Table of Contents
Access denied ErrorsMySQL Server (mysqld) is the main program that does most of the work in a MySQL installation. This section provides an overview of MySQL Server and covers topics that deal with administering a MySQL installation:
Configuring the server
The server log files
Managing user accounts
mysqld is the MySQL server. The following discussion covers these MySQL server configuration topics:
Startup options that the server supports
Server system variables
Server status variables
How to set the server SQL mode
The server shutdown process
Not all storage engines are supported by all MySQL server
binaries and configurations. To find out how to determine which
storage engines are supported by your MySQL server installation,
see Section 12.5.5.12, “SHOW ENGINES Syntax”.
The following table provides a list of all the command line
options, server and status variables applicable within
mysqld.
The table lists command-line options (Cmd-line), options valid in configuration files (Option file), server system variables (System Var), and status variables (Status var) in one unified list, with notification of where each option/variable is valid. If a server option set on the command line or in an option file differs from the name of the corresponding server system or status variable, the variable name is noted immediately below the corresponding option. For status variables, the scope of the variable is shown (Scope) as either global, session, or both. Please see the corresponding sections for details on setting and using the options and variables. Where appropriate, a direct link to further information on the item as available.
This table is part of an ongoing process to expand and simplify the information provided on these elements. Further improvements to the table, and corresponding descriptions will be applied over the coming months.
| Name | Cmd-Line | Option file | System Var | Status Var | Var Scope | Dynamic |
|---|---|---|---|---|---|---|
| Aborted_clients | Yes | Both | No | |||
| Aborted_connects | Yes | Global | No | |||
| abort-slave-event-count | Yes | Yes | ||||
| allow-suspicious-udfs | Yes | Yes | ||||
| ansi | Yes | Yes | ||||
| autocommit | Yes | Session | Yes | |||
| auto-increment-increment | Yes | Yes | Both | Yes | ||
| - Variable: auto_increment_increment | Yes | Both | Yes | |||
| auto-increment-offset | Yes | Yes | Both | Yes | ||
| - Variable: auto_increment_offset | Yes | Both | Yes | |||
| automatic_sp_privileges | Yes | Global | Yes | |||
| back_log | Yes | Yes | Yes | Global | No | |
| basedir | Yes | Yes | Yes | Global | No | |
| bdb_cache_size | Yes | Yes | Yes | Global | No | |
| bdb-home | Yes | Yes | Yes | Global | No | |
| bdb-lock-detect | Yes | Yes | Global | No | ||
| - Variable: bdb_lock_detect | Yes | Global | No | |||
| bdb_log_buffer_size | Yes | Yes | Yes | Global | No | |
| bdb-logdir | Yes | Yes | Yes | Global | No | |
| bdb_max_lock | Yes | Yes | Yes | Global | No | |
| bdb-no-recover | Yes | Yes | ||||
| bdb-shared-data | Yes | Yes | Global | No | ||
| - Variable: bdb_shared_data | Yes | Global | No | |||
| bdb-tmpdir | Yes | Yes | Yes | Global | No | |
| big-tables | Yes | Yes | Session | Yes | ||
| - Variable: big_tables | Yes | Session | Yes | |||
| bind-address | Yes | Yes | ||||
| Binlog_cache_disk_use | Yes | Both | No | |||
| binlog_cache_size | Yes | Yes | Yes | Global | Yes | |
| Binlog_cache_use | Yes | Both | No | |||
| binlog-do-db | Yes | Yes | ||||
| binlog-ignore-db | Yes | Yes | ||||
| bootstrap | Yes | Yes | ||||
| bulk_insert_buffer_size | Yes | Yes | Yes | Both | Yes | |
| Bytes_received | Yes | Both | No | |||
| Bytes_sent | Yes | Both | No | |||
| character_set_client | Yes | Both | Yes | |||
| character-set-client-handshake | Yes | |||||
| character_set_connection | Yes | Both | Yes | |||
| character_set_database | Yes | Both | Yes | |||
| character-set-filesystem | Yes | Yes | Both | Yes | ||
| - Variable: character_set_filesystem | Yes | Both | Yes | |||
| character_set_results | Yes | Both | Yes | |||
| character-sets-dir | Yes | Yes | Global | No | ||
| - Variable: character_sets_dir | Yes | Global | No | |||
| character-set-server | Yes | Yes | Both | Yes | ||
| - Variable: character_set_server | Yes | Both | Yes | |||
| character_set_system | Yes | Global | No | |||
| chroot | Yes | Yes | ||||
| collation_connection | Yes | Both | Yes | |||
| collation_database | Yes | Both | Yes | |||
| collation-server | Yes | Yes | Both | Yes | ||
| - Variable: collation_server | Yes | Both | Yes | |||
| Com_admin_commands | Yes | Both | No | |||
| Com_alter_db | Yes | Both | No | |||
| Com_alter_event | Yes | Both | No | |||
| Com_alter_table | Yes | Both | No | |||
| Com_analyze | Yes | Both | No | |||
| Com_backup_table | Yes | Both | No | |||
| Com_begin | Yes | Both | No | |||
| Com_call_procedure | Yes | Both | No | |||
| Com_change_db | Yes | Both | No | |||
| Com_change_master | Yes | Both | No | |||
| Com_check | Yes | Both | No | |||
| Com_checksum | Yes | Both | No | |||
| Com_commit | Yes | Both | No | |||
| Com_create_db | Yes | Both | No | |||
| Com_create_event | Yes | Both | No | |||
| Com_create_function | Yes | Both | No | |||
| Com_create_index | Yes | Both | No | |||
| Com_create_table | Yes | Both | No | |||
| Com_create_user | Yes | Both | No | |||
| Com_dealloc_sql | Yes | Both | No | |||
| Com_delete | Yes | Both | No | |||
| Com_delete_multi | Yes | Both | No | |||
| Com_do | Yes | Both | No | |||
| Com_drop_db | Yes | Both | No | |||
| Com_drop_event | Yes | Both | No | |||
| Com_drop_function | Yes | Both | No | |||
| Com_drop_index | Yes | Both | No | |||
| Com_drop_table | Yes | Both | No | |||
| Com_drop_user | Yes | Both | No | |||
| Com_execute_sql | Yes | Both | No | |||
| Com_flush | Yes | Both | No | |||
| Com_grant | Yes | Both | No | |||
| Com_ha_close | Yes | Both | No | |||
| Com_ha_open | Yes | Both | No | |||
| Com_ha_read | Yes | Both | No | |||
| Com_help | Yes | Both | No | |||
| Com_insert | Yes | Both | No | |||
| Com_insert_select | Yes | Both | No | |||
| Com_kill | Yes | Both | No | |||
| Com_load | Yes | Both | No | |||
| Com_lock_tables | Yes | Both | No | |||
| Com_optimize | Yes | Both | No | |||
| completion_type | Yes | Yes | Yes | Both | Yes | |
| Com_preload_keys | Yes | Both | No | |||
| Com_prepare_sql | Yes | Both | No | |||
| Compression | Yes | Both | No | |||
| Com_purge | Yes | Both | No | |||
| Com_purge_before_date | Yes | Both | No | |||
| Com_rename_table | Yes | Both | No | |||
| Com_repair | Yes | Both | No | |||
| Com_replace | Yes | Both | No | |||
| Com_replace_select | Yes | Both | No | |||
| Com_reset | Yes | Both | No | |||
| Com_restore_table | Yes | Both | No | |||
| Com_revoke | Yes | Both | No | |||
| Com_revoke_all | Yes | Both | No | |||
| Com_rollback | Yes | Both | No | |||
| Com_savepoint | Yes | Both | No | |||
| Com_select | Yes | Both | No | |||
| Com_set_option | Yes | Both | No | |||
| Com_show_binlog_events | Yes | Both | No | |||
| Com_show_binlogs | Yes | Both | No | |||
| Com_show_charsets | Yes | Both | No | |||
| Com_show_collations | Yes | Both | No | |||
| Com_show_column_types | Yes | Both | No | |||
| Com_show_create_db | Yes | Both | No | |||
| Com_show_create_event | Yes | Both | No | |||
| Com_show_create_table | Yes | Both | No | |||
| Com_show_databases | Yes | Both | No | |||
| Com_show_engine_logs | Yes | Both | No | |||
| Com_show_engine_mutex | Yes | Both | No | |||
| Com_show_engine_status | Yes | Both | No | |||
| Com_show_errors | Yes | Both | No | |||
| Com_show_events | Yes | Both | No | |||
| Com_show_fields | Yes | Both | No | |||
| Com_show_grants | Yes | Both | No | |||
| Com_show_innodb_status | Yes | Both | No | |||
| Com_show_keys | Yes | Both | No | |||
| Com_show_logs | Yes | Both | No | |||
| Com_show_master_status | Yes | Both | No | |||
| Com_show_ndb_status | Yes | Both | No | |||
| Com_show_new_master | Yes | Both | No | |||
| Com_show_open_tables | Yes | Both | No | |||
| Com_show_plugins | Yes | Both | No | |||
| Com_show_privileges | Yes | Both | No | |||
| Com_show_processlist | Yes | Both | No | |||
| Com_show_slave_hosts | Yes | Both | No | |||
| Com_show_slave_status | Yes | Both | No | |||
| Com_show_status | Yes | Both | No | |||
| Com_show_storage_engines | Yes | Both | No | |||
| Com_show_tables | Yes | Both | No | |||
| Com_show_triggers | Yes | Both | No | |||
| Com_show_variables | Yes | Both | No | |||
| Com_show_warnings | Yes | Both | No | |||
| Com_slave_start | Yes | Both | No | |||
| Com_slave_stop | Yes | Both | No | |||
| Com_stmt_close | Yes | Both | No | |||
| Com_stmt_execute | Yes | Both | No | |||
| Com_stmt_fetch | Yes | Both | No | |||
| Com_stmt_prepare | Yes | Both | No | |||
| Com_stmt_reset | Yes | Both | No | |||
| Com_stmt_send_long_data | Yes | Both | No | |||
| Com_truncate | Yes | Both | No | |||
| Com_unlock_tables | Yes | Both | No | |||
| Com_update | Yes | Both | No | |||
| Com_update_multi | Yes | Both | No | |||
| Com_xa_commit | Yes | Both | No | |||
| Com_xa_end | Yes | Both | No | |||
| Com_xa_prepare | Yes | Both | No | |||
| Com_xa_recover | Yes | Both | No | |||
| Com_xa_rollback | Yes | Both | No | |||
| Com_xa_start | Yes | Both | No | |||
| concurrent_insert | Yes | Yes | Yes | Global | Yes | |
| Connections | Yes | Both | No | |||
| connect_timeout | Yes | Yes | Yes | Global | Yes | |
| console | Yes | Yes | ||||
| core-file | Yes | Yes | ||||
| Created_tmp_disk_tables | Yes | Both | No | |||
| Created_tmp_files | Yes | Both | No | |||
| Created_tmp_tables | Yes | Both | No | |||
| datadir | Yes | Yes | Yes | Global | No | |
| date_format | Yes | Both | Yes | |||
| datetime_format | Yes | Yes | Yes | Both | Yes | |
| debug | Yes | Yes | Yes | Both | Yes | |
| default-character-set | Yes | Yes | ||||
| defaults-extra-file | Yes | |||||
| defaults-file | Yes | |||||
| defaults-group-suffix | Yes | |||||
| default-storage-engine | Yes | Yes | ||||
| default-table-type | Yes | Yes | ||||
| default-time-zone | Yes | Yes | ||||
| default_week_format | Yes | Yes | Yes | Both | Yes | |
| Delayed_errors | Yes | Both | No | |||
| delayed_insert_limit | Yes | Yes | Yes | Global | Yes | |
| Delayed_insert_threads | Yes | Both | No | |||
| delayed_insert_timeout | Yes | Yes | Yes | Global | Yes | |
| delayed_queue_size | Yes | Yes | Yes | Global | Yes | |
| Delayed_writes | Yes | Both | No | |||
| delay-key-write | Yes | Yes | Global | Yes | ||
| - Variable: delay_key_write | Yes | Global | Yes | |||
| des-key-file | Yes | Yes | ||||
| disconnect-slave-event-count | Yes | Yes | ||||
| div_precision_increment | Yes | Yes | Yes | Both | Yes | |
| enable-locking | Yes | |||||
| enable-named-pipe | Yes | Yes | ||||
| enable-pstack | Yes | Yes | ||||
| engine-condition-pushdown | Yes | Yes | Both | Yes | ||
| - Variable: engine_condition_pushdown | Yes | Both | Yes | |||
| error_count | Yes | Session | No | |||
| exit-info | Yes | Yes | ||||
| expire_logs_days | Yes | Yes | Yes | Global | Yes | |
| external-locking | Yes | Yes | ||||
| - Variable: external_locking | ||||||
| flush | Yes | Yes | Yes | Global | Yes | |
| Flush_commands | Yes | Both | No | |||
| flush_time | Yes | Yes | Yes | Global | Yes | |
| foreign_key_checks | Yes | Session | Yes | |||
| ft_boolean_syntax | Yes | Yes | Yes | Global | Yes | |
| ft_max_word_len | Yes | Yes | Yes | Global | No | |
| ft_min_word_len | Yes | Yes | Yes | Global | No | |
| ft_query_expansion_limit | Yes | Yes | Yes | Global | No | |
| ft_stopword_file | Yes | Yes | Yes | Global | No | |
| gdb | Yes | Yes | ||||
| group_concat_max_len | Yes | Yes | Yes | Both | Yes | |
| Handler_commit | Yes | Both | No | |||
| Handler_delete | Yes | Both | No | |||
| Handler_discover | Yes | Both | No | |||
| Handler_prepare | Yes | Both | No | |||
| Handler_read_first | Yes | Both | No | |||
| Handler_read_key | Yes | Both | No | |||
| Handler_read_next | Yes | Both | No | |||
| Handler_read_prev | Yes | Both | No | |||
| Handler_read_rnd | Yes | Both | No | |||
| Handler_read_rnd_next | Yes | Both | No | |||
| Handler_rollback | Yes | Both | No | |||
| Handler_savepoint | Yes | Both | No | |||
| Handler_savepoint_rollback | Yes | Both | No | |||
| Handler_update | Yes | Both | No | |||
| Handler_write | Yes | Both | No | |||
| have_archive | Yes | Global | No | |||
| have_bdb | Yes | Global | No | |||
| have_blackhole_engine | Yes | Global | No | |||
| have_compress | Yes | Global | No | |||
| have_crypt | Yes | Global | No | |||
| have_csv | Yes | Global | No | |||
| have_example_engine | Yes | Global | No | |||
| have_federated_engine | Yes | Global | No | |||
| have_geometry | Yes | Global | No | |||
| have_innodb | Yes | Global | No | |||
| have_isam | Yes | Global | No | |||
| have_merge_engine | Yes | Global | No | |||
| have_ndbcluster | Yes | Global | No | |||
| have_openssl | Yes | Global | No | |||
| have_query_cache | Yes | Global | No | |||
| have_raid | Yes | Global | No | |||
| have_rtree_keys | Yes | Global | No | |||
| have_ssl | Yes | Global | No | |||
| have_symlink | Yes | Global | No | |||
| help | Yes | |||||
| hostname | Yes | Global | No | |||
| identity | Yes | Session | Yes | |||
| init_connect | Yes | Yes | Yes | Global | Yes | |
| init-file | Yes | Yes | Global | No | ||
| - Variable: init_file | Yes | Global | No | |||
| init_slave | Yes | Yes | Yes | Global | Yes | |
| innodb | Yes | Yes | ||||
| innodb_adaptive_hash_index | Yes | Yes | Yes | Global | No | |
| innodb_additional_mem_pool_size | Yes | Yes | Yes | Global | No | |
| innodb_autoextend_increment | Yes | Yes | Yes | Global | Yes | |
| innodb_buffer_pool_awe_mem_mb | Yes | Yes | Yes | Global | No | |
| Innodb_buffer_pool_pages_data | Yes | Global | No | |||
| Innodb_buffer_pool_pages_dirty | Yes | Global | No | |||
| Innodb_buffer_pool_pages_flushed | Yes | Global | No | |||
| Innodb_buffer_pool_pages_free | Yes | Global | No | |||
| Innodb_buffer_pool_pages_latched | Yes | Global | No | |||
| Innodb_buffer_pool_pages_misc | Yes | Global | No | |||
| Innodb_buffer_pool_pages_total | Yes | Global | No | |||
| Innodb_buffer_pool_read_ahead_rnd | Yes | Global | No | |||
| Innodb_buffer_pool_read_ahead_seq | Yes | Global | No | |||
| Innodb_buffer_pool_read_requests | Yes | Global | No | |||
| Innodb_buffer_pool_reads | Yes | Global | No | |||
| innodb_buffer_pool_size | Yes | Yes | Yes | Global | No | |
| Innodb_buffer_pool_wait_free | Yes | Global | No | |||
