port on which the server listens for TCP/IP
connections. This variable can be set with the
--port
option.
preload_buffer_size
The size of the buffer that is allocated when preloading indexes.
protocol_version
The version of the client/server protocol used by the MySQL server.
query_alloc_block_size
The allocation size of memory blocks that are allocated for objects created during query parsing and execution. If you have problems with memory fragmentation, it might help to increase this a bit.
query_cache_limit
Don't cache results that are larger than this number of bytes. The default value is 1048576 (1MB).
query_cache_min_res_unit
The minimum size (in bytes) for blocks allocated by the query cache. The default value is 4096 (4KB). Tuning information for this variable is given in Section 5.13.3, “Query Cache Configuration”.
query_cache_size
The amount of memory allocated for caching query results.
The default value is 0, which disables the query cache.
Note that this amount of memory is allocated even if
query_cache_type
is set to 0. See
Section 5.13.3, “Query Cache Configuration” for more
information.
query_cache_type
Set query cache type. Setting the
GLOBAL
value sets the type for all
clients that connect thereafter. Individual clients can
set the SESSION
value to affect their
own use of the query cache. Possible values are shown in
the following table:
Option | Description |
0 or OFF | Don't cache or retrieve results. Note that this does not deallocate the
query cache buffer. To do that, you should set
query_cache_size to 0. |
1 or ON | Cache all query results except for those that begin with SELECT
SQL_NO_CACHE . |
2 or DEMAND | Cache results only for queries that begin with SELECT
SQL_CACHE . |
In MySQL 5.0, this variable defaults to
ON
.
query_cache_wlock_invalidate
Normally, when one client acquires a
WRITE
lock on a
MyISAM
table, other clients are not
blocked from issuing queries for the table if the query
results are present in the query cache. Setting this
variable to 1 causes acquisition of a
WRITE
lock for a table to invalidate
any queries in the query cache that refer to the table.
This forces other clients that attempt to access the table
to wait while the lock is in effect.
query_prealloc_size
The size of the persistent buffer used for query parsing
and execution. This buffer is not freed between queries.
If you are running complex queries, a larger
query_prealloc_size
value might be
helpful in improving performance, because it can reduce
the need for the server to perform memory allocation
during query execution operations.
range_alloc_block_size
The size of blocks that are allocated when doing range optimization.
read_buffer_size
Each thread that does a sequential scan allocates a buffer of this size (in bytes) for each table it scans. If you do many sequential scans, you might want to increase this value, which defaults to 131072.
read_only
When the variable is set to ON
for a
replication slave server, it causes the slave to allow no
updates except from slave threads or from users with the
SUPER
privilege. This can be useful to
ensure that a slave server accepts no updates from
clients.
relay_log_purge
Disables or enables automatic purging of relay logs as soon as they are not needed any more. The default value is 1 (enabled).
read_rnd_buffer_size
When reading rows in sorted order after a sort, the rows
are read through this buffer to avoid disk seeks. Setting
the variable to a large value can improve ORDER
BY
performance by a lot. However, this is a
buffer allocated for each client, so you should not set
the global variable to a large value. Instead, change the
session variable only from within those clients that need
to run large queries.
secure_auth
If the MySQL server has been started with the
--secure-auth
option, it blocks
connections from all accounts that have passwords stored
in the old (pre-4.1) format. In that case, the value of
this variable is ON
, otherwise it is
OFF
.
You should enable this option if you want to prevent all usage of passwords employing the old format (and hence insecure communication over the network).
Server startup fails with an error if this option is
enabled and the privilege tables are in pre-4.1 format.
See Section A.2.3, “Client does not support authentication protocol
”.
When used as a client-side option, the client refuses to connect to a server if the server requires a password in old format for the client account.
server_id
The value of the --server-id
option. It
is used for master and slave replication servers.
shared_memory
(Windows only.) Whether or not the server allows shared-memory connections.
shared_memory_base_name
(Windows only.) Indicates whether or not the server allows shared-memory connections, and sets the identifier for the shared memory. This is useful when running multiple MySQL instances on a single physical machine.
skip_external_locking
This is OFF
if
mysqld uses external locking.
skip_networking
This is ON
if the server allows only
local (non-TCP/IP) connections. On Unix, local connections
use a Unix socket file. On Windows, local connections use
a named pipe or shared memory. On NetWare, only TCP/IP
connections are supported, so do not set this variable to
ON
.
skip_show_database
This prevents people from using the SHOW
DATABASES
statement if they do not have the
SHOW DATABASES
privilege. This can
improve security if you have concerns about users being
able to see databases belonging to other users. In MySQL
5.0, its effect depends on the SHOW
DATABASES
privilege: If the variable value is
ON
, the SHOW
DATABASES
statement is allowed only to users who
have the SHOW DATABASES
privilege, and
the statement displays all database names. If the value is
OFF
, SHOW DATABASES
is allowed to all users, but displays the names of only
those databases for which the user has the SHOW
DATABASES
or other privilege.
slave_compressed_protocol
Whether to use compression of the slave/master protocol if both the slave and the master support it.
slave_load_tmpdir
The name of the directory where the slave creates
temporary files for replicating LOAD DATA
INFILE
statement.
slave_net_timeout
The number of seconds to wait for more data from a master/slave connection before aborting the read.
slave_skip_errors
The replication errors that the slave should skip (ignore).
slave_transaction_retries
If a replication slave SQL thread fails to execute a
transaction because of an InnoDB
deadlock or exceeded InnoDB's
innodb_lock_wait_timeout
or
NDBCluster's
TransactionDeadlockDetectionTimeout
or
TransactionInactiveTimeout
, it
automatically retries
slave_transaction_retries
times before
stopping with an error. The default in MySQL 4.1 is 0. You
must explicitly set the value greater than 0 to enable the
“retry” behavior, which is probably a good
idea. In MySQL 5.0.3 or newer, the default is 10.
slow_launch_time
If creating a thread takes longer than this many seconds,
the server increments the
Slow_launch_threads
status variable.
socket
Unix platforms: The socket file used
for local client connections. Defaults to
/var/lib/mysql/mysql.sock
.
Windows: The name of the named pipe
used for local client connections. Defaults to
mysql
.
sort_buffer_size
Each thread that needs to do a sort allocates a buffer of
this size. Increase this value for faster ORDER
BY
or GROUP BY
operations.
See Section A.4.4, “Where MySQL Stores Temporary Files”.
sql_mode
The current server SQL mode, which in MySQL 5.0 can be set dynamically. See Section 5.3.2, “The Server SQL Mode”.
sql_slave_skip_counter
The number of events from the master that a slave server should skip.
storage_engine
This variable is a synonym for
table_type
. In MySQL 5.0,
storage_engine
is the preferred name.
sync_binlog
If positive, the MySQL server synchronizes its binary log
to disk (fdatasync()
) after every
sync_binlog
'th write to this binary
log. Note that there is one write to the binary log per
statement if in autocommit mode, and otherwise one write
per transaction. The default value is 0 which does no
synchronising to disk. A value of 1 is the safest choice,
because in the event of a crash you lose at most one
statement/transaction from the binary log; however, it is
also the slowest choice (unless the disk has a
battery-backed cache, which makes synchronisation very
fast).
sync_frm
If this variable is set to 1, then when a non-temporary
table is created its .frm
file is
synchronised to disk (fdatasync()
);
this is slower but safer in case of a crash. The default
is 1.
system_time_zone
The server system time zone. When the server begins
executing, it inherits a time zone setting from the
machine defaults, possibly modified by the environment of
the account used for running the server or the startup
script. The value is used to set
system_time_zone
. Typically the time
zone is specified by the TZ
environment
variable. It also can be specified using the
--timezone
option of the
mysqld_safe script.
table_cache
The number of open tables for all threads. Increasing this
value increases the number of file descriptors that
mysqld requires. You can check whether
you need to increase the table cache by checking the
Opened_tables
status variable. See
Section 5.3.4, “Server Status Variables”. If the value of
Opened_tables
is large and you don't do
FLUSH TABLES
a lot (which just forces
all tables to be closed and reopened), then you should
increase the value of the table_cache
variable.
For more information about the table cache, see Section 7.4.9, “How MySQL Opens and Closes Tables”.
table_type
The default table type (storage engine). To set the table
type at server startup, use the
--default-table-type
option. See
Section 5.3.1, “mysqld Command-Line Options”.
thread_cache_size
How many threads the server should cache for reuse. When a
client disconnects, the client's threads are put in the
cache if there are fewer than
thread_cache_size
threads there.
Requests for threads are satisfied by reusing threads
taken from the cache if possible, and only when the cache
is empty is a new thread created. This variable can be
increased to improve performance if you have a lot of new
connections. (Normally this doesn't give a notable
performance improvement if you have a good thread
implementation.) By examining the difference between the
Connections
and
Threads_created
status variables (see
Section 5.3.4, “Server Status Variables” for details) you
can see how efficient the thread cache is.
thread_concurrency
On Solaris, mysqld calls
thr_setconcurrency()
with this value.
This function allows applications to give the threads
system a hint about the desired number of threads that
should be run at the same time.
thread_stack
The stack size for each thread. Many of the limits
detected by the crash-me
test are
dependent on this value. The default is large enough for
normal operation. See Section 7.1.4, “The MySQL Benchmark Suite”.
time_format
This variable is not implemented.
time_zone
The current time zone. The initial value of this is
'SYSTEM'
(use the value of
system_time_zone
), but can be specified
explicitly at server startup time with the
--default-time-zone
option.
tmp_table_size
If an in-memory temporary table exceeds this size, MySQL
automatically converts it to an on-disk
MyISAM
table. Increase the value of
tmp_table_size
if you do many advanced
GROUP BY
queries and you have lots of
memory.
tmpdir
The directory used for temporary files and temporary
tables. This variable can be set to a list of several
paths that are used in round-robin fashion. Paths should
be separated by colon characters
(‘:
’) on Unix and semicolon
characters (‘;
’) on
Windows, NetWare, and OS/2.
This feature can be used to spread the load between
several physical disks. If the MySQL server is acting as a
replication slave, you should not set
tmpdir
to point to a directory on a
memory-based filesystem or to a directory that is cleared
when the server host restarts. A replication slave needs
some of its temporary files to survive a machine restart
so that it can replicate temporary tables or LOAD
DATA INFILE
operations. If files in the
temporary file directory are lost when the server
restarts, replication fails. However, if you're using
MySQL 4.0.0 or later, you may set the slave's temporary
directory using the slave_load_tmpdir
variable. In that case, the slave won't use the general
tmpdir
any more, which means you can
set tmpdir
to a non-permanent location
then.
transaction_alloc_block_size
The allocation size (in bytes) of memory blocks that are allocated for storing queries that are part of a transaction to be stored in the binary log when doing a commit.
transaction_prealloc_size
The size in bytes of the persistent buffer for
transaction_alloc_blocks
that is not
freed between queries. By making this sufficiently large
to fit all queries into a single transaction, you can
avoid many malloc()
calls.
tx_isolation
The default transaction isolation level. Defaults to
REPEATABLE-READ
.
updatable_views_with_limit
This variable controls whether updates can be made using a
view that does not contain a primary key in the underlying
table, if the update contains a LIMIT
clause. (Such updates often are generated by GUI tools.)
An update is an UPDATE
or
DELETE
statement. Primary key here
means a PRIMARY KEY
, or a
UNIQUE
index in which no column can
contain NULL
.
The variable can have two values:
1
or YES
: Issue
a warning only (not an error message). This is the
default value.
0
or NO
:
Prohibit the update.
This variable was added in MySQL 5.0.2.
version
The version number for the server.
version_bdb
The BDB
storage engine version.
version_comment
The configure script has a
--with-comment
option that allows a
comment to be specified when building MySQL. This variable
contains the value of that comment.
version_compile_machine
The type of machine or architecture which MySQL was built on.
version_compile_os
The type of operating system MySQL was built on.
wait_timeout
The number of seconds the server waits for activity on a non-interactive connection before closing it.
On thread startup, the session
wait_timeout
value is initialized from
the global wait_timeout
value or from
the global interactive_timeout
value,
depending on the type of client (as defined by the
CLIENT_INTERACTIVE
connect option to
mysql_real_connect()
). See also
interactive_timeout
.
Many server system variables are dynamic and can be set at
runtime using SET GLOBAL
or SET
SESSION
. You can also obtain their values using
SELECT
. See
Section 9.4, “System Variables”.
The following table shows the full list of all dynamic
system variables. The last column indicates for each
variable whether GLOBAL
or
SESSION
(or both) apply.
Variable Name | Value Type | Type |
autocommit | boolean | SESSION |
big_tables | boolean | SESSION |
binlog_cache_size | numeric | GLOBAL |
bulk_insert_buffer_size | numeric | GLOBAL | SESSION |
character_set_client | string | GLOBAL | SESSION |
character_set_connection | string | GLOBAL | SESSION
|
character_set_results | string | GLOBAL | SESSION |
character_set_server | string | GLOBAL | SESSION |
collation_connection | string | GLOBAL | SESSION |
collation_server | string | GLOBAL | SESSION |
completion_type | numeric | GLOBAL | SESSION |
concurrent_insert | boolean | GLOBAL |
connect_timeout | numeric | GLOBAL |
convert_character_set | string | GLOBAL | SESSION |
default_week_format | numeric | GLOBAL | SESSION |
delay_key_write | OFF | ON | ALL | GLOBAL |
delayed_insert_limit | numeric | GLOBAL |
delayed_insert_timeout | numeric | GLOBAL |
delayed_queue_size | numeric | GLOBAL |
div_precision_increment | numeric | GLOBAL | SESSION |
engine_condition_pushdown | boolean | GLOBAL | SESSION |
error_count | numeric | SESSION |
expire_logs_days | numeric | GLOBAL |
flush | boolean | GLOBAL |
flush_time | numeric | GLOBAL |
foreign_key_checks | boolean | SESSION |
ft_boolean_syntax | numeric | GLOBAL |
group_concat_max_len | numeric | GLOBAL | SESSION |
identity | numeric | SESSION |
innodb_autoextend_increment | numeric | GLOBAL |
innodb_concurrency_tickets | numeric | GLOBAL |
innodb_max_dirty_pages_pct | numeric | GLOBAL |
innodb_max_purge_lag | numeric | GLOBAL |
innodb_support_xa | boolean | GLOBAL | SESSION |
innodb_sync_spin_loops | numeric | GLOBAL |
innodb_table_locks | boolean | GLOBAL | SESSION |
innodb_thread_concurrency | numeric GLOBAL | |
innodb_thread_sleep_delay | numeric GLOBAL | |
insert_id | boolean | SESSION |
interactive_timeout | numeric | GLOBAL | SESSION |
join_buffer_size | numeric | GLOBAL | SESSION |
key_buffer_size | numeric | GLOBAL |
last_insert_id | numeric | SESSION |
local_infile | boolean | GLOBAL |
log_warnings | numeric | GLOBAL |
long_query_time | numeric | GLOBAL | SESSION |
low_priority_updates | boolean | GLOBAL | SESSION |
max_allowed_packet | numeric | GLOBAL | SESSION |
max_binlog_cache_size | numeric | GLOBAL |
max_binlog_size | numeric | GLOBAL |
max_connect_errors | numeric | GLOBAL |
max_connections | numeric | GLOBAL |
max_delayed_threads | numeric | GLOBAL |
max_error_count | numeric | GLOBAL | SESSION |
max_heap_table_size | numeric | GLOBAL | SESSION |
max_insert_delayed_threads | numeric | GLOBAL |
max_join_size | numeric | GLOBAL | SESSION |
max_relay_log_size | numeric | GLOBAL |
max_seeks_for_key | numeric | GLOBAL | SESSION |
max_sort_length | numeric | GLOBAL | SESSION |
max_tmp_tables | numeric | GLOBAL | SESSION |
max_user_connections | numeric | GLOBAL |
max_write_lock_count | numeric | GLOBAL |
myisam_stats_method | enum | GLOBAL | SESSION |
multi_read_range | numeric | GLOBAL | SESSION |
myisam_data_pointer_size | numeric | GLOBAL |
log_bin_trust_routine_creators | boolean | GLOBAL |
myisam_max_sort_file_size | numeric | GLOBAL | SESSION |
myisam_repair_threads | numeric | GLOBAL | SESSION |
myisam_sort_buffer_size | numeric | GLOBAL | SESSION |
net_buffer_length | numeric | GLOBAL | SESSION |
net_read_timeout | numeric | GLOBAL | SESSION |
net_retry_count | numeric | GLOBAL | SESSION |
net_write_timeout | numeric | GLOBAL | SESSION |
old_passwords | numeric | GLOBAL | SESSION |
optimizer_prune_level | numeric | GLOBAL | SESSION |
optimizer_search_depth | numeric | GLOBAL | SESSION |
preload_buffer_size | numeric | GLOBAL | SESSION |
query_alloc_block_size | numeric | GLOBAL | SESSION |
query_cache_limit | numeric | GLOBAL |
query_cache_size | numeric | GLOBAL |
query_cache_type | enumeration | GLOBAL | SESSION |
query_cache_wlock_invalidate | boolean | GLOBAL | SESSION |
query_prealloc_size | numeric | GLOBAL | SESSION |
range_alloc_block_size | numeric | GLOBAL | SESSION |
read_buffer_size | numeric | GLOBAL | SESSION |
read_only | numeric | GLOBAL |
read_rnd_buffer_size | numeric | GLOBAL | SESSION |
rpl_recovery_rank | numeric | GLOBAL |
safe_show_database | boolean | GLOBAL |
secure_auth | boolean | GLOBAL |
server_id | numeric | GLOBAL |
slave_compressed_protocol | boolean | GLOBAL |
slave_net_timeout | numeric | GLOBAL |
slave_transaction_retries | numeric | GLOBAL |
slow_launch_time | numeric | GLOBAL |
sort_buffer_size | numeric | GLOBAL | SESSION |
sql_auto_is_null | boolean | SESSION |
sql_big_selects | boolean | SESSION |
sql_big_tables | boolean | SESSION |
sql_buffer_result | boolean | SESSION |
sql_log_bin | boolean | SESSION |
sql_log_off | boolean | SESSION |
sql_log_update | boolean | SESSION |
sql_low_priority_updates | boolean | GLOBAL | SESSION |
sql_max_join_size | numeric | GLOBAL | SESSION |
sql_mode | enumeration | GLOBAL | SESSION |
sql_notes | boolean | SESSION |
sql_quote_show_create | boolean | SESSION |
sql_safe_updates | boolean | SESSION |
sql_select_limit | numeric | SESSION |
sql_slave_skip_counter | numeric | GLOBAL |
updatable_views_with_limit | enumeration | GLOBAL | SESSION |
sql_warnings | boolean | SESSION |
sync_binlog | numeric | GLOBAL |
sync_frm | boolean | GLOBAL |
storage_engine | enumeration | GLOBAL | SESSION |
table_cache | numeric | GLOBAL |
table_type | enumeration | GLOBAL | SESSION |
thread_cache_size | numeric | GLOBAL |
time_zone | string | GLOBAL | SESSION |
timestamp | boolean | SESSION |
tmp_table_size | enumeration | GLOBAL | SESSION |
transaction_alloc_block_size | numeric | GLOBAL | SESSION |
transaction_prealloc_size | numeric | GLOBAL | SESSION |
tx_isolation | enumeration | GLOBAL | SESSION |
unique_checks | boolean | SESSION |
wait_timeout | numeric | GLOBAL | SESSION |
warning_count | numeric | SESSION |
Variables that are marked as
string take a string value.
Variables that are marked as
numeric take a numeric
value. Variables that are marked as
boolean can be set to 0, 1,
ON
or OFF
. Variables
that are marked as
enumeration normally should
be set to one of the available values for the variable, but
can also be set to the number that corresponds to the
desired enumeration value. For enumerated system variables,
the first enumeration value corresponds to 0. This differs
from ENUM
columns, in which the first
enumeration value corresponds to 1.
The server maintains many status variables that provide
information about its operations. You can view these variables
and their values by using the SHOW STATUS
statement:
mysql> SHOW STATUS;
+-----------------------------------+------------+
| Variable_name | Value |
+-----------------------------------+------------+
| Aborted_clients | 0 |
| Aborted_connects | 0 |
| Bytes_received | 155372598 |
| Bytes_sent | 1176560426 |
…
| Connections | 30023 |
| Created_tmp_disk_tables | 0 |
| Created_tmp_files | 3 |
| Created_tmp_tables | 2 |
…
| Threads_created | 217 |
| Threads_running | 88 |
| Uptime | 1389872 |
+-----------------------------------+------------+
Many status variables are reset to 0 by the FLUSH
STATUS
statement.
The status variables have the following meanings. Variables with no version indicated were present in MySQL 5.0. For information regarding their implementation history, see MySQL 4.1 Reference Manual.
Aborted_clients
The number of connections that were aborted because the client died without closing the connection properly. See Section A.2.10, “Communication Errors and Aborted Connections”.
Aborted_connects
The number of tries to connect to the MySQL server that failed. See Section A.2.10, “Communication Errors and Aborted Connections”.
Binlog_cache_disk_use
The number of transactions that used the temporary binary
log cache but that exceeded the value of
binlog_cache_size
and used a temporary
file to store statements from the transaction.
Binlog_cache_use
The number of transactions that used the temporary binary log cache.
Bytes_received
The number of bytes received from all clients.
Bytes_sent
The number of bytes sent to all clients.
Com_
xxx
The Com_
statement counter variables indicate the number of times
each xxx
xxx
statement has been
executed. There is one status variable for each type of
statement. For example, Com_delete
and
Com_insert
count
DELETE
and INSERT
statements, respectively.
The
Com_stmt_
status variables were added in 5.0.8:
xxx
Com_stmt_prepare
Com_stmt_execute
Com_stmt_fetch
Com_stmt_send_long_data
Com_stmt_reset
Com_stmt_close
Those variables stand for prepared statements commands.
Their names refer to the
COM_
command set used in the network layer; in other words:
Their values are increased whenever prepared statements
API calls such as mysql_stmt_prepare(),
mysql_stmt_execute(), and so forth are
executed. However, xxx
Com_stmt_prepare
,
Com_stmt_execute
and
Com_stmt_close
are also increased when
one issues the following SQL statements:
PREPARE
, EXECUTE
, or
DEALLOCATE PREPARE
respectively.
Additionally, the values of the older (available since
MySQL 4.1.3) statement counter variables
Com_prepare_sql
,
Com_execute_sql
, and
Com_dealloc_sql
are increased for the
PREPARE
, EXECUTE
,
and DEALLOCATE PREPARE
statements.
Com_stmt_fetch
stands for the total
number of network round-trips issued when fetching from
cursors.
All of the
Com_stmt_
variables are increased even if a prepared statement
argument is unknown or an error occurred during execution.
In other words, their values correspond to the number of
requests issued, not to the number of requests
successfully completed.
xxx
Connections
The number of connection attempts (successful or not) to the MySQL server.
Created_tmp_disk_tables
The number of temporary tables on disk created automatically by the server while executing statements.
Created_tmp_files
How many temporary files mysqld has created.
Created_tmp_tables
The number of in-memory temporary tables created
automatically by the server while executing statements. If
Created_tmp_disk_tables
is big, you may
want to increase the tmp_table_size
value to cause temporary tables to be memory-based instead
of disk-based.
Delayed_errors
The number of rows written with INSERT
DELAYED
for which some error occurred (probably
duplicate key
).
Delayed_insert_threads
The number of INSERT DELAYED
handler
threads in use.
Delayed_writes
The number of INSERT DELAYED
rows
written.
Flush_commands
The number of executed FLUSH
statements.
Handler_commit
The number of internal COMMIT
statements.
Handler_discover
The MySQL server can ask the NDB
Cluster
storage engine if it knows about a table
with a given name. This is called discovery.
Handler_discover
indicates the number
of times that tables have been discovered via this
mechanism.
Handler_delete
The number of times that rows have been deleted from tables.
Handler_read_first
The number of times the first entry was read from an
index. If this is high, it suggests that the server is
doing a lot of full index scans; for example,
SELECT col1 FROM foo
, assuming that
col1
is indexed.
Handler_read_key
The number of requests to read a row based on a key. If this is high, it is a good indication that your queries and tables are properly indexed.
Handler_read_next
The number of requests to read the next row in key order. This is incremented if you are querying an index column with a range constraint or if you are doing an index scan.
Handler_read_prev
The number of requests to read the previous row in key
order. This read method is mainly used to optimize
ORDER BY ... DESC
.
Handler_read_rnd
The number of requests to read a row based on a fixed position. This is high if you are doing a lot of queries that require sorting of the result. You probably have a lot of queries that require MySQL to scan whole tables or you have joins that don't use keys properly.
Handler_read_rnd_next
The number of requests to read the next row in the data file. This is high if you are doing a lot of table scans. Generally this suggests that your tables are not properly indexed or that your queries are not written to take advantage of the indexes you have.
Handler_rollback
The number of internal ROLLBACK
statements.
Handler_update
The number of requests to update a row in a table.
Handler_write
The number of requests to insert a row in a table.
Innodb_buffer_pool_pages_data
The number of pages containing data (dirty or clean). Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_dirty
The number of pages currently dirty. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_flushed
The number of buffer pool pages that have been requested to be flushed. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_free
The number of free pages. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_latched
The number of latched pages in InnoDB
buffer pool. These are pages currently being read or
written or that cannot be flushed or removed for some
other reason. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_misc
The number of pages busy because they have been allocated
for administrative overhead such as row locks or the
adaptive hash index. This value can also be calculated as
Innodb_buffer_pool_pages_total
-
Innodb_buffer_pool_pages_free
-
Innodb_buffer_pool_pages_data
. Added in
MySQL 5.0.2.
Innodb_buffer_pool_pages_total
Total size of buffer pool, in pages. Added in MySQL 5.0.2.
Innodb_buffer_pool_read_ahead_rnd
The number of “random” read-aheads
InnoDB
initiated. This happens when a
query is to scan a large portion of a table but in random
order. Added in MySQL 5.0.2.
Innodb_buffer_pool_read_ahead_seq
The number of sequential read-aheads
InnoDB
initiated. This happens when
InnoDB
does a sequential full table
scan. Added in MySQL 5.0.2.
Innodb_buffer_pool_read_requests
The number of logical read requests
InnoDB
has done. Added in MySQL 5.0.2.
Innodb_buffer_pool_reads
The number of logical reads that InnoDB
could not satisfy from the buffer pool and had to do a
single-page read. Added in MySQL 5.0.2.
Innodb_buffer_pool_wait_free
Normally, writes to the InnoDB
buffer
pool happen in the background. However, if it is necessary
to read or create a page and no clean pages are available,
then it is also necessary to wait for pages to be flushed
first. This counter counts instances of these waits. If
the buffer pool size has been set properly, this value
should be small. Added in MySQL 5.0.2.
Innodb_buffer_pool_write_requests
The number writes done to the InnoDB
buffer pool. Added in MySQL 5.0.2.
Innodb_data_fsyncs
The number of fsync()
operations so
far. Added in MySQL 5.0.2.
Innodb_data_pending_fsyncs
The current number of pending fsync()
operations. Added in MySQL 5.0.2.
Innodb_data_pending_reads
The current number of pending reads. Added in MySQL 5.0.2.
Innodb_data_pending_writes
The current number of pending writes. Added in MySQL 5.0.2.
Innodb_data_read
The amount of data read so far, in bytes. Added in MySQL 5.0.2.
Innodb_data_reads
The total number of data reads. Added in MySQL 5.0.2.
Innodb_data_writes
The total number of data writes. Added in MySQL 5.0.2.
Innodb_data_written
The amount of data written so far, in bytes. Added in MySQL 5.0.2.
Innodb_dblwr_writes
,
Innodb_dblwr_pages_written
The number of doublewrite operations that have been performed and the number of pages that have been written for this purpose. Added in MySQL 5.0.2. See Section 15.14.1, “Disk I/O”.
Innodb_log_waits
The number of waits we had because log buffer was too small and we had to wait for it to be flushed before continuing. Added in MySQL 5.0.2.
Innodb_log_write_requests
The number of log write requests. Added in MySQL 5.0.2.
Innodb_log_writes
The number of physical writes to the log file. Added in MySQL 5.0.2.
Innodb_os_log_fsyncs
The number of fsync()
writes done to
the log file. Added in MySQL 5.0.2.
Innodb_os_log_pending_fsyncs
The number of pending log file fsync()
operations. Added in MySQL 5.0.2.
Innodb_os_log_pending_writes
Pending log file writes. Added in MySQL 5.0.2.
Innodb_os_log_written
The number of bytes written to the log file. Added in MySQL 5.0.2.
Innodb_page_size
The compiled-in InnoDB
page size
(default 16KB). Many values are counted in pages; the page
size allows them to be easily converted to bytes. Added in
MySQL 5.0.2.
Innodb_pages_created
The number of pages created. Added in MySQL 5.0.2.
Innodb_pages_read
The number of pages read. Added in MySQL 5.0.2.
Innodb_pages_written
The number of pages written. Added in MySQL 5.0.2.
Innodb_row_lock_current_waits
The number of row locks currently being waited for. Added in MySQL 5.0.3.
Innodb_row_lock_time
The total time spent in acquiring row locks, in milliseconds. Added in MySQL 5.0.3.
Innodb_row_lock_time_avg
The average time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.
Innodb_row_lock_time_max
The maximum time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.
Innodb_row_lock_waits
The number of times a row lock had to be waited for. Added in MySQL 5.0.3.
Innodb_rows_deleted
The number of rows deleted from InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_inserted
The number of rows inserted into InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_read
The number of rows read from InnoDB
tables. Added in MySQL 5.0.2.
Innodb_rows_updated
The number of rows updated in InnoDB
tables. Added in MySQL 5.0.2.
Key_blocks_not_flushed
The number of key blocks in the key cache that have changed but haven't yet been flushed to disk.
Key_blocks_unused
The number of unused blocks in the key cache. You can use
this value to determine how much of the key cache is in
use; see the discussion of
key_buffer_size
in
Section 5.3.3, “Server System Variables”.
Key_blocks_used
The number of used blocks in the key cache. This value is a high-water mark that indicates the maximum number of blocks that have ever been in use at one time.
Key_read_requests
The number of requests to read a key block from the cache.
Key_reads
The number of physical reads of a key block from disk. If
Key_reads
is big, then your
key_buffer_size
value is probably too
small. The cache miss rate can be calculated as
Key_reads
/Key_read_requests
.
Key_write_requests
The number of requests to write a key block to the cache.
Key_writes
The number of physical writes of a key block to disk.
Last_query_cost
The total cost of the last compiled query as computed by
the query optimizer. Useful for comparing the cost of
different query plans for the same query. The default
value of 0 means that no query has been compiled yet. This
variable was added in MySQL 5.0.1, with a default value of
-1. In MySQL 5.0.7, the default was changed to 0; also in
version 5.0.7, the scope of
Last_query_cost
was changed to session
rather than global.
Prior to MySQL 5.0.16, this variable was not updated for queries served from the query cache.
Max_used_connections
The maximum number of connections that have been in use simultaneously since the server started.
Not_flushed_delayed_rows
The number of rows waiting to be written in
INSERT DELAY
queues.
Open_files
The number of files that are open.
Open_streams
The number of streams that are open (used mainly for logging).
Open_tables
The number of tables that are currently open.
Opened_tables
The number of tables that have been opened. If
Opened_tables
is big, your
table_cache
value is probably too
small.
Qcache_free_blocks
The number of free memory blocks in query cache.
Qcache_free_memory
The amount of free memory for query cache.
Qcache_hits
The number of cache hits.
