Scribd Logo
Upload

Welcome to Scribd!

  • MySQL Training Course Part2

    Uploaded by

    Saeed Meethal
    35 views27 pages
    MySQL security model Each MySQL server installation has a seed database "mysql" #he access to this database has to be secured, since if someone is able to lo!in without a assword as "root" user to this database, he can overwrite user rivile!es or create a ro!ue user.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    MySQL security model Each MySQL server installation has a seed database "mysql" #he access to this database has to be secured, since if someone is able to lo!in without a assword as "root" user to this database, he can overwrite user rivile!es or create a ro!ue user.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views27 pages

    MySQL Training Course Part2

    Uploaded by

    Saeed Meethal
    MySQL security model Each MySQL server installation has a seed database "mysql" #he access to this database has to be secured, since if someone is able to lo!in without a assword as "root" user to this database, he can overwrite user rivile!es or create a ro!ue user.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    23

    3. Managing MySQL users and privileges


    3.1 MySQL security model Each MySQL server installation has a seed database mysql, which stores the MySQL databases information on the local machine, the users and their rivile!es informations" #he access to this database has to be secured, since if someone is able to lo!in without a assword as root user to this database, he can overwrite user rivile!es or create a ro!ue user" #he tables in the mysql database are the followin!$ # mysql -u root mysql %eadin! table information for com letion of table and column names &ou can turn off this feature to !et a quic'er startu with () *elcome to the MySQL monitor" +ommands end with , or -!" &our MySQL connection id is 3 to server version$ ."/"22(&ahoo(SM0(lo! #y e 1hel ,1 or 1-h1 for hel " #y e 1-c1 to clear the buffer" mysql> show ta les! 2((((((((((((((((((((((((2 3 #ables4in4mysql 3 2((((((((((((((((((((((((2 3 columns4 riv 3 3 db 3 3 func 3 3 host 3 3 tables4 riv 3 3 user 3 2((((((((((((((((((((((((2 5 rows in set 6/"// sec7 columns"priv table stores all the column rivile!es !ranted to users

    MySQL )dministration 8ow(#o

    2. mysql> desc columns"priv! 2(((((((((((((((((((((2((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 9ield 3 #y e 3 :ull 3 ;ey 3 <efault 3 E=tra 3 2(((((((((((((((((((((2((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 8ost 3 char65/7 binary 3 3 0%> 3 3 3 3 <b 3 char65.7 binary 3 3 0%> 3 3 3 3 ?ser 3 char6@57 binary 3 3 0%> 3 3 3 3 #able4name 3 char65.7 binary 3 3 0%> 3 3 3 3 +olumn4name 3 char65.7 binary 3 3 0%> 3 3 3 3 #imestam 3 timestam 6@.7 3&ES 3 3 :?LL 3 3 +olumn4 riv 3 set61Select1,1>nsert1,1? date1,1%eferences17 3 3 3 3 3 2((((((((((((((((((((((2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2((((2(((((2(((((((((2(((((((2 A rows in set 6/"// sec7 d table stores all user rivile!es for any MySQL database he has acces to$

    mysql> desc d ! 2(((((((((((((((((((((((((((((((((2((((((((((((((((((((((((2((((((2(((((((2(((((((((((2(((((((((2 3 9ield 3 #y e 3 :ull 3 ;ey 3 <efault 3 E=tra 3 2(((((((((((((((((((((((((((((((((2((((((((((((((((((((((((2(((((((2((((((2(((((((((((2(((((((((2 3 8ost 3 char65/7 binary 3 3 0%> 3 3 3 3 <b 3 char65.7 binary 3 3 0%> 3 3 3 3 ?ser 3 char6@57 binary 3 3 0%> 3 3 3 3 Select4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nsert4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 ? date4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 <elete4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 <ro 4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Brant4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %eferences4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nde=4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 )lter4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4tm 4table4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Loc'4tables4 riv 3 enum61:1,1&17 3 3 3: 3 3 2(((((((((((((((((((((((((((((((((2((((((((((((((((((((((((2(((((((((2((((((2((((((((((2((((((((2 @C rows in set 6/"// sec7

    mysql> select # $rom d

    where user % &rit'y&()

    8ost$ a(int"cor "yahoo"com <b$ #ES#<D

    MySQL )dministration 8ow(#o

    2C ?ser$ ritEy Select4 riv$ & >nsert4 riv$ & ? date4 riv$ & <elete4 riv$ & +reate4 riv$ & <ro 4 riv$ & Brant4 riv$ : %eferences4 riv$ & >nde=4 riv$ & )lter4 riv$ & +reate4tm 4table4 riv$ & Loc'4tables4 riv$ & FFFFFFFFFFFFFFFFFFFFFFFFFFF 2" row FFFFFFFFFFFFFFFFFFFFFFFFFFF 8ost$ G <b$ #ES#<D ?ser$ ritEy Select4 riv$ & >nsert4 riv$ & ? date4 riv$ & <elete4 riv$ & +reate4 riv$ & <ro 4 riv$ & Brant4 riv$ : %eferences4 riv$ & >nde=4 riv$ & )lter4 riv$ & +reate4tm 4table4 riv$ & Loc'4tables4 riv$ & 2 rows in set 6/"/2 sec7

    host table stores all host rivile!es for any MySQL database this host has acces to$ mysql> desc host! 2(((((((((((((((((((((((2(((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 9ield 3 #y e 3 :ull 3 ;ey 3 <efault 3 E=tra 3 2(((((((((((((((((((((((2(((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 8ost 3 char65/7 binary 3 3 0%> 3 3 3 3 <b 3 char65.7 binary 3 3 0%> 3 3 3 3 Select4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nsert4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 ? date4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 <elete4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4 riv 3 enum61:1,1&17 3 3 3: 3 3