| Innodb_buffer_pool_write_requests | Yes | Global | No | |||
| innodb_checksums | Yes | Yes | Yes | Global | No | |
| innodb_commit_concurrency | Yes | Yes | Yes | Global | Yes | |
| innodb_concurrency_tickets | Yes | Yes | Yes | Global | Yes | |
| innodb_data_file_path | Yes | Yes | Yes | Global | No | |
| Innodb_data_fsyncs | Yes | Global | No | |||
| innodb_data_home_dir | Yes | Yes | Yes | Global | No | |
| Innodb_data_pending_fsyncs | Yes | Global | No | |||
| Innodb_data_pending_reads | Yes | Global | No | |||
| Innodb_data_pending_writes | Yes | Global | No | |||
| Innodb_data_read | Yes | Global | No | |||
| Innodb_data_reads | Yes | Global | No | |||
| Innodb_data_writes | Yes | Global | No | |||
| Innodb_data_written | Yes | Global | No | |||
| Innodb_dblwr_pages_written | Yes | Global | No | |||
| Innodb_dblwr_writes | Yes | Global | No | |||
| innodb_doublewrite | Yes | Yes | Yes | Global | No | |
| innodb_fast_shutdown | Yes | Yes | Yes | Global | Yes | |
| innodb_file_io_threads | Yes | Yes | Yes | Global | No | |
| innodb_file_per_table | Yes | Yes | Yes | Global | No | |
| innodb_flush_log_at_trx_commit | Yes | Yes | Yes | Global | Yes | |
| innodb_flush_method | Yes | Yes | Yes | Global | No | |
| innodb_force_recovery | Yes | Yes | Yes | Global | No | |
| innodb_locks_unsafe_for_binlog | Yes | Yes | Yes | Global | No | |
| innodb_lock_wait_timeout | Yes | Yes | Yes | Global | No | |
| innodb_log_arch_dir | Yes | Yes | Yes | Global | No | |
| innodb_log_archive | Yes | Yes | Yes | Global | No | |
| innodb_log_buffer_size | Yes | Yes | Yes | Global | No | |
| innodb_log_files_in_group | Yes | Yes | Yes | Global | No | |
| innodb_log_file_size | Yes | Yes | Yes | Global | No | |
| innodb_log_group_home_dir | Yes | Yes | Yes | Global | No | |
| Innodb_log_waits | Yes | Global | No | |||
| Innodb_log_write_requests | Yes | Global | No | |||
| Innodb_log_writes | Yes | Global | No | |||
| innodb_max_dirty_pages_pct | Yes | Yes | Yes | Global | Yes | |
| innodb_max_purge_lag | Yes | Yes | Yes | Global | Yes | |
| innodb_mirrored_log_groups | Yes | Yes | Yes | Global | No | |
| innodb_open_files | Yes | Yes | Yes | Global | No | |
| Innodb_os_log_fsyncs | Yes | Global | No | |||
| Innodb_os_log_pending_fsyncs | Yes | Global | No | |||
| Innodb_os_log_pending_writes | Yes | Global | No | |||
| Innodb_os_log_written | Yes | Global | No | |||
| Innodb_pages_created | Yes | Global | No | |||
| Innodb_page_size | Yes | Global | No | |||
| Innodb_pages_read | Yes | Global | No | |||
| Innodb_pages_written | Yes | Global | No | |||
| innodb_rollback_on_timeout | Yes | Yes | Yes | Global | No | |
| Innodb_row_lock_current_waits | Yes | Global | No | |||
| Innodb_row_lock_time | Yes | Global | No | |||
| Innodb_row_lock_time_avg | Yes | Global | No | |||
| Innodb_row_lock_time_max | Yes | Global | No | |||
| Innodb_row_lock_waits | Yes | Global | No | |||
| Innodb_rows_deleted | Yes | Global | No | |||
| Innodb_rows_inserted | Yes | Global | No | |||
| Innodb_rows_read | Yes | Global | No | |||
| Innodb_rows_updated | Yes | Global | No | |||
| innodb-safe-binlog | Yes | Yes | ||||
| innodb_status_file | Yes | Yes | Yes | Global | No | |
| innodb_support_xa | Yes | Yes | Yes | Both | Yes | |
| innodb_sync_spin_loops | Yes | Yes | Yes | Global | Yes | |
| innodb_table_locks | Yes | Yes | Yes | Both | Yes | |
| innodb_thread_concurrency | Yes | Yes | Yes | Global | Yes | |
| innodb_thread_sleep_delay | Yes | Yes | Yes | Global | Yes | |
| insert_id | Yes | Session | Yes | |||
| interactive_timeout | Yes | Yes | Yes | Both | Yes | |
| join_buffer_size | Yes | Yes | Yes | Both | Yes | |
| keep_files_on_create | Yes | Yes | Yes | Both | Yes | |
| Key_blocks_not_flushed | Yes | Both | No | |||
| Key_blocks_unused | Yes | Both | No | |||
| Key_blocks_used | Yes | Both | No | |||
| key_buffer_size | Yes | Yes | Yes | Global | Yes | |
| key_cache_age_threshold | Yes | Yes | Yes | Global | Yes | |
| key_cache_block_size | Yes | Yes | Yes | Global | Yes | |
| key_cache_division_limit | Yes | Yes | Yes | Global | Yes | |
| Key_read_requests | Yes | Both | No | |||
| Key_reads | Yes | Both | No | |||
| Key_write_requests | Yes | Both | No | |||
| Key_writes | Yes | Both | No | |||
| language | Yes | Yes | Yes | Global | No | |
| large_files_support | Yes | Global | No | |||
| large-pages | Yes | Yes | Global | No | ||
| - Variable: large_pages | Yes | Global | No | |||
| large_page_size | Yes | Global | No | |||
| last_insert_id | Yes | Session | Yes | |||
| Last_query_cost | Yes | Both | No | |||
| lc_time_names | Yes | Both | Yes | |||
| license | Yes | Global | No | |||
| local_infile | Yes | Global | Yes | |||
| local-infile | Yes | Yes | ||||
| locked_in_memory | Yes | Global | No | |||
| log | Yes | Yes | Yes | Global | No | |
| log_bin | Yes | Global | No | |||
| log-bin | Yes | Yes | ||||
| log-bin-index | Yes | Yes | ||||
| log-bin-trust-function-creators | Yes | Yes | Global | Yes | ||
| - Variable: log_bin_trust_function_creators | Yes | Global | Yes | |||
| log-bin-trust-routine-creators | Yes | Yes | Global | Yes | ||
| - Variable: log_bin_trust_routine_creators | Yes | Global | Yes | |||
| log-error | Yes | Yes | Global | No | ||
| - Variable: log_error | Yes | Global | No | |||
| log-isam | Yes | Yes | ||||
| log-queries-not-using-indexes | Yes | Yes | Global | Yes | ||
| - Variable: log_queries_not_using_indexes | Yes | Global | Yes | |||
| log-short-format | Yes | Yes | ||||
| log-slave-updates | Yes | Yes | Global | No | ||
| - Variable: log_slave_updates | Yes | Global | No | |||
| log-slow-admin-statements | Yes | Yes | ||||
| log-slow-queries | Yes | Yes | Global | No | ||
| - Variable: log_slow_queries | Yes | Global | No | |||
| log-tc | Yes | Yes | ||||
| log-tc-size | Yes | Yes | ||||
| log-warnings | Yes | Yes | Both | Yes | ||
| - Variable: log_warnings | Yes | Both | Yes | |||
| long_query_time | Yes | Yes | Yes | Both | Yes | |
| lower_case_file_system | Yes | Yes | Yes | Global | No | |
| lower_case_table_names | Yes | Yes | Yes | Global | No | |
| low-priority-updates | Yes | Yes | Both | Yes | ||
| - Variable: low_priority_updates | Yes | Both | Yes | |||
| master-connect-retry | Yes | Yes | ||||
| master-host | Yes | Yes | ||||
| master-info-file | Yes | Yes | ||||
| master-password | Yes | Yes | ||||
| master-port | Yes | Yes | ||||
| master-retry-count | Yes | Yes | ||||
| master-ssl | Yes | Yes | ||||
| master-ssl-ca | Yes | Yes | ||||
| master-ssl-capath | Yes | Yes | ||||
| master-ssl-cert | Yes | Yes | ||||
| master-ssl-cipher | Yes | Yes | ||||
| master-ssl-key | Yes | Yes | ||||
| master-user | Yes | Yes | ||||
| max_allowed_packet | Yes | Yes | Yes | Both | Yes | |
| max_binlog_cache_size | Yes | Yes | Yes | Global | Yes | |
| max-binlog-dump-events | Yes | Yes | ||||
| max_binlog_size | Yes | Yes | Yes | Global | Yes | |
| max_connect_errors | Yes | Yes | Yes | Global | Yes | |
| max_connections | Yes | Yes | Yes | Global | Yes | |
| max_delayed_threads | Yes | Yes | Yes | Both | Yes | |
| max_error_count | Yes | Yes | Yes | Both | Yes | |
| max_heap_table_size | Yes | Yes | Yes | Both | Yes | |
| max_insert_delayed_threads | Yes | Both | Yes | |||
| max_join_size | Yes | Yes | Yes | Both | Yes | |
| max_length_for_sort_data | Yes | Yes | Yes | Both | Yes | |
| max_prepared_stmt_count | Yes | Yes | Yes | Global | Yes | |
| max_relay_log_size | Yes | Yes | Yes | Global | Yes | |
| max_seeks_for_key | Yes | Yes | Yes | Both | Yes | |
| max_sort_length | Yes | Yes | Yes | Both | Yes | |
| max_sp_recursion_depth | Yes | Yes | Yes | Both | Yes | |
| max_tmp_tables | Yes | Yes | Yes | Both | Yes | |
| Max_used_connections | Yes | Both | No | |||
| max_user_connections | Yes | Yes | Yes | Both | Yes | |
| max_write_lock_count | Yes | Yes | Yes | Global | Yes | |
| memlock | Yes | Yes | Yes | Global | No | |
| merge | Yes | Yes | ||||
| multi_range_count | Yes | Yes | Yes | Both | Yes | |
| myisam_block_size | Yes | Yes | Yes | Both | Yes | |
| myisam_data_pointer_size | Yes | Yes | Yes | Global | Yes | |
| myisam_max_extra_sort_file_size | Yes | Yes | Yes | Global | No | |
| myisam_max_sort_file_size | Yes | Yes | Yes | Global | Yes | |
| myisam-recover | Yes | Yes | ||||
| myisam_recover_options | Yes | Global | No | |||
| myisam_repair_threads | Yes | Yes | Yes | Both | Yes | |
| myisam_sort_buffer_size | Yes | Yes | Yes | Both | Yes | |
| myisam_stats_method | Yes | Yes | Yes | Both | Yes | |
| named_pipe | Yes | Global | No | |||
| ndb_autoincrement_prefetch_sz | Yes | Yes | Yes | Both | Yes | |
| ndb_cache_check_time | Yes | Yes | Yes | Global | Yes | |
| ndbcluster | Yes | Yes | Yes | Both | Yes | |
| Ndb_cluster_node_id | Yes | Both | No | |||
| Ndb_config_from_host | Yes | Both | No | |||
| Ndb_config_from_port | Yes | Both | No | |||
| ndb_force_send | Yes | Yes | Yes | Both | Yes | |
| ndb_index_stat_cache_entries | Yes | Yes | ||||
| ndb_index_stat_enable | Yes | Yes | ||||
| ndb_index_stat_update_freq | Yes | Yes | ||||
| ndb_optimized_node_selection | Yes | Yes | ||||
| ndb_report_thresh_binlog_epoch_slip | Yes | Yes | ||||
| ndb_report_thresh_binlog_mem_usage | Yes | Yes | ||||
| ndb_use_exact_count | Yes | Both | Yes | |||
| ndb_use_transactions | Yes | Yes | ||||
| net_buffer_length | Yes | Yes | Yes | Both | Yes | |
| net_read_timeout | Yes | Yes | Yes | Both | Yes | |
| net_retry_count | Yes | Yes | Yes | Both | Yes | |
| net_write_timeout | Yes | Yes | Yes | Both | Yes | |
| new | Yes | Yes | Yes | Both | Yes | |
| no-defaults | Yes | |||||
| Not_flushed_delayed_rows | Yes | Both | No | |||
| old-passwords | Yes | Yes | Both | Yes | ||
| - Variable: old_passwords | Yes | Both | Yes | |||
| old-style-user-limits | Yes | Yes | ||||
| one-thread | Yes | Yes | ||||
| Opened_tables | Yes | Both | No | |||
| Open_files | Yes | Both | No | |||
| open-files-limit | Yes | Yes | Global | No | ||
| - Variable: open_files_limit | Yes | Global | No | |||
| Open_streams | Yes | Both | No | |||
| Open_tables | Yes | Both | No | |||
| optimizer_prune_level | Yes | Yes | Yes | Both | Yes | |
| optimizer_search_depth | Yes | Yes | Yes | Both | Yes | |
| pid-file | Yes | Yes | Global | No | ||
| - Variable: pid_file | Yes | Global | No | |||
| plugin_dir | Yes | Yes | Yes | Global | No | |
| port | Yes | Yes | Yes | Global | No | |
| port-open-timeout | Yes | Yes | ||||
| preload_buffer_size | Yes | Yes | Yes | Both | Yes | |
| prepared_stmt_count | Yes | Yes | Global | No | ||
| print-defaults | Yes | |||||
| profiling | Yes | Session | Yes | |||
| profiling_history_size | Yes | Both | Yes | |||
| protocol_version | Yes | Global | No | |||
| Qcache_free_blocks | Yes | Both | No | |||
| Qcache_free_memory | Yes | Both | No | |||
| Qcache_hits | Yes | Both | No | |||
| Qcache_inserts | Yes | Both | No | |||
| Qcache_lowmem_prunes | Yes | Both | No | |||
| Qcache_not_cached | Yes | Both | No | |||
| Qcache_queries_in_cache | Yes | Both | No | |||
| Qcache_total_blocks | Yes | Both | No | |||
| query_alloc_block_size | Yes | Yes | Yes | Both | Yes | |
| query_cache_limit | Yes | Yes | Yes | Global | Yes | |
| query_cache_min_res_unit | Yes | Yes | Yes | Global | Yes | |
| query_cache_size | Yes | Yes | Yes | Global | Yes | |
| query_cache_type | Yes | Yes | Yes | Both | Yes | |
| query_cache_wlock_invalidate | Yes | Yes | Yes | Both | Yes | |
| query_prealloc_size | Yes | Yes | Yes | Both | Yes | |
| Questions | Yes | Both | No | |||
| rand_seed1 | Yes | Session | Yes | |||
| rand_seed2 | Yes | Session | Yes | |||
| range_alloc_block_size | Yes | Yes | Yes | Both | Yes | |
| read_buffer_size | Yes | Yes | Yes | Both | Yes | |
| read_only | Yes | Yes | Yes | Global | Yes | |
| read_rnd_buffer_size | Yes | Yes | Yes | Both | Yes | |
| relay-log | Yes | Yes | ||||
| relay-log-index | Yes | Yes | ||||
| relay-log-info-file | Yes | Yes | ||||
| relay_log_purge | Yes | Yes | Yes | Global | Yes | |
| relay_log_space_limit | Yes | Yes | Yes | Global | No | |
| replicate-do-db | Yes | Yes | ||||
| replicate-do-table | Yes | Yes | ||||
| replicate-ignore-db | Yes | Yes | ||||
| replicate-ignore-table | Yes | Yes | ||||
| replicate-rewrite-db | Yes | Yes | ||||
| replicate-same-server-id | Yes | Yes | ||||
| replicate-wild-do-table | Yes | Yes | ||||
| replicate-wild-ignore-table | Yes | Yes | ||||
| report-host | Yes | Yes | Global | No | ||
| - Variable: report_host | Yes | Global | No | |||
| report-password | Yes | Yes | Global | No | ||
| - Variable: report_password | Yes | Global | No | |||
| report-port | Yes | Yes | Global | No | ||
| - Variable: report_port | Yes | Global | No | |||
| report-user | Yes | Yes | Global | No | ||
| - Variable: report_user | Yes | Global | No | |||
| rpl_recovery_rank | Yes | Global | Yes | |||
| Rpl_status | Yes | Both | No | |||
| safemalloc-mem-limit | Yes | Yes | ||||
| safe-mode | Yes | Yes | ||||
| safe-user-create | Yes | Yes | ||||
| secure-auth | Yes | Yes | Global | Yes | ||
| - Variable: secure_auth | Yes | Global | Yes | |||
| secure-file-priv | Yes | Yes | Global | No | ||
| - Variable: secure_file_priv | Yes | Global | No | |||
| Select_full_join | Yes | Both | No | |||
| Select_full_range_join | Yes | Both | No | |||
| Select_range | Yes | Both | No | |||
| Select_range_check | Yes | Both | No | |||
| Select_scan | Yes | Both | No | |||
| server-id | Yes | Yes | Global | Yes | ||
| - Variable: server_id | Yes | Global | Yes | |||
| set-variable | Yes | Yes | ||||
| shared_memory | Yes | Global | No | |||
| shared_memory_base_name | Yes | Global | No | |||
| show-slave-auth-info | Yes | Yes | ||||
| skip-bdb | Yes | Yes | ||||
| skip-character-set-client-handshake | Yes | Yes | ||||
| skip-concurrent-insert | Yes | Yes | ||||
| - Variable: concurrent_insert | ||||||
| skip-external-locking | Yes | Yes | Global | No | ||
| - Variable: skip_external_locking | Yes | Global | No | |||
| skip-grant-tables | Yes | Yes | ||||
| skip-host-cache | Yes | Yes | ||||
| skip-innodb | Yes | Yes | ||||
| skip-innodb-checksums | Yes | Yes | ||||
| skip-locking | Yes | Yes | ||||
| skip-log-warnings | Yes | |||||
| skip-merge | Yes | Yes | ||||
| - Variable: | ||||||
| skip-name-resolve | Yes | Yes | ||||
| skip-networking | Yes | Yes | Global | No | ||
| - Variable: skip_networking | Yes | Global | No | |||
| skip-new | Yes | Yes | ||||
| skip-safemalloc | Yes | Yes | ||||
| skip-show-database | Yes | Yes | Global | No | ||