Qcache_inserts
The number of queries added to the cache.
Qcache_lowmem_prunes
The number of queries that were deleted from the cache because of low memory.
Qcache_not_cached
The number of non-cached queries (not cachable, or not
cached due to the query_cache_type
setting).
Qcache_queries_in_cache
The number of queries registered in the cache.
Qcache_total_blocks
The total number of blocks in the query cache.
Questions
The number of queries that have been sent to the server.
Rpl_status
The status of failsafe replication (not yet implemented).
Select_full_join
The number of joins that do not use indexes. If this value is not 0, you should carefully check the indexes of your tables.
Select_full_range_join
The number of joins that used a range search on a reference table.
Select_range
The number of joins that used ranges on the first table. It is normally not a critical issue even if this is quite large.
Select_range_check
The number of joins without keys that check for key usage after each row. If this is not 0, you should carefully check the indexes of your tables.
Select_scan
The number of joins that did a full scan of the first table.
Slave_open_temp_tables
The number of temporary tables currently open by the slave SQL thread.
Slave_running
This is ON
if this server is a slave
that is connected to a master.
Slave_retried_transactions
Total number of times since startup that the replication slave SQL thread has retried transactions. In MySQL 5.0, this variable was added in version 5.0.4.
Slow_launch_threads
The number of threads that have taken more than
slow_launch_time
seconds to create.
Slow_queries
The number of queries that have taken more than
long_query_time
seconds. See
Section 5.11.4, “The Slow Query Log”.
Sort_merge_passes
The number of merge passes the sort algorithm has had to
do. If this value is large, you should consider increasing
the value of the sort_buffer_size
system variable.
Sort_range
The number of sorts that were done using ranges.
Sort_rows
The number of sorted rows.
Sort_scan
The number of sorts that were done by scanning the table.
Ssl_
xxx
Variables used for SSL connections.
Table_locks_immediate
The number of times that a table lock was acquired immediately.
Table_locks_waited
The number of times that a table lock could not be acquired immediately and a wait was needed. If this is high, and you have performance problems, you should first optimize your queries, and then either split your table or tables or use replication.
Threads_cached
The number of threads in the thread cache.
Threads_connected
The number of currently open connections.
Threads_created
The number of threads created to handle connections. If
Threads_created
is big, you may want to
increase the thread_cache_size
value.
The cache hit rate can be calculated as
Threads_created
/Connections
.
Threads_running
The number of threads that are not sleeping.
Uptime
The number of seconds the server has been up.
Some releases of MySQL introduce changes to the structure of
the system tables in the mysql
database to
add new privileges or features. When you update to a new
version of MySQL, you should update your system tables as well
to make sure that their structure is up to date. First make a
backup of your mysql
database, and then use
the following procedure.
On Unix or Unix-like systems, update the system tables by running the mysql_fix_privilege_tables script:
shell> mysql_fix_privilege_tables
You must run this script while the server is running. It
attempts to connect to the server running on the local host as
root
. If your root
account requires a password, indicate the password on the
command line like this:
shell> mysql_fix_privilege_tables --password=root_password
The mysql_fix_privilege_tables script
performs any actions necessary to convert your system tables
to the current format. You might see some Duplicate
column name
warnings as it runs; you can ignore
them.
After running the script, stop the server and restart it.
On Windows systems, MySQL distributions include a
mysql_fix_privilege_tables.sql
SQL script
that you can run using the mysql client.
For example, if your MySQL installation is located at
C:\Program Files\MySQL\MySQL Server
5.0
, the commands look like this:
C:\>C:\Program Files\MySQL\MySQL Server 5.0\bin\mysql -u root -p mysql
mysql>SOURCE C:/Program Files/MySQL/MySQL Server 5.0/scripts/mysql_fix_privilege_tables.sql
If your installation is located in some other directory, adjust the pathnames appropriately.
The mysql command will prompt you for the
root
password; enter it when prompted.
As with the Unix procedure, you might see some
Duplicate column name
warnings as
mysql processes the statements in the
mysql_fix_privilege_tables.sql
script;
you can ignore them.
After running the script, stop the server and restart it.
The server shutdown process can be summarized as follows:
The shutdown process is initiated
The server creates a shutdown thread if necessary
The server stops accepting new connections
The server terminates current activity
Storage engines are shut down or closed
The server exits
A more detailed description of the process follows:
The shutdown process is initiated.
Server shutdown can be initiated several ways. For example, a
user with the SHUTDOWN
privilege can
execute a mysqladmin shutdown command.
mysqladmin can be used on any platform
supported by MySQL. Other operating system-specific shutdown
initiation methods are possible as well: The server shuts down
on Unix when it receives a SIGTERM
signal.
A server running as a service on Windows shuts down when the
services manager tells it to.
The server creates a shutdown thread if necessary.
Depending on how shutdown was initiated, the server might
create a thread to handle the shutdown process. If shutdown
was requested by a client, a shutdown thread is created. If
shutdown is the result of receiving a
SIGTERM
signal, the signal thread might
handle shutdown itself, or it might create a separate thread
to do so. If the server tries to create a shutdown thread and
cannot (for example, if memory is exhausted), it issues a
diagnostic message that appears in the error log:
Error: Can't create thread to kill server
The server stops accepting new connections.
To prevent new activity from being initiated during shutdown, the server stops accepting new client connections. It does this by closing the network connections to which it normally listens for connections: the TCP/IP port, the Unix socket file, the Windows named pipe, and shared memory on Windows.
The server terminates current activity.
For each thread that is associated with a client connection,
the connection to the client is broken and the thread is
marked as killed. Threads die when they notice that they are
so marked. Threads for idle connections die quickly. Threads
that currently are processing queries check their state
periodically and take longer to die. For additional
information about thread termination, see
Section 13.5.5.3, “KILL
Syntax”, in particular for the instructions
about killed REPAIR TABLE
or
OPTIMIZE TABLE
operations on
MyISAM
tables.
For threads that have an open transaction, the transaction is
rolled back. Note that if a thread is updating a
non-transactional table, an operation such as a multiple-row
UPDATE
or INSERT
may
leave the table partially updated, because the operation can
terminate before completion.
If the server is a master replication server, threads associated with currently connected slaves are treated like other client threads. That is, each one is marked as killed and exits when it next checks its state.
If the server is a slave replication server, the I/O and SQL threads, if active, are stopped before client threads are marked as killed. The SQL thread is allowed to finish its current statement (to avoid causing replication problems) then stops. If the SQL thread was in the middle of a transaction at this point, the transaction is rolled back.
Storage engines are shut down or closed.
At this stage, the table cache is flushed and all open tables are closed.
Each storage engine performs any actions necessary for tables
that it manages. For example, MyISAM flushes any pending index
writes for a table. InnoDB flushes its buffer pool to disk
(starting from 5.0.5: unless
innodb_fast_shutdown
is 2), writes the
current LSN to the tablespace, and terminates its own internal
threads.
The server exits.
This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Section 5.7, “The MySQL Access Privilege System”.
Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, we emphasize the necessity of fully protecting the entire server host (not just the MySQL server) against all types of applicable attacks: eavesdropping, altering, playback, and denial of service. We do not cover all aspects of availability and fault tolerance here.
MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform. There is also some support for SSL-encrypted connections between MySQL clients and servers. Many of the concepts discussed here are not specific to MySQL at all; the same general ideas apply to almost all applications.
When running MySQL, follow these guidelines whenever possible:
Do not ever give anyone (except MySQL
root
accounts) access to the
user
table in the
mysql
database! This is
critical. The encrypted password is
the real password in MySQL. Anyone who knows the
password that is listed in the user
table
and has access to the host listed for the account
can easily log in as that
user.
Learn the MySQL access privilege system. The
GRANT
and REVOKE
statements are used for controlling access to MySQL. Do not
grant more privileges than necessary. Never grant privileges
to all hosts.
Checklist:
Try mysql -u root
. If you are able to
connect successfully to the server without being asked
for a password, you have problems. Anyone can connect to
your MySQL server as the MySQL root
user with full privileges! Review the MySQL installation
instructions, paying particular attention to the
information about setting a root
password. See Section 2.9.3, “Securing the Initial MySQL Accounts”.
Use the SHOW GRANTS
statement and
check to see who has access to what. Then use the
REVOKE
statement to remove those
privileges that are not necessary.
Do not store any plain-text passwords in your database. If
your computer becomes compromised, the intruder can take the
full list of passwords and use them. Instead, use
MD5()
, SHA1()
, or some
other one-way hashing function.
Do not choose passwords from dictionaries. There are special programs to break them. Even passwords like “xfish98” are very bad. Much better is “duag98” which contains the same word “fish” but typed one key to the left on a standard QWERTY keyboard. Another method is to use “Mhall” which is taken from the first characters of each word in the sentence “Mary had a little lamb.” This is easy to remember and type, but difficult to guess for someone who does not know it.
Invest in a firewall. This protects you from at least 50% of all types of exploits in any software. Put MySQL behind the firewall or in a demilitarized zone (DMZ).
Checklist:
Try to scan your ports from the Internet using a tool
such as nmap
. MySQL uses port 3306 by
default. This port should not be accessible from
untrusted hosts. Another simple way to check whether or
not your MySQL port is open is to try the following
command from some remote machine, where
server_host
is the host on which your
MySQL server runs:
shell> telnet server_host 3306
If you get a connection and some garbage characters, the
port is open, and should be closed on your firewall or
router, unless you really have a good reason to keep it
open. If telnet
hangs or the
connection is refused, then the port is blocked, which
is how you want it to be.
Do not trust any data entered by users of your applications.
They can try to trick your code by entering special or
escaped character sequences in Web forms, URLs, or whatever
application you have built. Be sure that your application
remains secure if a user enters something like
“; DROP DATABASE mysql;
”.
This is an extreme example, but large security leaks and
data loss might occur as a result of hackers using similar
techniques, if you do not prepare for them.
A common mistake is to protect only string data values.
Remember to check numeric data as well. If an application
generates a query such as SELECT * FROM table WHERE
ID=234
when a user enters the value
234
, the user can enter the value
234 OR 1=1
to cause the application to
generate the query SELECT * FROM table WHERE ID=234
OR 1=1
. As a result, the server retrieves every
record in the table. This exposes every record and causes
excessive server load. The simplest way to protect from this
type of attack is to use single quotes around the numeric
constants: SELECT * FROM table WHERE
ID='234'
. If the user enters extra information, it
all becomes part of the string. In a numeric context, MySQL
automatically converts this string to a number and strips
any trailing non-numeric characters which the string may
contain.
Sometimes people think that if a database contains only publicly available data, it need not be protected. This is incorrect. Even if it is allowable to display any record in the database, you should still protect against denial of service attacks (for example, those that are based on the technique in the preceding paragraph that causes the server to waste resources). Otherwise, your server becomes unresponsive to legitimate users.
Checklist:
Try to enter single and double quote marks
(‘'
’ and
‘"
’) in all of your Web
forms. If you get any kind of MySQL error, investigate
the problem right away.
Try to modify dynamic URLs by adding
%22
(‘"
’),
%23
(‘#
’), and
%27
(‘'
’) to them.
Try to modify data types in dynamic URLs from numeric to character types using the characters shown in the previous examples. Your application should be safe against these and similar attacks.
Try to enter characters, spaces, and special symbols rather than numbers in numeric fields. Your application should remove them before passing them to MySQL or else generate an error. Passing unchecked values to MySQL is very dangerous!
Check the size of data before passing it to MySQL.
Have your application connect to the database using a different username than the one you use for administrative purposes. Do not give your applications any access privileges they do not need.
Many application programming interfaces provide a means of escaping special characters in data values. Properly used, this prevents application users from entering values that cause the application to generate statements that have a different effect than you intend:
MySQL C API: Use the
mysql_real_escape_string()
API call.
MySQL++: Use the escape
and
quote
modifiers for query streams.
PHP: Use the mysql_escape_string()
function, which is based on the function of the same
name in the MySQL C API. (Prior to PHP 4.0.3, use
addslashes()
instead.) In PHP 5, you
can use the mysqli
extension, which
supports the improved MySQL authentication protocol and
passwords, as well as prepared statements with
placeholders.
Perl DBI: Use the quote()
method or
use placeholders.
Java JDBC: Use a PreparedStatement
object and placeholders.
Other programming interfaces might have similar capabilities.
Do not transmit plain (unencrypted) data over the Internet. This information is accessible to everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an encrypted protocol such as SSL or SSH. MySQL supports internal SSL connections as of Version 4.0.0. SSH port-forwarding can be used to create an encrypted (and compressed) tunnel for the communication.
Learn to use the tcpdump
and
strings
utilities. In most cases, you can
check whether MySQL data streams are unencrypted by issuing
a command like the following:
shell> tcpdump -l -i eth0 -w - src or dst port 3306 | strings
(This works under Linux and should work with small modifications under other systems.) Warning: If you do not see plaintext data, this doesn't always mean that the information actually is encrypted. If you need high security, you should consult with a security expert.
When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure. If you are still using pre-4.1.1-style passwords, the encryption algorithm is not as strong as the newer algorithm; with some effort a clever attacker who can sniff the traffic between the client and the server can crack the password. (See Section 5.7.9, “Password Hashing in MySQL 4.1” for a discussion of the different password handling methods.) If the connection between the client and the server goes through an untrusted network, you should use an SSH tunnel to encrypt the communication.
All other information is transferred as text, and can be read by anyone who is able to watch the connection. If you are concerned about this, you can use the compressed protocol to make traffic much more difficult to decipher. To make the connection even more secure, you should use SSH to get an encrypted TCP/IP connection between a MySQL server and a MySQL client. You can find an Open Source SSH client at http://www.openssh.org/, and a commercial SSH client at http://www.ssh.com/.
In MySQL 5.0, you can also use internal OpenSSL support. See Section 5.8.7, “Using Secure Connections”.
To make a MySQL system secure, you should strongly consider the following suggestions:
Use passwords for all MySQL users. A client program does not
necessarily know the identity of the person running it. It
is common for client/server applications that the user can
specify any username to the client program. For example,
anyone can use the mysql program to
connect as any other person simply by invoking it as
mysql -u
if
other_user
db_name
other_user
has no password. If
all users have a password, connecting using another user's
account becomes much more difficult.
To change the password for a user, use the SET
PASSWORD
statement. It is also possible to update
the user
table in the
mysql
database directly. For example, to
change the password of all MySQL accounts that have a
username of root
, do this:
shell>mysql -u root
mysql>UPDATE mysql.user SET Password=PASSWORD('
->newpwd
')WHERE User='root';
mysql>FLUSH PRIVILEGES;
Never run the MySQL server as the Unix
root
user. This is extremely dangerous,
because any user with the FILE
privilege
is able to create files as root
(for
example, ~root/.bashrc
). To prevent this,
mysqld refuses to run as
root
unless that is specified explicitly
using the --user=root
option.
mysqld can (and should) be run as an
ordinary unprivileged user instead. You can create a
separate Unix account named mysql
to make
everything even more secure. Use this account only for
administering MySQL. To start mysqld as a
different Unix user, add a user
option
that specifies the username to the
[mysqld]
group of the
/etc/my.cnf
option file or the
my.cnf
option file in the server's data
directory. For example:
[mysqld] user=mysql
This causes the server to start as the designated user whether you start it manually or by using mysqld_safe or mysql.server. For more details, see Section A.3.2, “How to Run MySQL as a Normal User”.
Running mysqld as a Unix user other than
root
does not mean that you need to
change the root
username in the
user
table. Usernames for MySQL accounts
have nothing to do with usernames for Unix accounts.
Don't allow the use of symlinks to tables. (This can be
disabled with the --skip-symbolic-links
option.) This is especially important if you run
mysqld as root
,
because anyone that has write access to the server's data
directory then could delete any file in the system! See
Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
Make sure that the only Unix user with read or write privileges in the database directories is the user that mysqld runs as.
Don't grant the PROCESS
or
SUPER
privilege to non-administrative
users. The output of mysqladmin
processlist shows the text of any executing
queries currently being executed, so any user who is allowed
to run that command might be able to see if another user
issues an UPDATE user SET
password=PASSWORD('not_secure')
query.
mysqld reserves an extra connection for
users who have the SUPER
privilege, so
that a MySQL root
user can log in and
check server activity even if all normal connections are in
use.
The SUPER
privilege can be used to
terminate client connections, change server operation by
changing the value of system variables, and control
replication servers.
Don't grant the FILE
privilege to
non-administrative users. Any user that has this privilege
can write a file anywhere in the filesystem with the
privileges of the mysqld daemon! To make
this a bit safer, files generated with SELECT ...
INTO OUTFILE
do not overwrite existing files and
are writable by everyone.
The FILE
privilege may also be used to
read any file that is world-readable or accessible to the
Unix user that the server runs as. With this privilege, you
can read any file into a database table. This could be
abused, for example, by using LOAD DATA
to load /etc/passwd
into a table, which
then can be displayed with SELECT
.
If you don't trust your DNS, you should use IP numbers rather than hostnames in the grant tables. In any case, you should be very careful about creating grant table entries using hostname values that contain wildcards!
If you want to restrict the number of connections allowed
for a single account, you can do so by setting the
max_user_connections
variable in
mysqld. The GRANT
statement also supports resource control options for
limiting the extent of server use allowed to an account. See
Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
The following mysqld options affect security:
--allow-suspicious-udfs
This option controls whether user-defined functions that
have only an xxx
symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded. This prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. For MySQL 5.0, this option was added in MySQL 5.0.3.
See Section 25.2.3.6, “User-Defined Function Security Precautions”.
--local-infile[={0|1}]
If you start the server with
--local-infile=0
, clients cannot use
LOCAL
in LOAD DATA
statements. See Section 5.6.4, “Security Issues with LOAD DATA LOCAL
”.
--old-passwords
Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.7.9, “Password Hashing in MySQL 4.1”.
(OBSOLETE)
--safe-show-database
In previous versions of MySQL, this option caused the
SHOW DATABASES
statement to display the
names of only those databases for which the user had some
kind of privilege. In MySQL 5.0, this option is
no longer available as this is now the default behavior, and
there is a SHOW DATABASES
privilege that
can be used to control access to database names on a
per-account basis. See Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
--safe-user-create
If this is enabled, a user cannot create new users with the
GRANT
statement unless the user has the
INSERT
privilege for the
mysql.user
table. If you want a user to
have the ability to create new users with those privileges
that the user has right to grant, you should grant the user
the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'user_name
'@'host_name
';
This ensures that the user can't change any privilege
columns directly, but has to use the
GRANT
statement to give privileges to
other users.
--secure-auth
Disallow authentication for accounts that have old (pre-4.1) passwords.
--skip-grant-tables
This option causes the server not to use the privilege
system at all. This gives everyone full
access to all databases! (You can tell a running
server to start using the grant tables again by executing a
mysqladmin flush-privileges or
mysqladmin reload command, or by issuing
a FLUSH PRIVILEGES
statement.)
--skip-name-resolve
Hostnames are not resolved. All Host
column values in the grant tables must be IP numbers or
localhost
.
--skip-networking
Don't allow TCP/IP connections over the network. All connections to mysqld must be made via Unix socket files.
--skip-show-database
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES
privilege, and the
statement displays all database names. Without this option,
SHOW DATABASES
is allowed to all users,
but displays each database name only if the user has the
SHOW DATABASES
privilege or some
privilege for the database. Note that any global privilege
is a privilege for the database.
The LOAD DATA
statement can load a file that
is located on the server host, or it can load a file that is
located on the client host when the LOCAL
keyword is specified.
There are two potential security issues with supporting the
LOCAL
version of LOAD DATA
statements:
The transfer of the file from the client host to the server
host is initiated by the MySQL server. In theory, a patched
server could be built that would tell the client program to
transfer a file of the server's choosing rather than the
file named by the client in the LOAD DATA
statement. Such a server could access any file on the client
host to which the client user has read access.
In a Web environment where the clients are connecting from a
Web server, a user could use LOAD DATA
LOCAL
to read any files that the Web server
process has read access to (assuming that a user could run
any command against the SQL server). In this environment,
the client with respect to the MySQL server actually is the
Web server, not the program being run by the user connecting
to the Web server.
To deal with these problems, we changed how LOAD DATA
LOCAL
is handled as of MySQL 3.23.49 and MySQL 4.0.2
(4.0.13 on Windows):
By default, all MySQL clients and libraries in binary
distributions are now compiled with the
--enable-local-infile
option, to be
compatible with MySQL 3.23.48 and before.
If you build MySQL from source but don't use the
--enable-local-infile
option to
configure, LOAD DATA
LOCAL
cannot be used by any client unless it is
written explicitly to invoke mysql_options(...
MYSQL_OPT_LOCAL_INFILE, 0)
. See
Section 23.2.3.48, “mysql_options()
”.
You can disable all LOAD DATA LOCAL
commands from the server side by starting
mysqld with the
--local-infile=0
option.
For the mysql command-line client,
LOAD DATA LOCAL
can be enabled by
specifying the --local-infile[=1]
option,
or disabled with the --local-infile=0
option. Similarly, for mysqlimport, the
--local
or -L
option
enables local data file loading. In any case, successful use
of a local loading operation requires that the server is
enabled to allow it.
If you use LOAD DATA LOCAL
in Perl
scripts or other programs that read the
[client]
group from option files, you can
add the local-infile=1
option to that
group. However, to keep this from causing problems for
programs that do not understand
local-infile
, specify it using the
loose-
prefix:
[client] loose-local-infile=1
If LOAD DATA LOCAL INFILE
is disabled,
either in the server or the client, a client that attempts
to issue such a statement receives the following error
message:
ERROR 1148: The used command is not allowed with this MySQL version
Access denied
ErrorsMySQL has an advanced but non-standard security and privilege system. This section describes how it works.
The primary function of the MySQL privilege system is to
authenticate a user connecting from a given host, and to
associate that user with privileges on a database such as
SELECT
, INSERT
,
UPDATE
, and DELETE
.
Additional functionality includes the ability to have anonymous
users and to grant privileges for MySQL-specific functions such
as LOAD DATA INFILE
and administrative
operations.
The MySQL privilege system ensures that all users may perform only the operations allowed to them. As a user, when you connect to a MySQL server, your identity is determined by the host from which you connect and the username you specify. When you issue requests after connecting, the system grants privileges according to your identity and what you want to do.
MySQL considers both your hostname and username in identifying
you because there is little reason to assume that a given
username belongs to the same person everywhere on the Internet.
For example, the user joe
who connects from
office.com
need not be the same person as the
user joe
who connects from
elsewhere.com
. MySQL handles this by allowing
you to distinguish users on different hosts that happen to have
the same name: You can grant one set of privileges for
connections by joe
from
office.com
, and a different set of privileges
for connections by joe
from
elsewhere.com
.
MySQL access control involves two stages:
Stage 1: The server checks whether it should allow you to connect.
Stage 2: Assuming that you can connect, the server checks
each statement you issue to see whether you have sufficient
privileges to perform it. For example, if you try to select
rows from a table in a database or drop a table from the
database, the server verifies that you have the
SELECT
privilege for the table or the
DROP
privilege for the database.
If your privileges are changed (either by yourself or someone else) while you are connected, those changes do not necessarily take effect immediately for the next statement you issue. See Section 5.7.7, “When Privilege Changes Take Effect” for details.
The server stores privilege information in the grant tables of
the mysql
database (that is, in the database
named mysql
). The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.7.7, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
Normally, you manipulate the contents of the grant tables
indirectly by using the GRANT
and
REVOKE
statements to set up accounts and
control the privileges available to each one. See
Section 13.5.1.3, “GRANT
and REVOKE
Syntax”. The discussion here describes the
underlying structure of the grant tables and how the server uses
their contents when interacting with clients.
The server uses the user
,
db
, and host
tables in the
mysql
database at both stages of access
control. The columns in these grant tables are shown here:
Table Name | user | db | host |
Scope columns | Host | Host | Host |
User | Db | Db | |
Password | User | ||
Privilege columns | Select_priv | Select_priv | Select_priv |
Insert_priv | Insert_priv | Insert_priv | |
Update_priv | Update_priv | Update_priv | |
Delete_priv | Delete_priv | Delete_priv | |
Index_priv | Index_priv | Index_priv | |
Alter_priv | Alter_priv | Alter_priv | |
Create_priv | Create_priv | Create_priv | |
Drop_priv | Drop_priv | Drop_priv | |
Grant_priv | Grant_priv | Grant_priv | |
Create_view_priv | Create_view_priv | Create_view_priv | |
Show_view_priv | Show_view_priv | Show_view_priv | |
Create_routine_priv | Create_routine_priv | ||
Alter_routine_priv | Alter_routine_priv | ||
References_priv | References_priv | References_priv | |
Reload_priv | |||
Shutdown_priv | |||
Process_priv | |||
File_priv | |||
Show_db_priv | |||
Super_priv | |||
Create_tmp_table_priv | Create_tmp_table_priv | Create_tmp_table_priv | |
Lock_tables_priv | Lock_tables_priv | Lock_tables_priv | |
Execute_priv | |||
Repl_slave_priv | |||
Repl_client_priv | |||
Security columns | ssl_type | ||
ssl_cipher | |||
x509_issuer | |||
x509_subject | |||
Resource control columns | max_questions | ||
max_updates | |||
max_connections | |||
max_user_connections |
Execute_priv
was present in MySQL 5.0.0, but
did not become operational until MySQL 5.0.3.
The Create_view_priv
and
Show_view_priv
columns were added in MySQL
5.0.1.
The Create_routine_priv
,
Alter_routine_priv
, and
max_user_connections
columns were added in
MySQL 5.0.3.
During the second stage of access control, the server performs
request verification to make sure that each client has
sufficient privileges for each request that it issues. In
addition to the user
, db
,
and host
grant tables, the server may also
consult the tables_priv
and
columns_priv
tables for requests that involve
tables. The tables_priv
and
columns_priv
tables provide finer privilege
control at the table and column levels. They have the following
columns:
Table Name | tables_priv | columns_priv |
Scope columns | Host | Host |
Db | Db | |
User | User | |
Table_name | Table_name | |
Column_name | ||
Privilege columns | Table_priv | Column_priv |
Column_priv | ||
Other columns | Timestamp | Timestamp |
Grantor |
The Timestamp
and Grantor
columns currently are unused and are not discussed any further
here.
For verification of requests that involve stored routines, the
server may consult the procs_priv
table. This
table has the following columns:
Table Name | procs_priv |
Scope columns | Host |
Db | |
User | |
Routine_name | |
Routine_type | |
Privilege columns | Proc_priv |
Other columns | Timestamp |
Grantor |
The procs_priv
table exists as of MySQL
5.0.3. The Routine_type
column was added in
MySQL 5.0.6. It is an ENUM
column with values
of 'FUNCTION'
or
'PROCEDURE'
to indicate the type of routine
the row refers to. This column allows privileges to be granted
separately for a function and a procedure with the same name.
The Timestamp
and Grantor
columns currently are unused and are discussed no further here.
Each grant table contains scope columns and privilege columns:
Scope columns determine the scope of each entry (row) in the
tables; that is, the context in which the row applies. For
example, a user
table row with
Host
and User
values
of 'thomas.loc.gov'
and
'bob'
would be used for authenticating
connections made to the server from the host
thomas.loc.gov
by a client that specifies
a username of bob
. Similarly, a
db
table row with
Host
, User
, and
Db
column values of
'thomas.loc.gov'
,
'bob'
and 'reports'
would be used when bob
connects from the
host thomas.loc.gov
to access the
reports
database. The
tables_priv
and
columns_priv
tables contain scope columns
indicating tables or table/column combinations to which each
row applies. The procs_priv
scope columns
indicate the store routine to which each row applies.
Privilege columns indicate which privileges are granted by a table row; that is, what operations can be performed. The server combines the information in the various grant tables to form a complete description of a user's privileges. The rules used to do this are described in Section 5.7.6, “Access Control, Stage 2: Request Verification”.
Scope columns contain strings. They are declared as shown here; the default value for each is the empty string:
Column Name | Type |
Host | CHAR(60) |
User | CHAR(16) |
Password | CHAR(16) |
Db | CHAR(64) |
Table_name | CHAR(64) |
Column_name | CHAR(64) |
Routine_name | CHAR(64) |
For access-checking purposes, comparisons of
Host
values are case-insensitive.
User
, Password
,
Db
, and Table_name
values
are case sensitive. Column_name
values are
case insensitive.
In the user
, db
, and
host
tables, each privilege is listed in a
separate column that is declared as ENUM('N','Y')
DEFAULT 'N'
. In other words, each privilege can be
disabled or enabled, with the default being disabled.
In the tables_priv
,
columns_priv
, and
procs_priv
tables, the privilege columns are
declared as SET
columns. Values in these
columns can contain any combination of the privileges controlled
by the table:
Table Name | Column Name | Possible Set Elements |
tables_priv | Table_priv | 'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop',
'Grant', 'References', 'Index', 'Alter' |
tables_priv | Column_priv | 'Select', 'Insert', 'Update', 'References' |
columns_priv | Column_priv | 'Select', 'Insert', 'Update', 'References' |
procs_priv | Proc_priv | 'Execute', 'Alter Routine', 'Grant' |
Briefly, the server uses the grant tables as follows:
The user
table scope columns determine
whether to reject or allow incoming connections. For allowed
connections, any privileges granted in the
user
table indicate the user's global
(superuser) privileges. These privileges apply to
all databases on the server.
The db
table scope columns determine
which users can access which databases from which hosts. The
privilege columns determine which operations are allowed. A
privilege granted at the database level applies to the
database and to all its tables.
The host
table is used in conjunction
with the db
table when you want a given
db
table row to apply to several hosts.
For example, if you want a user to be able to use a database
from several hosts in your network, leave the
Host
value empty in the user's
db
table row, then populate the
host
table with a row for each of those
hosts. This mechanism is described more detail in
Section 5.7.6, “Access Control, Stage 2: Request Verification”.
Note: The
host
table is not affected by the
GRANT
and REVOKE
statements. Most MySQL installations need not use this table
at all.
The tables_priv
and
columns_priv
tables are similar to the
db
table, but are more fine-grained: They
apply at the table and column levels rather than at the
database level. A privilege granted at the table level
applies to the table and to all its columns. A privilege
granted at the column level applies only to a specific
column.
The procs_priv
table applies to stored
routines. A privilege granted at the routine level applies
only to a single routine.
Administrative privileges (such as RELOAD
or
SHUTDOWN
) are specified only in the
user
table. This is because administrative
operations are operations on the server itself and are not
database-specific, so there is no reason to list these
privileges in the other grant tables. In fact, to determine
whether you can perform an administrative operation, the server
need consult only the user
table.
The FILE
privilege also is specified only in
the user
table. It is not an administrative
privilege as such, but your ability to read or write files on
the server host is independent of the database you are
accessing.
The mysqld server reads the contents of the
grant tables into memory when it starts. You can tell it to
re-read the tables by issuing a FLUSH
PRIVILEGES
statement or executing a
mysqladmin flush-privileges or
mysqladmin reload command. Changes to the
grant tables take effect as indicated in
Section 5.7.7, “When Privilege Changes Take Effect”.
When you modify the contents of the grant tables, it is a good
idea to make sure that your changes set up privileges the way
you want. To check the privileges for a given account, use the
SHOW GRANTS
statement. For example, to
determine the privileges that are granted to an account with
Host
and User
values of
pc84.example.com
and bob
,
issue this statement:
mysql> SHOW GRANTS FOR 'bob'@'pc84.example.com';
A useful diagnostic tool is the mysqlaccess
script, which Yves Carlier has provided for the MySQL
distribution. Invoke mysqlaccess with the
--help
option to find out how it works. Note
that mysqlaccess checks access using only the
user
, db
, and
host
tables. It does not check table, column,
or routine privileges specified in the
tables_priv
, columns_priv
,
or procs_priv
tables.