    MySQL )dministration 8ow(#o

    25 3 <ro 4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Brant4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %eferences4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nde=4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 )lter4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4tm 4table4 riv 3 enum61:1,1&17 3 3 3: 3 3 Loc'4tables4 riv 3 enum61:1,1&17 3 3 3: 3 3 2(((((((((((((((((((((((2(((((((((((((((((2((((((2(((((2(((((((((2(((((((2

    user table stores all user rivile!es for any MySQL database he has acces to$ mysql> desc user ! 2(((((((((((((((((((((((2(((((((((((((((((((((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 9ield 3 #y e 3 :ull 3 ;ey 3 <efault 3 E=tra 3 2(((((((((((((((((((((((2(((((((((((((((((((((((((((((((((((2((((((2(((((2(((((((((2(((((((2 3 8ost 3 varchar65/7 binary 3 3 0%> 3 3 3 3 ?ser 3 varchar6@57 binary 3 3 0%> 3 3 3 3 0assword 3 varchar6@57 binary 3 3 3 3 3 3 Select4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nsert4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 ? date4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 <elete4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 <ro 4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %eload4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Shutdown4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 0rocess4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 9ile4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Brant4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %eferences4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 >nde=4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 )lter4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Show4db4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Su er4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 +reate4tm 4table4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 Loc'4tables4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 E=ecute4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %e l4slave4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 %e l4client4 riv 3 enum61:1,1&17 3 3 3: 3 3 3 ssl4ty e 3 enum611,1):&1,1HC/I1,1S0E+>9>E<17 3 3 3 3 3 3 ssl4ci her 3 blob 3 3 3 3 3 3 =C/I4issuer 3 blob 3 3 3 3 3 3 =C/I4subJect 3 blob 3 3 3 3 3 3 ma=4questions 3 int6@@7 unsi!ned 3 3 3/ 3 3 3 ma=4u dates 3 int6@@7 unsi!ned 3 3 3/ 3 3 3 ma=4connections 3 int6@@7 unsi!ned 3 3 3/ 3 3 2(((((((((((((((((((((((2(((((((((((((((((((((((((((((((((((2((((((2(((((2(((((((((2(((((((2

    MySQL )dministration 8ow(#o

    2A 3.* +reating MySQL users and granting privileges #o create a new user and also !rant rivile!es in the same time, we can use the B%):# command$ mysql> grant shutdown on #.# to test,localhost identi$ied Query K;, / rows affected 6/"/2 sec7 mysql> select # $rom user where user % &test&() -ost. localhost /ser. test 0assword. 1dcda2d31*42 533 Select4 riv$ : >nsert4 riv$ : ? date4 riv$ : <elete4 riv$ : +reate4 riv$ : <ro 4 riv$ : %eload4 riv$ : Shutdown"priv. 6 0rocess4 riv$ : 9ile4 riv$ : Brant4 riv$ : %eferences4 riv$ : >nde=4 riv$ : )lter4 riv$ : Show4db4 riv$ : Su er4 riv$ : +reate4tm 4table4 riv$ : Loc'4tables4 riv$ : E=ecute4 riv$ : %e l4slave4 riv$ : %e l4client4 riv$ : ssl4ty e$ ssl4ci her$ =C/I4issuer$ =C/I4subJect$ ma=4questions$ / ma=4u dates$ / ma=4connections$ / @ row in set 6/"// sec7 mysql> grant drop on 78S79:.# to test,localhost! Query K;, / rows affected 6/"/@ sec7 y &testpass&!

    MySQL )dministration 8ow(#o

    2L mysql> select # $rom d 8ost$ localhost <b$ #ES#<D ?ser$ test Select4 riv$ : >nsert4 riv$ : ? date4 riv$ : <elete4 riv$ : +reate4 riv$ : <ro 4 riv$ & Brant4 riv$ : %eferences4 riv$ : >nde=4 riv$ : )lter4 riv$ : +reate4tm 4table4 riv$ : Loc'4tables4 riv$ : @ row in set 6/"// sec7 where user % &test&()

    8KS#, ?SE%, and <D table are very closely connected ( if an authoriEed ?SE% attem ts an SQL request from an unauthoriEed 8KS#, it is denied" >f a request from an authoriEed 8KS# is not an authoriEed ?SE%, it is denied" >f a !lobally authoriEed ?SE% does not have ri!hts to a certain <D, it is denied"

    MySQL )dministration 8ow(#o

    2I 9or the );<=7 and ;8>?@8 statements, priv_type can be s ecified as any of the followin!$

    0rivilege
    )L#E% +%E)#E +%E)#E #EM0K%)%& #)DLES +%E)#E N>E* <ELE#E <%K0 EHE+?#E 9>LE >:<EH >:SE%# LK+; #)DLES 0%K+ESS %E9E%E:+ES %ELK)< %E0L>+)#>K: +L>E:# %E0L>+)#>K: SL)NE SELE+# S8K* <)#)D)SES S8K* N>E* S8?#<K*: S?0E% ?0<)#E ?S)BE B%):# K0#>K:

    Meaning
    )llows use of ALTER TABLE )llows use of CREATE TABLE )llows use of CREATE TEMPORARY TABLE )llows use of CREATE VIEW )llows use of DELETE )llows use of DROP TABLE )llows the user to run stored rocedures 6MySQL C"/7 )llows use of SELECT ... INTO OUTFILE and LOAD DATA INFILE )llows use of CREATE INDEX and DROP INDEX )llows use of INSERT )llows use of LOC rivile!e TABLES on tables for which you have the SELECT