| - Variable: skip_show_database | Yes | Global | No | |||
| skip-slave-start | Yes | Yes | ||||
| skip-ssl | Yes | Yes | ||||
| skip-stack-trace | Yes | Yes | ||||
| skip-symbolic-links | Yes | |||||
| skip-symlink | Yes | Yes | ||||
| skip-sync-bdb-logs | Yes | Yes | Yes | Global | No | |
| skip-thread-priority | Yes | Yes | ||||
| slave_compressed_protocol | Yes | Yes | Yes | Global | Yes | |
| slave-load-tmpdir | Yes | Yes | Global | No | ||
| - Variable: slave_load_tmpdir | Yes | Global | No | |||
| slave-net-timeout | Yes | Yes | Global | Yes | ||
| - Variable: slave_net_timeout | Yes | Global | Yes | |||
| Slave_open_temp_tables | Yes | Both | No | |||
| Slave_retried_transactions | Yes | Both | No | |||
| Slave_running | Yes | Both | No | |||
| slave-skip-errors | Yes | Yes | Global | No | ||
| - Variable: slave_skip_errors | Yes | Global | No | |||
| slave_transaction_retries | Yes | Yes | Yes | Global | Yes | |
| Slow_launch_threads | Yes | Both | No | |||
| slow_launch_time | Yes | Yes | Yes | Global | Yes | |
| Slow_queries | Yes | Both | No | |||
| socket | Yes | Yes | Yes | Global | No | |
| sort_buffer_size | Yes | Yes | Yes | Both | Yes | |
| Sort_merge_passes | Yes | Both | No | |||
| Sort_range | Yes | Both | No | |||
| Sort_rows | Yes | Both | No | |||
| Sort_scan | Yes | Both | No | |||
| sporadic-binlog-dump-fail | Yes | Yes | ||||
| sql_auto_is_null | Yes | Session | Yes | |||
| sql_big_selects | Yes | Both | Yes | |||
| sql_big_tables | Yes | Session | Yes | |||
| sql_buffer_result | Yes | Session | Yes | |||
| sql_log_bin | Yes | Session | Yes | |||
| sql_log_off | Yes | Session | Yes | |||
| sql_log_update | Yes | Session | Yes | |||
| sql_low_priority_updates | Yes | Both | Yes | |||
| sql_max_join_size | Yes | Both | Yes | |||
| sql-mode | Yes | Yes | Both | Yes | ||
| - Variable: sql_mode | Yes | Both | Yes | |||
| sql_notes | Yes | Session | Yes | |||
| sql_quote_show_create | Yes | Session | Yes | |||
| sql_safe_updates | Yes | Session | Yes | |||
| sql_select_limit | Yes | Both | Yes | |||
| sql_slave_skip_counter | Yes | Global | Yes | |||
| sql_warnings | Yes | Session | Yes | |||
| ssl | Yes | Yes | ||||
| ssl-ca | Yes | Yes | Global | No | ||
| - Variable: ssl_ca | Yes | Global | No | |||
| ssl-capath | Yes | Yes | Global | No | ||
| - Variable: ssl_capath | Yes | Global | No | |||
| ssl-cert | Yes | Yes | Global | No | ||
| - Variable: ssl_cert | Yes | Global | No | |||
| ssl-cipher | Yes | Yes | Global | No | ||
| - Variable: ssl_cipher | Yes | Global | No | |||
| ssl-key | Yes | Yes | Global | No | ||
| - Variable: ssl_key | Yes | Global | No | |||
| standalone | Yes | Yes | ||||
| storage_engine | Yes | Both | Yes | |||
| symbolic-links | Yes | Yes | ||||
| sync-bdb-logs | Yes | Yes | Yes | Global | No | |
| sync-binlog | Yes | Yes | Global | Yes | ||
| - Variable: sync_binlog | Yes | Global | Yes | |||
| sync-frm | Yes | Yes | Global | Yes | ||
| - Variable: sync_frm | Yes | Global | Yes | |||
| sysdate-is-now | Yes | Yes | ||||
| system_time_zone | Yes | Global | No | |||
| table_cache | Yes | Yes | Yes | Global | Yes | |
| Table_locks_immediate | Yes | Both | No | |||
| Table_locks_waited | Yes | Both | No | |||
| table_lock_wait_timeout | Yes | Yes | Yes | Global | Yes | |
| table_open_cache | Yes | Yes | Global | Yes | ||
| table_type | Yes | Both | Yes | |||
| tc-heuristic-recover | Yes | Yes | ||||
| Tc_log_max_pages_used | Yes | Both | No | |||
| Tc_log_page_size | Yes | Both | No | |||
| Tc_log_page_waits | Yes | Both | No | |||
| temp-pool | Yes | Yes | ||||
| thread_cache_size | Yes | Yes | Yes | Global | Yes | |
| thread_concurrency | Yes | Yes | Yes | Global | No | |
| Threads_cached | Yes | Both | No | |||
| Threads_connected | Yes | Both | No | |||
| Threads_created | Yes | Both | No | |||
| Threads_running | Yes | Both | No | |||
| thread_stack | Yes | Yes | Yes | Global | No | |
| timed_mutexes | Yes | Yes | Yes | Global | Yes | |
| time_format | Yes | Yes | Yes | Both | Yes | |
| timestamp | Yes | Session | Yes | |||
| time_zone | Yes | Yes | Both | Yes | ||
| tmpdir | Yes | Yes | Yes | Global | No | |
| tmp_table_size | Yes | Yes | Yes | Both | Yes | |
| transaction_alloc_block_size | Yes | Yes | Yes | Both | Yes | |
| transaction-isolation | Yes | Yes | ||||
| transaction_prealloc_size | Yes | Yes | Yes | Both | Yes | |
| tx_isolation | Yes | Both | Yes | |||
| unique_checks | Yes | Session | Yes | |||
| updatable_views_with_limit | Yes | Yes | Yes | Both | Yes | |
| Uptime | Yes | Both | No | |||
| Uptime_since_flush_status | Yes | Both | No | |||
| user | Yes | Yes | ||||
| verbose | Yes | |||||
| version | Yes | Yes | Global | No | ||
| version_comment | Yes | Global | No | |||
| version_compile_machine | Yes | Global | No | |||
| version_compile_os | Yes | Global | No | |||
| wait_timeout | Yes | Yes | Yes | Both | Yes | |
| warning_count | Yes | Session | No | |||
| warnings | Yes | Yes |
When you start the mysqld server, you can specify program options using any of the methods described in Section 4.2.3, “Specifying Program Options”. The most common methods are to provide options in an option file or on the command line. However, in most cases it is desirable to make sure that the server uses the same options each time it runs. The best way to ensure this is to list them in an option file. See Section 4.2.3.2, “Using Option Files”.
MySQL Enterprise For expert advice on setting command options, subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
mysqld reads options from the
[mysqld] and [server]
groups. mysqld_safe reads options from the
[mysqld], [server],
[mysqld_safe], and
[safe_mysqld] groups.
mysql.server reads options from the
[mysqld] and
[mysql.server] groups.
An embedded MySQL server usually reads options from the
[server], [embedded], and
[
groups, where xxxxx_SERVER]xxxxx is the name of
the application into which the server is embedded.
mysqld accepts many command options. For a brief summary, execute mysqld --help. To see the full list, use mysqld --verbose --help.
The following list shows some of the most common server options. Additional options are described in other sections:
Options that affect security: See Section 5.3.3, “Security-Related mysqld Options”.
SSL-related options: See Section 5.5.7.3, “SSL Command Options”.
Binary log control options: See Section 5.2.3, “The Binary Log”.
Replication-related options: See Section 18.1.2, “Replication Startup Options and Variables”.
Options specific to particular storage engines: See
Section 13.1.1, “MyISAM Startup Options”, Section 13.5.3, “BDB Startup Options”,
Section 13.2.4, “InnoDB Startup Options and System Variables”, and
Section 19.4.2, “MySQL Cluster-Related Command Options for mysqld”.
You can also set the values of server system variables by using variable names as options, as described at the end of this section.
Display a short help message and exit. Use both the
--verbose and --help
options to see the full message.
| Value Set |
|
When this option is set to some positive integer
value other than 0 (the default)
it affects replication behavior as follows: After the slave
SQL thread has started, value log
events are allowed to be executed; after that, the slave SQL
thread does not receive any more events, just as if the
network connection from the master were cut. The slave
thread continues to run, and the output from SHOW
SLAVE STATUS displays Yes in
both the Slave_IO_Running and the
Slave_SQL_Running columns, but no further
events are read from the relay log.
This option is used internally by the MySQL test suite for replication testing and debugging. It is not intended for use in a production setting.
| Version Introduced | 5.0.3 | ||||
| Value Set |
|
This option controls whether user-defined functions that
have only an xxx symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded; this prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. This option was added in version 5.0.3. See
Section 28.2.2.6, “User-Defined Function Security Precautions”.
Use standard (ANSI) SQL syntax instead of MySQL syntax. For
more precise control over the server SQL mode, use the
--sql-mode option instead. See
Section 1.8.3, “Running MySQL in ANSI Mode”, and
Section 5.1.7, “SQL Modes”.
| Option Sets Variable | Yes, basedir | ||
| Variable Name | basedir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The path to the MySQL installation directory. All paths are usually resolved relative to this directory.
| Option Sets Variable | Yes, big_tables | ||
| Variable Name | big-tables | ||
| Variable Scope | Session | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
Allow large result sets by saving all temporary sets in files. This option prevents most “table full” errors, but also slows down queries for which in-memory tables would suffice. Since MySQL 3.23.2, the server is able to handle large result sets automatically by using memory for small temporary tables and switching to disk tables where necessary.
| Value Set |
|
The IP address to bind to. Only one address can be selected. If this option is specified multiple times, the last address given is used.
This option is used by the mysql_install_db script to create the MySQL privilege tables without having to start a full MySQL server.
This option is unavailable if MySQL was configured with the
--disable-grant-options option. See
Section 2.4.15.2, “Typical configure Options”.
| Option Sets Variable | Yes, character_sets_dir | ||
| Variable Name | character-sets-dir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The directory where character sets are installed. See Section 9.2, “The Character Set Used for Data and Sorting”.
--character-set-client-handshake
| Value Set |
|
Don't ignore character set information sent by the client.
To ignore client information and use the default server
character set, use
--skip-character-set-client-handshake; this
makes MySQL behave like MySQL 4.0.
--character-set-filesystem=
charset_name
| Version Introduced | 5.0.19 | ||
| Option Sets Variable | Yes, character_set_filesystem | ||
| Variable Name | character_set_filesystem | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The filesystem character set. This option sets the
character_set_filesystem system variable.
It was added in MySQL 5.0.19.
--character-set-server=,
charset_name-C
charset_name
| Option Sets Variable | Yes, character_set_server | ||
| Variable Name | character_set_server | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
Use charset_name as the default
server character set. See
Section 9.2, “The Character Set Used for Data and Sorting”. If you use this
option to specify a non-default character set, you should
also use --collation-server to specify the
collation.
| Value Set |
|
Put the mysqld server in a closed
environment during startup by using the
chroot() system call. This is a
recommended security measure. Note that use of this option
somewhat limits LOAD DATA INFILE and
SELECT ... INTO OUTFILE.
--collation-server=
collation_name
| Option Sets Variable | Yes, collation_server | ||
| Variable Name | collation_server | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
Use collation_name as the default
server collation. See
Section 9.2, “The Character Set Used for Data and Sorting”.
| Option Sets Variable | Yes, console |
| Platform Specific | windows |
(Windows only.) Write error log messages to
stderr and stdout even
if --log-error is specified.
mysqld does not close the console window
if this option is used.
| Value Set |
|
Write a core file if mysqld dies. For
some systems, you must also specify the
--core-file-size option to
mysqld_safe. See
Section 4.3.2, “mysqld_safe — MySQL Server Startup Script”. Note that on some systems,
such as Solaris, you do not get a core file if you are also
using the --user option.
| Option Sets Variable | Yes, datadir | ||
| Variable Name | datadir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The path to the data directory.
--debug[=,
debug_options]-#
[
debug_options]
| Variable Name | debug | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If MySQL is configured with --with-debug,
you can use this option to get a trace file of what
mysqld is doing. The
debug_options string often is
'd:t:o,.
The default is file_name''d:t:i:o,mysqld.trace'.
See
MySQL
Internals: Porting.
As of MySQL 5.0.25, using --with-debug to
configure MySQL with debugging support enables you to use
the --debug="d,parser_debug" option when
you start the server. This causes the Bison parser that is
used to process SQL statements to dump a parser trace to the
server's standard error output. Typically, this output is
written to the error log.
--default-character-set=
(DEPRECATED)
charset_name
| Deprecated | 5.0 | ||
| Value Set |
|
Use charset_name as the default
character set. This option is deprecated in favor of
--character-set-server. See
Section 9.2, “The Character Set Used for Data and Sorting”.
--default-collation=
collation_name
| Variable Name | default-collation | ||
| Variable Scope | |||
| Dynamic Variable | No | ||
| Deprecated | 4.1.3 | ||
| Value Set |
|
Use collation_name as the default
collation. This option is deprecated in favor of
--collation-server. See
Section 9.2, “The Character Set Used for Data and Sorting”.
Set the default storage engine (table type) for tables. See Chapter 13, Storage Engines.
| Deprecated | 5.0, by default-storage-engine | ||
| Value Set |
|
This option is a synonym for
--default-storage-engine.
| Value Set |
|
Set the default server time zone. This option sets the
global time_zone system variable. If this
option is not given, the default time zone is the same as
the system time zone (given by the value of the
system_time_zone system variable.
--delay-key-write[={OFF|ON|ALL}]
| Option Sets Variable | Yes, delay_key_write | ||||||
| Variable Name | delay-key-write | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Specify how to use delayed key writes. Delayed key writing
causes key buffers not to be flushed between writes for
MyISAM tables. OFF
disables delayed key writes. ON enables
delayed key writes for those tables that were created with
the DELAY_KEY_WRITE option.
ALL delays key writes for all
MyISAM tables. See
Section 7.5.2, “Tuning Server Parameters”, and
Section 13.1.1, “MyISAM Startup Options”.
If you set this variable to ALL, you
should not use MyISAM tables from
within another program (such as another MySQL server or
myisamchk) when the tables are in use.