For additional help in diagnosing privilege-related problems,
see Section 5.7.8, “Causes of Access denied
Errors”. For general advice on
security issues, see Section 5.6, “General Security Issues”.
Information about account privileges is stored in the
user
, db
,
host
, tables_priv
,
columns_priv
, and
procs_priv
tables in the
mysql
database. The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.7.7, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
The names used in the GRANT
and
REVOKE
statements to refer to privileges are
shown in the following table, along with the column name
associated with each privilege in the grant tables and the
context in which the privilege applies. Further information
about the meaning of each privilege may be found at
Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
Privilege | Column | Context |
CREATE | Create_priv | databases, tables, or indexes |
DROP | Drop_priv | databases or tables |
GRANT OPTION | Grant_priv | databases, tables, or stored routines |
REFERENCES | References_priv | databases or tables |
ALTER | Alter_priv | tables |
DELETE | Delete_priv | tables |
INDEX | Index_priv | tables |
INSERT | Insert_priv | tables |
SELECT | Select_priv | tables |
UPDATE | Update_priv | tables |
CREATE VIEW | Create_view_priv | views |
SHOW VIEW | Show_view_priv | views |
ALTER ROUTINE | Alter_routine_priv | stored routines |
CREATE ROUTINE | Create_routine_priv | stored routines |
EXECUTE | Execute_priv | stored routines |
FILE | File_priv | file access on server host |
CREATE TEMPORARY TABLES | Create_tmp_table_priv | server administration |
LOCK TABLES | Lock_tables_priv | server administration |
CREATE USER | Create_user_priv | server administration |
PROCESS | Process_priv | server administration |
RELOAD | Reload_priv | server administration |
REPLICATION CLIENT | Repl_client_priv | server administration |
REPLICATION SLAVE | Repl_slave_priv | server administration |
SHOW DATABASES | Show_db_priv | server administration |
SHUTDOWN | Shutdown_priv | server administration |
SUPER | Super_priv | server administration |
CREATE VIEW
and SHOW VIEW
were added in MySQL 5.0.1. CREATE USER
,
CREATE ROUTINE
, and ALTER
ROUTINE
were added in MySQL 5.0.3. Although
EXECUTE
was present in MySQL 5.0.0, it did
not become operational until MySQL 5.0.3. To use these
privileges when upgrading from an earlier version of MySQL that
does not have them, you must upgrade your grant tables using the
mysql_fix_privilege_tables script provided
with the MySQL distribution. See
Section 2.10.3, “Upgrading the Grant Tables”.
To create or alter stored routines if binary logging is enabled,
you may also need the SUPER
privilege, as
described in Section 18.4, “Binary Logging of Stored Routines and Triggers”.
The CREATE
and DROP
privileges allow you to create new databases and tables, or to
drop (remove) existing databases and tables. If you
grant the DROP
privilege for the
mysql
database to a user, that user can drop
the database in which the MySQL access privileges are
stored.
The SELECT
, INSERT
,
UPDATE
, and DELETE
privileges allow you to perform operations on rows in existing
tables in a database.
SELECT
statements require the
SELECT
privilege only if they actually
retrieve rows from a table. Some SELECT
statements do not access tables and can be executed without
permission for any database. For example, you can use the
mysql client as a simple calculator to
evaluate expressions that make no reference to tables:
mysql>SELECT 1+1;
mysql>SELECT PI()*2;
The INDEX
privilege allows you to create or
drop (remove) indexes. INDEX
applies to
existing tables. If you have the CREATE
privilege for a table, you can include index definitions in the
CREATE TABLE
statement.
The ALTER
privilege allows you to use
ALTER TABLE
to change the structure of or
rename tables.
The CREATE ROUTINE
privilege is needed for
creating stored routines (functions and procedures).
ALTER ROUTINE
privilege is needed for
altering or dropping stored routines, and
EXECUTE
is needed for executing stored
routines.
The GRANT
privilege allows you to give to
other users those privileges that you yourself possess. It can
be used for databases, tables, and stored routines.
The FILE
privilege gives you permission to
read and write files on the server host using the LOAD
DATA INFILE
and SELECT ... INTO
OUTFILE
statements. A user who has the
FILE
privilege can read any file on the
server host that is either world-readable or readable by the
MySQL server. (This implies the user can read any file in any
database directory, because the server can access any of those
files.) The FILE
privilege also allows the
user to create new files in any directory where the MySQL server
has write access. Existing files cannot be overwritten.
The remaining privileges are used for administrative operations. Many of them can be performed by using the mysqladmin program or by issuing SQL statements. The following table shows which mysqladmin commands each administrative privilege allows you to execute:
Privilege | Commands Permitted to Privilege Holders |
RELOAD | flush-hosts , flush-logs ,
flush-privileges ,
flush-status ,
flush-tables ,
flush-threads ,
refresh , reload |
SHUTDOWN | shutdown |
PROCESS | processlist |
SUPER | kill |
The reload
command tells the server to
re-read the grant tables into memory.
flush-privileges
is a synonym for
reload
. The refresh
command closes and reopens the log files and flushes all tables.
The other
flush-
commands
perform functions similar to xxx
refresh
, but are
more specific and may be preferable in some instances. For
example, if you want to flush just the log files,
flush-logs
is a better choice than
refresh
.
The shutdown
command shuts down the server.
This command can be issued only from
mysqladmin. There is no corresponding SQL
statement.
The processlist
command displays information
about the threads executing within the server (that is, about
the statements being executed by clients associated with other
accounts). The kill
command terminates server
threads. You can always display or kill your own threads, but
you need the PROCESS
privilege to display
threads initiated by other users and the
SUPER
privilege to kill them. See
Section 13.5.5.3, “KILL
Syntax”.
The CREATE TEMPORARY TABLES
privilege allows
the use of the keyword TEMPORARY
in
CREATE TABLE
statements.
The LOCK TABLES
privilege allows the use of
explicit LOCK TABLES
statements to lock
tables for which you have the SELECT
privilege. This includes the use of write locks, which prevents
anyone else from reading the locked table.
The REPLICATION CLIENT
privilege allows the
use of SHOW MASTER STATUS
and SHOW
SLAVE STATUS
.
The REPLICATION SLAVE
privilege should be
granted to accounts that are used by slave servers to connect to
the current server as their master. Without this privilege, the
slave cannot request updates that have been made to databases on
the master server.
The SHOW DATABASES
privilege allows the
account to see database names by issuing the SHOW
DATABASE
statement. Accounts that do not have this
privilege see only databases for which they have some
privileges, and cannot use the statement at all if the server
was started with the --skip-show-database
option. Note that any global privilege is a privilege for the
database.
It is a good idea in general to grant to an account only those
privileges that it needs. You should exercise particular caution
in granting the FILE
and administrative
privileges:
The FILE
privilege can be abused to read
into a database table any files that the MySQL server can
read on the server host. This includes all world-readable
files and files in the server's data directory. The table
can then be accessed using SELECT
to
transfer its contents to the client host.
The GRANT
privilege allows users to give
their privileges to other users. Two users with different
privileges and with the GRANT
privilege
are able to combine privileges.
The ALTER
privilege may be used to
subvert the privilege system by renaming tables.
The SHUTDOWN
privilege can be abused to
deny service to other users entirely by terminating the
server.
The PROCESS
privilege can be used to view
the plain text of currently executing queries, including
queries that set or change passwords.
The SUPER
privilege can be used to
terminate other clients or change how the server operates.
Privileges granted for the mysql
database
itself can be used to change passwords and other access
privilege information. Passwords are stored encrypted, so a
malicious user cannot simply read them to know the plain
text password. However, a user with write access to the
user
table Password
column can change an account's password, and then connect to
the MySQL server using that account.
There are some things that you cannot do with the MySQL privilege system:
You cannot explicitly specify that a given user should be denied access. That is, you cannot explicitly match a user and then refuse the connection.
You cannot specify that a user has privileges to create or drop tables in a database but not to create or drop the database itself.
MySQL client programs generally expect you to specify connection parameters when you want to access a MySQL server:
The name of the host where the MySQL server is running
Your username
Your password
For example, the mysql client can be started
as follows from a command-line prompt (indicated here by
shell>
):
shell> mysql -h host_name
-u user_name
-pyour_pass
Alternate forms of the -h
, -u
,
and -p
options are
--host=
,
host_name
--user=
,
and
user_name
--password=
.
Note that there is no space between
your_pass
-p
or --password=
and the
password following it.
If you use a -p
or --password
option but do not specify the password value, the client program
prompts you to enter the password. The password is not displayed
as you enter it. This is more secure than giving the password on
the command line. Any user on your system may be able to see a
password specified on the command line by executing a command
such as ps auxww. See
Section 5.8.6, “Keeping Your Password Secure”.
MySQL client programs use default values for any connection parameter option that you do not specify:
The default hostname is localhost
.
The default username is ODBC
on Windows
and your Unix login name on Unix.
No password is supplied if -p
is missing.
Thus, for a Unix user with a login name of
joe
, all of the following commands are
equivalent:
shell>mysql -h localhost -u joe
shell>mysql -h localhost
shell>mysql -u joe
shell>mysql
Other MySQL clients behave similarly.
You can specify different default values to be used when you make a connection so that you need not enter them on the command line each time you invoke a client program. This can be done in a couple of ways:
You can specify connection parameters in the
[client]
section of an option file. The
relevant section of the file might look like this:
[client] host=host_name
user=user_name
password=your_pass
Option files are discussed further in Section 4.3.2, “Using Option Files”.
You can specify some connection parameters using environment
variables. The host can be specified for
mysql using
MYSQL_HOST
. The MySQL username can be
specified using USER
(this is for Windows
and NetWare only). The password can be specified using
MYSQL_PWD
, although this is insecure; see
Section 5.8.6, “Keeping Your Password Secure”. For a list of
variables, see Appendix F, Environment Variables.
When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password. If not, the server denies access to you completely. Otherwise, the server accepts the connection, then enters Stage 2 and waits for requests.
Your identity is based on two pieces of information:
The client host from which you connect
Your MySQL username
Identity checking is performed using the three
user
table scope columns
(Host
, User
, and
Password
). The server accepts the connection
only if the Host
and User
columns in some user
table record match the
client hostname and username, and the client supplies the
password specified in that record.
Host
values in the user
table may be specified as follows:
A Host
value may be a hostname or an IP
number, or 'localhost'
to indicate the
local host.
You can use the wildcard characters
‘%
’ and
‘_
’ in
Host
column values. These have the same
meaning as for pattern-matching operations performed with
the LIKE
operator. For example, a
Host
value of '%'
matches any hostname, whereas a value of
'%.mysql.com'
matches any host in the
mysql.com
domain.
For Host
values specified as IP numbers,
you can specify a netmask indicating how many address bits
to use for the network number. For example:
mysql>GRANT ALL PRIVILEGES ON db.*
->TO david@'192.58.197.0/255.255.255.0';
This allows david
to connect from any
client host having an IP number client_ip
for which the following condition is true:
client_ip & netmask = host_ip
That is, for the GRANT
statement just
shown:
client_ip & 255.255.255.0 = 192.58.197.0
IP numbers that satisfy this condition and can connect to
the MySQL server are those that lie in the range from
192.58.197.0
to
192.58.197.255
.
Note: The netmask can only be used to tell the server to use 8, 16, 24, or 32 bits of the address, for example:
192.0.0.0/255.0.0.0 (anything on the 192 class A network) 192.168.0.0/255.255.0.0 (anything on the 192.168 class B network) 192.168.1.0/255.255.255.0 (anything on the 192.168.1 class C network) 192.168.1.1 (only this specific IP)
The following netmask (28 bits) will not work:
192.168.0.1/255.255.255.240
A blank Host
value in a
db
table record means that its privileges
should be combined with those in the row in the
host
table that matches the client
hostname. The privileges are combined using an AND
(intersection) operation, not OR (union). You can find more
information about the host
table in
Section 5.7.6, “Access Control, Stage 2: Request Verification”.
A blank Host
value in the other grant
tables is the same as '%'
.
Because you can use IP wildcard values in the
Host
column (for example,
'144.155.166.%'
to match every host on a
subnet), someone could try to exploit this capability by naming
a host 144.155.166.somewhere.com
. To foil
such attempts, MySQL disallows matching on hostnames that start
with digits and a dot. Thus, if you have a host named something
like 1.2.foo.com
, its name never matches the
Host
column of the grant tables. An IP
wildcard value can match only IP numbers, not hostnames.
In the User
column, wildcard characters are
not allowed, but you can specify a blank value, which matches
any name. If the user
table row that matches
an incoming connection has a blank username, the user is
considered to be an anonymous user with no name, not a user with
the name that the client actually specified. This means that a
blank username is used for all further access checking for the
duration of the connection (that is, during Stage 2).
The Password
column can be blank. This is not
a wildcard and does not mean that any password matches. It means
that the user must connect without specifying a password.
Non-blank Password
values in the
user
table represent encrypted passwords.
MySQL does not store passwords in plaintext form for anyone to
see. Rather, the password supplied by a user who is attempting
to connect is encrypted (using the PASSWORD()
function). The encrypted password then is used during the
connection process when checking whether the password is
correct. (This is done without the encrypted password ever
traveling over the connection.) From MySQL's point of view, the
encrypted password is the REAL password, so you should not give
anyone access to it! In particular, don't give
non-administrative users read access to the tables in the
mysql
database!
MySQL 5.0 employs the stronger authentication
method (first implemented in MySQL 4.1) that has better password
protection during the connection process than in earlier
versions. It is secure even if TCP/IP packets are sniffed or the
mysql
database is captured. Password
encryption is discussed further in
Section 5.7.9, “Password Hashing in MySQL 4.1”.
The following examples show how various combinations of
Host
and User
values in
the user
table apply to incoming connections:
Host Value | User Value | Connections Matched by Entry |
'thomas.loc.gov' | 'fred' | fred , connecting from
thomas.loc.gov |
'thomas.loc.gov' | '' | Any user, connecting from thomas.loc.gov |
'%' | 'fred' | fred , connecting from any host |
'%' | '' | Any user, connecting from any host |
'%.loc.gov' | 'fred' | fred , connecting from any host in the
loc.gov domain |
'x.y.%' | 'fred' | fred , connecting from x.y.net ,
x.y.com , x.y.edu ,
and so on. (this is probably not useful) |
'144.155.166.177' | 'fred' | fred , connecting from the host with IP address
144.155.166.177 |
'144.155.166.%' | 'fred' | fred , connecting from any host in the
144.155.166 class C subnet |
'144.155.166.0/255.255.255.0' | 'fred' | Same as previous example |
It is possible for the client hostname and username of an
incoming connection to match more than one row in the
user
table. The preceding set of examples
demonstrates this: Several of the entries shown match a
connection from thomas.loc.gov
by
fred
.
When multiple matches are possible, the server must determine which of them to use. It resolves this issue as follows:
Whenever the server reads the user
table
into memory, it sorts the entries.
When a client attempts to connect, the server looks through the entries in sorted order.
The server uses the first row that matches the client hostname and username.
To see how this works, suppose that the user
table looks like this:
+-----------+----------+- | Host | User | … +-----------+----------+- | % | root | … | % | jeffrey | … | localhost | root | … | localhost | | … +-----------+----------+-
When the server reads in the table, it orders the entries with
the most-specific Host
values first. Literal
hostnames and IP numbers are the most specific. The pattern
'%'
means “any host” and is
least specific. Entries with the same Host
value are ordered with the most-specific User
values first (a blank User
value means
“any user” and is least specific). For the
user
table just shown, the result after
sorting looks like this:
+-----------+----------+- | Host | User | … +-----------+----------+- | localhost | root | … ... | localhost | | … ... | % | jeffrey | … ... | % | root | … ... +-----------+----------+-
When a client attempts to connect, the server looks through the
sorted entries and uses the first match found. For a connection
from localhost
by jeffrey
,
two of the entries in the table match: the one with
Host
and User
values of
'localhost'
and ''
, and
the one with values of '%'
and
'jeffrey'
. The 'localhost'
row appears first in sorted order, so that is the one the server
uses.
Here is another example. Suppose that the
user
table looks like this:
+----------------+----------+- | Host | User | … +----------------+----------+- | % | jeffrey | … | thomas.loc.gov | | … +----------------+----------+-
The sorted table looks like this:
+----------------+----------+- | Host | User | … +----------------+----------+- | thomas.loc.gov | | … | % | jeffrey | … +----------------+----------+-
A connection by jeffrey
from
thomas.loc.gov
is matched by the first row,
whereas a connection by jeffrey
from
whitehouse.gov
is matched by the second.
It is a common misconception to think that, for a given
username, all entries that explicitly name that user are used
first when the server attempts to find a match for the
connection. This is simply not true. The previous example
illustrates this, where a connection from
thomas.loc.gov
by jeffrey
is first matched not by the row containing
'jeffrey'
as the User
column value, but by the row with no username. As a result,
jeffrey
is authenticated as an anonymous
user, even though he specified a username when connecting.
If you are able to connect to the server, but your privileges
are not what you expect, you probably are being authenticated as
some other account. To find out what account the server used to
authenticate you, use the CURRENT_USER()
function. It returns a value in
format that indicates the user_name
@host_name
User
and
Host
values from the matching
user
table record. Suppose that
jeffrey
connects and issues the following
query:
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| @localhost |
+----------------+
The result shown here indicates that the matching
user
table row had a blank
User
column value. In other words, the server
is treating jeffrey
as an anonymous user.
Another thing you can do to diagnose authentication problems is
to print out the user
table and sort it by
hand to see where the first match is being made. See also
Section 12.9.3, “Information Functions”.
Once you establish a connection, the server enters Stage 2 of
access control. For each request that comes in on the
connection, the server determines what operation you want to
perform, then checks whether you have sufficient privileges to
do so. This is where the privilege columns in the grant tables
come into play. These privileges can come from any of the
user
, db
,
host
, tables_priv
, or
columns_priv
tables. (You may find it helpful
to refer to Section 5.7.2, “How the Privilege System Works”, which lists the
columns present in each of the grant tables.)
The user
table grants privileges that are
assigned to you on a global basis and that apply no matter what
the current database is. For example, if the
user
table grants you the
DELETE
privilege, you can delete rows from
any table in any database on the server host! In other words,
user
table privileges are superuser
privileges. It is wise to grant privileges in the
user
table only to superusers such as
database administrators. For other users, you should leave the
privileges in the user
table set to
'N'
and grant privileges at more specific
levels only. You can grant privileges for particular databases,
tables, or columns.
The db
and host
tables
grant database-specific privileges. Values in the scope columns
of these tables can take the following forms:
The wildcard characters ‘%
’
and ‘_
’ can be used in the
Host
and Db
columns of
either table. These have the same meaning as for
pattern-matching operations performed with the
LIKE
operator. If you want to use either
character literally when granting privileges, you must
escape it with a backslash. For example, to include the
underscore character (‘_
’) as
part of a database name, specify it as
‘\_
’ in the
GRANT
statement.
A '%'
Host
value in
the db
table means “any
host.” A blank Host
value in the
db
table means “consult the
host
table for further
information” (a process that is described later in
this section).
A '%'
or blank Host
value in the host
table means “any
host.”
A '%'
or blank Db
value in either table means “any database.”
A blank User
value in either table
matches the anonymous user.
The server reads in and sorts the db
and
host
tables at the same time that it reads
the user
table. The server sorts the
db
table based on the
Host
, Db
, and
User
scope columns, and sorts the
host
table based on the
Host
and Db
scope columns.
As with the user
table, sorting puts the
most-specific values first and least-specific values last, and
when the server looks for matching entries, it uses the first
match that it finds.
The tables_priv
and
columns_priv
tables grant table-specific and
column-specific privileges. Values in the scope columns of these
tables can take the following form:
The wildcard characters ‘%
’
and ‘_
’ can be used in the
Host
column of either table. These have
the same meaning as for pattern-matching operations
performed with the LIKE
operator.
A '%'
or blank Host
value in either table means “any host.”
The Db
, Table_name
,
and Column_name
columns cannot contain
wildcards or be blank in either table.
The server sorts the tables_priv
and
columns_priv
tables based on the
Host
, Db
, and
User
columns. This is similar to
db
table sorting, but simpler because only
the Host
column can contain wildcards.
The request verification process is described here. (If you are familiar with the access-checking source code, you may notice that the description here differs slightly from the algorithm used in the code. The description is equivalent to what the code actually does; it differs only to make the explanation simpler.)
For requests that require administrative privileges such as
SHUTDOWN
or RELOAD
, the
server checks only the user
table row because
that is the only table that specifies administrative privileges.
Access is granted if the row allows the requested operation and
denied otherwise. For example, if you want to execute
mysqladmin shutdown but your
user
table row doesn't grant the
SHUTDOWN
privilege to you, the server denies
access without even checking the db
or
host
tables. (They contain no
Shutdown_priv
column, so there is no need to
do so.)
For database-related requests (INSERT
,
UPDATE
, and so on), the server first checks
the user's global (superuser) privileges by looking in the
user
table row. If the row allows the
requested operation, access is granted. If the global privileges
in the user
table are insufficient, the
server determines the user's database-specific privileges by
checking the db
and host
tables:
The server looks in the db
table for a
match on the Host
, Db
,
and User
columns. The
Host
and User
columns
are matched to the connecting user's hostname and MySQL
username. The Db
column is matched to the
database that the user wants to access. If there is no row
for the Host
and User
,
access is denied.
If there is a matching db
table row and
its Host
column is not blank, that row
defines the user's database-specific privileges.
If the matching db
table row's
Host
column is blank, it signifies that
the host
table enumerates which hosts
should be allowed access to the database. In this case, a
further lookup is done in the host
table
to find a match on the Host
and
Db
columns. If no host
table row matches, access is denied. If there is a match,
the user's database-specific privileges are computed as the
intersection (not the union!) of the
privileges in the db
and
host
table entries; that is, the
privileges that are 'Y'
in both entries.
(This way you can grant general privileges in the
db
table row and then selectively
restrict them on a host-by-host basis using the
host
table entries.)
After determining the database-specific privileges granted by
the db
and host
table
entries, the server adds them to the global privileges granted
by the user
table. If the result allows the
requested operation, access is granted. Otherwise, the server
successively checks the user's table and column privileges in
the tables_priv
and
columns_priv
tables, adds those to the user's
privileges, and allows or denies access based on the result.
Expressed in boolean terms, the preceding description of how a user's privileges are calculated may be summarized like this:
global privileges OR (database privileges AND host privileges) OR table privileges OR column privileges
It may not be apparent why, if the global
user
row privileges are initially found to be
insufficient for the requested operation, the server adds those
privileges to the database, table, and column privileges later.
The reason is that a request might require more than one type of
privilege. For example, if you execute an INSERT INTO
... SELECT
statement, you need both the
INSERT
and the SELECT
privileges. Your privileges might be such that the
user
table row grants one privilege and the
db
table row grants the other. In this case,
you have the necessary privileges to perform the request, but
the server cannot tell that from either table by itself; the
privileges granted by the entries in both tables must be
combined.
The host
table is not affected by the
GRANT
or REVOKE
statements, so it is unused in most MySQL installations. If you
modify it directly, you can use it for some specialized
purposes, such as to maintain a list of secure servers. For
example, at TcX, the host
table contains a
list of all machines on the local network. These are granted all
privileges.
You can also use the host
table to indicate
hosts that are not secure. Suppose that you
have a machine public.your.domain
that is
located in a public area that you do not consider secure. You
can allow access to all hosts on your network except that
machine by using host
table entries like
this:
+--------------------+----+- | Host | Db | ... +--------------------+----+- | public.your.domain | % | ... (all privileges set to 'N') | %.your.domain | % | ... (all privileges set to 'Y') +--------------------+----+-
Naturally, you should always test your entries in the grant
tables (for example, by using SHOW GRANTS
or
mysqlaccess) to make sure that your access
privileges are actually set up the way you think they are.
When mysqld starts, all grant table contents are read into memory and become effective for access control at that point.
When the server reloads the grant tables, privileges for existing client connections are affected as follows:
Table and column privilege changes take effect with the client's next request.
Database privilege changes take effect at the next
USE
statement.
db_name
Changes to global privileges and passwords take effect the next time the client connects.
If you modify the grant tables using GRANT
,
REVOKE
, or SET PASSWORD
,
the server notices these changes and reloads the grant tables
into memory again immediately.
If you modify the grant tables directly using statements such as
INSERT
, UPDATE
, or
DELETE
, your changes have no effect on
privilege checking until you either restart the server or tell
it to reload the tables. To reload the grant tables manually,
issue a FLUSH PRIVILEGES
statement or execute
a mysqladmin flush-privileges or
mysqladmin reload command.
If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes don't seem to make any difference!
If you encounter problems when you try to connect to the MySQL server, the following items describe some courses of action you can take to correct the problem.
Make sure that the server is running. If it is not running, you cannot connect to it. For example, if you attempt to connect to the server and see a message such as one of those following, one cause might be that the server is not running:
shell>mysql
ERROR 2003: Can't connect to MySQL server on 'host_name
' (111) shell>mysql
ERROR 2002: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111)
It might also be that the server is running, but you are
trying to connect using a TCP/IP port, named pipe, or Unix
socket file different from those on which the server is
listening. To correct this when you invoke a client program,
specify a --port
option to indicate the
proper port, or a --socket
option to
indicate the proper named pipe or Unix socket file. To find
out where the socket file is, you can do:
shell> netstat -ln | grep mysql
The grant tables must be properly set up so that the server
can use them for access control. For some distribution types
(such as binary distributions on Windows or RPM
distributions on Linux), the installation process
initializes the mysql
database containing
the grant tables. For distributions that do not do this, you
should initialize the grant tables manually by running the
mysql_install_db script. For details, see
Section 2.9.2, “Unix Post-Installation Procedures”.
One way to determine whether you need to initialize the
grant tables is to look for a mysql
directory under the data directory. (The data directory
normally is named data
or
var
and is located under your MySQL
installation directory.) Make sure that you have a file
named user.MYD
in the
mysql
database directory. If you do
not, execute the mysql_install_db script.
After running this script and starting the server, test the
initial privileges by executing this command:
shell> mysql -u root test
The server should let you connect without error.
After a fresh installation, you should connect to the server and set up your users and their access permissions:
shell> mysql -u root mysql
The server should let you connect because the MySQL
root
user has no password initially. That
is also a security risk, so setting the password for the
root
accounts is something you should do
while you're setting up your other MySQL users. For
instructions on setting the initial passwords, see
Section 2.9.3, “Securing the Initial MySQL Accounts”.
If you have updated an existing MySQL installation to a newer version, did you run the mysql_fix_privilege_tables script? If not, do so. The structure of the grant tables changes occasionally when new capabilities are added, so after an upgrade you should always make sure that your tables have the current structure. For instructions, see Section 2.10.3, “Upgrading the Grant Tables”.
If a client program receives the following error message when it tries to connect, it means that the server expects passwords in a newer format than the client is capable of generating:
shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
For information on how to deal with this, see
Section 5.7.9, “Password Hashing in MySQL 4.1” and
Section A.2.3, “Client does not support authentication protocol
”.
If you try to connect as root
and get the
following error, it means that you don't have a row in the
user
table with a User
column value of 'root'
and that
mysqld cannot resolve the hostname for
your client:
Access denied for user ''@'unknown' to database mysql
In this case, you must restart the server with the
--skip-grant-tables
option and edit your
/etc/hosts
or
\windows\hosts
file to add an entry for
your host.
Remember that client programs use connection parameters
specified in option files or environment variables. If a
client program seems to be sending incorrect default
connection parameters when you don't specify them on the
command line, check your environment and any applicable
option files. For example, if you get Access
denied
when you run a client without any options,
make sure that you haven't specified an old password in any
of your option files!
You can suppress the use of option files by a client program
by invoking it with the --no-defaults
option. For example:
shell> mysqladmin --no-defaults -u root version
The option files that clients use are listed in Section 4.3.2, “Using Option Files”. Environment variables are listed in Appendix F, Environment Variables.
If you get the following error, it means that you are using
an incorrect root
password:
shell> mysqladmin -u root -pxxxx
ver
Access denied for user 'root'@'localhost' (using password: YES)
If the preceding error occurs even when you haven't
specified a password, it means that you have an incorrect
password listed in some option file. Try the
--no-defaults
option as described in the
previous item.
For information on changing passwords, see Section 5.8.5, “Assigning Account Passwords”.
If you have lost or forgotten the root
password, you can restart mysqld with
--skip-grant-tables
to change the password.
See Section A.4.1, “How to Reset the Root Password”.
If you change a password by using SET
PASSWORD
, INSERT
, or
UPDATE
, you must encrypt the password
using the PASSWORD()
function. If you do
not use PASSWORD()
for these statements,
the password does not work. For example, the following
statement sets a password, but fails to encrypt it, so the
user is not able to connect afterward:
mysql> SET PASSWORD FOR 'abe'@'host_name
' = 'eagle';
Instead, set the password like this:
mysql> SET PASSWORD FOR 'abe'@'host_name
' = PASSWORD('eagle');
The PASSWORD()
function is unnecessary
when you specify a password using the
GRANT
or (beginning with MySQL 5.0.2)
CREATE USER
statements, or the
mysqladmin password command, all of which
automatically use PASSWORD()
to encrypt
the password. See Section 5.8.5, “Assigning Account Passwords” and
Section 13.5.1.1, “CREATE USER
Syntax”.
localhost
is a synonym for your local
hostname, and is also the default host to which clients try
to connect if you specify no host explicitly.
To avoid this problem on such systems, you can use a
--host=127.0.0.1
option to name the server
host explicitly. This will make a TCP/IP connection to the
local mysqld server. You can also use
TCP/IP by specifying a --host
option that
uses the actual hostname of the local host. In this case,
the hostname must be specified in a user
table row on the server host, even though you are running
the client program on the same host as the server.
If you get an Access denied
error when
trying to connect to the database with mysql -u
user_name
, you may have a problem with the
user
table. Check this by executing
mysql -u root mysql
and issuing this SQL
statement:
mysql> SELECT * FROM user;
The result should include an row with the
Host
and User
columns
matching your computer's hostname and your MySQL username.
The Access denied
error message tells you
who you are trying to log in as, the client host from which
you are trying to connect, and whether or not you were using
a password. Normally, you should have one row in the
user
table that exactly matches the
hostname and username that were given in the error message.
For example, if you get an error message that contains
using password: NO
, it means that you
tried to log in without a password.
If the following error occurs when you try to connect from a
host other than the one on which the MySQL server is
running, it means that there is no row in the
user
table with a Host
value that matches the client host:
Host ... is not allowed to connect to this MySQL server
You can fix this by setting up an account for the combination of client hostname and username that you are using when trying to connect.
If you do not know the IP number or hostname of the machine
from which you are connecting, you should put a row with
'%'
as the Host
column
value in the user
table. After trying to
connect from the client machine, use a SELECT
USER()
query to see how you really did connect.
(Then change the '%'
in the
user
table row to the actual hostname
that shows up in the log. Otherwise, your system is left
insecure because it allows connections from any host for the
given username.)
On Linux, another reason that this error might occur is that
you are using a binary MySQL version that is compiled with a
different version of the glibc
library
than the one you are using. In this case, you should either
upgrade your operating system or glibc
,
or download a source distribution of MySQL version and
compile it yourself. A source RPM is normally trivial to
compile and install, so this isn't a big problem.