    )LL M0%>N>LEBESO Sets all sim le rivile!es e=ce t GRANT OPTION

    )llows use of S!OW FULL PROCESSLIST :ot yet im lemented )llows use of FLUS! )llows the user to as' where the slave or master servers are :eeded for re lication slaves 6to read binary lo! events from the master7 )llows use of SELECT S!OW DATABASES shows all databases )llows use of S!OW CREATE VIEW )llows use of "y#$%&'"i( #)*t'+,( )llows use of C!ANGE MASTER, ILL, PURGE MASTER LOGS, and SET GLOBAL statements, the "y#$%&'"i( 'e-*. command, allows you to connect 6once7 even if "&/_0+((e0ti+(# is reached )llows use of UPDATE Synonym for PPno rivile!es11 )llows rivile!es to be !ranted

    MySQL )dministration 8ow(#o

    3/ :ot all rivile!es can be !ranted with the B%):# command" Some of the rivile!es has to be !ranted by directly u datin! the user table" 9or e=am le$ mysql> grant delete"priv on 78S79:.# to test,localhost! E%%K% @/5.$ &ou have an error in your SQL synta=" +hec' the manual that corres onds to your MySQL server version for the ri!ht synta= to use near 1delete4 riv on #ES#<D"F to testQlocalhost1 at line @ mysql> update d set 9elete"priv % &6& where user % &test& and d % &78S79:&!

    Query K;, @ row affected 6/"// sec7 %ows matched$ @ +han!ed$ @ *arnin!s$ / mysql> select # $rom d where user % &test&()

    -ost. localhost 9 . 78S79: /ser. test Select4 riv$ : >nsert4 riv$ : ? date4 riv$ : 9elete"priv. 6 +reate4 riv$ : <ro 4 riv$ & Brant4 riv$ : %eferences4 riv$ : >nde=4 riv$ : )lter4 riv$ : +reate4tm 4table4 riv$ : Loc'4tables4 riv$ : @ row in set 6/"// sec7 *hen mysqld starts, all !rant table contents are read into memory and become effective for access control at that oint" *hen the server reloads the !rant tables, rivile!es for e=istin! client connections are affected as follows$

    #able and column rivile!e chan!es ta'e effect with the client1s ne=t request" <atabase rivile!e chan!es ta'e effect at the ne=t ?SE db4name statement" +han!es to !lobal rivile!es and asswords ta'e effect the ne=t time the client connects"

    >f you modify the !rant tables usin! B%):#, %ENK;E, or SE# 0)SS*K%<, the server notices these chan!es and reloads the !rant tables into memory a!ain immediately" >f you modify the !rant tables directly usin! statements such as >:SE%#, ?0<)#E, or <ELE#E, your chan!es have no effect on rivile!e chec'in! until you either restart the server or tell it to reload the tables" #o reload the !rant tables manually, issue a

    MySQL )dministration 8ow(#o

    32 9L?S8 0%>N>LEBES statement or e=ecute a mysqladmin flush( rivile!es or mysqladmin reload command" #he rivile!e !rants doesn1t ta'e effect until MySQL server reads the !rant tables from the mysql database" &ou can force this by e=ecutin! the followin! commands$ mysql> show grants $or &test&,&localhost&! 2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 3 Brants for testQlocalhost 3 2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 3 B%):# S8?#<K*: K: F"F #K 1test1Q1localhost1 ><E:#>9>E< D& 0)SS*K%< 1Adcda/dCA2I/b.C31 3 3 B%):# <%K0 K: P#ES#<DP"F #K 1test1Q1localhost1 3 2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 2 rows in set 6/"// sec7 mysql> $lush privileges! Query K;, / rows affected 6/"// sec7 mysql> show grants $or &test&,&localhost&!
    2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 3 Brants for testQlocalhost 3 2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 3 B%):# S8?#<K*: K: F"F #K 1test1Q1localhost1 ><E:#>9>E< D& 0)SS*K%< 1Adcda/dCA2I/b.C31 3 3 B%):# <ELE#E, <%K0 K: P#ES#<DP"F #K 1test1Q1localhost1 3 2(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2

    2 rows in set 6/"// sec7

    # mysqladmin -u root $lush-privileges # mysqladmin -u root reload #o revo'e rivile!es from a user one can use the %ENK;E command$ mysql> revoAe drop on 78S79:.# $rom &test&,&localhost&! Query K;, / rows affected 6/"/@ sec7

    MySQL )dministration 8ow(#o

    33 mysql> select # $rom d 8ost$ localhost <b$ #ES#<D ?ser$ test Select4 riv$ : >nsert4 riv$ : ? date4 riv$ : <elete4 riv$ & +reate4 riv$ : <ro 4 riv$ : Brant4 riv$ : %eferences4 riv$ : >nde=4 riv$ : )lter4 riv$ : +reate4tm 4table4 riv$ : Loc'4tables4 riv$ : @ row in set 6/"/@ sec7 #o chan!e user assword use$ 9or older versions of MySQL the synta= of u datin! the assword was$ mysql> update user set password % &testpass1& where user % &test&! Query K;, @ row affected 6/"/@ sec7 %ows matched$ @ +han!ed$ @ *arnin!s$ / mysql> select userB hostB password $rom user where user % &test&! 2((((((2(((((((((((2(((((((((((2 3 user 3 host 3 assword 3 2((((((2(((((((((((2(((((((((((2 3 test 3 localhost 3 test ass@ 3 2((((((2(((((((((((2(((((((((((2 @ row in set 6/"// sec7 Kn versions ."/"= you can use only the statement below, which is equivalent on the above statement$ mysql> update user set password % 0<SSC?;9D&testpass1&E where user % &test&! Query K;, @ row affected 6/"// sec7 %ows matched$ @ +han!ed$ @ *arnin!s$ / where user % &test&()