Doing so leads to index corruption.
Read the default DES keys from this file. These keys are
used by the DES_ENCRYPT()
and DES_DECRYPT() functions.
--disconnect-slave-event-count
| Value Set |
|
This option is used internally by the MySQL test suite for replication testing and debugging.
| Platform Specific | windows |
Enable support for named pipes. This option can be used only with the mysqld-nt and mysqld-debug servers that support named-pipe connections.
| Value Set |
|
Print a symbolic stack trace on failure.
--engine-condition-pushdown={ON|OFF}
| Version Introduced | 5.0.3 | ||||
| Option Sets Variable | Yes, engine_condition_pushdown | ||||
| Variable Name | engine_condition_pushdown | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set (>= 5.0.3) |
|
When the value of this option is 0 (OFF),
a query such as SELECT * FROM t WHERE mycol =
42, where mycol is a
non-indexed column, is executed as a full table scan. The
storage engine sends every row to the MySQL server, which
applies the WHERE condition. If
engine_condition_pushdown is set to 1
(ON), the condition is “pushed
down” to the storage engine, which uses the condition
to perform the scan, and sends back to the MySQL server only
those rows that match the condition. By default, this
variable is OFF.
In MySQL 5.0, this option is useful only with
the NDBCLUSTER storage engine. However,
we intend to implement it for additional storage engines in
future MySQL releases.
Setting this option to ON on a MySQL
Server acting as a MySQL Cluster SQL node causes
WHERE conditions on unindexed columns to
be evaluated on the cluster's data nodes and only the
rows that match to be sent back to the SQL node that issued
the query. This means the amount of cluster data that must
be sent over the network is greatly reduced, increasing the
efficiency with which results are returned.
For more information, see Section 7.2.7, “Condition Pushdown Optimization”.
This variable was added in MySQL 5.0.3.
--exit-info[=,
flags]-T [
flags]
| Value Set |
|
This is a bit mask of different flags that you can use for debugging the mysqld server. Do not use this option unless you know exactly what it does!
| Option Sets Variable | Yes, external_locking | ||||
| Disabled by | skip-external-locking | ||||
| Value Set |
|
Enable external locking (system locking), which is disabled
by default as of MySQL 4.0. Note that if you use this option
on a system on which lockd does not fully
work (such as Linux), it is easy for
mysqld to deadlock. This option
previously was named --enable-locking.
For more information about external locking, including conditions under which it can and cannot be used, see Section 7.3.4, “External Locking”.
| Variable Name | flush | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Flush (synchronize) all changes to disk after each SQL statement. Normally, MySQL does a write of all changes to disk only after each SQL statement and lets the operating system handle the synchronizing to disk. See Section B.1.4.2, “What to Do If MySQL Keeps Crashing”.
| Value Set |
|
Install an interrupt handler for SIGINT
(needed to stop mysqld with
^C to set breakpoints) and disable stack
tracing and core file handling. See
MySQL
Internals: Porting.
| Option Sets Variable | Yes, init_file | ||
| Variable Name | init_file | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
Read SQL statements from this file at startup. Each statement must be on a single line and should not include comments.
This option is unavailable if MySQL was configured with the
--disable-grant-options option. See
Section 2.4.15.2, “Typical configure Options”.
| Version Introduced | 5.0.1 | ||
| Deprecated | 5.0.3 | ||
| Value Set (<= 5.0.3) |
|
Adds consistency guarantees between the content of
InnoDB tables and the binary log. See
Section 5.2.3, “The Binary Log”. This option was removed in
MySQL 5.0.3, having been made obsolete by the introduction
of XA transaction support.
--innodb-
xxx
The InnoDB options are listed in
Section 13.2.4, “InnoDB Startup Options and System Variables”.
--language=
lang_name, -L
lang_name
| Option Sets Variable | Yes, language | ||||
| Variable Name | language | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
Return client error messages in the given language.
lang_name can be given as the
language name or as the full pathname to the directory where
the language files are installed. See
Section 9.3, “Setting the Error Message Language”.
| Version Introduced | 5.0.3 | ||||||
| Option Sets Variable | Yes, large_pages | ||||||
| Variable Name | large_pages | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Platform Specific | linux | ||||||
| Value Set |
|
Some hardware/operating system architectures support memory pages greater than the default (usually 4KB). The actual implementation of this support depends on the underlying hardware and OS. Applications that perform a lot of memory accesses may obtain performance improvements by using large pages due to reduced Translation Lookaside Buffer (TLB) misses.
Currently, MySQL supports only the Linux implementation of large pages support (which is called HugeTLB in Linux). We have plans to extend this support to FreeBSD, Solaris and possibly other platforms.
Before large pages can be used on Linux, it is necessary to
configure the HugeTLB memory pool. For reference, consult
the hugetlbpage.txt file in the Linux
kernel source.
This option is disabled by default. It was added in MySQL 5.0.3.
--log[=,
file_name]-l [
file_name]
| Option Sets Variable | Yes, log | ||||
| Variable Name | log | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
Log connections and SQL statements received from clients to
this file. See Section 5.2.2, “The General Query Log”. If you omit the
filename, MySQL uses
host_name.log
| Value Set |
|
Enable binary logging. The server logs all statements that change data to the binary log, which is used for backup and replication. See Section 5.2.3, “The Binary Log”.
The option value, if given, is the basename for the log
sequence. The server creates binary log files in sequence by
adding a numeric suffix to the basename. It is recommended
that you specify a basename (see
Section B.1.8.1, “Open Issues in MySQL”, for the reason). Otherwise,
MySQL uses
host_name-bin
| Value Set |
|
The index file for binary log filenames. See
Section 5.2.3, “The Binary Log”. If you omit the filename, and
if you didn't specify one with --log-bin,
MySQL uses
host_name-bin.index
--log-bin-trust-function-creators[={0|1}]
| Version Introduced | 5.0.16 | ||||
| Option Sets Variable | Yes, log_bin_trust_function_creators | ||||
| Variable Name | log_bin_trust_function_creators | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
With no argument or an argument of 1, this option sets the
log_bin_trust_function_creators system
variable to 1. With an argument of 0, this option sets the
system variable to 0.
log_bin_trust_function_creators affects
how MySQL enforces restrictions on stored function and
trigger creation. See
Section 21.4, “Binary Logging of Stored Routines and Triggers”.
This option was added in MySQL 5.0.16.
--log-bin-trust-routine-creators[={0|1}]
| Version Introduced | 5.0.6 | ||||
| Option Sets Variable | Yes, log_bin_trust_routine_creators | ||||
| Variable Name | log-bin-trust-routine-creators | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Deprecated | 5.0.16, by log-bin-trust-function-creators | ||||
| Value Set |
|
This is the old name for
--log-bin-trust-function-creators. Before
MySQL 5.0.16, it also applies to stored procedures, not just
stored functions and sets the
log_bin_trust_routine_creators system
variable. As of 5.0.16, this option is deprecated. It is
recognized for backward compatibility but its use results in
a warning.
This option was added in MySQL 5.0.6.
| Option Sets Variable | Yes, log_error | ||
| Variable Name | log_error | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
Log errors and startup messages to this file. See
Section 5.2.1, “The Error Log”. If you omit the filename, MySQL
uses
host_name.err.err.
| Value Set |
|
Log all MyISAM changes to this file (used
only when debugging MyISAM).
--log-long-format
(DEPRECATED)
| Deprecated | 4.1 |
Log extra information to the update log, binary update log,
and slow query log, if they have been activated. For
example, the username and timestamp are logged for all
queries. This option is deprecated, as it now represents the
default logging behavior. (See the description for
--log-short-format.) The
--log-queries-not-using-indexes option is
available for the purpose of logging queries that do not use
indexes to the slow query log.
--log-queries-not-using-indexes
| Option Sets Variable | Yes, log_queries_not_using_indexes | ||
| Variable Name | log_queries_not_using_indexes | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
If you are using this option with
--log-slow-queries, queries that do not use
indexes are logged to the slow query log. See
Section 5.2.4, “The Slow Query Log”.
| Value Set |
|
Log less information to the update log, binary update log, and slow query log, if they have been activated. For example, the username and timestamp are not logged for queries.
| Value Set |
|
Log slow administrative statements such as OPTIMIZE
TABLE, ANALYZE TABLE, and
ALTER TABLE to the slow query log.
--log-slow-queries[=
file_name]
| Option Sets Variable | Yes, log_slow_queries | ||
| Variable Name | log_slow_queries | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
Log all queries that have taken more than
long_query_time seconds to execute to
this file. See Section 5.2.4, “The Slow Query Log”. See the
descriptions of the --log-long-format and
--log-short-format options for details.
| Version Introduced | 5.0.3 | ||||
| Value Set |
|
The name of the memory-mapped transaction coordinator log
file (for XA transactions that affect multiple storage
engines when the binary log is disabled). The default name
is tc.log. The file is created under
the data directory if not given as a full pathname.
Currently, this option is unused. Added in MySQL 5.0.3.
| Version Introduced | 5.0.3 | ||||||
| Value Set |
|
The size in bytes of the memory-mapped transaction coordinator log. The default size is 24KB. Added in MySQL 5.0.3.
--log-warnings[=,
level]-W [
level]
| Option Sets Variable | Yes, log-warnings | ||||
| Variable Name | log_warnings | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Disabled by | skip-log-warnings | ||||
| Value Set |
|
Print out warnings such as Aborted
connection... to the error log. Enabling this
option is recommended, for example, if you use replication
(you get more information about what is happening, such as
messages about network failures and reconnections). This
option is enabled (1) by default, and the default
level value if omitted is 1. To
disable this option, use --log-warnings=0.
If the value is greater than 1, aborted connections are
written to the error log. See
Section B.1.2.11, “Communication Errors and Aborted Connections”.
| Option Sets Variable | Yes, low_priority_updates | ||||
| Variable Name | low_priority_updates | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Give table-modifying operations (INSERT,
REPLACE, DELETE,
UPDATE) lower priority than selects. This
can also be done via {INSERT | REPLACE | DELETE |
UPDATE} LOW_PRIORITY ... to lower the priority of
only one query, or by SET
LOW_PRIORITY_UPDATES=1 to change the priority in
one thread. This affects only storage engines that use only
table-level locking (MyISAM,
MEMORY, MERGE). See
Section 7.3.2, “Table Locking Issues”.
| Value Set |
|
This option is used internally by the MySQL test suite for replication testing and debugging.
| Variable Name | locked_in_memory | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
Lock the mysqld process in memory. This option might help if you have a problem where the operating system is causing mysqld to swap to disk.
--memlock works on systems that support the
mlockall() system call; this includes
Solaris as well as most Linux distributions that use a 2.4
or newer kernel. On Linux systems, you can tell whether or
not mlockall() (and thus this option) is
supported by checking to see whether or not it is defined in
the system mman.h file, like this:
shell> grep mlockall /usr/include/sys/mman.h
If mlockall() is supported, you should
see in the output of the previous command something like the
following:
extern int mlockall (int __flags) __THROW;
Using this option requires that you run the server as
root, which, for reasons of security,
is normally not a good idea. See
Section 5.3.5, “How to Run MySQL as a Normal User”.
You must not try to use this option on a system that does
not support the mlockall() system call;
if you do so, mysqld will very likely
crash as soon as you try to start it.
--myisam-recover[=
option[,option]...]]
| Value Set |
|
Set the MyISAM storage engine recovery
mode. The option value is any combination of the values of
DEFAULT, BACKUP,
FORCE, or QUICK. If
you specify multiple values, separate them by commas.
Specifying the option with no argument is the same as
specifying DEFAULT, and specifying with
an explicit value of "" disables recovery
(same as not giving the option). If recovery is enabled,
each time mysqld opens a
MyISAM table, it checks whether the table
is marked as crashed or wasn't closed properly. (The last
option works only if you are running with external locking
disabled.) If this is the case, mysqld
runs a check on the table. If the table was corrupted,
mysqld attempts to repair it.
The following options affect how the repair works:
| Option | Description |
DEFAULT | Recovery without backup, forcing, or quick checking. |
BACKUP | If the data file was changed during recovery, save a backup of the
|
FORCE | Run recovery even if we would lose more than one row from the
.MYD file. |
QUICK | Don't check the rows in the table if there aren't any delete blocks. |
Before the server automatically repairs a table, it writes a
note about the repair to the error log. If you want to be
able to recover from most problems without user
intervention, you should use the options
BACKUP,FORCE. This forces a repair of a
table even if some rows would be deleted, but it keeps the
old data file as a backup so that you can later examine what
happened.
| Option Sets Variable | Yes, old_passwords | ||||
| Variable Name | old_passwords | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.4.8, “Password Hashing as of MySQL 4.1”.
| Version Introduced | 5.0.3 | ||||
| Value Set |
|
Enable old-style user limits. (Before MySQL 5.0.3, account
resource limits were counted separately for each host from
which a user connected rather than per account row in the
user table.) See
Section 5.5.4, “Limiting Account Resources”. This option was added in
MySQL 5.0.3.
Only use one thread (for debugging under Linux). This option is available only if the server is built with debugging enabled. See MySQL Internals: Porting.
| Option Sets Variable | Yes, open_files_limit | ||||||
| Variable Name | open_files_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
Changes the number of file descriptors available to
mysqld. You should try increasing the
value of this option if mysqld gives you
the error Too many open files.
mysqld uses the option value to reserve
descriptors with setrlimit(). If the
requested number of file descriptors cannot be allocated,
mysqld writes a warning to the error log.
mysqld may attempt to allocate more than
the requested number of descriptors (if they are available),
using the values of max_connections and
table_cache to estimate whether more
descriptors will be needed.
| Option Sets Variable | Yes, pid_file | ||
| Variable Name | pid_file | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The pathname of the process ID file. This file is used by other programs such as mysqld_safe to determine the server's process ID.
| Option Sets Variable | Yes, port | ||||
| Variable Name | port | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The port number to use when listening for TCP/IP
connections. The port number must be 1024 or higher unless
the server is started by the root system
user.
| Version Introduced | 5.0.19 | ||||
| Value Set |
|
On some systems, when the server is stopped, the TCP/IP port might not become available immediately. If the server is restarted quickly afterward, its attempt to reopen the port can fail. This option indicates how many seconds the server should wait for the TCP/IP port to become free if it cannot be opened. The default is not to wait. This option was added in MySQL 5.0.19.
| Deprecated | 5.0 |
Skip some optimization stages.
--safe-show-database
(DEPRECATED)
| Option Sets Variable | Yes, safe_show_database | ||
| Variable Name | safe_show_database | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Deprecated | 4.0.2 | ||
| Value Set |
|
| Option Sets Variable | Yes, safe-user-create | ||||
| Value Set |
|
If this option is enabled, a user cannot create new MySQL
users by using the GRANT statement unless
the user has the INSERT privilege for the
mysql.user table or any column in the
table. If you want a user to have the ability to create new
users that have those privileges that the user has the right
to grant, you should grant the user the following privilege:
GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
This ensures that the user cannot change any privilege
columns directly, but has to use the
GRANT statement to give privileges to
other users.
| Option Sets Variable | Yes, secure_auth | ||||
| Variable Name | secure_auth | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Disallow authentication by clients that attempt to use accounts that have old (pre-4.1) passwords.
| Version Introduced | 5.0.38 | ||
| Option Sets Variable | Yes, secure_file_priv | ||
| Variable Name | secure_file_priv | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
This option limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in the
specified directory.
This option was added in MySQL 5.0.38.
Enable shared-memory connections by local clients. This option is available only on Windows.
--shared-memory-base-name=
name
The name of shared memory to use for shared-memory
connections. This option is available only on Windows. The
default name is MYSQL. The name is case
sensitive.
Disable the BDB storage engine. This
saves memory and might speed up some operations. Do not use
this option if you require BDB tables.
Turn off the ability to select and insert at the same time
on MyISAM tables. (This is to be used
only if you think you have found a bug in this feature.) See
Section 7.3.3, “Concurrent Inserts”.
Do not use external locking (system locking). For more information about external locking, including conditions under which it can and cannot be used, see Section 7.3.4, “External Locking”.
External locking has been disabled by default since MySQL 4.0.
This option causes the server not to use the privilege
system at all, which gives anyone with access to the server
unrestricted access to all databases.
You can cause a running server to start using the grant
tables again by executing mysqladmin
flush-privileges or mysqladmin
reload command from a system shell, or by issuing
a MySQL FLUSH PRIVILEGES statement after
connecting to the server. This option also suppresses
loading of user-defined functions (UDFs).