If you specify a hostname when trying to connect, but get an error message where the hostname is not shown or is an IP number, it means that the MySQL server got an error when trying to resolve the IP number of the client host to a name:
shell> mysqladmin -u root -pxxxx
-h some-hostname
ver
Access denied for user 'root'@'' (using password: YES)
This indicates a DNS problem. To fix it, execute mysqladmin flush-hosts to reset the internal DNS hostname cache. See Section 7.5.6, “How MySQL Uses DNS”.
Some permanent solutions are:
Try to find out what is wrong with your DNS server and fix it.
Specify IP numbers rather than hostnames in the MySQL grant tables.
Put an entry for the client machine name in
/etc/hosts
.
Start mysqld with the
--skip-name-resolve
option.
Start mysqld with the
--skip-host-cache
option.
On Unix, if you are running the server and the client on
the same machine, connect to
localhost
. Unix connections to
localhost
use a Unix socket file
rather than TCP/IP.
On Windows, if you are running the server and the client
on the same machine and the server supports named pipe
connections, connect to the hostname
.
(period). Connections to
.
use a named pipe rather than
TCP/IP.
If mysql -u root test
works but
mysql -h
results in your_hostname
-u root testAccess
denied
(where
your_hostname
is the actual
hostname of the local host), you may not have the correct
name for your host in the user
table. A
common problem here is that the Host
value in the user
table row specifies an
unqualified hostname, but your system's name resolution
routines return a fully qualified domain name (or vice
versa). For example, if you have an entry with host
'tcx'
in the user
table, but your DNS tells MySQL that your hostname is
'tcx.subnet.se'
, the entry does not work.
Try adding an entry to the user
table
that contains the IP number of your host as the
Host
column value. (Alternatively, you
could add an entry to the user
table with
a Host
value that contains a wildcard;
for example, 'tcx.%'
. However, use of
hostnames ending with ‘%
’ is
insecure and is
not recommended!)
If mysql -u
works but user_name
testmysql -u
does not,
you have not granted database access for
user_name
other_db_name
other_db_name
to the given user.
If mysql -u
works when
executed on the server host, but user_name
mysql -h
doesn't work
when executed on a remote client host, you have not enabled
access to the server for the given username from the remote
host.
host_name
-u
user_name
If you can't figure out why you get Access
denied
, remove from the user
table all entries that have Host
values
containing wildcards (entries that contain
‘%
’ or
‘_
’). A very common error is
to insert a new entry with
Host
='%'
and
User
='
,
thinking that this allows you to specify
some_user
'localhost
to connect from the same
machine. The reason that this doesn't work is that the
default privileges include an entry with
Host
='localhost'
and
User
=''
. Because that
entry has a Host
value
'localhost'
that is more specific than
'%'
, it is used in preference to the new
entry when connecting from localhost
! The
correct procedure is to insert a second entry with
Host
='localhost'
and
User
='
,
or to delete the entry with
some_user
'Host
='localhost'
and
User
=''
. After
deleting the entry, remember to issue a FLUSH
PRIVILEGES
statement to reload the grant tables.
If you get the following error, you may have a problem with
the db
or host
table:
Access to database denied
If the entry selected from the db
table
has an empty value in the Host
column,
make sure that there are one or more corresponding entries
in the host
table specifying which hosts
the db
table entry applies to.
If you are able to connect to the MySQL server, but get an
Access denied
message whenever you issue
a SELECT ... INTO OUTFILE
or
LOAD DATA INFILE
statement, your entry in
the user
table doesn't have the
FILE
privilege enabled.
If you change the grant tables directly (for example, by
using INSERT
, UPDATE
,
or DELETE
statements) and your changes
seem to be ignored, remember that you must execute a
FLUSH PRIVILEGES
statement or a
mysqladmin flush-privileges command to
cause the server to re-read the privilege tables. Otherwise,
your changes have no effect until the next time the server
is restarted. Remember that after you change the
root
password with an
UPDATE
command, you won't need to specify
the new password until after you flush the privileges,
because the server won't know you've changed the password
yet!
If your privileges seem to have changed in the middle of a session, it may be that a MySQL administrator has changed them. Reloading the grant tables affects new client connections, but it also affects existing connections as indicated in Section 5.7.7, “When Privilege Changes Take Effect”.
If you have access problems with a Perl, PHP, Python, or
ODBC program, try to connect to the server with
mysql -u
or
user_name
db_name
mysql -u
. If you are
able to connect using the mysql client,
the problem lies with your program, not with the access
privileges. (There is no space between user_name
-pyour_pass
db_name
-p
and the password; you can also use the
--password=
syntax to specify the password. If you use the
your_pass
-p
option alone, MySQL prompts you for the
password.)
For testing, start the mysqld server with
the --skip-grant-tables
option. Then you
can change the MySQL grant tables and use the
mysqlaccess script to check whether your
modifications have the desired effect. When you are
satisfied with your changes, execute mysqladmin
flush-privileges to tell the
mysqld server to start using the new
grant tables. (Reloading the grant tables overrides the
--skip-grant-tables
option. This allows you
to tell the server to begin using the grant tables again
without stopping and restarting it.)
If everything else fails, start the
mysqld server with a debugging option
(for example, --debug=d,general,query
).
This prints host and user information about attempted
connections, as well as information about each command
issued. See Section E.1.2, “Creating Trace Files”.
If you have any other problems with the MySQL grant tables
and feel you must post the problem to the mailing list,
always provide a dump of the MySQL grant tables. You can
dump the tables with the mysqldump mysql
command. As always, post your problem using the
mysqlbug script. See
Section 1.7.1.3, “How to Report Bugs or Problems”. In some cases, you may need
to restart mysqld with
--skip-grant-tables
to run
mysqldump.
MySQL user accounts are listed in the user
table of the mysql
database. Each MySQL
account is assigned a password, although what is stored in the
Password
column of the
user
table is not the plaintext version of
the password, but a hash value computed from it. Password hash
values are computed by the PASSWORD()
function.
MySQL uses passwords in two phases of client/server communication:
When a client attempts to connect to the server, there is an
initial authentication step in which the client must present
a password that has a hash value matching the hash value
stored in the user
table for the account
that the client wants to use.
After the client connects, it can (if it has sufficient
privileges) set or change the password hashes for accounts
listed in the user
table. The client can
do this by using the PASSWORD()
function
to generate a password hash, or by using the
GRANT
or SET PASSWORD
statements.
In other words, the server uses hash values
during authentication when a client first attempts to connect.
The server generates hash values if a
connected client invokes the PASSWORD()
function or uses a GRANT
or SET
PASSWORD
statement to set or change a password.
The password hashing mechanism was updated in MySQL 4.1 to provide better security and to reduce the risk of passwords being intercepted. However, this new mechanism is understood only by MySQL 4.1 (and newer) servers and clients, which can result in some compatibility problems. A 4.1 or newer client can connect to a pre-4.1 server, because the client understands both the old and new password hashing mechanisms. However, a pre-4.1 client that attempts to connect to a 4.1 or newer server may run into difficulties. For example, a 3.23 mysql client that attempts to connect to a 5.0 server may fail with the following error message:
shell> mysql -h localhost -u root
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
Another common example of this occurs when trying to use the older PHP mysql extension after upgrading to MySQL 4.1 or newer. (See Section 23.3.1, “Common Problems with MySQL and PHP”.)
The following discussion describes the differences between the
old and new password mechanisms, and what you should do if you
upgrade your server but need to maintain backward compatibility
with pre-4.1 clients. Additional information can be found in
Section A.2.3, “Client does not support authentication protocol
”. This information is of particular
importance to PHP programmers migrating MySQL databases from
version 4.0 or lower to version 4.1 or higher.
Note: This discussion contrasts 4.1 behavior with pre-4.1 behavior, but the 4.1 behavior described here actually begins with 4.1.1. MySQL 4.1.0 is an “odd” release because it has a slightly different mechanism than that implemented in 4.1.1 and up. Differences between 4.1.0 and more recent versions are described further in MySQL 4.1 Reference Manual.
Prior to MySQL 4.1, password hashes computed by the
PASSWORD()
function are 16 bytes long. Such
hashes look like this:
mysql> SELECT PASSWORD('mypass');
+--------------------+
| PASSWORD('mypass') |
+--------------------+
| 6f8c114b58f2ce9e |
+--------------------+
The Password
column of the
user
table (in which these hashes are stored)
also is 16 bytes long before MySQL 4.1.
As of MySQL 4.1, the PASSWORD()
function has
been modified to produce a longer 41-byte hash value:
mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass') |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
Accordingly, the Password
column in the
user
table also must be 41 bytes long to
store these values:
If you perform a new installation of MySQL 5.0,
the Password
column is made 41 bytes long
automatically.
Upgrading from MySQL 4.1 (4.1.1 or later in the 4.1 series) to MySQL 5.0 should not give rise to any issues in this regard, since both versions use the same password hashing mechanism. If you wish to upgrade an older release of MySQL to version 5.0, you should upgrade to version 4.1 first, then upgrade the 4.1 installation to 5.0.
A widened Password
column can store password
hashes in both the old and new formats. The format of any given
password hash value can be determined two ways:
The obvious difference is the length (16 bytes versus 41 bytes).
A second difference is that password hashes in the new
format always begin with a
‘*
’ character, whereas
passwords in the old format never do.
The longer password hash format has better cryptographic properties, and client authentication based on long hashes is more secure than that based on the older short hashes.
The differences between short and long password hashes are relevant both for how the server uses passwords during authentication and for how it generates password hashes for connected clients that perform password-changing operations.
The way in which the server uses password hashes during
authentication is affected by the width of the
Password
column:
If the column is short, only short-hash authentication is used.
If the column is long, it can hold either short or long hashes, and the server can use either format:
Pre-4.1 clients can connect, although because they know only about the old hashing mechanism, they can authenticate only for accounts that have short hashes.
4.1 and later clients can authenticate for accounts that have short or long hashes.
For short-hash accounts, the authentication process is actually a bit more secure for 4.1 and later clients than for older clients. In terms of security, the gradient from least to most secure is:
Pre-4.1 client authenticating with short password hash
4.1 or later client authenticating with short password hash
4.1 or later client authenticating with long password hash
The way in which the server generates password hashes for
connected clients is affected by the width of the
Password
column and by the
--old-passwords
option. A 4.1 or later server
generates long hashes only if certain conditions are met: The
Password
column must be wide enough to hold
long values and the --old-passwords
option must
not be given. These conditions apply as follows:
The Password
column must be wide enough
to hold long hashes (41 bytes). If the column has not been
updated and still has the pre-4.1 width of 16 bytes, the
server notices that long hashes cannot fit into it and
generates only short hashes when a client performs
password-changing operations using
PASSWORD()
, GRANT
, or
SET PASSWORD
. This is the behavior that
occurs if you have upgraded to 4.1 but have not yet run the
mysql_fix_privilege_tables script to
widen the Password
column.
If the Password
column is wide, it can
store either short or long password hashes. In this case,
PASSWORD()
, GRANT
, and
SET PASSWORD
generate long hashes unless
the server was started with the
--old-passwords
option. That option forces
the server to generate short password hashes instead.
The purpose of the --old-passwords
option is to
allow you to maintain backward compatibility with pre-4.1
clients under circumstances where the server would otherwise
generate long password hashes. The option doesn't affect
authentication (4.1 and later clients can still use accounts
that have long password hashes), but it does prevent creation of
a long password hash in the user
table as the
result of a password-changing operation. Were that to occur, the
account no longer could be used by pre-4.1 clients. Without the
--old-passwords
option, the following
undesirable scenario is possible:
An old client connects to an account that has a short password hash.
The client changes its own password. Without
--old-passwords
, this results in the
account having a long password hash.
The next time the old client attempts to connect to the account, it cannot, because the account has a long password hash that requires the new hashing mechanism during authentication. (Once an account has a long password hash in the user table, only 4.1 and later clients can authenticate for it, because pre-4.1 clients do not understand long hashes.)
This scenario illustrates that, if you must support older
pre-4.1 clients, it is dangerous to run a 4.1 or newer server
without using the --old-passwords
option. By
running the server with --old-passwords
,
password-changing operations do not generate long password
hashes and thus do not cause accounts to become inaccessible to
older clients. (Those clients cannot inadvertently lock
themselves out by changing their password and ending up with a
long password hash.)
The downside of the --old-passwords
option is
that any passwords you create or change use short hashes, even
for 4.1 clients. Thus, you lose the additional security provided
by long password hashes. If you want to create an account that
has a long hash (for example, for use by 4.1 clients), you must
do so while running the server without
--old-passwords
.
The following scenarios are possible for running a 4.1 or later server, including MySQL 5.0 servers:
Scenario 1: Short
Password
column in user table:
Only short hashes can be stored in the
Password
column.
The server uses only short hashes during client authentication.
For connected clients, password hash-generating operations
involving PASSWORD()
,
GRANT
, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
The --old-passwords
option can be used but
is superfluous because with a short
Password
column, the server generates
only short password hashes anyway.
Scenario 2: Long
Password
column; server not started with
--old-passwords
option:
Short or long hashes can be stored in the
Password
column.
4.1 and later clients (including 5.0 clients) can authenticate for accounts that have short or long hashes.
Pre-4.1 clients can authenticate only for accounts that have short hashes.
For connected clients, password hash-generating operations
involving PASSWORD()
,
GRANT
, or SET PASSWORD
use long hashes exclusively. A change to an account's
password results in that account having a long password
hash.
As indicated earlier, a danger in this scenario is that it is
possible for accounts that have a short password hash to become
inaccessible to pre-4.1 clients. A change to such an account's
password made via GRANT
,
PASSWORD()
, or SET
PASSWORD
results in the account being given a long
password hash. From that point on, no pre-4.1 client can
authenticate to that account until the client upgrades to 4.1.
To deal with this problem, you can change a password in a
special way. For example, normally you use SET
PASSWORD
as follows to change an account password:
mysql> SET PASSWORD FOR 'some_user
'@'some_host
' = PASSWORD('mypass');
To change the password but create a short hash, use the
OLD_PASSWORD()
function instead:
mysql> SET PASSWORD FOR 'some_user
'@'some_host
' = OLD_PASSWORD('mypass');
OLD_PASSWORD()
is useful for situations in
which you explicitly want to generate a short hash.
Scenario 3: Long
Password
column; 4.1 or newer server started
with --old-passwords
option:
Short or long hashes can be stored in the
Password
column.
4.1 and later clients can authenticate for accounts that
have short or long hashes (but note that it is possible to
create long hashes only when the server is started without
--old-passwords
).
Pre-4.1 clients can authenticate only for accounts that have short hashes.
For connected clients, password hash-generating operations
involving PASSWORD()
,
GRANT
, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
In this scenario, you cannot create accounts that have long
password hashes, because the --old-passwords
option prevents generation of long hashes. Also, if you create
an account with a long hash before using the
--old-passwords
option, changing the account's
password while --old-passwords
is in effect
results in the account being given a short password, causing it
to lose the security benefits of a longer hash.
The disadvantages for these scenarios may be summarized as follows:
In scenario 1, you cannot take advantage of longer hashes that provide more secure authentication.
In scenario 2, accounts with short hashes become inaccessible to
pre-4.1 clients if you change their passwords without explicitly
using OLD_PASSWORD()
.
In scenario 3, --old-passwords
prevents
accounts with short hashes from becoming inaccessible, but
password-changing operations cause accounts with long hashes to
revert to short hashes, and you cannot change them back to long
hashes while --old-passwords
is in effect.
An upgrade to MySQL version 4.1 or later can cause
compatibility issues for applications that use
PASSWORD()
to generate passwords for their
own purposes. Applications really should not do this, because
PASSWORD()
should be used only to manage
passwords for MySQL accounts. But some applications use
PASSWORD()
for their own purposes anyway.
If you upgrade to 4.1 or later from a pre-4.1 version of MySQL
and run the server under conditions where it generates long
password hashes, an application using
PASSWORD()
for its own passwords breaks.
The recommended course of action in such cases is to modify
the application to use another function, such as
SHA1()
or MD5()
, to
produce hashed values. If that is not possible, you can use
the OLD_PASSWORD()
function, which is
provided for generate short hashes in the old format. However,
you should note that OLD_PASSWORD()
may one
day no longer be supported.
If the server is running under circumstances where it
generates short hashes, OLD_PASSWORD()
is
available but is equivalent to PASSWORD()
.
PHP programmers migrating their MySQL databases from version 4.0 or lower to version 4.1 or higher should see Old Client.
This section describes how to set up accounts for clients of your MySQL server. It discusses the following topics:
The meaning of account names and passwords as used in MySQL and how that compares to names and passwords used by your operating system
How to set up new accounts and remove existing accounts
How to change passwords
Guidelines for using passwords securely
How to use secure connections with SSL
A MySQL account is defined in terms of a username and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way usernames and passwords are used by MySQL and the way they are used by your operating system:
Usernames, as used by MySQL for authentication purposes,
have nothing to do with usernames (login names) as used by
Windows or Unix. On Unix, most MySQL clients by default try
to log in using the current Unix username as the MySQL
username, but that is for convenience only. The default can
be overridden easily, because client programs allow any
username to be specified with a -u
or
--user
option. Because this means that
anyone can attempt to connect to the server using any
username, you can't make a database secure in any way unless
all MySQL accounts have passwords. Anyone who specifies a
username for an account that has no password is able to
connect successfully to the server.
MySQL usernames can be up to a maximum of 16 characters
long. This limit is hard-coded in the MySQL servers and
clients, and trying to cirumvent it by modifying the
definitions of the tables in the mysql
database does not work.
Note: You should
never alter any of the tables in the
mysql
database in any manner whatsoever
except by running the scripts supplied expressly for this
purpose with the MySQL distribution. Attempting to redefine
MySQL's system tables in any other fashion results in
undefined (and unsupported!) behavior.
Operating system usernames are completely unrelated to MySQL usernames and may even be of a different maximum length. For example, Unix usernames typically are limited to eight characters.
MySQL passwords have nothing to do with passwords for logging in to your operating system. There is no necessary connection between the password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.
MySQL encrypts passwords using its own algorithm. This
encryption is different from that used during the Unix login
process. MySQL password encryption is the same as that
implemented by the PASSWORD()
SQL
function. Unix password encryption is the same as that
implemented by the ENCRYPT()
SQL
function. See the descriptions of the
PASSWORD()
and
ENCRYPT()
functions in
Section 12.9.2, “Encryption Functions”. From version 4.1 on,
MySQL employs a stronger authentication method that has
better password protection during the connection process
than in earlier versions. It is secure even if TCP/IP
packets are sniffed or the mysql
database
is captured. (In earlier versions, even though passwords are
stored in encrypted form in the user
table, knowledge of the encrypted password value could be
used to connect to the MySQL server.)
When you install MySQL, the grant tables are populated with an
initial set of accounts. These accounts have names and access
privileges that are described in
Section 2.9.3, “Securing the Initial MySQL Accounts”, which also discusses how
to assign passwords to them. Thereafter, you normally set up,
modify, and remove MySQL accounts using the
GRANT
and REVOKE
statements. See Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
When you connect to a MySQL server with a command-line client, you should specify the username and password for the account that you want to use:
shell> mysql --user=monty --password=guess
db_name
If you prefer short options, the command looks like this:
shell> mysql -u monty -pguess
db_name
There must be no space between the
-p
option and the following password value. See
Section 5.7.4, “Connecting to the MySQL Server”.
The preceding commands include the password value on the command
line, which can be a security risk. See
Section 5.8.6, “Keeping Your Password Secure”. To avoid this, specify the
--password
or -p
option
without any following password value:
shell>mysql --user=monty --password
shell>db_name
mysql -u monty -p
db_name
Then the client program prints a prompt and waits for you to
enter the password. (In these examples,
db_name
is not
interpreted as a password, because it is separated from the
preceding password option by a space.)
On some systems, the library call that MySQL uses to prompt for a password automatically limits the password to eight characters. That is a problem with the system library, not with MySQL. Internally, MySQL doesn't have any limit for the length of the password. To work around the problem, change your MySQL password to a value that is eight or fewer characters long, or put your password in an option file.
You can create MySQL accounts in two ways:
By using GRANT
statements
By manipulating the MySQL grant tables directly
The preferred method is to use GRANT
statements, because they are more concise and less error-prone.
GRANT
is available as of MySQL 3.22.11; its
syntax is described in Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
Another option for creating accounts is to use one of several
available third-party programs that offer capabilities for MySQL
account administration. phpMyAdmin
is one
such program.
The following examples show how to use the
mysql client program to set up new users.
These examples assume that privileges are set up according to
the defaults described in Section 2.9.3, “Securing the Initial MySQL Accounts”.
This means that to make changes, you must connect to the MySQL
server as the MySQL root
user, and the
root
account must have the
INSERT
privilege for the
mysql
database and the
RELOAD
administrative privilege.
First, use the mysql program to connect to
the server as the MySQL root
user:
shell> mysql --user=root mysql
If you have assigned a password to the root
account, you'll also need to supply a
--password
or -p
option for
this mysql command and also for those later
in this section.
After connecting to the server as root
, you
can add new accounts. The following statements use
GRANT
to set up four new accounts:
mysql>GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
->IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql>GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
->IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql>GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';
mysql>GRANT USAGE ON *.* TO 'dummy'@'localhost';
The accounts created by these GRANT
statements have the following properties:
Two of the accounts have a username of
monty
and a password of
some_pass
. Both accounts are superuser
accounts with full privileges to do anything. One account
('monty'@'localhost'
) can be used only
when connecting from the local host. The other
('monty'@'%'
) can be used to connect from
any other host. Note that it is necessary to have both
accounts for monty
to be able to connect
from anywhere as monty
. Without the
localhost
account, the anonymous-user
account for localhost
that is created by
mysql_install_db would take precedence
when monty
connects from the local host.
As a result, monty
would be treated as an
anonymous user. The reason for this is that the
anonymous-user account has a more specific
Host
column value than the
'monty'@'%'
account and thus comes
earlier in the user
table sort order.
(user
table sorting is discussed in
Section 5.7.5, “Access Control, Stage 1: Connection Verification”.)
One account has a username of admin
and
no password. This account can be used only by connecting
from the local host. It is granted the
RELOAD
and PROCESS
administrative privileges. These privileges allow the
admin
user to execute the
mysqladmin reload, mysqladmin
refresh, and mysqladmin
flush-xxx
commands, as
well as mysqladmin processlist . No
privileges are granted for accessing any databases. You
could add such privileges later by issuing additional
GRANT
statements.
One account has a username of dummy
and
no password. This account can be used only by connecting
from the local host. No privileges are granted. The
USAGE
privilege in the
GRANT
statement allows you to create an
account without giving it any privileges. It has the effect
of setting all the global privileges to
'N'
. It is assumed that you will grant
specific privileges to the account later.
As an alternative to GRANT
, you can create
the same accounts directly by issuing INSERT
statements and then telling the server to reload the grant
tables using FLUSH PRIVILEGES
:
shell>mysql --user=root mysql
mysql>INSERT INTO user
->VALUES('localhost','monty',PASSWORD('some_pass'),
->'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
mysql>INSERT INTO user
->VALUES('%','monty',PASSWORD('some_pass'),
->'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
mysql>INSERT INTO user SET Host='localhost',User='admin',
->Reload_priv='Y', Process_priv='Y';
mysql>INSERT INTO user (Host,User,Password)
->VALUES('localhost','dummy','');
mysql>FLUSH PRIVILEGES;
The reason for using FLUSH PRIVILEGES
when
you create accounts with INSERT
is to tell
the server to re-read the grant tables. Otherwise, the changes
go unnoticed until you restart the server. With
GRANT
, FLUSH PRIVILEGES
is
unnecessary.
The reason for using the PASSWORD()
function
with INSERT
is to encrypt the password. The
GRANT
statement encrypts the password for
you, so PASSWORD()
is unnecessary.
The 'Y'
values enable privileges for the
accounts. For the admin
account, you may also
employ the more readable extended INSERT
syntax using SET
.
In the INSERT
statement for the
dummy
account, only the
Host
, User
, and
Password
columns in the
user
table record are assigned values. None
of the privilege columns are set explicitly, so MySQL assigns
them all the default value of 'N'
. This is
equivalent to what GRANT USAGE
does.
Note that to set up a superuser account, it is necessary only to
create a user
table entry with the privilege
columns set to 'Y'
. user
table privileges are global, so no entries in any of the other
grant tables are needed.
The next examples create three accounts and give them access to
specific databases. Each of them has a username of
custom
and password of
obscure
.
To create the accounts with GRANT
, use the
following statements:
shell>mysql --user=root mysql
mysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
->ON bankaccount.*
->TO 'custom'@'localhost'
->IDENTIFIED BY 'obscure';
mysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
->ON expenses.*
->TO 'custom'@'whitehouse.gov'
->IDENTIFIED BY 'obscure';
mysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
->ON customer.*
->TO 'custom'@'server.domain'
->IDENTIFIED BY 'obscure';
The three accounts can be used as follows:
The first account can access the
bankaccount
database, but only from the
local host.
The second account can access the
expenses
database, but only from the host
whitehouse.gov
.
The third account can access the customer
database, but only from the host
server.domain
.
To set up the custom
accounts without
GRANT
, use INSERT
statements as follows to modify the grant tables directly:
shell>mysql --user=root mysql
mysql>INSERT INTO user (Host,User,Password)
->VALUES('localhost','custom',PASSWORD('obscure'));
mysql>INSERT INTO user (Host,User,Password)
->VALUES('whitehouse.gov','custom',PASSWORD('obscure'));
mysql>INSERT INTO user (Host,User,Password)
->VALUES('server.domain','custom',PASSWORD('obscure'));
mysql>INSERT INTO db
->(Host,Db,User,Select_priv,Insert_priv,
->Update_priv,Delete_priv,Create_priv,Drop_priv)
->VALUES('localhost','bankaccount','custom',
->'Y','Y','Y','Y','Y','Y');
mysql>INSERT INTO db
->(Host,Db,User,Select_priv,Insert_priv,
->Update_priv,Delete_priv,Create_priv,Drop_priv)
->VALUES('whitehouse.gov','expenses','custom',
->'Y','Y','Y','Y','Y','Y');
mysql>INSERT INTO db
->(Host,Db,User,Select_priv,Insert_priv,
->Update_priv,Delete_priv,Create_priv,Drop_priv)
->VALUES('server.domain','customer','custom',
->'Y','Y','Y','Y','Y','Y');
mysql>FLUSH PRIVILEGES;
The first three INSERT
statements add
user
table entries that allow the user
custom
to connect from the various hosts with
the given password, but grant no global privileges (all
privileges are set to the default value of
'N'
). The next three
INSERT
statements add db
table entries that grant privileges to custom
for the bankaccount
,
expenses
, and customer
databases, but only when accessed from the proper hosts. As
usual when you modify the grant tables directly, you tell the
server to reload them with FLUSH PRIVILEGES
so that the privilege changes take effect.
If you want to give a specific user access from all machines in
a given domain (for example, mydomain.com
),
you can issue a GRANT
statement that uses the
‘%
’ wildcard character in the
host part of the account name:
mysql>GRANT ...
->ON *.*
->TO 'myname'@'%.mydomain.com'
->IDENTIFIED BY 'mypass';
To do the same thing by modifying the grant tables directly, do this:
mysql>INSERT INTO user (Host,User,Password,...)
->VALUES('%.mydomain.com','myname',PASSWORD('mypass'),...);
mysql>FLUSH PRIVILEGES;
To remove an account, use the DROP USER
statement, which is described in Section 13.5.1.2, “DROP USER
Syntax”.
One means of limiting use of MySQL server resources is to set
the max_user_connections
system variable to a
non-zero value. However, this method is strictly global, and
does not allow for management of individual accounts. In
addition, it limits only the number of simultaneous connections
made using a single account, and not what a client can do once
connected. Both types of control are interest to many MySQL
administrators, particularly those working for Internet Service
Providers.
In MySQL 5.0, you can limit the following server resources for individual accounts:
The number of queries that an account can issue per hour
The number of updates that an account can issue per hour
The number of times an account can connect to the server per hour
Any statement that a client can issue counts against the query limit. Only statements that modify databases or tables count against the update limit.
From MySQL 5.0.3 on, it is also possible to limit the number of simultaneous connections to the server on a per-account basis.
An account in this context is a single record in the
user
table. Each account is uniquely
identified by its User
and
Host
column values.
As a prerequisite for using this feature, the
user
table in the mysql
database must contain the resource-related columns. Resource
limits are stored in the max_questions
,
max_updates
,
max_connections
, and
max_user_connections
columns. If your
user
table doesn't have these columns, it
must be upgraded; see Section 2.10.3, “Upgrading the Grant Tables”.
To set resource limits with a GRANT
statement, use a WITH
clause that names each
resource to be limited and a per-hour count indicating the limit
value. For example, to create a new account that can access the
customer
database, but only in a limited
fashion, issue this statement:
mysql>GRANT ALL ON customer.* TO 'francis'@'localhost'
->IDENTIFIED BY 'frank'
->WITH MAX_QUERIES_PER_HOUR 20
->MAX_UPDATES_PER_HOUR 10
->MAX_CONNECTIONS_PER_HOUR 5
->MAX_USER_CONNECTIONS 2;
The limit types need not all be named in the
WITH
clause, but those named can be present
in any order. The value for each per-hour limit should be an
integer representing a count per hour. If the
GRANT
statement has no
WITH
clause, the limits are each set to the
default value of zero (that is, no limit). For
MAX_USER_CONNECTIONS
, the limit is an integer
indicating the maximum number of simultaneous connections the
account can make at any one time. If the limit is set to the
default value of zero, the
max_user_connections
system variable
determines the number of simultaneous connections for the
account.
To set or change limits for an existing account, use a
GRANT USAGE
statement at the global level
(ON *.*
). The following statement changes the
query limit for francis
to 100:
mysql>GRANT USAGE ON *.* TO 'francis'@'localhost'
->WITH MAX_QUERIES_PER_HOUR 100;
This statement leaves the account's existing privileges unchanged and modifies only the limit values specified.
To remove an existing limit, set its value to zero. For example,
to remove the limit on how many times per hour
francis
can connect, use this statement:
mysql>GRANT USAGE ON *.* TO 'francis'@'localhost'
->WITH MAX_CONNECTIONS_PER_HOUR 0;
Resource-use counting takes place when any account has a non-zero limit placed on its use of any of the resources.
As the server runs, it counts the number of times each account uses resources. If an account reaches its limit on number of connections within the last hour, further connections for the account are rejected until that hour is up. Similarly, if the account reaches its limit on the number of queries or updates, further queries or updates are rejected until the hour is up. In all such cases, an appropriate error message is issued.
Resource counting is done per account, not per client. For example, if your account has a query limit of 50, you cannot increase your limit to 100 by making two simultaneous client connections to the server. Queries issued on both connections are counted together.
The current per-hour resource-use counts can be reset globally for all accounts, or individually for a given account:
To reset the current counts to zero for all accounts, issue
a FLUSH USER_RESOURCES
statement. The
counts also can be reset by reloading the grant tables (for
example, with a FLUSH PRIVILEGES
statement or a mysqladmin reload
command).
The counts for an individual account can be set to zero by
re-granting it any of its limits. To do this, use
GRANT USAGE
as described earlier and
specify a limit value equal to the value that the account
currently has.
Counter resets do not affect the
MAX_USER_CONNECTIONS
limit.
All counts begin at zero when the server starts; counts are not carried over through a restart.
Passwords may be assigned from the command line by using the mysqladmin command:
shell> mysqladmin -u user_name
-h host_name
password "newpwd
"
The account for which this command resets the password is the
one with a user
table record that matches
user_name
in the
User
column and the client host
from which you connect in the
Host
column.