    MySQL )dministration 8ow(#o

    3. mysql> $lush privileges! Query K;, / rows affected 6/"// sec7 mysql> select userB hostB password $rom user where user % &test&! 2((((((2(((((((((((((2(((((((((((((((((((((((((((((((2 3 user 3 host 3 assword 3 2((((((2((((((((((((((2((((((((((((((((((((((((((((((2 3 test 3 localhost 3 3/5c2.f5@35I2c.I 3 2((((((2((((((((((((((2((((((((((((((((((((((((((((((2 @ row in set 6/"// sec7 mysql> set password $or test % passwordD&testpass*&E! Query K;, / rows affected 6/"/2 sec7 mysql> select userB hostB password $rom user where user % &test&! 2((((((2((((((((((((((2(((((((((((((((((((((((((((((((2 3 user 3 host 3 assword 3 2((((((2((((((((((((((2(((((((((((((((((((((((((((((((2 3 test 3 localhost 3 3/5c2A53@35I2Lb5 3 2((((((2((((((((((((((2(((((((((((((((((((((((((((((((2 @ row in set 6/"// sec7

    #o !rant user access to remote users you have to s ecify the remote host$ mysql> grant shutdown on #.# to tri$on,&wine.corp.yahoo.com&! Query K;, / rows affected 6/"/@ sec7 mysql> grant shutdown on #.# to tri$on,&F.corp.yahoo.com&! Query K;, / rows affected 6/"// sec7 mysql> grant shutdown on #.# to tri$on,&*1G.153.33.F&! Query K;, / rows affected 6/"// sec7 &ou can also !rou rivile!es to!ether$

    mysql> grant dropB selectB insert on 78S79:.# to tri$on,&*1G.153.33.F&! Query K;, / rows affected 6/"// sec7

    MySQL )dministration 8ow(#o

    3C #o remove user from MySQL$ mysql> delete $rom user where user%&username&! mysql> HL/S- 0;I>IL8)8S! More e=am les of addin! a new user with different level of rivile!es$ dummy. ) user who can connect without a assword, but only from the local host" mysqlR B%):# ?S)BE K: F"F #K dummyQlocalhost,

    my/ser. ) full su eruser who can connect to the server from anywhere, but who must use a assword 1 ass1 to do so" B%):# statements should be for both my?serQlocalhost and my?serQSGS" to revent the anonymous user entry for localhost ta'e recedence" mysql> );<=7 <LL 0;I>IL8)8S ?= #.# 7? my/ser,localhost I98=7IHI89 :6 &pass& CI7- );<=7 ?07I?=! mysql> );<=7 <LL 0;I>IL8)8S ?= #.# 7? my/ser,JFJ I98=7IHI89 :6 &some"pass& CI7- );<=7 ?07I?=! GS ( is a wildcard in MySQL" >f you are definin! your <D table and in the 1host1 field enter 1G1, that means that any host can access that database 6Kf course, that host must also have a valid db user7"

    admin. ) user who can connect from localhost without a assword and who is !ranted the %ELK)< and 0%K+ESS administrative rivile!es" :o database(related rivile!es are !ranted" mysql> );<=7 ;8L?<9B0;?+8SS ?= #.# 7? admin,localhost!

    )dd a user that has full ri!hts to his database only but cannot see other database$ mysql> );<=7 /S<)8 ?= #.# 7? &user&,&host& );<=7 SelectB InsertB /pdateB 9eleteB +reateB 9rop ?= Kdata aseK.# 7? &user&,&host& HL/S- 0;I>8L8)S!

    MySQL )dministration 8ow(#o

    35 #he 9>LE rivele!e and *>#8 B%):# K0#>K: may not be the best way to include, it is only in case of creatin! another su eruser with full set of rivile!es or !ivin! rivile!es to load data usin! mysql command >:LK)< <)#)" Summary of the ways to chan!e the user asswords in MySQL$ ( from ?ni=$ # mysql -u username -h hostname -p password mysql> S87 0<SSC?;9 H?; username,localhost%0<SSC?;9D&new"password&E!

    ( directly mani ulate the rivile!e tables$ # mysql -u username -h host -u username -p mysql> /09<78 user S87 0assword%0<SSC?;9D&new"password&E C-8;8 user%&root&! mysql> HL/S- 0;I>IL8)8S!

    ( usin! the mysqladmin command$ # mysqladmin -u username password new"password

    3.3 /se$ul MySQL

    uild-in $unctions

    mysql> select userDE! 2((((((((((((((((2 3 user67 3 2((((((((((((((((2 3 rootQlocalhost 3 2((((((((((((((((2 @ row in set 6/"// sec7

    MySQL )dministration 8ow(#o

    3A mysql> select data aseDE! 2((((((((((((2 3 database67 3 2((((((((((((2 3 mysql 3 2((((((((((((2 @ row in set 6/"// sec7 mysql> select curtimeDE! 2(((((((((((2 3 curtime67 3 2(((((((((((2 3 @C$/L$@3 3 2(((((((((((2 @ row in set 6/"/2 sec7 mysql> select curdateDE! 2((((((((((((2 3 curdate67 3 2((((((((((((2 3 2//.(/I(2A 3 2((((((((((((2 @ row in set 6/"// sec7

    5. :acAups o$ MySQL ta les and data ases


    5.1 Manual acAup y using the ?S utilities DcpB tarE

    MySQL tables are stored as files, so to do a bac'u we have to ma'e a co ies of the table data files" #o !et a consistent bac'u , do a L?+@ 7<:L8S on the relevant tables, followed by HL/S- 7<:L8S for the tables" #he L?+@ 7<:L8S is lacin! a read loc' on the tables" #his allows other clients to continue to query the tables while you are ma'in! a co y of the files in the database directory" #he HL/S- 7<:L8S statement is needed to ensure that the all active inde= a!es are written to dis' before you start the bac'u "