This option is unavailable if MySQL was configured with the
--disable-grant-options option. See
Section 2.4.15.2, “Typical configure Options”.
Do not use the internal hostname cache for faster name-to-IP resolution. Instead, query the DNS server every time a client connects. See Section 7.5.10, “How MySQL Uses DNS”.
Disable the InnoDB storage engine. This
saves memory and disk space and might speed up some
operations. Do not use this option if you require
InnoDB tables.
Disable the MERGE storage engine. This
option was added in MySQL 5.0.24. It can be used if the
following behavior is undesirable: If a user has access to
MyISAM table
t, that user can create a
MERGE table m
that accesses t. However, if the
user's privileges on t are
subsequently revoked, the user can continue to access
t by doing so through
m.
Do not resolve hostnames when checking client connections.
Use only IP numbers. If you use this option, all
Host column values in the grant tables
must be IP numbers or localhost. See
Section 7.5.10, “How MySQL Uses DNS”.
Don't listen for TCP/IP connections at all. All interaction with mysqld must be made via named pipes or shared memory (on Windows) or Unix socket files (on Unix). This option is highly recommended for systems where only local clients are allowed. See Section 7.5.10, “How MySQL Uses DNS”.
| Value Set |
|
This option is used internally by the MySQL test suite for replication testing and debugging.
Options that begin with --ssl specify
whether to allow clients to connect via SSL and indicate
where to find SSL keys and certificates. See
Section 5.5.7.3, “SSL Command Options”.
| Platform Specific | windows |
Instructs the MySQL server not to run as a service.
--symbolic-links,
--skip-symbolic-links
Enable or disable symbolic link support. This option has different effects on Windows and Unix:
On Windows, enabling symbolic links allows you to
establish a symbolic link to a database directory by
creating a
db_name.sym
On Unix, enabling symbolic links means that you can link
a MyISAM index file or data file to
another directory with the INDEX
DIRECTORY or DATA DIRECTORY
options of the CREATE TABLE
statement. If you delete or rename the table, the files
that its symbolic links point to also are deleted or
renamed. See Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
If MySQL is configured with
--with-debug=full, all MySQL programs check
for memory overruns during each memory allocation and memory
freeing operation. This checking is very slow, so for the
server you can avoid it when you don't need it by using the
--skip-safemalloc option.
| Option Sets Variable | Yes, skip_show_database |
| Variable Name | skip_show_database |
| Variable Scope | Global |
| Dynamic Variable | No |
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES privilege, and the
statement displays all database names. Without this option,
SHOW DATABASES is allowed to all users,
but displays each database name only if the user has the
SHOW DATABASES privilege or some
privilege for the database. Note that
any global privilege is considered a
privilege for the database.
Don't write stack traces. This option is useful when you are running mysqld under a debugger. On some systems, you also must use this option to get a core file. See MySQL Internals: Porting.
Disable using thread priorities for faster response time.
| Option Sets Variable | Yes, socket | ||||||
| Variable Name | socket | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
| ||||||
| Value Set |
| ||||||
| Value Set |
| ||||||
| Value Set |
|
On Unix, this option specifies the Unix socket file to use
when listening for local connections. The default value is
/tmp/mysql.sock. On Windows, the option
specifies the pipe name to use when listening for local
connections that use a named pipe. The default value is
MySQL (not case sensitive).
--sql-mode=
value[,value[,value...]]
| Option Sets Variable | Yes, sql_mode | ||||||
| Variable Name | sql_mode | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Set the SQL mode. See Section 5.1.7, “SQL Modes”.
| Version Introduced | 5.0.20 | ||||
| Value Set |
|
As of MySQL 5.0.13,
SYSDATE() by default returns
the time at which it executes, not the time at which the
statement in which it occurs begins executing. This differs
from the behavior of NOW().
This option causes SYSDATE()
to be an alias for NOW().
For information about the implications for binary logging
and replication, see the description for
SYSDATE() in
Section 11.6, “Date and Time Functions” and for
SET TIMESTAMP in
Section 5.1.4, “Session System Variables”.
This option was added in MySQL 5.0.20.
--tc-heuristic-recover={COMMIT|ROLLBACK}
| Version Introduced | 5.0.3 | ||||
| Value Set |
|
The type of decision to use in the heuristic recovery process. Currently, this option is unused. Added in MySQL 5.0.3.
| Value Set |
|
This option causes most temporary files created by the server to use a small set of names, rather than a unique name for each new file. This works around a problem in the Linux kernel dealing with creating many new files with different names. With the old behavior, Linux seems to “leak” memory, because it is being allocated to the directory entry cache rather than to the disk cache.
| Value Set |
|
Sets the default transaction isolation level. The
level value can be
READ-UNCOMMITTED,
READ-COMMITTED,
REPEATABLE-READ, or
SERIALIZABLE. See
Section 12.4.6, “SET TRANSACTION Syntax”.
| Option Sets Variable | Yes, tmpdir | ||
| Variable Name | tmpdir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The path of the directory to use for creating temporary
files. It might be useful if your default
/tmp directory resides on a partition
that is too small to hold temporary tables. This option
accepts several paths that are used in round-robin fashion.
Paths should be separated by colon characters
(“:”) on Unix and semicolon
characters (“;”) on Windows,
NetWare, and OS/2. If the MySQL server is acting as a
replication slave, you should not set
--tmpdir to point to a directory on a
memory-based filesystem or to a directory that is cleared
when the server host restarts. For more information about
the storage location of temporary files, see
Section B.1.4.4, “Where MySQL Stores Temporary Files”. A replication slave needs
some of its temporary files to survive a machine restart so
that it can replicate temporary tables or LOAD DATA
INFILE operations. If files in the temporary file
directory are lost when the server restarts, replication
fails.
--user={,
user_name|user_id}-u
{
user_name|user_id}
| Value Set |
|
Run the mysqld server as the user having
the name user_name or the numeric
user ID user_id.
(“User” in this context refers to a system
login account, not a MySQL user listed in the grant tables.)
This option is mandatory when starting
mysqld as root. The
server changes its user ID during its startup sequence,
causing it to run as that particular user rather than as
root. See
Section 5.3.1, “General Security Guidelines”.
To avoid a possible security hole where a user adds a
--user=root option to a
my.cnf file (thus causing the server to
run as root), mysqld
uses only the first --user option specified
and produces a warning if there are multiple
--user options. Options in
/etc/my.cnf and
$MYSQL_HOME/my.cnf are processed before
command-line options, so it is recommended that you put a
--user option in
/etc/my.cnf and specify a value other
than root. The option in
/etc/my.cnf is found before any other
--user options, which ensures that the
server runs as a user other than root,
and that a warning results if any other
--user option is found.
| Variable Name | version |
| Variable Scope | Global |
| Dynamic Variable | No |
Display version information and exit.
You can assign a value to a server system variable by using an
option of the form
--.
For example, var_name=value--key_buffer_size=32M sets the
key_buffer_size variable to a value of 32MB.
Note that when you assign a value to a variable, MySQL might automatically correct the value to stay within a given range, or adjust the value to the closest allowable value if only certain values are allowed.
If you want to restrict the maximum value to which a variable
can be set at runtime with SET, you can
define this by using the
--maximum-
command-line option.
var_name=value
It is also possible to set variables by using
--set-variable=
or var_name=value-O
syntax. This syntax is deprecated.
var_name=value
You can change the values of most system variables for a running
server with the SET statement. See
Section 12.5.4, “SET Syntax”.
Section 5.1.3, “System Variables”, provides a full description for all variables, and additional information for setting them at server startup and runtime. Section 7.5.2, “Tuning Server Parameters”, includes information on optimizing the server by tuning system variables.
The MySQL server maintains many system variables that indicate
how it is configured. Each system variable has a default value.
System variables can be set at server startup using options on
the command line or in an option file. Most of them can be
changed dynamically while the server is running by means of the
SET statement, which enables you to modify
operation of the server without having to stop and restart it.
You can refer to system variable values in expressions.
There are several ways to see the names and values of system variables:
To see the values that a server will use based on its compiled-in defaults and any option files that it reads, use this command:
mysqld --verbose --help
To see the values that a server will use based on its compiled-in defaults, ignoring the settings in any option files, use this command:
mysqld --no-defaults --verbose --help
To see the current values used by a running server, use the
SHOW VARIABLES statement.
This section provides a description of each system variable. Variables with no version indicated are present in all MySQL 5.0 releases. For historical information concerning their implementation, please see http://dev.mysql.com/doc/refman/4.1/en/.
The following table lists all available system variables:
| Name | Cmd-Line | Option file | System Var | Var Scope | Dynamic |
|---|---|---|---|---|---|
| autocommit | Yes | Session | Yes | ||
| auto-increment-increment | Yes | Yes | Yes | ||
| - Variable: auto_increment_increment | Yes | Both | Yes | ||
| auto-increment-offset | Yes | Yes | Yes | ||
| - Variable: auto_increment_offset | Yes | Both | Yes | ||
| automatic_sp_privileges | Yes | Global | Yes | ||
| back_log | Yes | Yes | Yes | Global | No |
| basedir | Yes | Yes | Yes | Global | No |
| bdb_cache_size | Yes | Yes | Yes | Global | No |
| bdb-home | Yes | Yes | Yes | Global | No |
| bdb-lock-detect | Yes | Yes | No | ||
| - Variable: bdb_lock_detect | Yes | Global | No | ||
| bdb_log_buffer_size | Yes | Yes | Yes | Global | No |
| bdb-logdir | Yes | Yes | Yes | Global | No |
| bdb_max_lock | Yes | Yes | Yes | Global | No |
| bdb-shared-data | Yes | Yes | No | ||
| - Variable: bdb_shared_data | Yes | Global | No | ||
| bdb-tmpdir | Yes | Yes | Yes | Global | No |
| big-tables | Yes | Yes | Yes | ||
| - Variable: big_tables | Yes | Session | Yes | ||
| binlog_cache_size | Yes | Yes | Yes | Global | Yes |
| bulk_insert_buffer_size | Yes | Yes | Yes | Both | Yes |
| character_set_client | Yes | Both | Yes | ||
| character_set_connection | Yes | Both | Yes | ||
| character_set_database | Yes | Both | Yes | ||
| character-set-filesystem | Yes | Yes | Yes | ||
| - Variable: character_set_filesystem | Yes | Both | Yes | ||
| character_set_results | Yes | Both | Yes | ||
| character-sets-dir | Yes | Yes | No | ||
| - Variable: character_sets_dir | Yes | Global | No | ||
| character-set-server | Yes | Yes | Yes | ||
| - Variable: character_set_server | Yes | Both | Yes | ||
| character_set_system | Yes | Global | No | ||
| collation_connection | Yes | Both | Yes | ||
| collation_database | Yes | Both | Yes | ||
| collation-server | Yes | Yes | Yes | ||
| - Variable: collation_server | Yes | Both | Yes | ||
| completion_type | Yes | Yes | Yes | Both | Yes |
| concurrent_insert | Yes | Yes | Yes | Global | Yes |
| connect_timeout | Yes | Yes | Yes | Global | Yes |
| datadir | Yes | Yes | Yes | Global | No |
| date_format | Yes | Both | Yes | ||
| datetime_format | Yes | Yes | Yes | Both | Yes |
| debug | Yes | Yes | Yes | Both | Yes |
| default_week_format | Yes | Yes | Yes | Both | Yes |
| delayed_insert_limit | Yes | Yes | Yes | Global | Yes |
| delayed_insert_timeout | Yes | Yes | Yes | Global | Yes |
| delayed_queue_size | Yes | Yes | Yes | Global | Yes |
| delay-key-write | Yes | Yes | Yes | ||
| - Variable: delay_key_write | Yes | Global | Yes | ||
| div_precision_increment | Yes | Yes | Yes | Both | Yes |
| engine-condition-pushdown | Yes | Yes | Yes | ||
| - Variable: engine_condition_pushdown | Yes | Both | Yes | ||
| error_count | Yes | Session | No | ||
| expire_logs_days | Yes | Yes | Yes | Global | Yes |
| flush | Yes | Yes | Yes | Global | Yes |
| flush_time | Yes | Yes | Yes | Global | Yes |
| foreign_key_checks | Yes | Session | Yes | ||
| ft_boolean_syntax | Yes | Yes | Yes | Global | Yes |
| ft_max_word_len | Yes | Yes | Yes | Global | No |
| ft_min_word_len | Yes | Yes | Yes | Global | No |
| ft_query_expansion_limit | Yes | Yes | Yes | Global | No |
| ft_stopword_file | Yes | Yes | Yes | Global | No |
| group_concat_max_len | Yes | Yes | Yes | Both | Yes |
| have_archive | Yes | Global | No | ||
| have_bdb | Yes | Global | No | ||
| have_blackhole_engine | Yes | Global | No | ||
| have_compress | Yes | Global | No | ||
| have_crypt | Yes | Global | No | ||
| have_csv | Yes | Global | No | ||
| have_example_engine | Yes | Global | No | ||
| have_federated_engine | Yes | Global | No | ||
| have_geometry | Yes | Global | No | ||
| have_innodb | Yes | Global | No | ||
| have_isam | Yes | Global | No | ||
| have_merge_engine | Yes | Global | No | ||
| have_ndbcluster | Yes | Global | No | ||
| have_openssl | Yes | Global | No | ||
| have_query_cache | Yes | Global | No | ||
| have_raid | Yes | Global | No | ||
| have_rtree_keys | Yes | Global | No | ||
| have_ssl | Yes | Global | No | ||
| have_symlink | Yes | Global | No | ||
| hostname | Yes | Global | No | ||
| identity | Yes | Session | Yes | ||
| init_connect | Yes | Yes | Yes | Global | Yes |
| init-file | Yes | Yes | No | ||
| - Variable: init_file | Yes | Global | No | ||
| init_slave | Yes | Yes | Yes | Global | Yes |
| innodb_adaptive_hash_index | Yes | Yes | Yes | Global | No |
| innodb_additional_mem_pool_size | Yes | Yes | Yes | Global | No |
| innodb_autoextend_increment | Yes | Yes | Yes | Global | Yes |
| innodb_buffer_pool_awe_mem_mb | Yes | Yes | Yes | Global | No |
| innodb_buffer_pool_size | Yes | Yes | Yes | Global | No |
| innodb_checksums | Yes | Yes | Yes | Global | No |
| innodb_commit_concurrency | Yes | Yes | Yes | Global | Yes |
| innodb_concurrency_tickets | Yes | Yes | Yes | Global | Yes |
| innodb_data_file_path | Yes | Yes | Yes | Global | No |
| innodb_data_home_dir | Yes | Yes | Yes | Global | No |
| innodb_doublewrite | Yes | Yes | Yes | Global | No |
| innodb_fast_shutdown | Yes | Yes | Yes | Global | Yes |
| innodb_file_io_threads | Yes | Yes | Yes | Global | No |
| innodb_file_per_table | Yes | Yes | Yes | Global | No |