Another way to assign a password to an account is to issue a
SET PASSWORD
statement:
mysql> SET PASSWORD FOR 'jeffrey'@'%' = PASSWORD('biscuit');
Only users such as root
with update access to
the mysql
database can change the password
for other users. If you are not connected as an anonymous user,
you can change your own password by omitting the
FOR
clause:
mysql> SET PASSWORD = PASSWORD('biscuit');
You can also use a GRANT USAGE
statement at
the global level (ON *.*
) to assign a
password to an account without affecting the account's current
privileges:
mysql> GRANT USAGE ON *.* TO 'jeffrey'@'%' IDENTIFIED BY 'biscuit';
Although it is generally preferable to assign passwords using
one of the preceding methods, you can also do so by modifying
the user
table directly:
To establish a password when creating a new account, provide
a value for the Password
column:
shell>mysql -u root mysql
mysql>INSERT INTO user (Host,User,Password)
->VALUES('%','jeffrey',PASSWORD('biscuit'));
mysql>FLUSH PRIVILEGES;
To change the password for an existing account, use
UPDATE
to set the
Password
column value:
shell>mysql -u root mysql
mysql>UPDATE user SET Password = PASSWORD('bagel')
->WHERE Host = '%' AND User = 'francis';
mysql>FLUSH PRIVILEGES;
When you assign an account a password using SET
PASSWORD
, INSERT
, or
UPDATE
, you must use the
PASSWORD()
function to encrypt it. (The only
exception is that you need not use PASSWORD()
if the password is empty.) PASSWORD()
is
necessary because the user
table stores
passwords in encrypted form, not as plaintext. If you forget
that fact, you are likely to set passwords like this:
shell>mysql -u root mysql
mysql>INSERT INTO user (Host,User,Password)
->VALUES('%','jeffrey','biscuit');
mysql>FLUSH PRIVILEGES;
The result is that the literal value
'biscuit'
is stored as the password in the
user
table, not the encrypted value. When
jeffrey
attempts to connect to the server
using this password, the value is encrypted and compared to the
value stored in the user
table. However, the
stored value is the literal string 'biscuit'
,
so the comparison fails and the server rejects the connection:
shell> mysql -u jeffrey -pbiscuit test
Access denied
If you set passwords using the GRANT ... IDENTIFIED
BY
statement or the mysqladmin
password command, they both take care of encrypting
the password for you. In these cases, using
PASSWORD()
function is unnecessary.
Note:
PASSWORD()
encryption is different from Unix
password encryption. See Section 5.8.1, “MySQL Usernames and Passwords”.
On an administrative level, you should never grant access to the
mysql.user
table to any non-administrative
accounts.
When you run a client program to connect to the MySQL server, it is inadvisable to specify your password in a way that exposes it to discovery by other users. The methods you can use to specify your password when you run client programs are listed here, along with an assessment of the risks of each method:
Use a
-p
or
your_pass
--password=
option on the command line. For example:
your_pass
shell> mysql -u francis -pfrank db_name
This is convenient but insecure, because your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrite the command-line password argument with zeros during their initialization sequence, but there is still a brief interval during which the value is visible.
Use a -p
or --password
option with no password value specified. In this case, the
client program solicits the password from the terminal:
shell> mysql -u francis -p db_name
Enter password: ********
The ‘*
’ characters indicate
where you enter your password. The password is not displayed
as you enter it.
It is more secure to enter your password this way than to specify it on the command line because it is not visible to other users. However, this method of entering a password is suitable only for programs that you run interactively. If you want to invoke a client from a script that runs non-interactively, there is no opportunity to enter the password from the terminal. On some systems, you may even find that the first line of your script is read and interpreted (incorrectly) as your password!
Store your password in an option file. For example, on Unix
you can list your password in the
[client]
section of the
.my.cnf
file in your home directory:
[client] password=your_pass
If you store your password in .my.cnf
,
the file should not be accessible to anyone but yourself. To
ensure this, set the file access mode to
400
or 600
. For
example:
shell> chmod 600 .my.cnf
Section 4.3.2, “Using Option Files” discusses option files in more detail.
Store your password in the MYSQL_PWD
environment variable. This method of specifying your MySQL
password must be considered extremely insecure and should
not be used. Some versions of ps include
an option to display the environment of running processes.
If you set MYSQL_PWD
, your password is
exposed to any other user who runs ps.
Even on systems without such a version of
ps, it is unwise to assume that there are
no other methods by which users can examine process
environments. See Appendix F, Environment Variables.
All in all, the safest methods are to have the client program prompt for the password or to specify the password in a properly protected option file.
MySQL 5.0 includes support for secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. This section discusses how to use SSL connections. It also describes a way to set up SSH on Windows.
The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a CPU-intensive operation that requires the computer to do additional work and can delay other MySQL tasks. For applications that require the security provided by encrypted connections, the extra computation is warranted.
MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal unencrypted connection or a secure encrypted SSL connection according the requirements of individual applications.
To understand how MySQL uses SSL, it's necessary to explain some basic SSL and X509 concepts. People who are familiar with them can skip this part.
By default, MySQL uses unencrypted connections between the
client and the server. This means that someone with access to
the network could watch all your traffic and look at the data
being sent or received. They could even change the data while
it is in transit between client and server. To improve
security a little, you can compress client/server traffic by
using the --compress
option when invoking
client programs. However, this does not foil a determined
attacker.
When you need to move information over a network in a secure fashion, an unencrypted connection is unacceptable. Encryption is the way to make any kind of data unreadable. In fact, today's practice requires many additional security elements from encryption algorithms. They should resist many kind of known attacks such as changing the order of encrypted messages or replaying data twice.
SSL is a protocol that uses different encryption algorithms to ensure that data received over a public network can be trusted. It has mechanisms to detect any data change, loss, or replay. SSL also incorporates algorithms that provide identity verification using the X509 standard.
X509 makes it possible to identify someone on the Internet. It is most commonly used in e-commerce applications. In basic terms, there should be some company called a “Certificate Authority” (or CA) that assigns electronic certificates to anyone who needs them. Certificates rely on asymmetric encryption algorithms that have two encryption keys (a public key and a secret key). A certificate owner can show the certificate to another party as proof of identity. A certificate consists of its owner's public key. Any data encrypted with this public key can be decrypted only using the corresponding secret key, which is held by the owner of the certificate.
If you need more information about SSL, X509, or encryption, use your favorite Internet search engine to search for keywords in which you are interested.
To use SSL connections between the MySQL server and client programs, your system must be able to support OpenSSL. If you're using a MySQL version with built-in yaSSL support (as of version 5.0.10), don't read this section, but rather Section 5.8.7.3, “Using yaSSL”.
To get secure connections to work with MySQL, you must do the following:
Install the OpenSSL library. We have tested MySQL with OpenSSL 0.9.6. If you need OpenSSL, visit http://www.openssl.org.
When you configure MySQL, run the
configure script with the
--with-vio
and
--with-openssl
options.
Make sure that you have upgraded your grant tables to
include the SSL-related columns in the
mysql.user
table. This is necessary if
your grant tables date from a version prior to MySQL
4.0.0. The upgrade procedure is described in
Section 2.10.3, “Upgrading the Grant Tables”.
To check whether a running mysqld
server supports OpenSSL, examine the value of the
have_openssl
system variable:
mysql> SHOW VARIABLES LIKE 'have_openssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
+---------------+-------+
If the value is YES
, the server
supports OpenSSL connections.
Using MySQL's built-in yaSSL support makes it easier to use secure connections. You don't have to install OpenSSL and perform the other steps described in Section 5.8.7.2, “Requirements (OpenSSL)”. Also, both MySQL and yaSSL employ the same licensing model.
Currently, yaSSL support is available for these platforms:
Linux/x86-64 Red Hat Enterprise 3.0
Linux RHAS21 Itanium-2 with gcc, statically linked
Linux Itanium-2 with gcc
Windows (all builds)
If you want to enable yaSSL when building MySQL from source, you should configure MySQL like this:
./configure --with-yassl=yes
To start the MySQL server with yaSSL support, use the same options as with OpenSSL support and identify the certificates needed to establish a secure connection:
shell>mysqld --ssl-ca=
cacert.pem
\--ssl-cert=
server-cert.pem
\--ssl-key=
server-key.pem
--ssl-ca
identifies the Certificate
Authority certificate.
--ssl-cert
identifies the server
certificate.
--ssl-key
identifies the client
certificate.
To establish a secure connection to a MySQL server with yaSSL support, start a client like this:
shell>mysql --ssl-ca=
cacert.pem
\--ssl-cert=
server-cert.pem
\--ssl-key=
server-key.pem
In other words, the options are the same as for the server, and the Certificate Authority certificate has to be the same.
To establish a secure connection from an application program,
use the mysql_ssl_set()
API function to set
the appropriate certificate options, before calling
mysql_real_connect()
. See
Section 23.2.3.64, “mysql_ssl_set()
”.
Here is an example for setting up SSL certificates for MySQL:
DIR=`pwd`/openssl PRIV=$DIR/private mkdir $DIR $PRIV $DIR/newcerts cp /usr/share/ssl/openssl.cnf $DIR replace ./demoCA $DIR -- $DIR/openssl.cnf # Create necessary files: $database, $serial and $new_certs_dir # directory (optional) touch $DIR/index.txt echo "01" > $DIR/serial # # Generation of Certificate Authority(CA) # openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \ -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # ................++++++ # .........++++++ # writing new private key to '/home/monty/openssl/private/cakey.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL admin # Email Address []: # # Create server request and key # openssl req -new -keyout $DIR/server-key.pem -out \ $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # ..++++++ # ..........++++++ # writing new private key to '/home/monty/openssl/server-key.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL server # Email Address []: # # Please enter the following 'extra' attributes # to be sent with your certificate request # A challenge password []: # An optional company name []: # # Remove the passphrase from the key (optional) # openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem # # Sign server cert # openssl ca -policy policy_anything -out $DIR/server-cert.pem \ -config $DIR/openssl.cnf -infiles $DIR/server-req.pem # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Enter PEM pass phrase: # Check that the request matches the signature # Signature ok # The Subjects Distinguished Name is as follows # countryName :PRINTABLE:'FI' # organizationName :PRINTABLE:'MySQL AB' # commonName :PRINTABLE:'MySQL admin' # Certificate is to be certified until Sep 13 14:22:46 2003 GMT # (365 days) # Sign the certificate? [y/n]:y # # # 1 out of 1 certificate requests certified, commit? [y/n]y # Write out database with 1 new entries # Data Base Updated # # Create client request and key # openssl req -new -keyout $DIR/client-key.pem -out \ $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Generating a 1024 bit RSA private key # .....................................++++++ # .............................................++++++ # writing new private key to '/home/monty/openssl/client-key.pem' # Enter PEM pass phrase: # Verifying password - Enter PEM pass phrase: # ----- # You are about to be asked to enter information that will be # incorporated into your certificate request. # What you are about to enter is what is called a Distinguished Name # or a DN. # There are quite a few fields but you can leave some blank # For some fields there will be a default value, # If you enter '.', the field will be left blank. # ----- # Country Name (2 letter code) [AU]:FI # State or Province Name (full name) [Some-State]:. # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []:MySQL user # Email Address []: # # Please enter the following 'extra' attributes # to be sent with your certificate request # A challenge password []: # An optional company name []: # # Remove a passphrase from the key (optional) # openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem # # Sign client cert # openssl ca -policy policy_anything -out $DIR/client-cert.pem \ -config $DIR/openssl.cnf -infiles $DIR/client-req.pem # Sample output: # Using configuration from /home/monty/openssl/openssl.cnf # Enter PEM pass phrase: # Check that the request matches the signature # Signature ok # The Subjects Distinguished Name is as follows # countryName :PRINTABLE:'FI' # organizationName :PRINTABLE:'MySQL AB' # commonName :PRINTABLE:'MySQL user' # Certificate is to be certified until Sep 13 16:45:17 2003 GMT # (365 days) # Sign the certificate? [y/n]:y # # # 1 out of 1 certificate requests certified, commit? [y/n]y # Write out database with 1 new entries # Data Base Updated # # Create a my.cnf file that you can use to test the certificates # cnf="" cnf="$cnf [client]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/client-cert.pem" cnf="$cnf ssl-key=$DIR/client-key.pem" cnf="$cnf [mysqld]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/server-cert.pem" cnf="$cnf ssl-key=$DIR/server-key.pem" echo $cnf | replace " " ' ' > $DIR/my.cnf
To test SSL connections, start the server as follows, where
$DIR
is the pathname to the directory where
the sample my.cnf
option file is located:
shell> mysqld --defaults-file=$DIR/my.cnf &
Then invoke a client program using the same option file:
shell> mysql --defaults-file=$DIR/my.cnf
If you have a MySQL source distribution, you can also test
your setup by modifying the preceding
my.cnf
file to refer to the demonstration
certificate and key files in the SSL
directory of the distribution.
MySQL can check X509 certificate attributes in addition to the
usual authentication that is based on the username and
password. To specify SSL-related options for a MySQL account,
use the REQUIRE
clause of the
GRANT
statement. See
Section 13.5.1.3, “GRANT
and REVOKE
Syntax”.
There are different possibilities for limiting connection types for an account:
If an account has no SSL or X509 requirements, unencrypted connections are allowed if the username and password are valid. However, encrypted connections also can be used at the client's option, if the client has the proper certificate and key files.
REQUIRE SSL
option limits the server to
allow only SSL encrypted connections for the account. Note
that this option can be omitted if there are any ACL
records that allow non-SSL connections.
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret' REQUIRE SSL;
REQUIRE X509
means that the client must
have a valid certificate but that the exact certificate,
issuer, and subject do not matter. The only requirement is
that it should be possible to verify its signature with
one of the CA certificates.
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret' REQUIRE X509;
REQUIRE ISSUER 'issuer'
places the
restriction on connection attempts that the client must
present a valid X509 certificate issued by CA
'issuer'
. If the client presents a
certificate that is valid but has a different issuer, the
server rejects the connection. Use of X509 certificates
always implies encryption, so the SSL
option is unnecessary.
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret'
->REQUIRE ISSUER '/C=FI/ST=Some-State/L=Helsinki/
O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com';
Note that the ISSUER
value should be
entered as a single string.
REQUIRE SUBJECT 'subject'
places the
restriction on connection attempts that the client must
present a valid X509 certificate with subject
'subject'
on it. If the client presents
a certificate that is valid but has a different subject,
the server rejects the connection.
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret'
->REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/
O=MySQL demo client certificate/ CN=Tonu Samuel/Email=tonu@example.com';
Note that the SUBJECT
value should be
entered as a single string.
REQUIRE CIPHER 'cipher'
is needed to
ensure that strong enough ciphers and key lengths are
used. SSL itself can be weak if old algorithms with short
encryption keys are used. Using this option, we can ask
for some exact cipher method to allow a connection.
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret'
->REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA';
The SUBJECT
, ISSUER
, and
CIPHER
options can be combined in the
REQUIRE
clause like this:
mysql>GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
->IDENTIFIED BY 'goodsecret'
->REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/
O=MySQL demo client certificate/ CN=Tonu Samuel/Email=tonu@example.com' ->AND ISSUER '/C=FI/ST=Some-State/L=Helsinki/
O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com' ->AND CIPHER 'EDH-RSA-DES-CBC3-SHA';
Note that the SUBJECT
and
ISSUER
values each should be entered as a
single string.
In MySQL 5.0, the AND
keyword
is optional between REQUIRE
options.
The order of the options does not matter, but no option can be specified twice.
The following list describes options that are used for specifying the use of SSL, certificate files, and key files. They may be given on the command line or in an option file.
--ssl
For the server, this option specifies that the server
allows SSL connections. For a client program, it allows
the client to connect to the server using SSL. This option
is not sufficient in itself to cause an SSL connection to
be used. You must also specify the
--ssl-ca
, --ssl-cert
,
and --ssl-key
options.
This option is more often used in its opposite form to
indicate that SSL should not be used.
To do this, specify the option as
--skip-ssl
or --ssl=0
.
Note that use of --ssl
doesn't
require an SSL connection. For
example, if the server or client is compiled without SSL
support, a normal unencrypted connection is used.
The secure way to ensure that an SSL connection is used is
to create an account on the server that includes a
REQUIRE SSL
clause in the
GRANT
statement. Then use this account
to connect to the server, with both a server and client
that have SSL support enabled.
--ssl-ca=
file_name
The path to a file with a list of trusted SSL CAs.
--ssl-capath=
directory_name
The path to a directory that contains trusted SSL CA certificates in pem format.
--ssl-cert=
file_name
The name of the SSL certificate file to use for establishing a secure connection.
--ssl-cipher=
cipher_list
A list of allowable ciphers to use for SSL encryption.
cipher_list
has the same format
as the openssl ciphers
command.
Example: --ssl-cipher=ALL:-AES:-EXP
--ssl-key=
file_name
The name of the SSL key file to use for establishing a secure connection.
Here is a note about how to connect to get a secure connection
to remote MySQL server with SSH (by David Carlson
<dcarlson@mplcomm.com>
):
Install an SSH client on your Windows machine. As a user,
the best non-free one I've found is from
SecureCRT
from
http://www.vandyke.com/. Another option is
f-secure
from
http://www.f-secure.com/. You can also find
some free ones on Google
at
http://directory.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/SSH/Clients/Windows/.
Start your Windows SSH client. Set Host_Name =
yourmysqlserver_URL_or_IP
. Set
userid=your_userid
to log in to your
server. This userid
value may not be
the same as the username of your MySQL account.
Set up port forwarding. Either do a remote forward (Set
local_port: 3306
, remote_host:
yourmysqlservername_or_ip
, remote_port:
3306
) or a local forward (Set port:
3306
, host: localhost
,
remote port: 3306
).
Save everything, otherwise you'll have to redo it the next time.
Log in to your server with the SSH session you just created.
On your Windows machine, start some ODBC application (such as Access).
Create a new file in Windows and link to MySQL using the
ODBC driver the same way you normally do, except type in
localhost
for the MySQL host server,
not yourmysqlservername
.
You should have an ODBC connection to MySQL, encrypted using SSH.
This section discusses how to make database backups (full and
incremental) and how to perform table maintenance. The syntax of
the SQL statements described here is given in
Chapter 5, Database Administration. Much of the information
here pertains primarily to MyISAM
tables.
InnoDB
backup procedures are given in
Section 15.8, “Backing Up and Recovering an InnoDB
Database”.
Because MySQL tables are stored as files, it is easy to do a
backup. To get a consistent backup, do a LOCK
TABLES
on the relevant tables, followed by
FLUSH TABLES
for the tables. See
Section 13.4.5, “LOCK TABLES
and UNLOCK TABLES
Syntax” and Section 13.5.5.2, “FLUSH
Syntax”. You
need only a read lock; this allows other clients to continue to
query the tables while you are making a copy of the files in the
database directory. The FLUSH TABLES
statement is needed to ensure that the all active index pages
are written to disk before you start the backup.
If you want to make an SQL-level backup of a table, you can use
SELECT INTO ... OUTFILE
or BACKUP
TABLE
. For SELECT INTO ... OUTFILE
,
the output file cannot previously exist. This is also true of
BACKUP TABLE
, since allowing extant files to
be overwritten would constitute a security risk. See
Section 13.2.7, “SELECT
Syntax” and Section 13.5.2.2, “BACKUP TABLE
Syntax”.
Another technique for backing up a database is to use the mysqldump program or the mysqlhotcopy script. See Section 8.8, “mysqldump — A Database Backup Program” and Section 8.9, “mysqlhotcopy — A Database Backup Program”.
Do a full backup of your database:
shell> mysqldump --tab=/path/to/some/dir
--opt db_name
Or:
shell> mysqlhotcopy db_name
/path/to/some/dir
You can also simply copy all table files
(*.frm
, *.MYD
, and
*.MYI
files) as long as the server
isn't updating anything. The mysqlhotcopy
script uses this method. (But note that these methods do not
work if your database contains InnoDB
tables. InnoDB
does not store table
contents in database directories, and
mysqlhotcopy works only for
MyISAM
tables.)
Stop mysqld if it's running, then start
it with the --log-bin[=file_name]
option.
See Section 5.11.3, “The Binary Log”. The binary log files
provide you with the information you need to replicate
changes to the database that are made subsequent to the
point at which you executed mysqldump.
For InnoDB
tables, it's possible to perform
an online backup that takes no locks on tables; see
Section 8.8, “mysqldump — A Database Backup Program”
MySQL supports incremental backups: You need to start the server
with the --log-bin
option to enable binary
logging; see Section 5.11.3, “The Binary Log”. At the moment you
want to make an incremental backup (containing all changes that
happened since the last full or incremental backup), you should
rotate the binary log by using FLUSH LOGS
.
This done, you need to copy to the backup location all binary
logs which range from the one of the moment of the last full or
incremental backup to the last but one. These binary logs are
the incremental backup; at restore time, you apply them as
explained further below. The next time you do a full backup, you
should also rotate the binary log using FLUSH
LOGS
, mysqldump --flush-logs
, or
mysqlhotcopy --flushlogs
. See
Section 8.8, “mysqldump — A Database Backup Program” and Section 8.9, “mysqlhotcopy — A Database Backup Program”.
If your MySQL server is a slave replication server, then
regardless of the backup method you choose, you should also back
up the master.info
and
relay-log.info
files when you back up your
slave's data. These files are always needed to resume
replication after you restore the slave's data. If your slave is
subject to replicating LOAD DATA INFILE
commands, you should also back up any
SQL_LOAD-*
files that may exist in the
directory specified by the --slave-load-tmpdir
option. (This location defaults to the value of the
tmpdir
variable if not specified.) The slave
needs these files to resume replication of any interrupted
LOAD DATA INFILE
operations.
If you have to restore MyISAM
tables, try to
recover them using REPAIR TABLE
or
myisamchk -r first. That should work in 99.9%
of all cases. If myisamchk fails, try the
following procedure. Note that it works only if you have enabled
binary logging by starting MySQL with the
--log-bin
option; see
Section 5.11.3, “The Binary Log”.
Restore the original mysqldump backup, or binary backup.
Execute the following command to re-run the updates in the binary logs:
shell> mysqlbinlog hostname-bin.[0-9]* | mysql
In some cases, you may want to re-run only certain binary logs, from certain positions (usually you want to re-run all binary logs from the date of the restored backup, excepting possibly some incorrect queries). See Section 8.6, “mysqlbinlog — Utility for Processing Binary Log Files” for more information on the mysqlbinlog utility and how to use it.
You can also do selective backups of individual files:
To dump the table, use SELECT * INTO OUTFILE
'
.
file_name
' FROM
tbl_name
To reload the table, use and restore with LOAD DATA
INFILE 'file_name' REPLACE ...
To avoid duplicate
records, the table must have a PRIMARY
KEY
or a UNIQUE
index. The
REPLACE
keyword causes old records to be
replaced with new ones when a new record duplicates an old
record on a unique key value.
If you have performance problems with your server while making backups, one strategy that can help is to set up replication and perform backups on the slave rather than on the master. See Section 6.1, “Introduction to Replication”.
If you are using a Veritas filesystem, you can make a backup like this:
From a client program, execute FLUSH TABLES WITH
READ LOCK
.
From another shell, execute mount vxfs
snapshot
.
From the first client, execute UNLOCK
TABLES
.
Copy files from the snapshot.
Unmount the snapshot.
This section discusses a procedure for performing backups that allows you to recover data after several types of crashes:
Operating system crash
Power failure
Filesystem crash
Hardware problem (hard drive, motherboard, and so forth)
The example commands do not include options such as
--user
and --password
for the
mysqldump and mysql
programs. You should include such options as necessary so that
the MySQL server allows you to connect to it.
We'll assume that data is stored in MySQL's
InnoDB
storage engine, which has support for
transactions and automatic crash recovery. We'll always assume
that the MySQL server is under load at the time of crash. If it
were not, no recovery would ever be needed.
For cases of operating system crashes or power failures, we can
assume that MySQLś disk data is available after a restart. The
InnoDB
data files might not contain
consistent data due to the crash, but InnoDB
reads its logs and finds in them the list of pending committed
and non-committed transactions that have not been flushed to the
data files. InnoDB
automatically rolls back
those transactions that were not committed, and flushes to its
data files those that were. Information about this recovery
process is conveyed to the user through the MySQL error log. The
following is an example log excerpt:
InnoDB: Database was not shut down normally. InnoDB: Starting recovery from log files... InnoDB: Starting log scan based on checkpoint at InnoDB: log sequence number 0 13674004 InnoDB: Doing recovery: scanned up to log sequence number 0 13739520 InnoDB: Doing recovery: scanned up to log sequence number 0 13805056 InnoDB: Doing recovery: scanned up to log sequence number 0 13870592 InnoDB: Doing recovery: scanned up to log sequence number 0 13936128 ... InnoDB: Doing recovery: scanned up to log sequence number 0 20555264 InnoDB: Doing recovery: scanned up to log sequence number 0 20620800 InnoDB: Doing recovery: scanned up to log sequence number 0 20664692 InnoDB: 1 uncommitted transaction(s) which must be rolled back InnoDB: Starting rollback of uncommitted transactions InnoDB: Rolling back trx no 16745 InnoDB: Rolling back of trx no 16745 completed InnoDB: Rollback of uncommitted transactions completed InnoDB: Starting an apply batch of log records to the database... InnoDB: Apply batch completed InnoDB: Started mysqld: ready for connections
In cases of filesystem crashes or hardware problems, we can assume that the MySQL disk data is not available after a restart. This means that MySQL fails to start successfully because some blocks of disk data are no longer readable. In this case, it's necessary to reformat the disk, install a new one, or otherwise correct the underlying problem. Then it's necessary to recover our MySQL data from backups, which means that we must already have made backups. To make sure that is the case, let's step back in time and design a backup policy.
We all know that backups must be scheduled periodically. Full
backups (a snapshot of the data at a point in time) can be
done in MySQL with several tools. For example, InnoDB
Hot Backup
provides online non-blocking physical
backup of the InnoDB
data files, and
mysqldump provides online logical backup.
This discussion uses mysqldump.
Assume that we make a backup on Sunday at 1 PM, when load is
low. The following command makes a full backup of all our
InnoDB
tables in all databases:
shell> mysqldump --single-transaction --all-databases > backup_sunday_1_PM.sql
This is an online, non-blocking backup that does not disturb
the reads and writes on the tables. We assumed earlier that
our tables are InnoDB
tables, so
--single-transaction
uses a consistent read
and guarantees that data seen by mysqldump
does not change. (Changes made by other clients to
InnoDB
tables are not seen by the
mysqldump process.) If we do also have
other types of tables, we must assume that they are not
changed during the backup. For example, for the
MyISAM
tables in the
mysql
database, we must assume that no
administrative changes are being made to MySQL accounts during
the backup.
The resulting .sql
file produced by the
mysqldump command contains a set of SQL
INSERT
statements that can be used to
reload the dumped tables later.
Full backups are necessary, but they are not always convenient. They produce large backup files and take time to generate. They are not optimal in the sense that each successive full backup includes all data, even that part that didn't change since the previous full backup. After we have made an initial full backup, it is more efficient to make incremental backups. They are smaller and take less time to produce. The tradeoff is that, at recovery time, you cannot restore your data just by reloading the full backup. You must also process the incremental backups to recover the incremental changes.
To make incremental backups, we need to save the incremental
changes. The MySQL server should always be started with the
--log-bin
option so that it stores these
changes in a file while it updates data. This option enables
binary logging, so that the server writes each SQL statement
that updates data into a file called a MySQL binary log. Let's
look at the data directory of a MySQL server that was started
with the --log-bin
option and that has been
running for some days. We find these MySQL binary log files:
-rw-rw---- 1 guilhem guilhem 1277324 Nov 10 23:59 gbichot2-bin.000001 -rw-rw---- 1 guilhem guilhem 4 Nov 10 23:59 gbichot2-bin.000002 -rw-rw---- 1 guilhem guilhem 79 Nov 11 11:06 gbichot2-bin.000003 -rw-rw---- 1 guilhem guilhem 508 Nov 11 11:08 gbichot2-bin.000004 -rw-rw---- 1 guilhem guilhem 220047446 Nov 12 16:47 gbichot2-bin.000005 -rw-rw---- 1 guilhem guilhem 998412 Nov 14 10:08 gbichot2-bin.000006 -rw-rw---- 1 guilhem guilhem 361 Nov 14 10:07 gbichot2-bin.index
Each time it restarts, the MySQL server creates a new binary
log file using the next number in the sequence. While the
server is running, you can also tell it to close the current
binary log file and begin a new one manually by issuing a
FLUSH LOGS
SQL statement or with a
mysqladmin flush-logs command.
mysqldump also has an option to flush the
logs. The .index
file in the data directory
contains the list of all MySQL binary logs in the directory.
This file is used for replication.
The MySQL binary logs are important for recovery, because they are incremental backups. If you make sure to flush the logs when you make your full backup, then any binary log files created afterward contain all the data changes made since the backup. Let's modify the previous mysqldump command a bit so that it flushes the MySQL binary logs at the moment of the full backup, and so that the dump file contains the name of the new current binary log:
shell> mysqldump --single-transaction --flush-logs --master-data=2
--all-databases > backup_sunday_1_PM.sql
After executing this command, the the data directory contains
a new binary log file,
gbichot2-bin.000007
. The resulting
.sql
file contains these lines:
-- Position to start replication or point-in-time recovery from -- CHANGE MASTER TO MASTER_LOG_FILE='gbichot2-bin.000007',MASTER_LOG_POS=4;
Because the mysqldump command made a full backup, these lines mean two things:
The .sql
file contains all changes
made before any changes written to the
gbichot2-bin.000007
binary log file
or newer.
All data changes logged after the backup are not present
in the .sql
, but are present in the
gbichot2-bin.000007
binary log file
or newer.
On Monday at 1 PM, we can create an incremental backup by
flushing the logs to begin a new binary log file. For example,
executing a mysqladmin flush-logs command
creates gbichot2-bin.000008
. All changes
between the Sunday 1 PM full backup and Monday 1 PM are the
file gbichot2-bin.000007
. This
incremental backup is important, so it's a good idea to copy
it to a safe place. (For example, back it up on tape or DVD,
or copy it to another machine.) On Tuesday 1 PM, execute
another mysqladmin flush-logs command. All
changes between Monday 1 PM and Tuesday 1 PM are the file
gbichot2-bin.000008
(which also should be
copied somewhere safe).
The MySQL binary logs take up disk space. To free up space, purge them from time to time. One way to do this is by deleting the binary logs that are no longer needed, such as when we make a full backup:
shell> mysqldump --single-transaction --flush-logs --master-data=2
--all-databases --delete-master-logs > backup_sunday_1_PM.sql
Note: Deleting the MySQL binary logs with mysqldump --delete-master-logs can be dangerous if your server is a replication master server, because slave servers might not yet fully have processed the contents of the binary log.
The description for the PURGE MASTER LOGS
statement explains what should be verified before deleting the
MySQL binary logs. See Section 13.6.1.1, “PURGE MASTER LOGS
Syntax”.
Now suppose that we have a catastrophic crash on Wednesday at 8 AM that requires recovery from backups. To recover, first we restore the last full backup we have (the one from Sunday 1 PM). The full backup file is just a set of SQL statements, so restoring it is very easy:
shell> mysql < backup_sunday_1_PM.sql
At this point, the data is restored to its state as of Sunday
1 PM. To restore the changes made since then, we must use the
incremental backups, that is, the
gbichot2-bin.000007
and
gbichot2-bin.000008
binary log files.