    MySQL )dministration 8ow(#o

    3L mysql> show ta les! 2((((((((((((((((((((((((((((2 3 #ables4in4#ES#<D 3 2((((((((((((((((((((((((((((2 3 test@ 3 2((((((((((((((((((((((((((((2 @ row in set 6/"// sec7

    #he followin! command laces a read loc' on the test@ table$ mysql> locA ta les test1 read! Query K;, / rows affected 6/"/A sec7 #he followin! command will flush all the table data from the memory cache to the dis'$ mysql> $lush ta les! Query K;, / rows affected 6/"/@ sec7 9rom another terminal session$ # ls -la LhomeLyLvarLmysqlLdataL78S79: (rw(rw(((( @ mysql users L/ Se 2@ @@$./ test@"M&<

    (rw(rw(((( @ mysql users @/2. Se 2@ @@$CA test@"M&> (rw(rw(((( @ mysql users L5@. Se 2@ @@$23 test@"frm # tar cv$ 78S79:- acAup.tar .Ltest1 F "Ttest@"M&< "Ttest@"M&> "Ttest@"frm

    MySQL )dministration 8ow(#o

    3I # ls -la LhomeLyLvarLmysqlLdataL78S79D (rw(r((r(( @ root users 2/.L/ Se 2A @A$2L 78S79:- acAup.tar (rw(rw(((( @ mysql users L/ Se 2@ @@$./ test@"M&< (rw(rw(((( @ mysql users @/2. Se 2@ @@$CA test@"M&> (rw(rw(((( @ mysql users L5@. Se 2@ @@$23 test@"frm mysql> unlocA ta les! Query K;, / rows affected 6/"// sec7 &ou can also use the followin! command to btain a read loc' on the tables and flush them to the dis'$ mysql> $lush ta les with read locA! Query K;, / rows affected 6/"// sec7 #hen a!ain we ma'e a co y of the MySQL data files and unloc' the tables$ mysql> unlocA ta les! Query K;, / rows affected 6/"// sec7

    5.* SQL level

    acAup

    >f you want to ma'e an SQL level bac'u of a table, you can use S8L8+7 I=7? ... ?/7HIL8 to dum the table" 9or S8L8+7 I=7? ... ?/7HIL8, the out ut file cannot already e=ist" #he restore method is with L?<9 9<7< I=HIL8 &$ile"name& ;80L<+8 ... #o avoid du licate records, the table must have a rimary 'ey or a unique inde=" #he ;80L<+8 'eyword causes old records to be re laced with new ones when a new record du licates an old record on a unique 'ey value" >n this e=am le, we will do SQL level bac'u of test@ table$ mysql> select # into out$ile &LtmpL78S79:- acAup.sql& $rom test1! Query K;, . rows affected 6/"// sec7

    MySQL )dministration 8ow(#o

    ./ # cat LtmpL78S79:- acAup.sql @// @/@ @/2 @/3 -: -: -: -: -: -: -: -:

    #o restore the table we can use the LK)< <)#) >:9>LE command$ mysql> create ta le test* as select # $rom test1 where 1 % *! Query K;, / rows affected 6/"/2 sec7 %ecords$ / <u licates$ / *arnin!s$ / mysql> load data in$ile &LtmpL78S79:- acAup.sql& into ta le test*! Query K;, . rows affected 6/"/2 sec7 %ecords$ . <eleted$ / S'i ed$ / *arnin!s$ /

    mysql> select # $rom test*! 2((((((2((((((((((((2(((((((((((((((((((2 3 id 3 salary 3 de artment 3 3 3 3 3 2((((((2((((((((((((2(((((((((((((((((((2 3 @// 3 :?LL 3 :?LL 3 @/@ 3 :?LL 3 :?LL 3 @/2 3 :?LL 3 :?LL 3 @/3 3 :?LL 3 :?LL

    2((((((2((((((((((((2(((((((((((((((((((2 . rows in set 6/"// sec7 &ou can also do a selectin! bac'u s by usin! the *8E%E redicate in the SELE+# >:#K K?#9>LE command$ mysql> select # into out$ile &LtmpL78S79:- acAup.sql& $rom test1 where id M 123!

    MySQL )dministration 8ow(#o

    .@ 9or a SQL level bac'u of a table you can also use the :<+@/0 7<:L8 command" #he command to restore the bac'u ta'en with the D)+;?0 #)DLE command is %ES#K%E #)DLE" #he synta= of both commands is rovided below$ mysql> :<+@/0 7<:L8 t l"nameNBt l"name...O 7? &LpathLtoL acAupLdirectory&! +o ies to the bac'u directory the minimum number of table files needed to restore the table, after flushin! any buffered chan!es to dis'" mysql> ;8S7?;8 7<:L8 t l"nameNBt l"name...O H;?M &LpathLtoL acAupLdirectory&! %estores the table6s7 from the bac'u that was made with D)+;?0 #)DLE" E=istin! tables will not be overwritten, if you try to restore over an e=istin! table, you will !et an error" %estorin! will ta'e lon!er than bac'in! u due to the need to rebuild the inde=" #he more 'eys you have, the lon!er it will ta'e" Uust as D)+;?0 #)DLE, %ES#K%E #)DLE currently wor's only for My>S)M tables VV mysql> acAup ta le test* to &LhomeLtmpL&!