| innodb_flush_log_at_trx_commit | Yes | Yes | Yes | Global | Yes |
| innodb_flush_method | Yes | Yes | Yes | Global | No |
| innodb_force_recovery | Yes | Yes | Yes | Global | No |
| innodb_locks_unsafe_for_binlog | Yes | Yes | Yes | Global | No |
| innodb_lock_wait_timeout | Yes | Yes | Yes | Global | No |
| innodb_log_arch_dir | Yes | Yes | Yes | Global | No |
| innodb_log_archive | Yes | Yes | Yes | Global | No |
| innodb_log_buffer_size | Yes | Yes | Yes | Global | No |
| innodb_log_files_in_group | Yes | Yes | Yes | Global | No |
| innodb_log_file_size | Yes | Yes | Yes | Global | No |
| innodb_log_group_home_dir | Yes | Yes | Yes | Global | No |
| innodb_max_dirty_pages_pct | Yes | Yes | Yes | Global | Yes |
| innodb_max_purge_lag | Yes | Yes | Yes | Global | Yes |
| innodb_mirrored_log_groups | Yes | Yes | Yes | Global | No |
| innodb_open_files | Yes | Yes | Yes | Global | No |
| innodb_rollback_on_timeout | Yes | Yes | Yes | Global | No |
| innodb_status_file | Yes | Yes | Yes | Global | No |
| innodb_support_xa | Yes | Yes | Yes | Both | Yes |
| innodb_sync_spin_loops | Yes | Yes | Yes | Global | Yes |
| innodb_table_locks | Yes | Yes | Yes | Both | Yes |
| innodb_thread_concurrency | Yes | Yes | Yes | Global | Yes |
| innodb_thread_sleep_delay | Yes | Yes | Yes | Global | Yes |
| insert_id | Yes | Session | Yes | ||
| interactive_timeout | Yes | Yes | Yes | Both | Yes |
| join_buffer_size | Yes | Yes | Yes | Both | Yes |
| keep_files_on_create | Yes | Yes | Yes | Both | Yes |
| key_buffer_size | Yes | Yes | Yes | Global | Yes |
| key_cache_age_threshold | Yes | Yes | Yes | Global | Yes |
| key_cache_block_size | Yes | Yes | Yes | Global | Yes |
| key_cache_division_limit | Yes | Yes | Yes | Global | Yes |
| language | Yes | Yes | Yes | Global | No |
| large_files_support | Yes | Global | No | ||
| large-pages | Yes | Yes | No | ||
| - Variable: large_pages | Yes | Global | No | ||
| large_page_size | Yes | Global | No | ||
| last_insert_id | Yes | Session | Yes | ||
| lc_time_names | Yes | Both | Yes | ||
| license | Yes | Global | No | ||
| local_infile | Yes | Global | Yes | ||
| locked_in_memory | Yes | Global | No | ||
| log | Yes | Yes | Yes | Global | No |
| log_bin | Yes | Global | No | ||
| log-bin-trust-function-creators | Yes | Yes | Yes | ||
| - Variable: log_bin_trust_function_creators | Yes | Global | Yes | ||
| log-bin-trust-routine-creators | Yes | Yes | Yes | ||
| - Variable: log_bin_trust_routine_creators | Yes | Global | Yes | ||
| log-error | Yes | Yes | No | ||
| - Variable: log_error | Yes | Global | No | ||
| log-queries-not-using-indexes | Yes | Yes | Yes | ||
| - Variable: log_queries_not_using_indexes | Yes | Global | Yes | ||
| log-slave-updates | Yes | Yes | No | ||
| - Variable: log_slave_updates | Yes | Global | No | ||
| log-slow-queries | Yes | Yes | No | ||
| - Variable: log_slow_queries | Yes | Global | No | ||
| log-warnings | Yes | Yes | Yes | ||
| - Variable: log_warnings | Yes | Both | Yes | ||
| long_query_time | Yes | Yes | Yes | Both | Yes |
| lower_case_file_system | Yes | Yes | Yes | Global | No |
| lower_case_table_names | Yes | Yes | Yes | Global | No |
| low-priority-updates | Yes | Yes | Yes | ||
| - Variable: low_priority_updates | Yes | Both | Yes | ||
| max_allowed_packet | Yes | Yes | Yes | Both | Yes |
| max_binlog_cache_size | Yes | Yes | Yes | Global | Yes |
| max_binlog_size | Yes | Yes | Yes | Global | Yes |
| max_connect_errors | Yes | Yes | Yes | Global | Yes |
| max_connections | Yes | Yes | Yes | Global | Yes |
| max_delayed_threads | Yes | Yes | Yes | Both | Yes |
| max_error_count | Yes | Yes | Yes | Both | Yes |
| max_heap_table_size | Yes | Yes | Yes | Both | Yes |
| max_insert_delayed_threads | Yes | Both | Yes | ||
| max_join_size | Yes | Yes | Yes | Both | Yes |
| max_length_for_sort_data | Yes | Yes | Yes | Both | Yes |
| max_prepared_stmt_count | Yes | Yes | Yes | Global | Yes |
| max_relay_log_size | Yes | Yes | Yes | Global | Yes |
| max_seeks_for_key | Yes | Yes | Yes | Both | Yes |
| max_sort_length | Yes | Yes | Yes | Both | Yes |
| max_sp_recursion_depth | Yes | Yes | Yes | Both | Yes |
| max_tmp_tables | Yes | Yes | Yes | Both | Yes |
| max_user_connections | Yes | Yes | Yes | Both | Yes |
| max_write_lock_count | Yes | Yes | Yes | Global | Yes |
| memlock | Yes | Yes | Yes | Global | No |
| multi_range_count | Yes | Yes | Yes | Both | Yes |
| myisam_block_size | Yes | Yes | Yes | Both | Yes |
| myisam_data_pointer_size | Yes | Yes | Yes | Global | Yes |
| myisam_max_extra_sort_file_size | Yes | Yes | Yes | Global | No |
| myisam_max_sort_file_size | Yes | Yes | Yes | Global | Yes |
| myisam_recover_options | Yes | Global | No | ||
| myisam_repair_threads | Yes | Yes | Yes | Both | Yes |
| myisam_sort_buffer_size | Yes | Yes | Yes | Both | Yes |
| myisam_stats_method | Yes | Yes | Yes | Both | Yes |
| named_pipe | Yes | Global | No | ||
| ndb_autoincrement_prefetch_sz | Yes | Yes | Yes | Both | Yes |
| ndb_cache_check_time | Yes | Yes | Yes | Global | Yes |
| ndbcluster | Yes | Yes | Yes | Both | Yes |
| ndb_force_send | Yes | Yes | Yes | Both | Yes |
| ndb_use_exact_count | Yes | Both | Yes | ||
| net_buffer_length | Yes | Yes | Yes | Both | Yes |
| net_read_timeout | Yes | Yes | Yes | Both | Yes |
| net_retry_count | Yes | Yes | Yes | Both | Yes |
| net_write_timeout | Yes | Yes | Yes | Both | Yes |
| new | Yes | Yes | Yes | Both | Yes |
| old-passwords | Yes | Yes | Yes | ||
| - Variable: old_passwords | Yes | Both | Yes | ||
| open-files-limit | Yes | Yes | No | ||
| - Variable: open_files_limit | Yes | Global | No | ||
| optimizer_prune_level | Yes | Yes | Yes | Both | Yes |
| optimizer_search_depth | Yes | Yes | Yes | Both | Yes |
| pid-file | Yes | Yes | No | ||
| - Variable: pid_file | Yes | Global | No | ||
| plugin_dir | Yes | Yes | Yes | Global | No |
| port | Yes | Yes | Yes | Global | No |
| preload_buffer_size | Yes | Yes | Yes | Both | Yes |
| prepared_stmt_count | Yes | Global | No | ||
| profiling | Yes | Session | Yes | ||
| profiling_history_size | Yes | Both | Yes | ||
| protocol_version | Yes | Global | No | ||
| query_alloc_block_size | Yes | Yes | Yes | Both | Yes |
| query_cache_limit | Yes | Yes | Yes | Global | Yes |
| query_cache_min_res_unit | Yes | Yes | Yes | Global | Yes |
| query_cache_size | Yes | Yes | Yes | Global | Yes |
| query_cache_type | Yes | Yes | Yes | Both | Yes |
| query_cache_wlock_invalidate | Yes | Yes | Yes | Both | Yes |
| query_prealloc_size | Yes | Yes | Yes | Both | Yes |
| rand_seed1 | Yes | Session | Yes | ||
| rand_seed2 | Yes | Session | Yes | ||
| range_alloc_block_size | Yes | Yes | Yes | Both | Yes |
| read_buffer_size | Yes | Yes | Yes | Both | Yes |
| read_only | Yes | Yes | Yes | Global | Yes |
| read_rnd_buffer_size | Yes | Yes | Yes | Both | Yes |
| relay_log_purge | Yes | Yes | Yes | Global | Yes |
| relay_log_space_limit | Yes | Yes | Yes | Global | No |
| report-host | Yes | Yes | No | ||
| - Variable: report_host | Yes | Global | No | ||
| report-password | Yes | Yes | No | ||
| - Variable: report_password | Yes | Global | No | ||
| report-port | Yes | Yes | No | ||
| - Variable: report_port | Yes | Global | No | ||
| report-user | Yes | Yes | No | ||
| - Variable: report_user | Yes | Global | No | ||
| rpl_recovery_rank | Yes | Global | Yes | ||
| secure-auth | Yes | Yes | Yes | ||
| - Variable: secure_auth | Yes | Global | Yes | ||
| secure-file-priv | Yes | Yes | No | ||
| - Variable: secure_file_priv | Yes | Global | No | ||
| server-id | Yes | Yes | Yes | ||
| - Variable: server_id | Yes | Global | Yes | ||
| shared_memory | Yes | Global | No | ||
| shared_memory_base_name | Yes | Global | No | ||
| skip-external-locking | Yes | Yes | No | ||
| - Variable: skip_external_locking | Yes | Global | No | ||
| skip-networking | Yes | Yes | No | ||
| - Variable: skip_networking | Yes | Global | No | ||
| skip-show-database | Yes | Yes | No | ||
| - Variable: skip_show_database | Yes | Global | No | ||
| skip-sync-bdb-logs | Yes | Yes | Yes | Global | No |
| slave_compressed_protocol | Yes | Yes | Yes | Global | Yes |
| slave-load-tmpdir | Yes | Yes | No | ||
| - Variable: slave_load_tmpdir | Yes | Global | No | ||
| slave-net-timeout | Yes | Yes | Yes | ||
| - Variable: slave_net_timeout | Yes | Global | Yes | ||
| slave-skip-errors | Yes | Yes | No | ||
| - Variable: slave_skip_errors | Yes | Global | No | ||
| slave_transaction_retries | Yes | Yes | Yes | Global | Yes |
| slow_launch_time | Yes | Yes | Yes | Global | Yes |
| socket | Yes | Yes | Yes | Global | No |
| sort_buffer_size | Yes | Yes | Yes | Both | Yes |
| sql_auto_is_null | Yes | Session | Yes | ||
| sql_big_selects | Yes | Both | Yes | ||
| sql_big_tables | Yes | Session | Yes | ||
| sql_buffer_result | Yes | Session | Yes | ||
| sql_log_bin | Yes | Session | Yes | ||
| sql_log_off | Yes | Session | Yes | ||
| sql_log_update | Yes | Session | Yes | ||
| sql_low_priority_updates | Yes | Both | Yes | ||
| sql_max_join_size | Yes | Both | Yes | ||
| sql-mode | Yes | Yes | Yes | ||
| - Variable: sql_mode | Yes | Both | Yes | ||
| sql_notes | Yes | Session | Yes | ||
| sql_quote_show_create | Yes | Session | Yes | ||
| sql_safe_updates | Yes | Session | Yes | ||
| sql_select_limit | Yes | Both | Yes | ||
| sql_slave_skip_counter | Yes | Global | Yes | ||
| sql_warnings | Yes | Session | Yes | ||
| ssl-ca | Yes | Yes | No | ||
| - Variable: ssl_ca | Yes | Global | No | ||
| ssl-capath | Yes | Yes | No | ||
| - Variable: ssl_capath | Yes | Global | No | ||
| ssl-cert | Yes | Yes | No | ||
| - Variable: ssl_cert | Yes | Global | No | ||
| ssl-cipher | Yes | Yes | No | ||
| - Variable: ssl_cipher | Yes | Global | No | ||
| ssl-key | Yes | Yes | No | ||
| - Variable: ssl_key | Yes | Global | No | ||
| storage_engine | Yes | Both | Yes | ||
| sync-bdb-logs | Yes | Yes | Yes | Global | No |
| sync-binlog | Yes | Yes | Yes | ||
| - Variable: sync_binlog | Yes | Global | Yes | ||
| sync-frm | Yes | Yes | Yes | ||
| - Variable: sync_frm | Yes | Global | Yes | ||
| system_time_zone | Yes | Global | No | ||
| table_cache | Yes | Yes | Yes | Global | Yes |
| table_lock_wait_timeout | Yes | Yes | Yes | Global | Yes |
| table_open_cache | Yes | Yes | Global | Yes | |
| table_type | Yes | Both | Yes | ||
| thread_cache_size | Yes | Yes | Yes | Global | Yes |
| thread_concurrency | Yes | Yes | Yes | Global | No |
| thread_stack | Yes | Yes | Yes | Global | No |
| timed_mutexes | Yes | Yes | Yes | Global | Yes |
| time_format | Yes | Yes | Yes | Both | Yes |
| timestamp | Yes | Session | Yes | ||
| time_zone | Yes | Yes | Both | Yes | |
| tmpdir | Yes | Yes | Yes | Global | No |
| tmp_table_size | Yes | Yes | Yes | Both | Yes |
| transaction_alloc_block_size | Yes | Yes | Yes | Both | Yes |
| transaction_prealloc_size | Yes | Yes | Yes | Both | Yes |
| tx_isolation | Yes | Both | Yes | ||
| unique_checks | Yes | Session | Yes | ||
| updatable_views_with_limit | Yes | Yes | Yes | Both | Yes |
| version | Yes | Yes | Global | No | |
| version_comment | Yes | Global | No | ||
| version_compile_machine | Yes | Global | No | ||
| version_compile_os | Yes | Global | No | ||
| wait_timeout | Yes | Yes | Yes | Both | Yes |
| warning_count | Yes | Session | No |
For additional system variable information, see these sections:
Section 5.1.4, “Session System Variables”, describes system variables that exist only as session variables (that is, they do not have any global counterpart).
Section 5.1.5, “Using System Variables”, discusses the syntax for setting and displaying system variable values.
Section 5.1.5.2, “Dynamic System Variables”, lists the variables that can be set at runtime.
Information on tuning system variables can be found in Section 7.5.2, “Tuning Server Parameters”.
Section 13.2.4, “InnoDB Startup Options and System Variables”, lists
InnoDB system variables.
Some of the following variable descriptions refer to
“enabling” or “disabling” a
variable. These variables can be enabled with the
SET statement by setting them to
ON or 1, or disabled by
setting them to OFF or
0. However, to set such a variable on the
command line or in an option file, you must set it to
1 or 0; setting it to
ON or OFF will not work.
For example, on the command line,
--delay_key_write=1 works but
--delay_key_write=ON does not.
Values for buffer sizes, lengths, and stack sizes are given in bytes unless otherwise specified.
| Version Introduced | 5.0.2 | ||||||
| Option Sets Variable | Yes, auto_increment_increment | ||||||
| Variable Name | auto_increment_increment | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
auto_increment_increment and
auto_increment_offset are intended for
use with master-to-master replication, and can be used to
control the operation of AUTO_INCREMENT
columns. Both variables have global and session values, and
each can assume an integer value between 1 and 65,535
inclusive. Setting the value of either of these two
variables to 0 causes its value to be set to 1 instead.
Attempting to set the value of either of these two variables
to an integer greater than 65,535 or less than 0 causes its
value to be set to 65,535 instead. Attempting to set the
value of auto_increment_increment or
auto_increment_offset to a non-integer
value gives rise to an error, and the actual value of the
variable remains unchanged.
These two variables affect AUTO_INCREMENT
column behavior as follows:
auto_increment_increment controls the
interval between successive column values. For example:
mysql>SHOW VARIABLES LIKE 'auto_inc%';+--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 1 | | auto_increment_offset | 1 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql>CREATE TABLE autoinc1->(col INT NOT NULL AUTO_INCREMENT PRIMARY KEY);Query OK, 0 rows affected (0.04 sec) mysql>SET @@auto_increment_increment=10;Query OK, 0 rows affected (0.00 sec) mysql>SHOW VARIABLES LIKE 'auto_inc%';+--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 1 | +--------------------------+-------+ 2 rows in set (0.01 sec) mysql>INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL);Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql>SELECT col FROM autoinc1;+-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | +-----+ 4 rows in set (0.00 sec)
(Note how SHOW VARIABLES is used here
to obtain the current values for these variables.)
auto_increment_offset determines the
starting point for the AUTO_INCREMENT
column value. Consider the following, assuming that
these statements are executed during the same session as
the example given in the description for
auto_increment_increment:
mysql>SET @@auto_increment_offset=5;Query OK, 0 rows affected (0.00 sec) mysql>SHOW VARIABLES LIKE 'auto_inc%';+--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 5 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql>CREATE TABLE autoinc2->(col INT NOT NULL AUTO_INCREMENT PRIMARY KEY);Query OK, 0 rows affected (0.06 sec) mysql>INSERT INTO autoinc2 VALUES (NULL), (NULL), (NULL), (NULL);Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql>SELECT col FROM autoinc2;+-----+ | col | +-----+ | 5 | | 15 | | 25 | | 35 | +-----+ 4 rows in set (0.02 sec)
If the value of auto_increment_offset
is greater than that of
auto_increment_increment, the value
of auto_increment_offset is ignored.