Fetch them if necessary from where they were backed up, and
then process their contents like this:
shell> mysqlbinlog gbichot2-bin.000007 gbichot2-bin.000008 | mysql
We now have recovered the data to its state as of Tuesday 1
PM, but still are missing the changes from that date to the
date of the crash. To not miss them, we would have needed to
have the MySQL server store its MySQL binary logs into a safe
location (RAID disks, SAN, ...) different from the place where
it stores its data files, so that these logs were not in the
destroyed disk. (That is, we can start the server with a
--log-bin
option that specifies a location on
a different physical device than the one on which the data
directory resides. That way, the logs are not lost even if the
device containing the directory is.) If we had done this, we
would have the gbichot2-bin.000009
at
hand, and we could apply it to restore the most recent data
changes with no loss how it was at the moment of the crash.
In case of an operating system crash or power failure,
InnoDB
itself does all the job of
recovering data. But to make sure that you can sleep well,
observe the following guidelines:
Always run the MySQL server with the
--log-bin
option, or even
--log-bin=
,
where the log file name is located on some safe media
different from the drive on which the data directory is
located. If you have such safe media, this can also be
good for disk load balancing (which results in a
performance improvement).
log_name
Make periodic full backups, using the last mysqldump command given earlier that makes an online, non-blocking backup.
Make periodic incremental backups by flushing the logs
with FLUSH LOGS
or mysqladmin
flush-logs.
If a MySQL server has the binary log enabled, you can use the mysqlbinlog utility to recover data starting from a specified point in time (for example, since your last backup) until the present or another specified point in time. For information on enabling the binary log, see Section 5.11.3, “The Binary Log”. For more information on the mysqlbinlog, see Section 8.6, “mysqlbinlog — Utility for Processing Binary Log Files”.
To be able to restore data from a binary log, you will need to
know the path and name of the current binary log file. The path
can tyically be found in the options file (that is,
my.cnf
or my.ini
,
depending on your system). If it's not contained in the options
file, it may be given as an option at the command-line when the
server is started. The option for enabling binary logging is
--log-bin
. To determine the name of the current
binary log file, enter the following statement in MySQL:
SHOW BINLOG EVENTS \G
If you prefer, you could enter the following from the command line instead:
mysql --user=root
-pmy_pwd
-e 'SHOW BINLOG EVENTS \G'
Replace the password my_pwd
with the
root
password for your server.
As of version 4.1.4 of MySQL, the
--start-date
and the
--stop-date
options are available for
mysqlbinlog to specify the start and end
times in the DATETIME
format. As an
example, suppose that exactly at 10:00 a.m. today (today being
April 20, 2005) an SQL statement was executed which deleted a
large table. To restore the table and data, you could restore
the previous night's backup, and then enter the following:
mysqlbinlog --stop-date="2005-04-20 9:59:59" /var/log/mysql/bin.123456 \ | mysql -uroot
-pmypwd
This will recover all of the data up until the date and time
given as a DATETIME
format for the
--stop-date
option. If you did not detect the
erroneous SQL statement that was entered until hours later,
you will probably want to recover the activity that occurred
afterwards, as well. Based on this, you could run the
mysqlbinlog again with a start date and
time like so:
mysqlbinlog --start-date="2005-04-20 10:01:00" /var/log/mysql/bin.123456 \ | mysql -uroot
-pmypwd
\
In this line, the SQL statements logged from 10:01 a.m. will be run. The combination of executing of the previous night's dump file and the two lines of the mysqlbinlog will restore everything up until one second before 10:00 a.m. and everything from 10:01 a.m. on. You should examine the log to be sure of the exact times. The next section explains how this might be done.
Instead of specifying dates and times, the options
--start-position
and
--stop-position
for
mysqlbinlog could be used for specifying
log positions. They work the same as the start and stop date
options, except that position numbers from the log are given.
Using log positions may a be more accurate recovery method,
especially if many transactions occurred around the same time
as a damaging SQL statement. To determine the position
numbers, you could run mysqlbinlog for a
range of times around when the unwanted transaction was
executed, but redirect the results to a text file for
examination. This can be done like so:
mysqlbinlog --start-date="2005-04-20 9:55:00" --stop-date="2005-04-20 10:05:00" \ /var/log/mysql/bin.123456 > /tmp/mysql_restore.sql
This will create a small text file in the
/tmp
directory which will show the SQL
statements around the time the deleterious SQL statement was
executed. You would then open this file with a text editor and
look for the statement that you don't want to repeat. Once the
position numbers in the binary log are determined for stopping
and resuming the recovery, make note of them. Positions are
labeled with log_pos
followed by a number.
After restoring the previous backup file, using the position
numbers, you would then enter something like the following
from the command-line:
mysqlbinlog --stop-position="368312" /var/log/mysql/bin.123456 \ | mysql -uroot
-pmypwd
mysqlbinlog --start-position="368315" /var/log/mysql/bin.123456 \ | mysql -uroot
-pmypwd
\
The first line above will recover all of the transactions up
until the stop position given. The next line will recover all
transactions from the starting position given until the end of
the binary log. Because the output of
mysqlbinlog includes SET
TIMESTAMP
statements before each SQL statement
recorded, the recovered data and related MySQL logs will
reflect the original times that the transactions were
executed.
The following sections discuss how to use
myisamchk to check or repair
MyISAM
tables (tables with
.MYI
and .MYD
files).
You can use the myisamchk utility to get information about your database tables or to check, repair, or optimize them. The following sections describe how to invoke myisamchk (including a description of its options), how to set up a table maintenance schedule, and how to use myisamchk to perform its various functions.
Even though table repair with myisamchk is quite secure, it's always a good idea to make a backup before doing a repair (or any maintenance operation that could make a lot of changes to a table)
myisamchk operations that affect indexes can
cause FULLTEXT
indexes to be rebuilt with
full-text parameters that are incompatible with the values used
by the MySQL server. To avoid this, read the instructions in
Section 5.9.5.1, “General Options for myisamchk”.
In many cases, you may find it simpler to do
MyISAM
table maintenance using the SQL
statements that perform operations that
myisamchk can do:
To check or repair MyISAM
tables, use
CHECK TABLE
or REPAIR
TABLE
.
To optimize MyISAM
tables, use
OPTIMIZE TABLE
.
To analyze MyISAM
tables, use
ANALYZE TABLE
.
These statements can be used directly, or by means of the mysqlcheck client program, which provides a command-line interface to them.
One advantage of these statements over myisamchk is that the server does all the work. With myisamchk, you must make sure that the server does not use the tables at the same time. Otherwise, there can be unwanted interaction between myisamchk and the server.
MyISAM
Tables for Errors
The myisamchk utility gets information
about your database tables or checks, repairs, or optimizes
them. myisamchk works with
MyISAM
tables (tables with
.MYI
and .MYD
files).
Invoke myisamchk like this:
shell> myisamchk [options
] tbl_name
...
The options
specify what you want
myisamchk to do. They are described in
the following sections. You can also get a list of options
by invoking myisamchk --help.
With no options, myisamchk simply checks your table as the default operation. To get more information or to tell myisamchk to take corrective action, specify options as described in the following discussion.
tbl_name
is the database table
you want to check or repair. If you run
myisamchk somewhere other than in the
database directory, you must specify the path to the
database directory, because myisamchk has
no idea where the database is located. In fact,
myisamchk doesn't actually care whether
the files you are working on are located in a database
directory. You can copy the files that correspond to a
database table into some other location and perform recovery
operations on them there.
You can name several tables on the
myisamchk command line if you wish. You
can also specify a table by naming its index file (the file
with the .MYI
suffix). This allows you
to specify all tables in a directory by using the pattern
*.MYI
. For example, if you are in a
database directory, you can check all the
MyISAM
tables in that directory like
this:
shell> myisamchk *.MYI
If you are not in the database directory, you can check all the tables there by specifying the path to the directory:
shell> myisamchk /path/to/database_dir/*.MYI
You can even check all tables in all databases by specifying a wildcard with the path to the MySQL data directory:
shell> myisamchk /path/to/datadir/*/*.MYI
The recommended way to quickly check all
MyISAM
tables is:
shell> myisamchk --silent --fast /path/to/datadir/*/*.MYI
If you want to check all MyISAM
tables
and repair any that are corrupted, you can use the following
command:
shell>myisamchk --silent --force --fast --update-state \
-O key_buffer=64M -O sort_buffer=64M \
-O read_buffer=1M -O write_buffer=1M \
/path/to/datadir/*/*.MYI
This command assumes that you have more than 64MB free. For more information about memory allocation with myisamchk, see Section 5.9.5.5, “myisamchk Memory Usage”.
You must ensure that no other program is using the tables while you are running myisamchk. Otherwise, when you run myisamchk, it may display the following error message:
warning: clients are using or haven't closed the table properly
This means that you are trying to check a table that has been updated by another program (such as the mysqld server) that hasn't yet closed the file or that has died without closing the file properly.
If mysqld is running, you must force it
to flush any table modifications that are still buffered in
memory by using FLUSH TABLES
. You should
then ensure that no one is using the tables while you are
running myisamchk. The easiest way to
avoid this problem is to use CHECK TABLE
instead of myisamchk to check tables.
The options described in this section can be used for any type of table maintenance operation performed by myisamchk. The sections following this one describe options that pertain only to specific operations, such as table checking or repairing.
--help
, -?
Display a help message and exit.
--debug=
debug_options
,
-# debug_options
Write a debugging log. The
debug_options
string often is
'd:t:o,
.
file_name
'
--silent
, -s
Silent mode. Write output only when errors occur. You
can use -s
twice (-ss
)
to make myisamchk very silent.
--verbose
, -v
Verbose mode. Print more information. This can be used
with -d
and -e
. Use
-v
multiple times
(-vv
, -vvv
) for even
more output.
--version
, -V
Display version information and exit.
--wait
, -w
Instead of terminating with an error if the table is
locked, wait until the table is unlocked before
continuing. Note that if you are running
mysqld with the
--skip-external-locking
option, the
table can be locked only by another
myisamchk command.
You can also set the following variables by using
--
options:
var_name
=value
Variable | Default Value |
decode_bits | 9 |
ft_max_word_len | version-dependent |
ft_min_word_len | 4 |
ft_stopword_file | built-in list |
key_buffer_size | 523264 |
myisam_block_size | 1024 |
read_buffer_size | 262136 |
sort_buffer_size | 2097144 |
sort_key_blocks | 16 |
stats_method | nulls_unequal |
write_buffer_size | 262136 |
The possible myisamchk variables and their default values can be examined with myisamchk --help:
sort_buffer_size
is used when the keys
are repaired by sorting keys, which is the normal case when
you use --recover
.
key_buffer_size
is used when you are
checking the table with --extend-check
or
when the keys are repaired by inserting keys row by row into
the table (like when doing normal inserts). Repairing
through the key buffer is used in the following cases:
You use --safe-recover
.
The temporary files needed to sort the keys would be
more than twice as big as when creating the key file
directly. This is often the case when you have large key
values for CHAR
,
VARCHAR
, or TEXT
columns, because the sort operation needs to store the
complete key values as it proceeds. If you have lots of
temporary space and you can force
myisamchk to repair by sorting, you
can use the --sort-recover
option.
Repairing through the key buffer takes much less disk space than using sorting, but is also much slower.
If you want a faster repair, set the
key_buffer_size
and
sort_buffer_size
variables to about 25%
of your available memory. You can set both variables to
large values, because only one of them is used at a time.
myisam_block_size
is the size used for
index blocks.
stats_method
influences how
NULL
values are treated for index
statistics collection when the --analyze
option is given. It acts like the
myisam_stats_method
system variable. For
more information, see the description of
myisam_stats_method
in
Section 5.3.3, “Server System Variables” and
Section 7.4.7, “MyISAM
Index Statistics Collection”. For MySQL
5.0, stats_method
was added
in MySQL 5.0.14. For older versions, the statistics
collection method is equivalent to
nulls_equal
.
ft_min_word_len
and
ft_max_word_len
indicate the minimum and
maximum word length for FULLTEXT
indexes.
ft_stopword_file
names the stopword file.
These need to be set under the following circumstances.
If you use myisamchk to perform an
operation that modifies table indexes (such as repair or
analyze), the FULLTEXT
indexes are
rebuilt using the default full-text parameter values for
minimum and maximum word length and the stopword file unless
you specify otherwise. This can result in queries failing.
The problem occurs because these parameters are known only
by the server. They are not stored in
MyISAM
index files. To avoid the problem
if you have modified the minimum or maximum word length or
the stopword file in the server, specify the same
ft_min_word_len
,
ft_max_word_len
, and
ft_stopword_file
values to
myisamchk that you use for
mysqld. For example, if you have set the
minimum word length to 3, you can repair a table with
myisamchk like this:
shell> myisamchk --recover --ft_min_word_len=3 tbl_name
.MYI
To ensure that myisamchk and the server
use the same values for full-text parameters, you can place
each one in both the [mysqld]
and
[myisamchk]
sections of an option file:
[mysqld] ft_min_word_len=3 [myisamchk] ft_min_word_len=3
An alternative to using myisamchk is to
use the REPAIR TABLE
, ANALYZE
TABLE
, OPTIMIZE TABLE
, or
ALTER TABLE
. These statements are
performed by the server, which knows the proper full-text
parameter values to use.
myisamchk supports the following options for table checking operations:
--check
, -c
Check the table for errors. This is the default operation if you specify no option that selects an operation type explicitly.
--check-only-changed
,
-C
Check only tables that have changed since the last check.
--extend-check
, -e
Check the table very thoroughly. This is quite slow if the table has many indexes. This option should only be used in extreme cases. Normally, myisamchk or myisamchk --medium-check should be able to determine whether there are any errors in the table.
If you are using --extend-check
and
have plenty of memory, setting the
key_buffer_size
variable to a large
value helps the repair operation run faster.
--fast
, -F
Check only tables that haven't been closed properly.
--force
, -f
Do a repair operation automatically if
myisamchk finds any errors in the
table. The repair type is the same as that specified
with the --repair
or
-r
option.
--information
, -i
Print informational statistics about the table that is checked.
--medium-check
, -m
Do a check that is faster than an
--extend-check
operation. This finds
only 99.99% of all errors, which should be good enough
in most cases.
--read-only
, -T
Don't mark the table as checked. This is useful if you
use myisamchk to check a table that
is in use by some other application that doesn't use
locking, such as mysqld when run with
the --skip-external-locking
option.
--update-state
, -U
Store information in the .MYI
file
to indicate when the table was checked and whether the
table crashed. This should be used to get full benefit
of the --check-only-changed
option, but
you shouldn't use this option if the
mysqld server is using the table and
you are running it with the
--skip-external-locking
option.
myisamchk supports the following options for table repair operations:
--backup
, -B
Make a backup of the .MYD
file as
file_name-time.BAK
--character-sets-dir=
path
The directory where character sets are installed. See Section 5.10.1, “The Character Set Used for Data and Sorting”.
--correct-checksum
Correct the checksum information for the table.
--data-file-length=
len
,
-D len
Maximum length of the data file (when re-creating data file when it's “full”).
--extend-check
, -e
Do a repair that tries to recover every possible row from the data file. Normally this also finds a lot of garbage rows. Don't use this option unless you are desperate.
--force
, -f
Overwrite old intermediate files (files with names like
)
instead of aborting.
tbl_name
.TMD
--keys-used=
,
val
-k
val
For myisamchk, the option value is a bit-value indicates which indexes to update. Each binary bit of the option value corresponds to a table index, where the first index is bit 0. An option value of 0 disables updates to all indexes, which can be used to get faster inserts. Deactivated indexes can be reactivated by using myisamchk -r.
--no-symlinks
, -l
Do not follow symbolic links. Normally myisamchk repairs the table that a symlink points to. This option doesn't exist as of MySQL 4.0, because versions from 4.0 on do not remove symlinks during repair operations.
--parallel-recover
, -p
Uses the same technique as -r
and
-n
, but creates all the keys in
parallel, using different threads.
This is alpha code. Use at your own
risk!
--quick
, -q
Achieve a faster repair by not modifying the data file. You can specify this option twice to force myisamchk to modify the original data file in case of duplicate keys.
--recover
, -r
Do a repair that can fix almost any problem except
unique keys that aren't unique (which is an extremely
unlikely error with MyISAM
tables).
If you want to recover a table, this is the option to
try first. You should try -o
only if
myisamchk reports that the table
can't be recovered using -r
. (In the
unlikely case that -r
fails, the data
file remains intact.)
If you have lots of memory, you should increase the
value of sort_buffer_size
.
--safe-recover
, -o
Do a repair using an old recovery method that reads
through all rows in order and updates all index trees
based on the rows found. This is an order of magnitude
slower than -r
, but can handle a couple
of very unlikely cases that -r
cannot.
This recovery method also uses much less disk space than
-r
. Normally, you should repair first
with -r
, and then with
-o
only if -r
fails.
If you have lots of memory, you should increase the
value of key_buffer_size
.
--set-character-set=
name
Change the character set used by the table indexes. This
option was replaced by --set-collation
in MySQL 5.0.3.
--set-collation=
name
Change the collation used to sort table indexes. The character set name is implied by the first part of the collation name. This option was added in MySQL 5.0.3.
--sort-recover
, -n
Force myisamchk to use sorting to resolve the keys even if the temporary files would be very large.
--tmpdir=
path
, -t
path
Path of the directory to be used for storing temporary
files. If this is not set, myisamchk
uses the value of the TMPDIR
environment variable. tmpdir
can be
set to a list of directory paths that are used
successively in round-robin fashion for creating
temporary files. The separator character between
directory names is the colon
(‘:
’) on Unix and the
semicolon (‘;
’) on
Windows, NetWare, and OS/2.
--unpack
, -u
Unpack a table that was packed with myisampack.
myisamchk supports the following options for actions other than table checks and repairs:
--analyze
, -a
Analyze the distribution of keys. This improves join
performance by enabling the join optimizer to better
choose the order in which to join the tables and which
keys it should use. To obtain information about the
distribution, use a myisamchk --description
--verbose tbl_name
command or the SHOW KEYS FROM
statement.
tbl_name
--description
, -d
Print some descriptive information about the table.
--set-auto-increment[=
,
value
]-A[
value
]
Force AUTO_INCREMENT
numbering for
new records to start at the given value (or higher, if
there are existing records with
AUTO_INCREMENT
values this large). If
value
is not specified,
AUTO_INCREMENT
number for new records
begins with the largest value currently in the table,
plus one.
--sort-index
, -S
Sort the index tree blocks in high-low order. This optimizes seeks and makes table scanning by key faster.
--sort-records=
N
, -R
N
Sort records according to a particular index. This makes
your data much more localized and may speed up
range-based SELECT
and ORDER
BY
operations that use this index. (The first
time you use this option to sort a table, it may be very
slow.) To determine a table's index numbers, use
SHOW KEYS
, which displays a table's
indexes in the same order that
myisamchk sees them. Indexes are
numbered beginning with 1.
If keys are not packed
(PACK_KEYS=0)
), they have the same
length, so when myisamchk sorts and
moves records, it just overwrites record offsets in the
index. If keys are packed
(PACK_KEYS=1
),
myisamchk must unpack key blocks
first, then recreate indexes and pack the key blocks
again. (In this case, recreating indexes is faster than
updating offsets for each index.)
Memory allocation is important when you run
myisamchk. myisamchk
uses no more memory than you specify with the
-O
options. If you are going to use
myisamchk on very large tables, you
should first decide how much memory you want it to use. The
default is to use only about 3MB to perform repairs. By
using larger values, you can get
myisamchk to operate faster. For example,
if you have more than 32MB RAM, you could use options such
as these (in addition to any other options you might
specify):
shell> myisamchk -O sort=16M -O key=16M -O read=1M -O write=1M ...
Using -O sort=16M
should probably be enough
for most cases.
Be aware that myisamchk uses temporary
files in TMPDIR
. If
TMPDIR
points to a memory filesystem, you
may easily get out of memory errors. If this happens, set
TMPDIR
to point at some directory located
on a filesystem with more space and run
myisamchk again.
When repairing, myisamchk also needs a lot of disk space:
Double the size of the data file (the original one and a
copy). This space is not needed if you do a repair with
--quick
; in this case, only the index
file is re-created. This space is needed on the same
filesystem as the original data file! (The copy is
created in the same directory as the original.)
Space for the new index file that replaces the old one. The old index file is truncated at the start of the repair operation, so you usually ignore this space. This space is needed on the same filesystem as the original index file!
When using --recover
or
--sort-recover
(but not when using
--safe-recover
), you need space for a
sort buffer. The amount of space required is:
(largest_key
+row_pointer_length
) *number_of_rows
* 2
You can check the length of the keys and the
row_pointer_length
with
myisamchk -dv
tbl_name
. This
space is allocated in the temporary directory (specified
by TMPDIR
or
--tmpdir=
).
path
If you have a problem with disk space during repair, you can
try to use --safe-recover
instead of
--recover
.
If you run mysqld with
--skip-external-locking
(which is the
default on some systems, such as Linux), you can't reliably
use myisamchk to check a table when
mysqld is using the same table. If you
can be sure that no one is accessing the tables through
mysqld while you run
myisamchk, you only have to do
mysqladmin flush-tables before you start
checking the tables. If you can't guarantee this, then you
must stop mysqld while you check the
tables. If you run myisamchk while
mysqld is updating the tables, you may
get a warning that a table is corrupt even when it isn't.
If you are not using
--skip-external-locking
, you can use
myisamchk to check tables at any time.
While you do this, all clients that try to update the table
wait until myisamchk is ready before
continuing.
If you use myisamchk to repair or
optimize tables, you must always ensure
that the mysqld server is not using the
table (this also applies if you are using
--skip-external-locking
). If you don't take
down mysqld, you should at least do a
mysqladmin flush-tables before you run
myisamchk. Your tables may
become corrupted if the server and
myisamchk access the tables
simultaneously.
This section describes how to check for and deal with data corruption in MySQL databases. If your tables get corrupted frequently you should try to find the reason why. See Section A.4.2, “What to Do If MySQL Keeps Crashing”.
For an explanation of how MyISAM
tables
can become corrupted, see
Section 14.1.4, “MyISAM
Table Problems”.
When performing crash recovery, it is important to
understand that each MyISAM
table
tbl_name
in a database
corresponds to three files in the database directory:
File | Purpose |
| Definition (format) file |
| Data file |
| Index file |
Each of these three file types is subject to corruption in various ways, but problems occur most often in data files and index files.
myisamchk works by creating a copy of the
.MYD
data file row by row. It ends the
repair stage by removing the old .MYD
file and renaming the new file to the original file name. If
you use --quick
,
myisamchk does not create a temporary
.MYD
file, but instead assumes that the
.MYD
file is correct and only generates
a new index file without touching the
.MYD
file. This is safe, because
myisamchk automatically detects whether
the .MYD
file is corrupt and aborts the
repair if it is. You can also specify the
--quick
option twice to
myisamchk. In this case,
myisamchk does not abort on some errors
(such as duplicate-key errors) but instead tries to resolve
them by modifying the .MYD
file.
Normally the use of two --quick
options is
useful only if you have too little free disk space to
perform a normal repair. In this case, you should at least
make a backup before running myisamchk.
To check a MyISAM
table, use the
following commands:
myisamchk
tbl_name
This finds 99.99% of all errors. What it can't find is
corruption that involves only the
data file (which is very unusual). If you want to check
a table, you should normally run
myisamchk without options or with
either the -s
or
--silent
option.
myisamchk -m
tbl_name
This finds 99.999% of all errors. It first checks all index entries for errors and then reads through all rows. It calculates a checksum for all keys in the rows and verifies that the checksum matches the checksum for the keys in the index tree.
myisamchk -e
tbl_name
This does a complete and thorough check of all data
(-e
means “extended
check”). It does a check-read of every key for
each row to verify that they indeed point to the correct
row. This may take a long time for a large table that
has many indexes. Normally, myisamchk
stops after the first error it finds. If you want to
obtain more information, you can add the
--verbose
(-v
) option.
This causes myisamchk to keep going,
up through a maximum of 20 errors.
myisamchk -e -i
tbl_name
Like the previous command, but the -i
option tells myisamchk to print some
informational statistics, too.
In most cases, a simple myisamchk with no arguments other than the table name is sufficient to check a table.
The discussion in this section describes how to use
myisamchk on MyISAM
tables (extensions .MYI
and
.MYD
).
You can also (and should, if possible) use the
CHECK TABLE
and REPAIR
TABLE
statements to check and repair
MyISAM
tables. See
Section 13.5.2.3, “CHECK TABLE
Syntax” and
Section 13.5.2.6, “REPAIR TABLE
Syntax”.
Symptoms of corrupted tables include queries that abort unexpectedly and observable errors such as these:
is locked against change
tbl_name
.frm
Can't find file
(Errcode: tbl_name
.MYInnn
)
Unexpected end of file
Record file is crashed
Got error nnn
from table
handler
To get more information about the error you can run
perror nnn
,
where nnn
is the error number.
The following example shows how to use
perror to find the meanings for the most
common error numbers that indicate a problem with a table:
shell> perror 126 127 132 134 135 136 141 144 145
126 = Index file is crashed / Wrong file format
127 = Record-file is crashed
132 = Old database file
134 = Record was already deleted (or record file crashed)
135 = No more room in record file
136 = No more room in index file
141 = Duplicate unique key or constraint on write or update
144 = Table is crashed and last repair failed
145 = Table was marked as crashed and should be repaired
Note that error 135 (no more room in record file) and error
136 (no more room in index file) are not errors that can be
fixed by a simple repair. In this case, you have to use
ALTER TABLE
to increase the
MAX_ROWS
and
AVG_ROW_LENGTH
table option values:
ALTER TABLEtbl_name
MAX_ROWS=xxx
AVG_ROW_LENGTH=yyy
;
If you don't know the current table option values, use
SHOW CREATE TABLE
or
DESCRIBE
.
For the other errors, you must repair your tables. myisamchk can usually detect and fix most problems that occur.
The repair process involves up to four stages, described here. Before you begin, you should change location to the database directory and check the permissions of the table files. On Unix, make sure that they are readable by the user that mysqld runs as (and to you, because you need to access the files you are checking). If it turns out you need to modify files, they must also be writable by you.
The options that you can use for table maintenance with myisamchk are described in several of the earlier subsections of Section 5.9.5, “myisamchk — MyISAM Table-Maintenance Utility”.
The following section is for the cases where the above command fails or if you want to use the extended features that myisamchk. provides.
If you are going to repair a table from the command line, you must first stop the mysqld server. Note that when you do mysqladmin shutdown on a remote server, the mysqld server is still alive for a while after mysqladmin returns, until all queries are stopped and all keys have been flushed to disk.
Stage 1: Checking your tables
Run myisamchk *.MYI or myisamchk
-e *.MYI if you have more time. Use the
-s
(silent) option to suppress unnecessary
information.
If the mysqld server is down, you should
use the --update-state
option to tell
myisamchk to mark the table as 'checked'.
You have to repair only those tables for which myisamchk announces an error. For such tables, proceed to Stage 2.
If you get weird errors when checking (such as out
of memory
errors), or if
myisamchk crashes, go to Stage 3.
Stage 2: Easy safe repair
Note: If you want a repair operation to go much faster, you
should set the values of the
sort_buffer_size
and
key_buffer_size
variables each to about
25% of your available memory when running
myisamchk.
First, try myisamchk -r -q
tbl_name
(-r
-q
means “quick recovery mode”). This
attempts to repair the index file without touching the data
file. If the data file contains everything that it should
and the delete links point at the correct locations within
the data file, this should work, and the table is fixed.
Start repairing the next table. Otherwise, use the following
procedure:
Make a backup of the data file before continuing.
Use myisamchk -r
tbl_name
(-r
means “recovery
mode”). This removes incorrect records and
deleted records from the data file and reconstructs the
index file.
If the preceding step fails, use myisamchk
--safe-recover
tbl_name
. Safe
recovery mode uses an old recovery method that handles a
few cases that regular recovery mode doesn't (but is
slower).
If you get weird errors when repairing (such as out
of memory
errors), or if
myisamchk crashes, go to Stage 3.
Stage 3: Difficult repair
You should reach this stage only if the first 16KB block in the index file is destroyed or contains incorrect information, or if the index file is missing. In this case, it's necessary to create a new index file. Do so as follows:
Move the data file to some safe place.
Use the table description file to create new (empty) data and index files:
shell>mysql
mysql>db_name
SET AUTOCOMMIT=1;
mysql>TRUNCATE TABLE
mysql>tbl_name
;quit
If your version of MySQL doesn't have TRUNCATE
TABLE
, use DELETE FROM
instead.
tbl_name
Copy the old data file back onto the newly created data file. (Don't just move the old file back onto the new file; you want to retain a copy in case something goes wrong.)
Go back to Stage 2. myisamchk -r -q should work. (This shouldn't be an endless loop.)
You can also use REPAIR TABLE
, which
performs the whole procedure automatically.
tbl_name
USE_FRM
Stage 4: Very difficult repair
You should reach this stage only if the
.frm
description file has also crashed.
That should never happen, because the description file isn't
changed after the table is created:
Restore the description file from a backup and go back to Stage 3. You can also restore the index file and go back to Stage 2. In the latter case, you should start with myisamchk -r.
If you don't have a backup but know exactly how the
table was created, create a copy of the table in another
database. Remove the new data file, then move the
.frm
description and
.MYI
index files from the other
database to your crashed database. This gives you new
description and index files, but leaves the
.MYD
data file alone. Go back to
Stage 2 and attempt to reconstruct the index file.
To coalesce fragmented records and eliminate wasted space resulting from deleting or updating records, run myisamchk in recovery mode:
shell> myisamchk -r tbl_name
You can optimize a table in the same way by using the SQL
OPTIMIZE TABLE
statement.
OPTIMIZE TABLE
does a repair of the table
and a key analysis, and also sorts the index tree to give
faster key lookups. There is also no possibility of unwanted
interaction between a utility and the server, because the
server does all the work when you use OPTIMIZE
TABLE
. See Section 13.5.2.5, “OPTIMIZE TABLE
Syntax”.
myisamchk also has a number of other options you can use to improve the performance of a table:
-S
, --sort-index
-R
,
index_num
--sort-records=
index_num
-a
, --analyze
For a full description of these options, see Section 5.9.5, “myisamchk — MyISAM Table-Maintenance Utility”.
It is a good idea to perform table checks on a regular basis
rather than waiting for problems to occur. One way to check and
repair MyISAM
tables is with the
CHECK TABLE
and REPAIR
TABLE
statements. See Section 13.5.2.3, “CHECK TABLE
Syntax”
and Section 13.5.2.6, “REPAIR TABLE
Syntax”.
Another way to check tables is to use
myisamchk. For maintenance purposes, you can
use myisamchk -s. The -s
option (short for --silent
) causes
myisamchk to run in silent mode, printing
messages only when errors occur.
It's also a good idea to check tables when the server starts.
For example, whenever the machine has done a restart in the
middle of an update, you usually need to check all the tables
that could have been affected. (These are “expected
crashed tables.”) To check MyISAM
tables automatically, start the server with the
--myisam-recover
option.
An even better test would be to check any table whose
last-modified time is more recent than that of the
.pid
file.
You should also check your tables regularly during normal system
operation. At MySQL AB, we run a cron job to
check all our important tables once a week, using a line like
this in a crontab
file:
35 0 * * 0 /path/to/myisamchk --fast --silent /path/to/datadir/*/*.MYI
This prints out information about crashed tables so that we can examine and repair them when needed.