    2((((((((((((((2((((((((2((((((((((2((((((((((2 3 #able 3K 3 Ms!4ty e 3 Ms!4te=t 3 2((((((((((((((2((((((((2((((((((((2((((((((((2 3 #ES#<D"test2 3 bac'u 3 status 3 K; 3 2((((((((((((((2((((((((2((((((((((2((((((((((2 @ row in set 6/"/@ sec7

    # ls -la P grep test* (rw(rw(((( @ mysql wheel (rw(rw(((( @ mysql wheel

    L/ Se 2A @A$CC test2"M&< L5@. Se 2A @A$CC test2"frm

    5.3 MySQL

    acAup using mysqldump and mysqlhotcopy commands

    )nother way to bac' u a database is to use the mysqldum ro!ram or the mysqlhotco y scri ts" mysqlhotco y command is a 0E%L wra er to the MySQL commands 6you can review the source code freely7, so to ma'e this command to wor' you have to ma'e sure you have the 0E%L ac'a!e and the followin! 0E%L modules installed$

    MySQL )dministration 8ow(#o

    .2 y anT erl(<D<(mysql y anT erl(<D> #o chec' this run these commands$ W yinst list mysql4client W yinst list mysql4server W yinst list y anT erl(<D<(mysql W yinst list erl W yinst list y anT erl(<D> #o do a full bac'u of your database$ # mysqldump -u user"name -p --ta %LpathLtoLsomeLdir --opt d "name or # mysqlhotcopy -u user"name -p d "name LpathLtoLsomeLdir &ou can also sim ly co y all table files 6PF"frm1, PF"M&<1, and PF"M&>1 files7 as lon! as the server isn1t u datin! anythin!" #he mysqlhotco y scri t uses this method" 6Dut note that these methods will not wor' if your database contains >nno<D tables" >nno<D does not store table contents in database directories, and mysqlhotco y wor's only for My>S)M and >S)M tables"7 #he followin! e=am le bac'u s the #ES#<D MySQL database$ # mysqldump --add-locAs --eQtended-insert --$lush-logs --locA-ta les --quicA 78S79: > LtmpL78S79:- acAup.sql # ls -la P grep 78S79: (rw(rw(rw( @ mysql wheel L@A Se 2A @A$.. #ES#<D(bac'u "sql

    #he bac'u file contains the SQL statements required to restore the tables$ # cat LtmpL78S79:- acAup.sql

    MySQL )dministration 8ow(#o

    .3 (( MySQL dum I"@@ (( (( 8ost$ localhost (( Server version (( (( #able structure for table Ptest@P (( +%E)#E #)DLE test@ 6 id int6@@7 default :?LL, salary int6@@7 default :?LL, de artment te=t 7 #&0EXMy>S)M, (( (( <um in! data for table Ptest@P (( LK+; #)DLES test@ *%>#E, >:SE%# >:#K test@ N)L?ES 6@//,:?LL,:?LL7,6@/@,:?LL,:?LL7, 6@/2,:?LL,:?LL7,6@/3,:?LL,:?LL7, ?:LK+; #)DLES, (( (( #able structure for table Ptest2P (( +%E)#E #)DLE test2 6 id int6@@7 default :?LL, salary int6@@7 default :?LL, de artment te=t 7 #&0EXMy>S)M, <atabase$ #ES#<D ."/"22(&ahoo(SM0(lo! (( ((((((((((((((((((((((((((((((((((((((((((((((((((((((

    MySQL )dministration 8ow(#o

    .. (( (( <um in! data for table Ptest2P (( LK+; #)DLES test2 *%>#E, >:SE%# >:#K test2 N)L?ES 6@//,:?LL,:?LL7,6@/@,:?LL,:?LL7, 6@/2,:?LL,:?LL7,6@/3,:?LL,:?LL7, ?:LK+; #)DLES, #he bac'u command for #ES#<D usin! mysqlhotco y would loo's li'e$ # mysqlhotcopy -u root 78S79: > LtmpL78S79:-hotcopy.sql

    5.5 :acAing /p and ;ecovering an Inno9: 9ata ase #he 'ey to safe database mana!ement is ta'in! re!ular bac'u s" >nno<D 8ot Dac'u is an online bac'u tool you can use to bac'u your >nno<D database while it is runnin!" >nno<D 8ot Dac'u does not require you to shut down your database and it does not set any loc's or disturb your normal database rocessin!" >nno<D 8ot Dac'u is a non(free 6commercial7 additional tool whose annual license fee is 3I/ euros er com uter where the MySQL server is run" See the >nno<D 8ot Dac'u home a!e for detailed information and screenshots" >f you are able to shut down your MySQL server, you can ma'e a PPbinary11 bac'u that consists of all files used by >nno<D to mana!e its tables" ?se the followin! rocedure$ @" Shut down your MySQL server and ma'e sure that it shuts down without errors" 2" +o y all your data files into a safe lace" 3" +o y all your >nno<D lo! files to a safe lace" ." +o y your Pmy"cnf1 confi!uration file or files to a safe lace" C" +o y all the P"frm1 files for your >nno<D tables to a safe lace" %e lication wor's with >nno<D ty e tables, so you can use MySQL re lication ca abilities to 'ee a co y of your database at database sites requirin! hi!h availability" >n addition to ta'in! binary bac'u s as Just described, you should also re!ularly ta'e dum s of your tables with mysqldum " #he reason for this is that a binary file mi!ht be corru ted without you noticin! it" <um ed tables are stored into te=t files that are human(readable, so s ottin! table corru tion becomes easier"

    MySQL )dministration 8ow(#o

    .C )lso, since the format is sim ler, the chance for serious data corru tion is smaller" mysqldum also has a ((sin!le(transaction o tion that you can use to ta'e a consistent sna shot without loc'in! out other clients" #o be able to recover your >nno<D database to the resent from the binary bac'u described above, you have to run your MySQL server with binary lo!!in! turned on" #hen you can a recovery$ ly the binary lo! to the bac'u database to achieve oint(in(time