Should one or both of these variables be changed and then
new rows inserted into a table containing an
AUTO_INCREMENT column, the results may
seem counterintuitive because the series of
AUTO_INCREMENT values is calculated
without regard to any values already present in the column,
and the next value inserted is the least value in the series
that is greater than the maximum existing value in the
AUTO_INCREMENT column. In other words,
the series is calculated like so:
auto_increment_offset +
N ×
auto_increment_increment
where N is a positive integer
value in the series [1, 2, 3, ...]. For example:
mysql>SHOW VARIABLES LIKE 'auto_inc%';+--------------------------+-------+ | Variable_name | Value | +--------------------------+-------+ | auto_increment_increment | 10 | | auto_increment_offset | 5 | +--------------------------+-------+ 2 rows in set (0.00 sec) mysql>SELECT col FROM autoinc1;+-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | +-----+ 4 rows in set (0.00 sec) mysql>INSERT INTO autoinc1 VALUES (NULL), (NULL), (NULL), (NULL);Query OK, 4 rows affected (0.00 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql>SELECT col FROM autoinc1;+-----+ | col | +-----+ | 1 | | 11 | | 21 | | 31 | | 35 | | 45 | | 55 | | 65 | +-----+ 8 rows in set (0.00 sec)
The values shown for
auto_increment_increment and
auto_increment_offset generate the series
5 + N × 10, that is, [5,
15, 25, 35, 45, ...]. The greatest value present in the
col column prior to the
INSERT is 31, and the next available
value in the AUTO_INCREMENT series is 35,
so the inserted values for col begin at
that point and the results are as shown for the
SELECT query.
It is not possible to confine the effects of these two
variables to a single table, and thus they do not take the
place of the sequences offered by some other database
management systems; these variables control the behavior of
all AUTO_INCREMENT columns in
all tables on the MySQL server. If the
global value of either variable is set, its effects persist
until the global value is changed or overridden by setting
the session value, or until mysqld is
restarted. If the local value is set, the new value affects
AUTO_INCREMENT columns for all tables
into which new rows are inserted by the current user for the
duration of the session, unless the values are changed
during that session.
The auto_increment_increment variable was
added in MySQL 5.0.2. Its default value is 1. See
Section 18.3.1.1, “Replication and AUTO_INCREMENT”.
auto_increment_increment is supported for
use with NDB tables beginning with MySQL
5.0.46. Previously, setting it when using MySQL Cluster
tables produced unpredictable results.
| Version Introduced | 5.0.2 | ||||||
| Option Sets Variable | Yes, auto_increment_offset | ||||||
| Variable Name | auto_increment_offset | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This variable was introduced in MySQL 5.0.2. Its default
value is 1. For particulars, see the description for
auto_increment_increment.
auto_increment_offset is supported for
use with NDB tables beginning with MySQL
5.0.46. Previously, setting it when using MySQL Cluster
tables produced unpredictable results.
| Version Introduced | 5.0.3 | ||||
| Variable Name | automatic_sp_privileges | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
When this variable has a value of 1 (the default), the
server automatically grants the EXECUTE
and ALTER ROUTINE privileges to the
creator of a stored routine, if the user cannot already
execute and alter or drop the routine. (The ALTER
ROUTINE privilege is required to drop the
routine.) The server also automatically drops those
privileges when the creator drops the routine. If
automatic_sp_privileges is 0, the server
does not automatically add or drop these privileges. This
variable was added in MySQL 5.0.3.
| Option Sets Variable | Yes, back_log | ||||||
| Variable Name | back_log | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
The number of outstanding connection requests MySQL can
have. This comes into play when the main MySQL thread gets
very many connection requests in a very short time. It then
takes some time (although very little) for the main thread
to check the connection and start a new thread. The
back_log value indicates how many
requests can be stacked during this short time before MySQL
momentarily stops answering new requests. You need to
increase this only if you expect a large number of
connections in a short period of time.
In other words, this value is the size of the listen queue
for incoming TCP/IP connections. Your operating system has
its own limit on the size of this queue. The manual page for
the Unix listen() system call should have
more details. Check your OS documentation for the maximum
value for this variable. back_log cannot
be set higher than your operating system limit.
basedir
| Option Sets Variable | Yes, basedir | ||
| Variable Name | basedir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The MySQL installation base directory. This variable can be
set with the --basedir option. Relative
pathnames for other variables usually are resolved relative
to the base directory.
| Command Line Format | --bdb_cache_size=# | ||||
| Config File Format | bdb_cache_size | ||||
| Option Sets Variable | Yes, bdb_cache_size | ||||
| Variable Name | bdb_cache_size | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The size of the buffer that is allocated for caching indexes
and rows for BDB tables. If you don't use
BDB tables, you should start
mysqld with --skip-bdb
to not allocate memory for this cache.
| Command Line Format | --bdb-home=name | ||
| Variable Name | bdb_home | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The base directory for BDB tables. This
should be assigned the same value as the
datadir variable.
| Command Line Format | --bdb_log_buffer_size=# | ||||
| Config File Format | bdb_log_buffer_size | ||||
| Option Sets Variable | Yes, bdb_log_buffer_size | ||||
| Variable Name | bdb_log_buffer_size | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The size of the buffer that is allocated for caching indexes
and rows for BDB tables. If you don't use
BDB tables, you should set this to 0 or
start mysqld with
--skip-bdb to not allocate memory for this
cache.
| Command Line Format | --bdb-logdir=file_name | ||
| Variable Name | bdb_logdir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The directory where the BDB storage
engine writes its log files. This variable can be set with
the --bdb-logdir option.
| Command Line Format | --bdb_max_lock=# | ||||
| Config File Format | bdb_max_lock | ||||
| Option Sets Variable | Yes, bdb_max_lock | ||||
| Variable Name | bdb_max_lock | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The maximum number of locks that can be active for a
BDB table (10,000 by default). You should
increase this value if errors such as the following occur
when you perform long transactions or when
mysqld has to examine many rows to
calculate a query:
bdb: Lock table is out of available locks Got error 12 from ...
| Command Line Format | --bdb-shared-data |
| Option Sets Variable | Yes, bdb_shared_data |
| Variable Name | bdb_shared_data |
| Variable Scope | Global |
| Dynamic Variable | No |
This is ON if you are using
--bdb-shared-data to start Berkeley DB in
multi-process mode. (Do not use
DB_PRIVATE when initializing Berkeley
DB.)
| Command Line Format | --bdb-tmpdir=name | ||
| Config File Format | bdb-tmpdir | ||
| Variable Name | bdb_tmpdir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The BDB temporary file directory.
| Option Sets Variable | Yes, binlog_cache_size | ||||||
| Variable Name | binlog_cache_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size of the cache to hold the SQL statements for the
binary log during a transaction. A binary log cache is
allocated for each client if the server supports any
transactional storage engines and if the server has the
binary log enabled (--log-bin option). If
you often use large, multiple-statement transactions, you
can increase this cache size to get more performance. The
Binlog_cache_use and
Binlog_cache_disk_use status variables
can be useful for tuning the size of this variable. See
Section 5.2.3, “The Binary Log”.
MySQL Enterprise
For recommendations on the optimum setting for
binlog_cache_size subscribe to the
MySQL Enterprise Monitor. For more information, see
http://www.mysql.com/products/enterprise/advisors.html.
| Option Sets Variable | Yes, bulk_insert_buffer_size | ||||||
| Variable Name | bulk_insert_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
MyISAM uses a special tree-like cache to
make bulk inserts faster for INSERT ...
SELECT, INSERT ... VALUES (...), (...),
..., and LOAD DATA INFILE when
adding data to non-empty tables. This variable limits the
size of the cache tree in bytes per thread. Setting it to 0
disables this optimization. The default value is 8MB.
| Variable Name | character_set_client | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The character set for statements that arrive from the
client. The session value of this variable is set using the
character set requested by the client when the client
connects to the server. (Many clients support a
--default-character-set option to enable
this character set to be specified explicitly. See also
Section 9.1.4, “Connection Character Sets and Collations”.) The global value of
the variable is used to set the session value in cases when
the client-requested value is unknown or not available, or
the server is configured to ignore client requests:
The client is from a version of MySQL older than MySQL 4.1, and thus does not request a character set.
The client requests a character set not known to the
server. For example, a Japanese-enabled client requests
sjis when connecting to a server not
configured with sjis support.
mysqld was started with the
--skip-character-set-client-handshake
option, which causes it to ignore client character set
configuration. This reproduces MySQL 4.0 behavior and is
useful should you wish to upgrade the server without
upgrading all the clients.
| Variable Name | character_set_connection | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The character set used for literals that do not have a character set introducer and for number-to-string conversion.
| Variable Name | character_set_database | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The character set used by the default database. The server
sets this variable whenever the default database changes. If
there is no default database, the variable has the same
value as character_set_server.
| Version Introduced | 5.0.19 | ||
| Option Sets Variable | Yes, character_set_filesystem | ||
| Variable Name | character_set_filesystem | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The filesystem character set. This variable is used to
interpret string literals that refer to filenames, such as
in the LOAD DATA INFILE and
SELECT ... INTO OUTFILE statements and
the LOAD_FILE() function.
Such filenames are converted from
character_set_client to
character_set_filesystem before the file
opening attempt occurs. The default value is
binary, which means that no conversion
occurs. For systems on which multi-byte filenames are
allowed, a different value may be more appropriate. For
example, if the system represents filenames using UTF-8, set
character_set_filesystem to
'utf8'. This variable was added in MySQL
5.0.19.
| Variable Name | character_set_results | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The character set used for returning query results to the client.
| Option Sets Variable | Yes, character_set_server | ||
| Variable Name | character_set_server | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The server's default character set.
| Variable Name | character_set_system | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The character set used by the server for storing
identifiers. The value is always utf8.
| Option Sets Variable | Yes, character_sets_dir | ||
| Variable Name | character-sets-dir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The directory where character sets are installed.
| Variable Name | collation_connection | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The collation of the connection character set.
| Variable Name | collation_database | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The collation used by the default database. The server sets
this variable whenever the default database changes. If
there is no default database, the variable has the same
value as collation_server.
| Option Sets Variable | Yes, collation_server | ||
| Variable Name | collation_server | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The server's default collation.
| Version Introduced | 5.0.3 | ||||||
| Option Sets Variable | Yes, completion_type | ||||||
| Variable Name | competion_type | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The transaction completion type:
If the value is 0 (the default),
COMMIT and
ROLLBACK are unaffected.
If the value is 1, COMMIT and
ROLLBACK are equivalent to
COMMIT AND CHAIN and
ROLLBACK AND CHAIN, respectively. (A
new transaction starts immediately with the same
isolation level as the just-terminated transaction.)
If the value is 2, COMMIT and
ROLLBACK are equivalent to
COMMIT RELEASE and ROLLBACK
RELEASE, respectively. (The server disconnects
after terminating the transaction.)
This variable was added in MySQL 5.0.3
| Option Sets Variable | Yes, concurrent_insert | ||||||
| Variable Name | concurrent_insert | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set (<= 5.0.6) |
| ||||||
| Value Set (>= 5.0.6) |
|
If 1 (the default), MySQL allows INSERT
and SELECT statements to run concurrently
for MyISAM tables that have no free
blocks in the middle of the data file. You can turn this
option off by starting mysqld with
--safe or --skip-new.
In MySQL 5.0.6, this variable was changed to take three integer values:
| Value | Description |
| 0 | Off |
| 1 | (Default) Enables concurrent insert for MyISAM tables
that don't have holes |
| 2 | Enables concurrent inserts for all MyISAM tables,
even those that have holes. For a table with a hole,
new rows are inserted at the end of the table if it
is in use by another thread. Otherwise, MySQL
acquires a normal write lock and inserts the row
into the hole. |
See also Section 7.3.3, “Concurrent Inserts”.
| Option Sets Variable | Yes, connect_timeout | ||||||
| Variable Name | connect_timeout | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set (<= 5.0.52) |
| ||||||
| Value Set (>= 5.0.52) |
|
The number of seconds that the mysqld
server waits for a connect packet before responding with
Bad handshake. The default value is 10
seconds as of MySQL 5.0.52 and 5 seconds before that.
Increasing the connect_timeout value
might help if clients frequently encounter errors of the
form Lost connection to MySQL server at
'.
XXX', system error:
errno
datadir
| Option Sets Variable | Yes, datadir | ||
| Variable Name | datadir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The MySQL data directory. This variable can be set with the
--datadir option.
This variable is unused.
This variable is unused.
| Option Sets Variable | Yes, default_week_format | ||||||
| Variable Name | default_week_format | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The default mode value to use for the
WEEK() function. See
Section 11.6, “Date and Time Functions”.
| Option Sets Variable | Yes, delay_key_write | ||||||
| Variable Name | delay-key-write | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This option applies only to MyISAM
tables. It can have one of the following values to affect
handling of the DELAY_KEY_WRITE table
option that can be used in CREATE TABLE
statements.
| Option | Description |
OFF | DELAY_KEY_WRITE is ignored. |
ON | MySQL honors any DELAY_KEY_WRITE option specified in
CREATE TABLE statements. This is
the default value. |
ALL | All new opened tables are treated as if they were created with the
DELAY_KEY_WRITE option enabled. |
If DELAY_KEY_WRITE is enabled for a
table, the key buffer is not flushed for the table on every
index update, but only when the table is closed. This speeds
up writes on keys a lot, but if you use this feature, you
should add automatic checking of all
MyISAM tables by starting the server with
the --myisam-recover option (for example,
--myisam-recover=BACKUP,FORCE). See
Section 5.1.2, “Command Options”, and
Section 13.1.1, “MyISAM Startup Options”.
Note that if you enable external locking with
--external-locking, there is no protection
against index corruption for tables that use delayed key
writes.
| Option Sets Variable | Yes, delayed_insert_limit | ||||||
| Variable Name | delayed_insert_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
After inserting delayed_insert_limit
delayed rows, the INSERT DELAYED handler
thread checks whether there are any
SELECT statements pending. If so, it
allows them to execute before continuing to insert delayed
rows.
| Option Sets Variable | Yes, delayed_insert_timeout | ||||
| Variable Name | delayed_insert_timeout | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
How many seconds an INSERT DELAYED
handler thread should wait for INSERT
statements before terminating.
| Option Sets Variable | Yes, delayed_queue_size | ||||||
| Variable Name | delayed_queue_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This is a per-table limit on the number of rows to queue
when handling INSERT DELAYED statements.
If the queue becomes full, any client that issues an
INSERT DELAYED statement waits until
there is room in the queue again.
| Version Introduced | 5.0.6 | ||||||
| Option Sets Variable | Yes, div_precision_increment | ||||||
| Variable Name | div_precision_increment | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This variable indicates the number of digits by which to
increase the scale of the result of division operations
performed with the
/
operator. The default value is 4. The minimum and maximum
values are 0 and 30, respectively. The following example
illustrates the effect of increasing the default value.
mysql>SELECT 1/7;+--------+ | 1/7 | +--------+ | 0.1429 | +--------+ mysql>SET div_precision_increment = 12;mysql>SELECT 1/7;+----------------+ | 1/7 | +----------------+ | 0.142857142857 | +----------------+
This variable was added in MySQL 5.0.6.
| Option Sets Variable | Yes, expire_logs_days | ||||||
| Variable Name | expire_logs_days | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of days for automatic binary log removal. The default is 0, which means “no automatic removal.” Possible removals happen at startup and at binary log rotation.
flush
| Variable Name | flush | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If ON, the server flushes (synchronizes)
all changes to disk after each SQL statement. Normally,
MySQL does a write of all changes to disk only after each
SQL statement and lets the operating system handle the
synchronizing to disk. See Section B.1.4.2, “What to Do If MySQL Keeps Crashing”. This
variable is set to ON if you start
mysqld with the --flush
option.
| Option Sets Variable | Yes, flush_time | |||||||||
| Variable Name | flush_time | |||||||||
| Variable Scope | Global | |||||||||
| Dynamic Variable | Yes | |||||||||
| Value Set |
| |||||||||
| Value Set |
| |||||||||
| Value Set |
| |||||||||
| Value Set |
| |||||||||
| Value Set |
| |||||||||
| Value Set |
|
If this is set to a non-zero value, all tables are closed
every flush_time seconds to free up
resources and synchronize unflushed data to disk. We
recommend that this option be used only on systems with
minimal resources.
| Variable Name | ft_boolean_syntax | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The list of operators supported by boolean full-text
searches performed using IN BOOLEAN MODE.
See Section 11.8.2, “Boolean Full-Text Searches”.
The default variable value is
'+ -><()~*:""&|'. The
rules for changing the value are as follows:
Operator function is determined by position within the string.