Because we haven't had any unexpectedly crashed tables (tables that become corrupted for reasons other than hardware trouble) for a couple of years (this is really true), once a week is more than enough for us.
We recommend that to start with, you execute myisamchk -s each night on all tables that have been updated during the last 24 hours, until you come to trust MySQL as much as we do.
Normally, MySQL tables need little maintenance. If you are
changing MyISAM
tables with dynamic-sized
rows (tables with VARCHAR
,
BLOB
, or TEXT
columns) or
have tables with many deleted rows you may want to
defragment/reclaim space from the tables from time to time (once
a month?).
You can do this by using OPTIMIZE TABLE
on
the tables in question. Or, if you can stop the
mysqld server for a while, change location
into the data directory and use this command while the server is
stopped:
shell> myisamchk -r -s --sort-index -O sort_buffer_size=16M */*.MYI
To obtain a description of a table or statistics about it, use the commands shown here:
myisamchk -d
tbl_name
Runs myisamchk in “describe
mode” to produce a description of your table. If you
start the MySQL server using the
--skip-external-locking
option,
myisamchk may report an error for a table
that is updated while it runs. However, because
myisamchk doesn't change the table in
describe mode, there is no risk of destroying data.
myisamchk -d -v
tbl_name
Adding -v
runs myisamchk
in verbose mode so that it produces more information about
what it is doing.
myisamchk -eis
tbl_name
Shows only the most important information from a table. This operation is slow because it must read the entire table.
myisamchk -eiv
tbl_name
This is like -eis
, but tells you what is
being done.
Sample output for some of these commands follows. They are based on a table with these data and index file sizes:
-rw-rw-r-- 1 monty tcx 317235748 Jan 12 17:30 company.MYD -rw-rw-r-- 1 davida tcx 96482304 Jan 12 18:35 company.MYM
Example of myisamchk -d output:
MyISAM file: company.MYI Record format: Fixed length Data records: 1403698 Deleted blocks: 0 Recordlength: 226 table description: Key Start Len Index Type 1 2 8 unique double 2 15 10 multip. text packed stripped 3 219 8 multip. double 4 63 10 multip. text packed stripped 5 167 2 multip. unsigned short 6 177 4 multip. unsigned long 7 155 4 multip. text 8 138 4 multip. unsigned long 9 177 4 multip. unsigned long 193 1 text
Example of myisamchk -d -v output:
MyISAM file: company Record format: Fixed length File-version: 1 Creation time: 1999-10-30 12:12:51 Recover time: 1999-10-31 19:13:01 Status: checked Data records: 1403698 Deleted blocks: 0 Datafile parts: 1403698 Deleted data: 0 Datafile pointer (bytes): 3 Keyfile pointer (bytes): 3 Max datafile length: 3791650815 Max keyfile length: 4294967294 Recordlength: 226 table description: Key Start Len Index Type Rec/key Root Blocksize 1 2 8 unique double 1 15845376 1024 2 15 10 multip. text packed stripped 2 25062400 1024 3 219 8 multip. double 73 40907776 1024 4 63 10 multip. text packed stripped 5 48097280 1024 5 167 2 multip. unsigned short 4840 55200768 1024 6 177 4 multip. unsigned long 1346 65145856 1024 7 155 4 multip. text 4995 75090944 1024 8 138 4 multip. unsigned long 87 85036032 1024 9 177 4 multip. unsigned long 178 96481280 1024 193 1 text
Example of myisamchk -eis output:
Checking MyISAM file: company Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4 Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4 Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4 Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3 Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3 Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4 Total: Keyblocks used: 98% Packed: 17% Records: 1403698 M.recordlength: 226 Packed: 0% Recordspace used: 100% Empty space: 0% Blocks/Record: 1.00 Record blocks: 1403698 Delete blocks: 0 Recorddata: 317235748 Deleted data: 0 Lost space: 0 Linkdata: 0 User time 1626.51, System time 232.36 Maximum resident set size 0, Integral resident set size 0 Non physical pagefaults 0, Physical pagefaults 627, Swaps 0 Blocks in 0 out 0, Messages in 0 out 0, Signals 0 Voluntary context switches 639, Involuntary context switches 28966
Example of myisamchk -eiv output:
Checking MyISAM file: company Data records: 1403698 Deleted blocks: 0 - check file-size - check delete-chain block_size 1024: index 1: index 2: index 3: index 4: index 5: index 6: index 7: index 8: index 9: No recordlinks - check index reference - check data record references index: 1 Key: 1: Keyblocks used: 97% Packed: 0% Max levels: 4 - check data record references index: 2 Key: 2: Keyblocks used: 98% Packed: 50% Max levels: 4 - check data record references index: 3 Key: 3: Keyblocks used: 97% Packed: 0% Max levels: 4 - check data record references index: 4 Key: 4: Keyblocks used: 99% Packed: 60% Max levels: 3 - check data record references index: 5 Key: 5: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 6 Key: 6: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 7 Key: 7: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 8 Key: 8: Keyblocks used: 99% Packed: 0% Max levels: 3 - check data record references index: 9 Key: 9: Keyblocks used: 98% Packed: 0% Max levels: 4 Total: Keyblocks used: 9% Packed: 17% - check records and index references [LOTS OF ROW NUMBERS DELETED] Records: 1403698 M.recordlength: 226 Packed: 0% Recordspace used: 100% Empty space: 0% Blocks/Record: 1.00 Record blocks: 1403698 Delete blocks: 0 Recorddata: 317235748 Deleted data: 0 Lost space: 0 Linkdata: 0 User time 1639.63, System time 251.61 Maximum resident set size 0, Integral resident set size 0 Non physical pagefaults 0, Physical pagefaults 10580, Swaps 0 Blocks in 4 out 0, Messages in 0 out 0, Signals 0 Voluntary context switches 10604, Involuntary context switches 122798
Explanations for the types of information myisamchk produces are given here. “Keyfile” refers to the index file. “Record” and “row” are synonymous.
MyISAM file
Name of the MyISAM
(index) file.
File-version
Version of MyISAM
format. Currently
always 2.
Creation time
When the data file was created.
Recover time
When the index/data file was last reconstructed.
Data records
How many records are in the table.
Deleted blocks
How many deleted blocks still have reserved space. You can optimize your table to minimize this space. See Chapter 7, Optimization.
Datafile parts
For dynamic record format, this indicates how many data
blocks there are. For an optimized table without fragmented
records, this is the same as Data
records
.
Deleted data
How many bytes of unreclaimed deleted data there are. You can optimize your table to minimize this space. See Chapter 7, Optimization.
Datafile pointer
The size of the data file pointer, in bytes. It is usually 2, 3, 4, or 5 bytes. Most tables manage with 2 bytes, but this cannot be controlled from MySQL yet. For fixed tables, this is a record address. For dynamic tables, this is a byte address.
Keyfile pointer
The size of the index file pointer, in bytes. It is usually 1, 2, or 3 bytes. Most tables manage with 2 bytes, but this is calculated automatically by MySQL. It is always a block address.
Max datafile length
How long the table data file can become, in bytes.
Max keyfile length
How long the table index file can become, in bytes.
Recordlength
How much space each record takes, in bytes.
Record format
The format used to store table rows. The preceding examples
use Fixed length
. Other possible values
are Compressed
and
Packed
.
table description
A list of all keys in the table. For each key, myisamchk displays some low-level information:
Key
This key's number.
Start
Where in the record this index part starts.
Len
How long this index part is. For packed numbers, this should always be the full length of the column. For strings, it may be shorter than the full length of the indexed column, because you can index a prefix of a string column.
Index
Whether a key value can exist multiple times in the
index. Values are unique
or
multip.
(multiple).
Type
What data type this index part has. This is a
MyISAM
data type with the options
packed
, stripped
,
or empty
.
Root
Address of the root index block.
Blocksize
The size of each index block. By default this is 1024, but the value may be changed at compile time when MySQL is built from source.
Rec/key
This is a statistical value used by the optimizer. It tells how many records there are per value for this key. A unique key always has a value of 1. This may be updated after a table is loaded (or greatly changed) with myisamchk -a. If this is not updated at all, a default value of 30 is given.
For the table shown in the examples, there are two
table description
lines for the ninth
index. This indicates that it is a multiple-part index with
two parts.
Keyblocks used
What percentage of the keyblocks are used. When a table has just been reorganized with myisamchk, as for the table in the examples, the values are very high (very near the theoretical maximum).
Packed
MySQL tries to pack keys with a common suffix. This can only
be used for indexes on CHAR
,
VARCHAR
columns. For long indexed strings
that have similar leftmost parts, this can significantly
reduce the space used. In the third example above, the
fourth key is 10 characters long and a 60% reduction in
space is achieved.
Max levels
How deep the B-tree for this key is. Large tables with long key values get high values.
Records
How many rows are in the table.
M.recordlength
The average record length. This is the exact record length for tables with fixed-length records, because all records have the same length.
Packed
MySQL strips spaces from the end of strings. The
Packed
value indicates the percentage of
savings achieved by doing this.
Recordspace used
What percentage of the data file is used.
Empty space
What percentage of the data file is unused.
Blocks/Record
Average number of blocks per record (that is, how many links a fragmented record is composed of). This is always 1.0 for fixed-format tables. This value should stay as close to 1.0 as possible. If it gets too big, you can reorganize the table. See Chapter 7, Optimization.
Recordblocks
How many blocks (links) are used. For fixed format, this is the same as the number of records.
Deleteblocks
How many blocks (links) are deleted.
Recorddata
How many bytes in the data file are used.
Deleted data
How many bytes in the data file are deleted (unused).
Lost space
If a record is updated to a shorter length, some space is lost. This is the sum of all such losses, in bytes.
Linkdata
When the dynamic table format is used, record fragments are
linked with pointers (4 to 7 bytes each).
Linkdata
is the sum of the amount of
storage used by all such pointers.
If a table has been compressed with myisampack, myisamchk -d prints additional information about each table column. See Section 8.2, “myisampack — Generate Compressed, Read-Only MyISAM Tables”, for an example of this information and a description of what it means.
This section describes how to configure the server to use different character sets. It also discusses how to set the server's time zone and enable per-connection time zone support.
By default, MySQL uses the cp1252 (Latin1) character set with sorting according to Swedish/Finnish rules. These defaults are suitable for the United States and most of Western Europe.
All MySQL binary distributions are compiled with
--with-extra-charsets=complex
. This adds code
to all standard programs that enables them to handle
latin1
and all multi-byte character sets
within the binary. Other character sets are loaded from a
character-set definition file when needed.
The character set determines what characters are allowed in
names. It also determines how strings are sorted by the
ORDER BY
and GROUP BY
clauses of the SELECT
statement.
You can change the character set with the
--default-character-set
option when you start
the server. The character sets available depend on the
--with-charset=
and
charset
--with-extra-charsets=
options to
configure, and the character set
configuration files listed in
list-of-charsets
| complex | all | noneSHAREDIR/charsets/Index
. See
Section 2.8.2, “Typical configure Options”.
In MySQL 5.0, you can also change the character set
collation with the --default-collation
option
when you start the server. The collation must be a legal
collation for the default character set. (Use the SHOW
COLLATION
statement to determine which collations are
available for each character set.) See
Section 2.8.2, “Typical configure Options”.
If you change the character set when running MySQL, that may
also change the sort order. Consequently, you must run
myisamchk -r -q
--set-character-set=charset
on all tables, or your indexes may not be ordered correctly.
When a client connects to a MySQL server, the server indicates to the client what the server's default character set is. The client switches to use this character set for this connection.
You should use mysql_real_escape_string()
when escaping strings for an SQL query.
mysql_real_escape_string()
is identical to
the old mysql_escape_string()
function,
except that it takes the MYSQL
connection
handle as the first parameter so that the appropriate character
set can be taken into account when escaping characters.
If the client is compiled with different paths than where the server is installed and the user who configured MySQL didn't include all character sets in the MySQL binary, you must tell the client where it can find the additional character sets it needs if the server runs with a different character set than the client.
You can do this by specifying a
--character-sets-dir
option to indicate the
path to the directory in which the dynamic MySQL character sets
are stored. For example, you can put the following in an option
file:
[client] character-sets-dir=/usr/local/mysql/share/mysql/charsets
You can force the client to use specific character set as follows:
[client]
default-character-set=charset
This is normally unnecessary, however.
In MySQL 5.0, character set and collation are
specified separately. This means that if you want German sort
order, you should select the latin1
character set and either the
latin1_german1_ci
or
latin1_german2_ci
collation. For example,
to start the server with the
latin1_german1_ci
collation, use the
--character-set-server=latin1
and
--collation-server=latin1_german1_ci
options.
For information on the differences between these two collations, see Section 10.10.2, “West European Character Sets”.
By default, mysqld produces error messages in English, but they can also be displayed in any of these other languages: Czech, Danish, Dutch, Estonian, French, German, Greek, Hungarian, Italian, Japanese, Korean, Norwegian, Norwegian-ny, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, or Swedish.
To start mysqld with a particular language
for error messages, use the --language
or
-L
option. The option value can be a language
name or the full path to the error message file. For example:
shell> mysqld --language=swedish
Or:
shell> mysqld --language=/usr/local/share/swedish
The language name should be specified in lowercase.
The language files are located (by default) in the
share/
directory under the MySQL base directory.
LANGUAGE
To change the error message file, you should edit the
errmsg.txt
file, and then execute the
following command to generate the
errmsg.sys
file:
shell> comp_err errmsg.txt errmsg.sys
If you upgrade to a newer version of MySQL, remember to repeat
your changes with the new errmsg.txt
file.
This section discusses the procedure for adding a new character set to MySQL. You must have a MySQL source distribution to use these instructions.
To choose the proper procedure, decide whether the character set is simple or complex:
If the character set does not need to use special string collating routines for sorting and does not need multi-byte character support, it is simple.
If it needs either of those features, it is complex.
For example, latin1
and
danish
are simple character sets, whereas
big5
and czech
are complex
character sets.
In the following procedures, the name of your character set is
represented by MYSET
.
For a simple character set, do the following:
Add MYSET
to the end of the
sql/share/charsets/Index
file. Assign a
unique number to it.
Create the file
sql/share/charsets/
.
(You can use a copy of
MYSET
.confsql/share/charsets/latin1.conf
as the
basis for this file.)
The syntax for the file is very simple:
Comments start with a ‘#
’
character and continue to the end of the line.
Words are separated by arbitrary amounts of whitespace.
When defining the character set, every word must be a number in hexadecimal format.
The ctype
array takes up the first
257 words. The to_lower[]
,
to_upper[]
and
sort_order[]
arrays take up 256 words
each after that.
Add the character set name to the
CHARSETS_AVAILABLE
and
COMPILED_CHARSETS
lists in
configure.in
.
Reconfigure, recompile, and test.
For a complex character set, do the following:
Create the file
strings/ctype-
in the MySQL source distribution.
MYSET
.c
Add MYSET
to the end of the
sql/share/charsets/Index
file. Assign a
unique number to it.
Look at one of the existing ctype-*.c
files (such as strings/ctype-big5.c
) to
see what needs to be defined. Note that the arrays in your
file must have names like
ctype_
,
MYSET
to_lower_
,
and so on. These correspond to the arrays for a simple
character set. See Section 5.10.4, “The Character Definition Arrays”.
MYSET
Near the top of the file, place a special comment like this:
/* * This comment is parsed by configure to create ctype.c, * so don't change it unless you know what you are doing. * * .configure. number_MYSET
=MYNUMBER
* .configure. strxfrm_multiply_MYSET
=N
* .configure. mbmaxlen_MYSET
=N
*/
The configure program uses this comment to include the character set into the MySQL library automatically.
The strxfrm_multiply
and
mbmaxlen
lines are explained in the
following sections. You need include them only if you need
the string collating functions or the multi-byte character
set functions, respectively.
You should then create some of the following functions:
my_strncoll_
MYSET
()
my_strcoll_
MYSET
()
my_strxfrm_
MYSET
()
my_like_range_
MYSET
()
Add the character set name to the
CHARSETS_AVAILABLE
and
COMPILED_CHARSETS
lists in
configure.in
.
Reconfigure, recompile, and test.
The sql/share/charsets/README
file includes
additional instructions.
If you want to have the character set included in the MySQL
distribution, mail a patch to the MySQL
internals
mailing list. See
Section 1.7.1.1, “The MySQL Mailing Lists”.
to_lower[]
and to_upper[]
are simple arrays that hold the lowercase and uppercase
characters corresponding to each member of the character set.
For example:
to_lower['A'] should contain 'a' to_upper['a'] should contain 'A'
sort_order[]
is a map indicating how
characters should be ordered for comparison and sorting
purposes. Quite often (but not for all character sets) this is
the same as to_upper[]
, which means that
sorting is case-insensitive. MySQL sorts characters based on the
values of sort_order[]
elements. For more
complicated sorting rules, see the discussion of string
collating in Section 5.10.5, “String Collating Support”.
ctype[]
is an array of bit values, with one
element for one character. (Note that
to_lower[]
, to_upper[]
,
and sort_order[]
are indexed by character
value, but ctype[]
is indexed by character
value + 1. This is an old legacy convention to be able to handle
EOF
.)
You can find the following bitmask definitions in
m_ctype.h
:
#define _U 01 /* Uppercase */ #define _L 02 /* Lowercase */ #define _N 04 /* Numeral (digit) */ #define _S 010 /* Spacing character */ #define _P 020 /* Punctuation */ #define _C 040 /* Control character */ #define _B 0100 /* Blank */ #define _X 0200 /* heXadecimal digit */
The ctype[]
entry for each character should
be the union of the applicable bitmask values that describe the
character. For example, 'A'
is an uppercase
character (_U
) as well as a hexadecimal digit
(_X
), so ctype['A'+1]
should contain the value:
_U + _X = 01 + 0200 = 0201
If the sorting rules for your language are too complex to be
handled with the simple sort_order[]
table,
you need to use the string collating functions.
The best documentation for this is the existing character sets.
Look at the big5
, czech
,
gbk
, sjis
, and
tis160
character sets for examples.
You must specify the
strxfrm_multiply_
value in the special comment at the top of the file.
MYSET
=N
N
should be set to the maximum ratio
the strings may grow during
my_strxfrm_
(it must be a positive integer).
MYSET
If you want to add support for a new character set that includes multi-byte characters, you need to use the multi-byte character functions.
The best documentation for this is the existing character sets.
Look at the euc_kr
,
gb2312
, gbk
,
sjis
, and ujis
character
sets for examples. These are implemented in the
ctype-
files in the charset
.cstrings
directory.
You must specify the
mbmaxlen_
value in the special comment at the top of the source file.
MYSET
=N
N
should be set to the size in bytes
of the largest character in the set.
If you try to use a character set that is not compiled into your binary, you might run into the following problems:
Your program has an incorrect path to where the character
sets are stored. (Default
/usr/local/mysql/share/mysql/charsets
).
This can be fixed by using the
--character-sets-dir
option when you run
the program in question.
The character set is a multi-byte character set that can't be loaded dynamically. In this case, you must recompile the program with support for the character set.
The character set is a dynamic character set, but you don't have a configure file for it. In this case, you should install the configure file for the character set from a new MySQL distribution.
If your Index
file doesn't contain the
name for the character set, your program displays the
following error message:
ERROR 1105: File '/usr/local/share/mysql/charsets/?.conf' not found (Errcode: 2)
In this case, you should either get a new
Index
file or manually add the name of
any missing character sets to the current file.
For MyISAM
tables, you can check the
character set name and number for a table with
myisamchk -dvv
tbl_name
.
In MySQL 5.0, the server maintains several time zone settings:
The system time zone. When the server starts, it attempts to
determine the time zone of the host machine and uses it to
set the system_time_zone
system variable.
The server's current time zone. The global
time_zone
system variable indicates the
time zone the server currently is operating in. The initial
value is 'SYSTEM'
, which indicates that
the server time zone is the same as the system time zone.
The initial value can be specified explicitly with the
--default-time-zone=
option. If you have the timezone
SUPER
privilege,
you can set the global value at runtime with this statement:
mysql> SET GLOBAL time_zone = timezone
;
Per-connection time zones. Each client that connects has its
own time zone setting, given by the session
time_zone
variable. Initially this is the
same as the global time_zone
variable,
but can be reset with this statement:
mysql> SET time_zone = timezone
;
The current values of the global and per-connection time zones can be retrieved like this:
mysql> SELECT @@global.time_zone, @@session.time_zone;
timezone
values can be given as
strings indicating an offset from UTC, such as
'+10:00'
or '-6:00'
. If
the time zone-related tables in the mysql
database have been created and populated, you can also used
named time zones, such as 'Europe/Helsinki'
,
'US/Eastern'
, or 'MET'
.
The value 'SYSTEM'
indicates that the time
zone should be the same as the system time zone. Time zone names
are not case sensitive.
The MySQL installation procedure creates the time zone tables in
the mysql
database, but does not load them.
You must do so manually. (If you are upgrading to MySQL 4.1.3 or
later from an earlier version, you should create the tables by
upgrading your mysql
database. Use the
instructions in Section 2.10.3, “Upgrading the Grant Tables”.)
If your system has its own zoneinfo database (the set of files
describing time zones), you should use the
mysql_tzinfo_to_sql program for filling the
time zone tables. Examples of such systems are Linux, FreeBSD,
Sun Solaris, and Mac OS X. One likely location for these files
is the /usr/share/zoneinfo
directory. If
your system does not have a zoneinfo database, you can use the
downloadable package described later in this section.
The mysql_tzinfo_to_sql program is used to load the time zone tables. On the command line, pass the zoneinfo directory pathname to mysql_tzinfo_to_sql and send the output into the mysql program. For example:
shell> mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
mysql_tzinfo_to_sql reads your system's time zone files and generates SQL statements from them. mysql processes those statements to load the time zone tables.
mysql_tzinfo_to_sql also can be used to load a single time zone file, and to generate leap second information.
To load a single time zone file
tz_file
that corresponds to a time
zone name tz_name
, invoke
mysql_tzinfo_to_sql like this:
shell> mysql_tzinfo_to_sql tz_file
tz_name
| mysql -u root mysql
If your time zone needs to account for leap seconds, initialize
the leap second information like this, where
tz_file
is the name of your time zone
file:
shell> mysql_tzinfo_to_sql --leap tz_file
| mysql -u root mysql
If your system doesn't have a zoneinfo database (for example,
Windows or HP-UX), you can use the package of pre-built time
zone tables that is available for download at
http://dev.mysql.com/downloads/timezones.html.
This package contains .frm
,
.MYD
, and .MYI
files
for the MyISAM
time zone tables. These tables
should belong to the mysql
database, so you
should place the files in the mysql
subdirectory of your MySQL server's data directory. The server
should be shut down while you do this.
Warning! Please don't use the downloadable package if your system has a zoneinfo database. Use the mysql_tzinfo_to_sql utility instead! Otherwise, you may cause a difference in datetime handling between MySQL and other applications on your system.
For information about time zone settings in replication setup please look into Section 6.7, “Replication Features and Known Problems”.
MySQL has several different log files that can help you find out what's going on inside mysqld:
Log File | Types of Information Logged to File |
The error log | Logs problems encountered starting, running, or stopping mysqld. |
The query log | Logs established client connections and executed statements. |
The update log | Logs statements that change data. This log is deprecated. |
The binary log | Logs all statements that change data. Also used for replication. |
The slow log | Logs all queries that took more than long_query_time
seconds to execute or didn't use indexes. |
By default, all logs are created in the mysqld
data directory. You can force mysqld to close
and reopen the log files (or in some cases switch to a new log) by
flushing the logs. Log flushing occurs when you issue a
FLUSH LOGS
statement or execute
mysqladmin flush-logs or mysqladmin
refresh. See Section 13.5.5.2, “FLUSH
Syntax”.
If you are using MySQL replication capabilities, slave replication servers maintain additional log files called relay logs. These are discussed in Chapter 6, Replication in MySQL.
The error log file contains information indicating when mysqld was started and stopped and also any critical errors that occur while the server is running.
If mysqld dies unexpectedly and
mysqld_safe needs to restart it,
mysqld_safe writes a restarted
mysqld
message to the error log. If
mysqld notices a table that needs to be
automatically checked or repaired, it writes a message to the
error log.
On some operating systems, the error log contains a stack trace if mysqld dies. The trace can be used to determine where mysqld died. See Section E.1.4, “Using a Stack Trace”.
You can specify where mysqld stores the error
log file with the
--log-error[=
option. If no file_name
]file_name
value is
given, mysqld uses the name
and writes the file in the data directory. If you execute
host_name
.errFLUSH LOGS
, the error log is renamed with the
suffix -old
and mysqld
creates a new empty log file. (No renaming occurs if the
--log-error
option was not given.)
If you don't specify --log-error
, or (on
Windows) if you use the --console
option,
errors are written to stderr, the standard error output. Usually
this is your terminal.
On Windows, error output is always written to the
.err
file if --console
is
not given.
If you want to know what happens within
mysqld, you should start it with the
--log[=
or
file_name
]-l [
option. If no file_name
]file_name
value is
given, the default name is
This logs all connections and statements to the log file. This
log can be very useful when you suspect an error in a client and
want to know exactly what the client sent to
mysqld.
host_name
.log
mysqld writes statements to the query log in the order that it receives them. This may be different from the order in which they are executed. This is in contrast to the update log and the binary log, which are written after the query is executed, but before any locks are released. (The query log also contains all statements, whereas the binary log does not contain statements that only select data.)
Server restarts and log flushing do not cause a new general query log file to be generated (although flushing closes and reopens it). On Unix, you can rename the file and create a new one by using the following commands:
shell>mv hostname.log hostname-old.log
shell>mysqladmin flush-logs
shell>cp hostname-old.log to-backup-directory
shell>rm hostname-old.log
On Windows, you cannot rename the log file while the server has it open. You must stop the server and rename the log. Then restart the server to create a new log.
The binary log contains all information that is available in the update log in a more efficient format and in a manner that is transaction-safe.
The binary log contains all statements which updated data or
potentially could have updated it (for example, a
DELETE
which matched no rows). Statements are
stored in the form of “events” that describe the
modifications.
Note: The binary log has replaced the old update log, which is no longer available in MySQL 5.0.
The binary log also contains information about how long each statement took that updated the database. It doesn't contain statements that don't modify any data. If you want to log all statements (for example, to identify a problem query) you should use the general query log. See Section 5.11.2, “The General Query Log”.
The primary purpose of the binary log is to be able to update the database during a restore operation as fully as possible, because the binary log contains all updates done after a backup was made.
The binary log is also used on master replication servers as a record of the statements to be sent to slave servers. See Chapter 6, Replication in MySQL.
Running the server with the binary log enabled makes performance about 1% slower. However, the benefits of the binary log for restore operations and in allowing you to set up replication generally outweigh this minor performance decrement.
When started with the
--log-bin[=
option, mysqld writes a log file containing
all SQL commands that update data. If no
file_name
]file_name
value is given, the default
name is the name of the host machine followed by
-bin
. If file name is given, but it doesn't
contain a path, the file is written in the data directory. It is
recommended to specify a filename, see
Section A.8.1, “Open Issues in MySQL” for the reason.
If you supply an extension in the log name (for example,
--log-bin=
),
the extension is silently removed and ignored.
file_name.extension
mysqld appends a numeric extension to the
binary log name. The number is incremented each time you start
the server or flush the logs. A new binary log also is created
automatically when the current log's size reaches
max_binlog_size
. A binary log may become
larger than max_binlog_size
if you are using
large transactions: A transaction is written to the binary log
in one piece, never split between binary logs.
To be able to know which different binary log files have been
used, mysqld also creates a binary log index
file that contains the names of all used binary log files. By
default this has the same name as the binary log file, with the
extension '.index'
. You can change the name
of the binary log index file with the
--log-bin-index[=
option. You should not manually edit this file while
mysqld is running; doing so would confuse
mysqld.
file_name
]
You can delete all binary log files with the RESET
MASTER
statement, or only some of them with
PURGE MASTER LOGS
. See
Section 13.5.5.5, “RESET
Syntax” and
Section 13.6.1, “SQL Statements for Controlling Master Servers”.
The binary log format has some known limitations which can affect recovery from backups. See Section 6.7, “Replication Features and Known Problems”.
Binary logging for stored routines and triggers is done as described in Section 18.4, “Binary Logging of Stored Routines and Triggers”.
You can use the following options to mysqld to affect what is logged to the binary log. See also the discussion that follows this option list.
--binlog-do-db=
db_name
Tells the master that it should log updates to the binary
log if the current database (that is, the one selected by
USE
) is
db_name
. All other databases that
are not explicitly mentioned are ignored. If you use this,
you should ensure that you only do updates in the current
database.
Observe that there is an exception to this as regards the
CREATE DATABASE
, ALTER
DATABASE
, and DROP DATABASE
statements, which use the database manipulated to decide if
it should log the statement rather than the current
database.
An example of what does not work as you might expect: If the
server is started with
binlog-do-db=sales
, and you do
USE prices; UPDATE sales.january SET
amount=amount+1000;
, this statement does not get
written into the binary log.
--binlog-ignore-db=
db_name
Tells the master that updates where the current database
(that is, the one selected by USE
) is
db_name
should not be stored in
the binary log. If you use this, you should ensure that you
only do updates in the current database.
An example of what does not work as you might expect: If the
server is started with
binlog-ignore-db=sales
, and you do
USE prices; UPDATE sales.january SET
amount=amount+1000;
, this statement is not written
into the binary log.
Similar to the case for --binlog-do-db
,
there is an exception to the CREATE
DATABASE
, ALTER DATABASE
, and
DROP DATABASE
statements, which use the
database manipulated to decide if it should log the
statement rather than the current database.
To log or ignore multiple databases, use multiple options, specifying the appropriate option once for each database.
The server evaluates the options for logging or ignoring updates
to the binary log according to the following rules. Observe that
there is an exception for
CREATE
/ALTER
/DROP
DATABASE
statements. In those cases, the database
being created, altered, or dropped replaces
the current database in the rules below.
Are there binlog-do-db
or
binlog-ignore-db
rules?
No: Write the statement to the binary log and exit.
Yes: Go to the next step.
There are some rules (binlog-do-db
or
binlog-ignore-db
or both). Is there a
current database (has any database been selected by
USE
?)?
No: Do not write the statement, and exit.
Yes: Go to the next step.
There is a current database. Are there some
binlog-do-db
rules?
Yes: Does the current database match any of the
binlog-do-db
rules?
Yes: Write the statement and exit.
No: Do not write the statement, and exit.
No: Go to the next step.
There are some binlog-ignore-db
rules.
Does the current database match any of the
binlog-ignore-db
rules?
Yes: Do not write the statement, and exit.
No: Write the query and exit.
For example, a slave running with only
binlog-do-db=sales
does not write to the
binary log any statement whose current database is different
from sales
(in other words,
binlog-do-db
can sometimes mean “ignore
other databases”).
If you are using replication, you should not delete old binary
log files until you are sure that no slave still needs to use
them. One way to do this is to do mysqladmin
flush-logs once a day and then remove any logs that
are more than three days old. You can remove them manually, or
preferably using PURGE MASTER LOGS
(see
Section 13.6.1, “SQL Statements for Controlling Master Servers”), which also safely
updates the binary log index file for you (and which can take a
date argument).
A client with the SUPER
privilege can disable
binary logging of its own statements by using a SET
SQL_LOG_BIN=0
statement. See
Section 13.5.3, “SET
Syntax”.
You can examine the binary log file with the mysqlbinlog utility. This can be useful when you want to reprocess statements in the log. For example, you can update a MySQL server from the binary log as follows:
shell> mysqlbinlog log-file | mysql -h server_name
See Section 8.6, “mysqlbinlog — Utility for Processing Binary Log Files” for more information on the mysqlbinlog utility and how to use it.