    # mysql inlog yourhostname- in.1*3 P mysql #o recover from a crash of your MySQL server rocess, the only thin! you have to do is to restart it" >nno<D will automatically chec' the lo!s and erform a roll(forward of the database to the resent" >nno<D will automatically roll bac' uncommitted transactions that were resent at the time of the crash" <urin! recovery, mysqld will dis lay out ut somethin! li'e this$ >nno<D$ <atabase was not shut down normally" >nno<D$ Startin! recovery from lo! files""" >nno<D$ Startin! lo! scan based on chec' oint at >nno<D$ lo! sequence number / @35A.//. >nno<D$ <oin! recovery$ scanned u to lo! sequence number / @3A3IC2/ >nno<D$ <oin! recovery$ scanned u to lo! sequence number / @3L/C/C5 >nno<D$ <oin! recovery$ scanned u to lo! sequence number / @3LA/CI2 >nno<D$ <oin! recovery$ scanned u to lo! sequence number / @3I35@2L """ >nno<D$ <oin! recovery$ scanned u to lo! sequence number / 2/CCC25. >nno<D$ <oin! recovery$ scanned u to lo! sequence number / 2/52/L// >nno<D$ <oin! recovery$ scanned u to lo! sequence number / 2/55.5I2 >nno<D$ @ uncommitted transaction6s7 which must be rolled bac' >nno<D$ Startin! rollbac' of uncommitted transactions >nno<D$ %ollin! bac' tr= no @5A.C >nno<D$ %ollin! bac' of tr= no @5A.C com leted >nno<D$ %ollbac' of uncommitted transactions com leted >nno<D$ Startin! an a ly batch of lo! records to the database""" >nno<D$ ) ly batch com leted >nno<D$ Started mysqld$ ready for connections >f your database !ets corru ted or your dis' fails, you have to do the recovery from a bac'u " >n the case of corru tion, you should first find a bac'u that is not corru ted" )fter restorin! the base bac'u , do the recovery from the binary lo! files" >n some cases of database corru tion it is enou!h Just to dum , dro , and re(create one or a few corru t tables" &ou can use the +8E+; #)DLE SQL statement to chec' whether a table is corru t, althou!h +8E+; #)DLE naturally cannot detect every ossible 'ind of corru tion"

    MySQL )dministration 8ow(#o

    .5 &ou can use innodb4tables ace4monitor to chec' the inte!rity of the file s ace mana!ement inside the tables ace files" >n some cases, a arent database a!e corru tion is actually due to the o eratin! system corru tin! its own file cache, and the data on dis' may be o'ay" >t is best first to try restartin! your com uter" >t may eliminate errors that a eared to be database a!e corru tion"

    3. MySQL Master R Slave ;eplication


    Set u an account on the master server that the slave server can use to connect" #his account must be !iven the REPLICATION SLAVE rivile!e" >f the account is used only for re lication 6which is recommended7, you don1t need to !rant any additional rivile!es" Su ose that your domain is "y'+"&i(.0+" and you want to create an account with a username of rep% such that slave servers can use the account to access the master server from any host in your domain usin! a assword of #%&vep&##" #o create the account, this use GRANT statement$ mysql> grant replication slave on #.# 7? &repl&,&p-int.corp.yahoo.com& I98=7IHI89 :6 &repl&! Query K;, / rows affected 6/"// sec7 mysql> select # $rom user where user % &repl&() -ost. p-int.corp.yahoo.com /ser. repl 0assword. 3ec3d S$G23$c 23 Select4 riv$ : >nsert4 riv$ : ? date4 riv$ : <elete4 riv$ : +reate4 riv$ : <ro 4 riv$ : %eload4 riv$ : Shutdown4 riv$ : 0rocess4 riv$ : 9ile4 riv$ : Brant4 riv$ : %eferences4 riv$ : >nde=4 riv$ : )lter4 riv$ : Show4db4 riv$ : Su er4 riv$ : +reate4tm 4table4 riv$ : Loc'4tables4 riv$ : E=ecute4 riv$ : ;epl"slave"priv. 6 %e l4client4 riv$ :

    MySQL )dministration 8ow(#o

    .A Shutdown the master and enable the re lication by settin! u these arameters in T etcTmy"cnf file$ YY ?ncomment these if this server will be a master" log- in server-id %1

    #he lo!(bin arameter enables MySQL to dum all commited transactions into a binary lo!s, which are then ulled from the slaves and a lied to 'ee the slaves in sync with the master MySQL database" *e also assi!n an unique >< for the master" *e will have number the slaves accordin!ly as server(idX2 for the first slave, server(idX2 for the second slave, etc" Knce we chan!e the values in the TetcTmy"cnf we have to restart the MySQL server" #he binary lo!s then will be !enerated in the MySQL data directory ( T homeTyTvarTmysqlTdata$ # ls -la LhomeLyLvarLmysqlLdata P grep (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( @ @ @ @ @ @ @ @ @ mysql mysql mysql mysql mysql mysql mysql mysql mysql in

    users I2I Se @5 @@$@5 a(int(bin"//@ users 3@@ Se @5 @C$@. a(int(bin"//2 users @@CL2 Se 2@ @@$C5 a(int(bin"//3 users AI Se 2@ @@$CL a(int(bin"//. users AI Se 2@ @2$/2 a(int(bin"//C users AI Se 2@ @A$@L a(int(bin"//5 users AI Se 2@ @A$33 a(int(bin"//A users @@./ Se 2A @5$/. a(int(bin"//L users @2L Se 22 @@$CI a(int(bin"inde=

    #he binary files are !enerated and numbered automatically and the list of all binary lo! files is 'e t in the Fbin"inde= file$ #cat LhomeLyLvarLmysqlLdataLa-int- in.indeQ "Ta(int(bin"//@ "Ta(int(bin"//2 "Ta(int(bin"//3 "Ta(int(bin"//. "Ta(int(bin"//C "Ta(int(bin"//5 "Ta(int(bin"//A "Ta(int(bin"//L