If you are using transactions, you must use the MySQL binary log for backups instead of the old update log.
The binary logging is done immediately after a query completes but before any locks are released or any commit is done. This ensures that the log is logged in the execution order.
Updates to non-transactional tables are stored in the binary log
immediately after execution. For transactional tables such as
BDB
or InnoDB
tables, all
updates (UPDATE
, DELETE
,
or INSERT
) that change tables are cached
until a COMMIT
statement is received by the
server. At that point, mysqld writes the
whole transaction to the binary log before the
COMMIT
is executed. When the thread that
handles the transaction starts, it allocates a buffer of
binlog_cache_size
to buffer queries. If a
statement is bigger than this, the thread opens a temporary file
to store the transaction. The temporary file is deleted when the
thread ends.
The Binlog_cache_use
status variable shows
the number of transactions that used this buffer (and possibly a
temporary file) for storing statements. The
Binlog_cache_disk_use
status variable shows
how many of those transactions actually did have to use a
temporary file. These two variables can be used for tuning
binlog_cache_size
to a large enough value
that avoids the use of temporary files.
The max_binlog_cache_size
(default 4GB) can
be used to restrict the total size used to cache a
multiple-statement transaction. If a transaction is larger than
this, it fails and rolls back.
If you are using the update log or binary log, concurrent
inserts are converted to normal inserts when using
CREATE ... SELECT
or INSERT ...
SELECT
. This is to ensure that you can re-create an
exact copy of your tables by applying the log on a backup.
Note that the binary log format is different in MySQL 5.0 from previous versions of MySQL, due to enhancements in replication. See Section 6.5, “Replication Compatibility Between MySQL Versions”.
By default, the binary log is not synchronized to disk at each
write. So if the operating system or machine (not only the MySQL
server) crashes, there is a chance that the last statements of
the binary log are lost. To prevent this, you can make the
binary log be synchronized to disk after every
N
th binary log write, with the
sync_binlog
global variable (1 being the
safest value, but also the slowest). See
Section 5.3.3, “Server System Variables”. Even with
sync_binlog
set to 1, there is still the
chance of an inconsistency between the tables content and the
binary log content in case of crash. For example, if using
InnoDB
tables, and the MySQL server processes
a COMMIT
statement, it writes the whole
transaction to the binary log and then commits this transaction
into InnoDB
. If it crashes between those two
operations, at restart the transaction is rolled back by
InnoDB
but still exists in the binary log.
This problem can be solved with the
--innodb-safe-binlog
option, which adds
consistency between the content of InnoDB
tables and the binary log. (Note:
--innodb-safe-binlog
is unneeded as of MySQL
5.0.3; it was made obsolete by the introduction of XA
transaction support.)
For this option to provide a greater degree of safety, the MySQL
server should also be configured to synchronize to disk, at
every transaction, the binary log
(sync_binlog=1
) and (which is true by
default) the InnoDB
logs. The effect of this
option is that at restart after a crash, after doing a rollback
of transactions, the MySQL server cuts rolled back
InnoDB
transactions from the binary log. This
ensures that the binary log reflects the exact data of
InnoDB
tables, and so, that the slave remains
in sync with the master (not receiving a statement which has
been rolled back).
Note that --innodb-safe-binlog
can be used even
if the MySQL server updates other storage engines than
InnoDB
. Only statements/transactions
affecting InnoDB
tables are subject to being
removed from the binary log at InnoDB
's crash
recovery. If at crash recovery the MySQL server discovers that
the binary log is shorter than it should have been (that is, it
lacks at least one successfully committed
InnoDB
transaction), which should not happen
if sync_binlog=1
and the disk/filesystem do
an actual sync when they are requested to (some don't), it
prints an error message ("The binary log <name> is shorter
than its expected size"). In this case, this binary log is not
correct, replication should be restarted from a fresh master's
data snapshot.
Writes to the binary log file and binary log index file are
handled in the same way as writes to MyISAM
tables. See Section A.4.3, “How MySQL Handles a Full Disk”.
When started with the
--log-slow-queries[=
option, mysqld writes a log file containing
all SQL statements that took more than
file_name
]long_query_time
seconds to execute. The time
to acquire the initial table locks is not counted as execution
time.
If no file_name
value is given, the
default is the name of the host machine with a suffix of
-slow.log
. If a filename is given, but not as
an absolute pathname, the file is written in the data directory.
A statement is logged to the slow query log after it has been executed and after all locks have been released. Log order may be different from execution order.
The slow query log can be used to find queries that take a long time to execute and are therefore candidates for optimization. However, examining a long slow query log can become a difficult task. To make this easier, you can process the slow query log using the mysqldumpslow command to get a summary of the queries that appear in the log.
In MySQL 5.0's slow query log, slow queries that do
not use indexes are logged as well as those that do. To prevent
queries that do not use indexes from being logged in the slow
query log, use the --log-short-format
option.
See Section 5.3.1, “mysqld Command-Line Options”.
In MySQL 5.0, the
--log-slow-admin-statements
server option
enables you to request logging of slow administrative statements
such as OPTIMIZE TABLE
, ANALYZE
TABLE
, and ALTER TABLE
were written
to the slow query.
Queries handled by the query cache are not added to the slow query log, nor are queries that would not benefit from the presence of an index because the table has zero rows or one row.
The MySQL Server can create a number of different log files that make it easy to see what is going on. See Section 5.11, “The MySQL Log Files”. However, you must clean up these files regularly to ensure that the logs don't take up too much disk space.
When using MySQL with logging enabled, you may want to back up and remove old log files from time to time and tell MySQL to start logging to new files. See Section 5.9.1, “Database Backups”.
On a Linux (Red Hat) installation, you can use the
mysql-log-rotate
script for this. If you
installed MySQL from an RPM distribution, the script should have
been installed automatically. You should be careful with this
script if you are using the binary log for replication; do not
remove binary logs until you are certain that their contents
have been processed by all slaves.
On other systems, you must install a short script yourself that you start from cron or the equivalent for handling log files.
You can force MySQL to start using new log files by using
mysqladmin flush-logs or by using the SQL
statement FLUSH LOGS
.
A log flushing operation does the following:
If standard logging (--log
) or slow query
logging (--log-slow-queries
) is used,
closes and reopens the log file
(mysql.log
and
`hostname`-slow.log
as default).
If update logging (--log-update
) or binary
logging (--log-bin
) is used, closes the log
and opens a new log file with a higher sequence number.
If you are using only an update log, you only have to rename the log file and then flush the logs before making a backup. For example, you can do something like this:
shell>cd mysql-data-directory
shell>mv mysql.log mysql.old
shell>mysqladmin flush-logs
Then make a backup and remove mysql.old
.
In some cases, you might want to run multiple mysqld servers on the same machine. You might want to test a new MySQL release while leaving your existing production setup undisturbed. Or you may want to give different users access to different mysqld servers that they manage themselves. (For example, you might be an Internet Service Provider that wants to provide independent MySQL installations for different customers.)
To run multiple servers on a single machine, each server must have unique values for several operating parameters. These can be set on the command line or in option files. See Section 4.3, “Specifying Program Options”.
At least the following options must be different for each server:
--port=
port_num
--port
controls the port number for TCP/IP
connections.
--socket=
path
--socket
controls the Unix socket file path
on Unix and the name of the named pipe on Windows. On Windows,
it's necessary to specify distinct pipe names only for those
servers that support named pipe connections.
--shared-memory-base-name=
name
This option currently is used only on Windows. It designates the shared memory name used by a Windows server to allow clients to connect via shared memory.
--pid-file=
path
This option is used only on Unix. It indicates the name of the file in which the server writes its process ID.
If you use the following log file options, they must be different for each server:
--log=
path
--log-bin=
path
--log-update=
path
--log-error=
path
--bdb-logdir=
path
Log file options are described in Section 5.11.5, “Log File Maintenance”.
For better performance performance, you can specify the following options differently for each server, in order to spread the load between physical disks:
--tmpdir=
path
--bdb-tmpdir=
path
Having different temporary directories is also recommended, to make it easier to determine which MySQL server created any given temporary file.
Generally, each server should also use a different data directory,
which is specified using the --datadir=path
option.
Warning: Normally you should
never have two servers that update data in the same databases.
This may lead to unpleasant surprises if your operating system
doesn't support fault-free system locking. If (despite this
warning) you run multiple servers using the same data directory
and they have logging enabled, you must use the appropriate
options to specify log filenames that are unique to each server.
Otherwise, the servers try to log to the same files. Please note
that this kind of setup only works with MyISAM
and MERGE
tables, and not with any of the other
storage engines.
The warning against sharing a data directory among servers also applies in an NFS environment. Allowing multiple MySQL servers to access a common data directory over NFS is a very bad idea.
The primary problem is that NFS is the speed bottleneck. It is not meant for such use.
Another risk with NFS is that you has to come up with a way to
make sure that two or more servers do not interfere with each
other. Usually NFS file locking is handled by the
lockd
daemon, but at the moment there is no
platform that performs locking 100% reliably in every
situation.
Make it easy for yourself: Forget about sharing a data directory among servers over NFS. A better solution is to have one computer that contains several CPUs and use an operating system that handles threads efficiently.
If you have multiple MySQL installations in different locations,
normally you can specify the base installation directory for each
server with the --basedir=path
option to cause
each server to use a different data directory, log files, and PID
file. (The defaults for all these values are determined relative
to the base directory). In that case, the only other options you
need to specify are the --socket
and
--port
options. For example, suppose that you
install different versions of MySQL using tar
file binary distributions. These install in different locations,
so you can start the server for each installation using the
command bin/mysqld_safe under its corresponding
base directory. mysqld_safe determines the
proper --basedir
option to pass to
mysqld, and you need specify only the
--socket
and --port
options to
mysqld_safe.
As discussed in the following sections, it is possible to start additional servers by setting environment variables or by specifying appropriate command-line options. However, if you need to run multiple servers on a more permanent basis, it is more convenient to use option files to specify for each server those option values that must be unique to it.
You can run multiple servers on Windows by starting them manually from the command line, each with appropriate operating parameters. On Windows NT-based systems, you also have the option of installing several servers as Windows services and running them that way. General instructions for running MySQL servers from the command line or as services are given in Section 2.3, “Installing MySQL on Windows”. This section describes how to make sure that you start each server with different values for those startup options that must be unique per server, such as the data directory. These options are described in Section 5.12, “Running Multiple MySQL Servers on the Same Machine”.
To start multiple servers manually from the command line, you
can specify the appropriate options on the command line or in
an option file. It's more convenient to place the options in
an option file, but it's necessary to make sure that each
server gets its own set of options. To do this, create an
option file for each server and tell the server the filename
with a --defaults-file
option when you run
it.
Suppose that you want to run mysqld on port
3307 with a data directory of C:\mydata1
,
and mysqld-max on port 3308 with a data
directory of C:\mydata2
. (To do this,
make sure that before you start the servers, each data
directory exists and has its own copy of the
mysql
database that contains the grant
tables.)
Then create two option files. For example, create one file
named C:\my-opts1.cnf
that looks like
this:
[mysqld] datadir = C:/mydata1 port = 3307
Create a second file named
C:\my-opts2.cnf
that looks like this:
[mysqld] datadir = C:/mydata2 port = 3308
Then start each server with its own option file:
C:\>C:\mysql\bin\mysqld --defaults-file=C:\my-opts1.cnf
C:\>C:\mysql\bin\mysqld-max --defaults-file=C:\my-opts2.cnf
On NT, each server starts in the foreground (no new prompt appears until the server exits later); you'll need to issue those two commands in separate console windows.
To shut down the servers, you must connect to the appropriate port number:
C:\>C:\mysql\bin\mysqladmin --port=3307 shutdown
C:\>C:\mysql\bin\mysqladmin --port=3308 shutdown
Servers configured as just described allow clients to connect
over TCP/IP. If your version of Windows supports named pipes
and you also want to allow named pipe connections, use the
mysqld-nt or
mysqld-max-nt servers and specify options
that enable the named pipe and specify its name. Each server
that supports named pipe connections must use a unique pipe
name. For example, the C:\my-opts1.cnf
file might be written like this:
[mysqld] datadir = C:/mydata1 port = 3307 enable-named-pipe socket = mypipe1
Then start the server this way:
C:\> C:\mysql\bin\mysqld-nt --defaults-file=C:\my-opts1.cnf
Modify C:\my-opts2.cnf
similarly for use
by the second server.
On NT-based systems, a MySQL server can be run as a Windows service. The procedures for installing, controlling, and removing a single MySQL service are described in Section 2.3.12, “Starting MySQL as a Windows Service”.
You can also install multiple MySQL servers as services. In this case, you must make sure that each server uses a different service name in addition to all the other parameters that must be unique for each server.
For the following instructions, assume that you want to run
the mysqld-nt server from two different
versions of MySQL that are installed at
C:\mysql-4.1.8
and
C:\mysql-5.0.15
, respectively.
(This might be the case if you're running 4.1.8 as your
production server, but also want to conduct tests using
5.0.15.)
The following principles apply when installing a MySQL service
with the --install
or
--install-manual
option:
If you specify no service name, the server uses the
default service name of MySQL
and the
server reads options from the [mysqld]
group in the standard option files.
If you specify a service name after the
--install
option, the server ignores the
[mysqld]
option group and instead reads
options from the group that has the same name as the
service. The server reads options from the standard option
files.
If you specify a --defaults-file
option
after the service name, the server ignores the standard
option files and reads options only from the
[mysqld]
group of the named file.
Note: Before MySQL 4.0.17,
only a server installed using the default service name
(MySQL
) or one installed explicitly with a
service name of mysqld read the
[mysqld]
group in the standard option
files. As of 4.0.17, all servers read the
[mysqld]
group if they read the standard
option files, even if they are installed using another service
name. This allows you to use the [mysqld]
group for options that should be used by all MySQL services,
and an option group named after each service for use by the
server installed with that service name.
Based on the preceding information, you have several ways to set up multiple services. The following instructions describe some examples. Before trying any of them, be sure that you shut down and remove any existing MySQL services first.
Approach 1: Specify the
options for all services in one of the standard option
files. To do this, use a different service name for each
server. Suppose that you want to run the 4.1.8
mysqld-nt using the service name of
mysqld1
and the 5.0.15
mysqld-nt using the service name
mysqld2
. In this case, you can use the
[mysqld1]
group for 4.1.8 and the
[mysqld2]
group for 5.0.15.
For example, you can set up C:\my.cnf
like this:
# options for mysqld1 service [mysqld1] basedir = C:/mysql-4.1.8 port = 3307 enable-named-pipe socket = mypipe1 # options for mysqld2 service [mysqld2] basedir = C:/mysql-5.0.15 port = 3308 enable-named-pipe socket = mypipe2
Install the services as follows, using the full server pathnames to ensure that Windows registers the correct executable program for each service:
C:\>C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1
C:\>C:\mysql-5.0.15\bin\mysqld-nt --install mysqld2
To start the services, use the services manager, or use NET START with the appropriate service names:
C:\>NET START mysqld1
C:\>NET START mysqld2
To stop the services, use the services manager, or use NET STOP with the appropriate service names:
C:\>NET STOP mysqld1
C:\>NET STOP mysqld2
Approach 2: Specify
options for each server in separate files and use
--defaults-file
when you install the
services to tell each server what file to use. In this
case, each file should list options using a
[mysqld]
group.
With this approach, to specify options for the 4.1.8
mysqld-nt, create a file
C:\my-opts1.cnf
that looks like this:
[mysqld] basedir = C:/mysql-4.1.8 port = 3307 enable-named-pipe socket = mypipe1
For the 5.0.15 mysqld-nt,
create a file C:\my-opts2.cnf
that
looks like this:
[mysqld] basedir = C:/mysql-5.0.15 port = 3308 enable-named-pipe socket = mypipe2
Install the services as follows (enter each command on a single line):
C:\>C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1
--defaults-file=C:\my-opts1.cnf C:\>C:\mysql-5.0.15\bin\mysqld-nt --install mysqld2
--defaults-file=C:\my-opts2.cnf
To use a --defaults-file
option when you
install a MySQL server as a service, you must precede the
option with the service name.
After installing the services, start and stop them the same way as in the preceding example.
To remove multiple services, use mysqld
--remove for each one, specifying a service name
following the --remove
option. If the service
name is the default (MySQL
), you can omit
it.
The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Also, by compiling in different base directories for each installation, that automatically results in different compiled-in data directory, log file, and PID file locations for each of your servers.
Assume that an existing 4.1.8 server is configured for the
default TCP/IP port number (3306) and Unix socket file
(/tmp/mysql.sock
). To configure a new
5.0.15 server to have different operating parameters,
use a configure command something like this:
shell>./configure --with-tcp-port=
port_number
\--with-unix-socket-path=
file_name
\--prefix=/usr/local/mysql-5.0.15
Here, port_number
and
file_name
must be different from the
default TCP/IP port number and Unix socket file pathname, and
the --prefix
value should specify an
installation directory different than the one under which the
existing MySQL installation is located.
If you have a MySQL server listening on a given port number, you can use the following command to find out what operating parameters it is using for several important configurable variables, including the base directory and Unix socket filename:
shell> mysqladmin --host=host_name
--port=port_number
variables
With the information displayed by that command, you can tell what option values not to use when configuring an additional server.
Note that if you specify localhost
as a
hostname, mysqladmin defaults to using a Unix
socket file connection rather than TCP/IP. From MySQL 4.1
onwards, you can explicitly specify the connection protocol to
use by using the --protocol={TCP | SOCKET | PIPE |
MEMORY}
option.
You don't have to compile a new MySQL server just to start with a different Unix socket file and TCP/IP port number. It is also possible to specify those values at runtime. One way to do so is by using command-line options:
shell> mysqld_safe --socket=file_name
--port=port_number
To start a second server, provide different
--socket
and --port
option
values, and pass a
--datadir=
option to mysqld_safe so that the server uses
a different data directory.
path
Another way to achieve a similar effect is to use environment variables to set the Unix socket filename and TCP/IP port number:
shell>MYSQL_UNIX_PORT=/tmp/mysqld-new.sock
shell>MYSQL_TCP_PORT=3307
shell>export MYSQL_UNIX_PORT MYSQL_TCP_PORT
shell>mysql_install_db --user=mysql
shell>mysqld_safe --datadir=/path/to/datadir &
This is a quick way of starting a second server to use for testing. The nice thing about this method is that the environment variable settings apply to any client programs that you invoke from the same shell. Thus, connections for those clients are automatically directed to the second server!
Appendix F, Environment Variables includes a list of other environment variables you can use to affect mysqld.
For automatic server execution, your startup script that is executed at boot time should execute the following command once for each server with an appropriate option file path for each command:
mysqld_safe --defaults-file=path
Each option file should contain option values specific to a given server.
On Unix, the mysqld_multi script is another way to start multiple servers. See Section 5.1.5, “mysqld_multi — Program for Managing Multiple MySQL Servers”.
When you want to connect with a client program to a MySQL server that is listening to different network interfaces than those compiled into your client, you can use one of the following methods:
Start the client with
--host=
to
connect via TCP/IP to a remote server, with
host_name
--port=port_number
--host=127.0.0.1
--port=
to
connect via TCP/IP to a local server, or with
port_number
--host=localhost
--socket=
to
connect to a local server via a Unix socket file or a
Windows named pipe.
file_name
As of MySQL 4.1, start the client with
--protocol=tcp
to connect via TCP/IP,
--protocol=socket
to connect via a Unix
socket file, --protocol=pipe
to connect via
a named pipe, or --protocol=memory
to
connect via shared memory. For TCP/IP connections, you may
also need to specify --host
and
--port
options. For the other types of
connections, you may need to specify a
--socket
option to specify a Unix socket
file or named pipe name, or a
--shared-memory-base-name
option to specify
the shared memory name. Shared memory connections are
supported only on Windows.
On Unix, set the MYSQL_UNIX_PORT
and
MYSQL_TCP_PORT
environment variables to
point to the Unix socket file and TCP/IP port number before
you start your clients. If you normally use a specific
socket file or port number, you can place commands to set
these environment variables in your
.login
file so that they apply each
time you log in. See
Appendix F, Environment Variables.
Specify the default Unix socket file and TCP/IP port number
in the [client]
group of an option file.
For example, you can use C:\my.cnf
on
Windows, or the .my.cnf
file in your
home directory on Unix. See Section 4.3.2, “Using Option Files”.
In a C program, you can specify the socket file or port
number arguments in the
mysql_real_connect()
call. You can also
have the program read option files by calling
mysql_options()
. See
Section 23.2.3, “C API Function Descriptions”.
If you are using the Perl DBD::mysql
module, you can read options from MySQL option files. For
example:
$dsn = "DBI:mysql:test;mysql_read_default_group=client;" . "mysql_read_default_file=/usr/local/mysql/data/my.cnf"; $dbh = DBI->connect($dsn, $user, $password);
See Section 23.4, “MySQL Perl API”.
Other programming interfaces may provide similar capabilities for reading option files.
MySQL 5.0 Server features a query cache. When in use,
the query cache stores the text of a SELECT
query together with the corresponding result that was sent to the
client. If the identical query is received later, the server
retrieves the results from the query cache rather than parsing and
executing the query again.
The query cache is extremely useful in an environment where you have tables that don't change very often and for which the server receives a lot of identical queries. This is a typical situation for many Web servers that generate a lot of dynamic pages based on database content.
Note: The query cache does not return stale data. When tables are modified, any relevant entries in the query cache are flushed.
Note: The query cache does not
work in an environment where you have many
mysqld servers updating the same
MyISAM
tables.
Note: The query cache isn't used for server-side prepared statements. If you're using server-side prepared statements consider that these statement won't be satisfied by the query cache. See Section 23.2.4, “C API Prepared Statements”.
Some performance data for the query cache follow. These results were generated by running the MySQL benchmark suite on a Linux Alpha 2 x 500MHz system with 2GB RAM and a 64MB query cache.
If all the queries you're performing are simple (such as selecting a row from a table with one row), but still differ so that the queries cannot be cached, the overhead for having the query cache active is 13%. This could be regarded as the worst case scenario. In real life, queries tend to be much more complicated, so the overhead normally is significantly lower.
Searches for a single row in a single-row table are 238% faster with the query cache than without it. This can be regarded as close to the minimum speedup to be expected for a query that is cached.
To disable the query cache at server startup, set the
query_cache_size
system variable to 0. By
disabling the query cache code, there is no noticeable overhead.
Query cache capabilities can be excluded from the server entirely
by using the --without-query-cache
option to
configure when compiling MySQL.
This section describes how the query cache works when it is operational. Section 5.13.3, “Query Cache Configuration” describes how to control whether or not it is operational.
Queries are compared before parsing, so the following two queries are regarded as different by the query cache:
SELECT * FROMtbl_name
Select * fromtbl_name
Queries must be exactly the same (byte for byte) to be seen as identical. In addition, query strings that are identical may be treated as different for other reasons. Queries that use different databases, different protocol versions, or different default character sets are considered different queries and are cached separately.
Before a query is fetched from the query cache, MySQL checks
that the user has SELECT
privilege for all
databases and tables involved. If this is not the case, the
cached result is not used.
If a query result is returned from query cache, the server
increments the Qcache_hits
status variable,
not Com_select
. See
Section 5.13.4, “Query Cache Status and Maintenance”.
If a table changes, then all cached queries using that table
become invalid and are removed from the cache. This includes
queries that use MERGE
tables that map to the
changed table. A table can be changed by many types of
statements, such as INSERT
,
UPDATE
, DELETE
,
TRUNCATE
, ALTER TABLE
,
DROP TABLE
, or DROP
DATABASE
.
Transactional InnoDB
tables that have been
changed are invalidated when a COMMIT
is
performed.
In MySQL 5.0, the query cache also works within
transactions when using InnoDB
tables, making
use of the table version number to detect whether or not its
contents are still current.
In MySQL 5.0, queries generated by views are cached.
Before MySQL 5.0, a query that began with a leading comment could be cached, but could not be fetched from the cache. This problem is fixed in MySQL 5.0.
The query cache works for SELECT SQL_CALC_FOUND_ROWS
...
and SELECT FOUND_ROWS()
type
queries. FOUND_ROWS()
returns the correct
value even if the preceding query was fetched from the cache
because the number of found rows is also stored in the cache.
A query cannot be cached if it contains any of the following functions:
BENCHMARK() | CONNECTION_ID() | CURDATE() |
CURRENT_DATE() | CURRENT_TIME() | CURRENT_TIMESTAMP() |
CURTIME() | DATABASE() | ENCRYPT() with one parameter |
FOUND_ROWS() | GET_LOCK() | LAST_INSERT_ID() |
LOAD_FILE() | MASTER_POS_WAIT() | NOW() |
RAND() | RELEASE_LOCK() | SYSDATE() |
UNIX_TIMESTAMP() with no parameters | USER() |
A query also is not cached under these conditions:
It refers to user-defined functions (UDFs).
It refers to user variables.
It refers to the tables in the mysql
system database.
It is of any of the following forms:
SELECT ... IN SHARE MODE SELECT ... FOR UPDATE SELECT ... INTO OUTFILE ... SELECT ... INTO DUMPFILE ... SELECT * FROM ... WHERE autoincrement_col IS NULL
The last form is not cached because it is used as the ODBC
workaround for obtaining the last insert ID value. See
Section 24.1.14.1, “How to Get the Value of an AUTO_INCREMENT
Column in ODBC”.
It was issued as a prepared statement, even if no placeholders were employed. For example, the query used here:
char *my_sql_stmt = "SELECT a, b FROM table_c"; /* ... */ mysql_stmt_prepare(stmt, my_sql_stmt, strlen(my_sql_stmt));
is not cached. See Section 23.2.4, “C API Prepared Statements”.
It uses TEMPORARY
tables.
It does not use any tables.
The user has a column-level privilege for any of the involved tables.
Two query cache-related options may be specified in
SELECT
statements:
Examples:
SELECT SQL_CACHE id, name FROM customer; SELECT SQL_NO_CACHE id, name FROM customer;
The have_query_cache
server system variable
indicates whether the query cache is available:
mysql> SHOW VARIABLES LIKE 'have_query_cache';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| have_query_cache | YES |
+------------------+-------+
When using a standard MySQL 5.0 binary, this value
is always YES
, even if query caching is
disabled.
Several other system variables control query cache operation.
These can be set in an option file or on the command line when
starting mysqld. The query cache system
variables all have names that begin with
query_cache_
. They are described briefly in
Section 5.3.3, “Server System Variables”, with additional
configuration information given here.
To set the size of the query cache, set the
query_cache_size
system variable. Setting it
to 0 disables the query cache. The default cache size is 0; that
is, the query cache is disabled.
When setting query_cache_size
to a non-zero
value keep in mind that the query cache needs a minimum size of
about 40KB to allocate its structures. (The exact size depends
on architecture.) If you set the value too small, you'll get a
warning, like in this example:
mysql>SET GLOBAL query_cache_size = 40000;
Query OK, 0 rows affected, 1 warning (0.00 sec) mysql>SHOW WARNINGS\G
*************************** 1. row *************************** Level: Warning Code: 1282 Message: Query cache failed to set size 39936; new query cache size is 0 mysql>SET GLOBAL query_cache_size = 41984;
Query OK, 0 rows affected (0.00 sec) mysql>SHOW VARIABLES LIKE 'query_cache_size';
+------------------+-------+ | Variable_name | Value | +------------------+-------+ | query_cache_size | 41984 | +------------------+-------+
If the query cache size is greater than 0, the
query_cache_type
variable influences how it
works. This variable can be set to the following values:
A value of 0
or OFF
prevents caching or retrieval of cached results.
A value of 1
or ON
allows caching except of those statements that begin with
SELECT SQL_NO_CACHE
.
A value of 2
or DEMAND
causes caching of only those statements that begin with
SELECT SQL_CACHE
.
Setting the GLOBAL
value of
query_cache_type
determines query cache
behavior for all clients that connect after the change is made.
Individual clients can control cache behavior for their own
connection by setting the SESSION
value of
query_cache_type
. For example, a client can
disable use of the query cache for its own queries like this:
mysql> SET SESSION query_cache_type = OFF;
To control the maximum size of individual query results that can
be cached, set the query_cache_limit
variable. The default value is 1MB.
The result of a query (the data sent to the client) is stored in
the query cache during result retrieval. Therefore the data
usually is not handled in one big chunk. The query cache
allocates blocks for storing this data on demand, so when one
block is filled, a new block is allocated. Because memory
allocation operation is costly (timewise), the query cache
allocates blocks with a minimum size given by the
query_cache_min_res_unit
system variable.
When a query is executed, the last result block is trimmed to
the actual data size so that unused memory is freed. Depending
on the types of queries your server executes, you might find it
helpful to tune the value of
query_cache_min_res_unit
:
The default value of
query_cache_min_res_unit
is 4KB. This
should be adequate for most cases.
If you have a lot of queries with small results, the default
block size may lead to memory fragmentation, as indicated by
a large number of free blocks. Fragmentation can force the
query cache to prune (delete) queries from the cache due to
lack of memory. In this case, you should decrease the value
of query_cache_min_res_unit
. The number
of free blocks and queries removed due to pruning are given
by the values of the Qcache_free_blocks
and Qcache_lowmem_prunes
status
variables.
If most of your queries have large results (check the
Qcache_total_blocks
and
Qcache_queries_in_cache
status
variables), you can increase performance by increasing
query_cache_min_res_unit
. However, be
careful to not make it too large (see the previous item).
You can check whether the query cache is present in your MySQL server using the following statement:
mysql> SHOW VARIABLES LIKE 'have_query_cache';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| have_query_cache | YES |
+------------------+-------+
You can defragment the query cache to better utilize its memory
with the FLUSH QUERY CACHE
statement. The
statement does not remove any queries from the cache.
The RESET QUERY CACHE
statement removes all
query results from the query cache. The FLUSH
TABLES
statement also does this.
To monitor query cache performance, use SHOW
STATUS
to view the cache status variables:
mysql> SHOW STATUS LIKE 'Qcache%';
+-------------------------+--------+
| Variable_name | Value |
+-------------------------+--------+
| Qcache_free_blocks | 36 |
| Qcache_free_memory | 138488 |
| Qcache_hits | 79570 |
| Qcache_inserts | 27087 |
| Qcache_lowmem_prunes | 3114 |
| Qcache_not_cached | 22989 |
| Qcache_queries_in_cache | 415 |
| Qcache_total_blocks | 912 |
+-------------------------+--------+
Descriptions of each of these variables are given in Section 5.3.4, “Server Status Variables”. Some uses for them are described here.
The total number of SELECT
queries is equal
to:
Com_select + Qcache_hits + queries with errors found by parser
The Com_select
value is equal to:
Qcache_inserts + Qcache_not_cached + queries with errors found during columns/rights check
The query cache uses variable-length blocks, so
Qcache_total_blocks
and
Qcache_free_blocks
may indicate query cache
memory fragmentation. After FLUSH QUERY
CACHE
, only a single free block remains.
Every cached query requires a minimum of two blocks (one for the query text and one or more for the query results). Also, every table that is used by a query requires one block. However, if two or more queries use the same table, only one block needs to be allocated.
The information provided by the
Qcache_lowmem_prunes
status variable can be
used to help you tune the query cache size. It counts the number
of queries that have been removed from the cache to free up
memory for caching new queries. The query cache uses a least
recently used (LRU) strategy to decide which queries to remove
from the cache. Tuning information is given in
Section 5.13.3, “Query Cache Configuration”.