    MySQL )dministration 8ow(#o

    .L <D) can ur!e all of the re lication binary lo!s e=ce t the currently used$ @" Kn each slave server, use S8K* SL)NE S#)#?S to chec' which lo! it is readin!" 2" Kbtain a listin! of the lo!s on the master server with S8K* M)S#E% LKBS" 3" <etermine the earliest lo! amon! all the slaves" #his is the tar!et lo!" >f all the slaves are u to date, this will be the last lo! on the list" ." Ma'e a bac'u of all the lo!s you are about to delete" 6#he ste is o tional, but a !ood idea"7 C" 0ur!e all lo!s u to but not includin! the tar!et lo!" Knce you identify what is the latest binary lo! each slave is readin! from, you can ur!e the binary lo!s on the master$ 0/;)8 M<S78; L?)S 7? &a-int- in.221&! Knce you do that, the the inde= file for the binary lo!s will be u dated$ # cat LhomeLyLvarLmysqlLdataLa-int- in.indeQ "Ta(int(bin"//L Kn the master database dum the database so we can co y it to the slave$ # mysqldump -u root -p --add-locAs --eQtended-insert --$lush-logs --locA-ta les --quicA --data ases 78S79: > LvarLtmpL78S79:- acAup.sql +hec' which is the latest binary lo! !enerated after the mysqldum command" #his will be the startin! oint for the slave re lication$ # ls -la LhomeLyLvarLmysqlLdata P grep (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( (rw(rw(((( @ @ @ @ @ @ @ @ @ @ mysql mysql mysql mysql mysql mysql mysql mysql mysql mysql in

    users I2I Se @5 @@$@5 a(int(bin"//@ users 3@@ Se @5 @C$@. a(int(bin"//2 users @@CL2 Se 2@ @@$C5 a(int(bin"//3 users AI Se 2@ @@$CL a(int(bin"//. users AI Se 2@ @2$/2 a(int(bin"//C users AI Se 2@ @A$@L a(int(bin"//5 users AI Se 2@ @A$33 a(int(bin"//A users @@./ Se 2A @5$/. a(int(bin"//L users . Se 2A @5$3@ a(int(bin"//I users @2L Se 22 @@$CI a(int(bin"inde=

    MySQL )dministration 8ow(#o

    .I >n this case this is the a(int(bin"//I file" +o y the #ES#<D database dum on the slave machine$ # scp awacs- acAup.sql tri$on,dogma5.data.LvarLtmp

    Kn the slave machine we have to create the #ES#<D database first, so we can restore the initial bac'u from the master machine$ # mysqladmin create 78S79: ( edit the TetcTmy"cnf YY ?ncomment these if this server will be a master" log- in server-id % * YY %e lication master-host % a-int.corp.yahoo.com master-user % repl master-password % repl master-port % 332G %estart the MySQL slave server$ # yinst stop mysql"server yinst$ mysql4server(."/"224@$ sto

    in! """

    # yinst start mysql"server yinst$ mysql4server(."/"224@$ startin! """ :ow we have to fi= the re lication startin! oint" Since we already chan!ed the T etcTmy"cnf file and added the master re lication details, the re lication is started$ mysql> stop slave! Query K;, / rows affected 6/"// sec7 mysql> change master to master"log"$ile%&a-int- in.224&B master"log"pos%5! Query K;, / rows affected 6/"// sec7

    MySQL )dministration 8ow(#o

    C/ :ow we can start the re lication and chec' it1s status$ mysql> start slave! Query K;, / rows affected 6/"// sec7 mysql> show slave status! >n the out ut from the above command if the master(slave re lication is runnin!, we should see the followin! arameters as$ Slave"I?";unning. 6es Slave"SQL";unning. 6es #hese arameters show the status of the two threads involved in the MySQL re lication" #he Slave4>K thread is ullin! the chan!es from the master binary lo!s and u dates the binary lo!s on the slave machine" #he Slave4SQL thread reads the committed transactions from the binary lo! and a lies them on the slave server" #he entries in the binary lo!s loo's li'e$ ZQZQZQZ)ZQZQZQZEZQZQmysqlZQ!rant shutdown on F"F to trifonQ1wine"cor "yahoo"com1B-=IaH)ZDZ)ZQZQZQNZQZQZQZKZ+ZQZQZQZ Q ZQZQZQZQZQZQZQZEZQZQmysqlZQ!rant shutdown on F"F to trifonQ1G" cor "yahoo"com1d-=IaH)ZDZ)ZQZQZQ%ZQZQZQeZ+ZQZQZQZQ ZQZQZQZQZQZQZQZEZQZQmysqlZQ!rant shutdown on F"F to trifonQ12@5"@.C"C3"G1-=a/-=IaH)ZDZ)ZQZQZQcZQZQZQ-=bAZ+ZQZQZQZQ ZQZQZQZQZQZQZQZEZQZQmysqlZQ!rant dro , select, insert on #ES#<D"F to trifonQ12@5"@.C"C3"G1o-=IcH)ZDZ)ZQZQZQ[ZQZQZQZ[Z<ZQZQZQZQ ZQZQZQZQZQZQZQZEZQZQmysqlZQSE# 0)SS*K%< 9K% StestSQSlocalhostSXS3/5c2A53@35I2Lb5S-=aI-=a.H)ZDZ)ZQZQZQ=ZQZQZQtZ< ZQZQZQZQZ;ZQZQZQZQZQZQZQZEZQZQmysqlZQ!rant re lication slave on F"F #K 1re l1Q1 (int"cor "yahoo"com1 ><E:#>9>E< D& 1re l1

    MySQL )dministration 8ow(#o

    You might also like