The replacement value must be 14 characters.
Each character must be an ASCII non-alphanumeric character.
Either the first or second character must be a space.
No duplicates are allowed except the phrase quoting operators in positions 11 and 12. These two characters are not required to be the same, but they are the only two that may be.
Positions 10, 13, and 14 (which by default are set to
“:”,
“&”, and
“|”) are reserved for
future extensions.
| Option Sets Variable | Yes, ft_max_word_len | ||||
| Variable Name | ft_max_word_len | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The maximum length of the word to be included in a
FULLTEXT index.
FULLTEXT indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
.
tbl_name QUICK
| Option Sets Variable | Yes, ft_min_word_len | ||||||
| Variable Name | ft_min_word_len | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
The minimum length of the word to be included in a
FULLTEXT index.
FULLTEXT indexes must be rebuilt after
changing this variable. Use REPAIR TABLE
.
tbl_name QUICK
| Option Sets Variable | Yes, ft_query_expansion_limit | ||||||
| Variable Name | ft_query_expansion_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
The number of top matches to use for full-text searches
performed using WITH QUERY EXPANSION.
| Option Sets Variable | Yes, ft_stopword_file | ||
| Variable Name | ft_stopword_file | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The file from which to read the list of stopwords for
full-text searches. All the words from the file are used;
comments are not honored. By default, a
built-in list of stopwords is used (as defined in the
myisam/ft_static.c file). Setting this
variable to the empty string ('')
disables stopword filtering.
FULLTEXT indexes must be rebuilt after
changing this variable or the contents of the stopword
file. Use REPAIR TABLE
.
tbl_name QUICK
| Option Sets Variable | Yes, group_concat_max_len | ||||||
| Variable Name | group_concat_max_len | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The maximum allowed result length in bytes for the
GROUP_CONCAT() function. The
default is 1024.
YES if mysqld supports
ARCHIVE tables, NO if
not.
YES if mysqld supports
BDB tables. DISABLED
if --skip-bdb is used.
YES if mysqld supports
BLACKHOLE tables, NO
if not.
YES if the zlib
compression library is available to the server,
NO if not. If not, the
COMPRESS() and
UNCOMPRESS() functions
cannot be used.
YES if the crypt()
system call is available to the server,
NO if not. If not, the
ENCRYPT() function cannot be
used.
YES if mysqld supports
CSV tables, NO if not.
YES if mysqld supports
EXAMPLE tables, NO if
not.
YES if mysqld supports
FEDERATED tables, NO
if not. This variable was added in MySQL 5.0.3.
YES if the server supports spatial data
types, NO if not.
YES if mysqld supports
InnoDB tables.
DISABLED if
--skip-innodb is used.
In MySQL 5.0, this variable appears only for
reasons of backward compatibility. It is always
NO because ISAM tables
are no longer supported.
YES if mysqld supports
MERGE tables. DISABLED
if --skip-merge is used. This variable was
added in MySQL 5.0.24.
YES if mysqld supports
SSL connections, NO if not. As of MySQL
5.0.38, this variable is an alias for
have_ssl.
YES if mysqld supports
the query cache, NO if not.
In MySQL 5.0, this variable appears only for
reasons of backward compatibility. It is always
NO because RAID tables
are no longer supported.
YES if RTREE indexes
are available, NO if not. (These are used
for spatial indexes in MyISAM tables.)
YES if mysqld supports
SSL connections, NO if not. This variable
was added in MySQL 5.0.38. Before that, use
have_openssl.
YES if symbolic link support is enabled,
NO if not. This is required on Unix for
support of the DATA DIRECTORY and
INDEX DIRECTORY table options, and on
Windows for support of data directory symlinks.
| Version Introduced | 5.0.38 | ||
| Variable Name | hostname | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The server sets this variable to the server hostname at startup. This variable was added in MySQL 5.0.38.
| Option Sets Variable | Yes, init_connect | ||
| Variable Name | init_connect | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
A string to be executed by the server for each client that
connects. The string consists of one or more SQL statements.
To specify multiple statements, separate them by semicolon
characters. For example, each client begins by default with
autocommit mode enabled. There is no global system variable
to specify that autocommit should be disabled by default,
but init_connect can be used to achieve
the same effect:
SET GLOBAL init_connect='SET AUTOCOMMIT=0';
This variable can also be set on the command line or in an option file. To set the variable as just shown using an option file, include these lines:
[mysqld] init_connect='SET AUTOCOMMIT=0'
Note that the content of init_connect is
not executed for users that have the
SUPER privilege. This is done so that an
erroneous value for init_connect does not
prevent all clients from connecting. For example, the value
might contain a statement that has a syntax error, thus
causing client connections to fail. Not executing
init_connect for users that have the
SUPER privilege enables them to open a
connection and fix the init_connect
value.
| Option Sets Variable | Yes, init_file | ||
| Variable Name | init_file | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The name of the file specified with the
--init-file option when you start the
server. This should be a file containing SQL statements that
you want the server to execute when it starts. Each
statement must be on a single line and should not include
comments.
Note that the --init-file option is
unavailable if MySQL was configured with the
--disable-grant-options option. See
Section 2.4.15.2, “Typical configure Options”.
| Option Sets Variable | Yes, init_slave | ||
| Variable Name | init_slave | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
This variable is similar to init_connect,
but is a string to be executed by a slave server each time
the SQL thread starts. The format of the string is the same
as for the init_connect variable.
The SQL thread sends an acknowledgement to the client
before init_slave is executed.
Therefore, it is not guaranteed that
init_slave has been executed when
START SLAVE returns. See
Section 12.6.2.7, “START SLAVE Syntax”, for more information.
innodb_
xxx
InnoDB system variables are listed in
Section 13.2.4, “InnoDB Startup Options and System Variables”.
| Option Sets Variable | Yes, interactive_timeout | ||||||
| Variable Name | interactive_timeout | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of seconds the server waits for activity on an
interactive connection before closing it. An interactive
client is defined as a client that uses the
CLIENT_INTERACTIVE option to
mysql_real_connect(). See
also wait_timeout.
| Option Sets Variable | Yes, join_buffer_size | ||||||
| Variable Name | join_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size of the buffer that is used for joins that do not
use indexes and thus perform full table scans. Normally, the
best way to get fast joins is to add indexes. Increase the
value of join_buffer_size to get a faster
full join when adding indexes is not possible. One join
buffer is allocated for each full join between two tables.
For a complex join between several tables for which indexes
are not used, multiple join buffers might be necessary.
The maximum allowable setting for
join_buffer_size is 4GB.
| Version Introduced | 5.0.48 | ||||
| Option Sets Variable | Yes, keep_files_on_create | ||||
| Variable Name | keep_files_on_create | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If a MyISAM table is created with no
DATA DIRECTORY option, the
.MYD file is created in the database
directory. By default, if MyISAM finds an
existing .MYD file in this case, it
overwrites it. The same applies to .MYI
files for tables created with no INDEX
DIRECTORY option. To suppress this behavior, set
the keep_files_on_create variable to
ON (1), in which case
MyISAM will not overwrite existing files
and returns an error instead. The default value is
OFF (0).
If a MyISAM table is created with a
DATA DIRECTORY or INDEX
DIRECTORY option and an existing
.MYD or .MYI file
is found, MyISAM always returns an error. It will not
overwrite a file in the specified directory.
This variable was added in MySQL 5.0.48.
| Option Sets Variable | Yes, key_buffer_size | ||||||
| Variable Name | key_buffer_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Index blocks for MyISAM tables are
buffered and are shared by all threads.
key_buffer_size is the size of the buffer
used for index blocks. The key buffer is also known as the
key cache.
The maximum allowable setting for
key_buffer_size is 4GB on 32-bit
platforms. As of MySQL 5.0.52, values larger than 4GB are
allowed for 64-bit platforms (except 64-bit Windows, for
which large values are truncated to 4GB with a warning). The
effective maximum size might be less, depending on your
available physical RAM and per-process RAM limits imposed by
your operating system or hardware platform. The value of
this variable indicates the amount of memory requested.
Internally, the server allocates as much memory as possible
up to this amount, but the actual allocation might be less.
Increase the value to get better index handling (for all reads and multiple writes) to as much as you can afford. Using a value that is 25% of total memory on a machine that mainly runs MySQL is quite common. However, if you make the value too large (for example, more than 50% of your total memory) your system might start to page and become extremely slow. MySQL relies on the operating system to perform filesystem caching for data reads, so you must leave some room for the filesystem cache. Consider also the memory requirements of other storage engines.
For even more speed when writing many rows at the same time,
use LOCK TABLES. See
Section 7.2.18, “Speed of INSERT Statements”.
You can check the performance of the key buffer by issuing a
SHOW STATUS statement and examining the
Key_read_requests,
Key_reads,
Key_write_requests, and
Key_writes status variables. (See
Section 12.5.5, “SHOW Syntax”.) The
Key_reads/Key_read_requests ratio should
normally be less than 0.01. The
Key_writes/Key_write_requests ratio is
usually near 1 if you are using mostly updates and deletes,
but might be much smaller if you tend to do updates that
affect many rows at the same time or if you are using the
DELAY_KEY_WRITE table option.
The fraction of the key buffer in use can be determined
using key_buffer_size in conjunction with
the Key_blocks_unused status variable and
the buffer block size, which is available from the
key_cache_block_size system variable:
1 - ((Key_blocks_unused × key_cache_block_size) / key_buffer_size)
This value is an approximation because some space in the key buffer may be allocated internally for administrative structures.
It is possible to create multiple MyISAM
key caches. The size limit of 4GB applies to each cache
individually, not as a group. See
Section 7.4.6, “The MyISAM Key Cache”.
| Option Sets Variable | Yes, key_cache_age_threshold | ||||||
| Variable Name | key_cache_age_threshold | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This value controls the demotion of buffers from the hot
sub-chain of a key cache to the warm sub-chain. Lower values
cause demotion to happen more quickly. The minimum value is
100. The default value is 300. See
Section 7.4.6, “The MyISAM Key Cache”.
| Option Sets Variable | Yes, key_cache_block_size | ||||||
| Variable Name | key_cache_block_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size in bytes of blocks in the key cache. The default
value is 1024. See Section 7.4.6, “The MyISAM Key Cache”.
| Option Sets Variable | Yes, key_cache_division_limit | ||||||
| Variable Name | key_cache_division_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The division point between the hot and warm sub-chains of
the key cache buffer chain. The value is the percentage of
the buffer chain to use for the warm sub-chain. Allowable
values range from 1 to 100. The default value is 100. See
Section 7.4.6, “The MyISAM Key Cache”.
language
| Option Sets Variable | Yes, language | ||||
| Variable Name | language | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The language used for error messages.
| Variable Name | large_files_support |
| Variable Scope | Global |
| Dynamic Variable | No |
Whether mysqld was compiled with options for large file support.
| Version Introduced | 5.0.3 | ||||||
| Option Sets Variable | Yes, large_pages | ||||||
| Variable Name | large_pages | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Platform Specific | linux | ||||||
| Value Set |
|
Whether large page support is enabled. This variable was added in MySQL 5.0.3.
For more information, see
the entry for the
--large-pages server option.
| Version Introduced | 5.0.3 | ||||||
| Variable Name | large_page_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
If large page support is enabled, this shows the size of memory pages. Currently, large memory pages are supported only on Linux; on other platforms, the value of this variable is always 0. This variable was added in MySQL 5.0.3.
For more information, see
the entry for the
--large-pages server option.
| Version Introduced | 5.0.25 | ||
| Variable Name | lc_time_names | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
This variable specifies the locale that controls the
language used to display day and month names and
abbreviations. This variable affects the output from the
DATE_FORMAT(),
DAYNAME() and
MONTHNAME() functions.
Locale names are POSIX-style values such as
'ja_JP' or 'pt_BR'.
The default value is 'en_US' regardless
of your system's locale setting. For further information,
see Section 9.8, “MySQL Server Locale Support”. This variable was
added in MySQL 5.0.25.
| Variable Name | license | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The type of license the server has.
| Variable Name | local_infile |
| Variable Scope | Global |
| Dynamic Variable | Yes |
Whether LOCAL is supported for
LOAD DATA INFILE statements. See
Section 5.3.4, “Security Issues with LOAD DATA LOCAL”.
| Variable Name | locked_in_memory |
| Variable Scope | Global |
| Dynamic Variable | No |
Whether mysqld was locked in memory with
--memlock.
Whether logging of all statements to the general query log is enabled. See Section 5.2.2, “The General Query Log”.
| Variable Name | log_bin |
| Variable Scope | Global |
| Dynamic Variable | No |
Whether the binary log is enabled. See Section 5.2.3, “The Binary Log”.
log_bin_trust_function_creators
| Version Introduced | 5.0.16 | ||||
| Option Sets Variable | Yes, log_bin_trust_function_creators | ||||
| Variable Name | log_bin_trust_function_creators | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
This variable applies when binary logging is enabled. It
controls whether stored function creators can be trusted not
to create stored functions that will cause unsafe events to
be written to the binary log. If set to 0 (the default),
users are not allowed to create or alter stored functions
unless they have the SUPER privilege in
addition to the CREATE ROUTINE or
ALTER ROUTINE privilege. A setting of 0
also enforces the restriction that a function must be
declared with the DETERMINISTIC
characteristic, or with the READS SQL
DATA or NO SQL characteristic.
If the variable is set to 1, MySQL does not enforce these
restrictions on stored function creation. This variable also
applies to trigger creation. See
Section 21.4, “Binary Logging of Stored Routines and Triggers”.
This variable was added in MySQL 5.0.16.
log_bin_trust_routine_creators
This is the old name for
log_bin_trust_function_creators. Before
MySQL 5.0.16, it also applies to stored procedures, not just
stored functions. As of 5.0.16, this variable is deprecated.
It is recognized for backward compatibility but its use
results in a warning.
This variable was added in MySQL 5.0.6.
| Option Sets Variable | Yes, log_error | ||
| Variable Name | log_error | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The location of the error log.
| Option Sets Variable | Yes, log_queries_not_using_indexes | ||
| Variable Name | log_queries_not_using_indexes | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
Whether queries that do not use indexes are logged to the slow query log. See Section 5.2.4, “The Slow Query Log”. This variable was added in MySQL 5.0.23.
Whether updates received by a slave server from a master server should be logged to the slave's own binary log. Binary logging must be enabled on the slave for this variable to have any effect. See Section 18.1.2, “Replication Startup Options and Variables”.
| Option Sets Variable | Yes, log_slow_queries | ||
| Variable Name | log_slow_queries | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
Whether slow queries should be logged. “Slow”
is determined by the value of the
long_query_time variable. See
Section 5.2.4, “The Slow Query Log”.
| Option Sets Variable | Yes, log-warnings | ||||
| Variable Name | log_warnings | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Disabled by | skip-log-warnings | ||||
| Value Set |
|
Whether to produce additional warning messages. It is enabled (1) by default and can be disabled by setting it to 0. Aborted connections are not logged to the error log unless the value is greater than 1.
| Option Sets Variable | Yes, long_query_time | ||||||
| Variable Name | long_query_time | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set (<= 5.0.20) |
|
If a query takes longer than this many seconds, the server
increments the Slow_queries status
variable. If you are using the
--log-slow-queries option, the query is
logged to the slow query log file. This value is measured in
real time, not CPU time, so a query that is under the
threshold on a lightly loaded system might be above the
threshold on a heavily loaded one. The minimum value is 1.
The default is 10. See Section 5.2.4, “The Slow Query Log”.
| Option Sets Variable | Yes, low_priority_updates | ||||
| Variable Name | low_priority_updates | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If set to 1, all
INSERT, UPDATE,
DELETE, and LOCK TABLE
WRITE statements wait until there is no pending
SELECT or LOCK TABLE
READ on the affected table. This affects only
storage engines that use only table-level locking
(MyISAM, MEMORY,
MERGE). This variable previously was
named sql_low_priority_updates.
| Option Sets Variable | Yes, lower_case_file_system | ||
| Variable Name | lower_case_file_system | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
This variable describes the case sensitivity of filenames on
the filesystem where the data directory is located.
OFF means filenames are case sensitive,
ON means they are not case sensitive.
| Option Sets Variable | Yes, lower_case_table_names | ||||||
| Variable Name | lower_case_table_names | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
If set to 1, table names are stored in lowercase on disk and table name comparisons are not case sensitive. If set to 2 table names are stored as given but compared in lowercase. This option also applies to database names and table aliases. See Section 8.2.2, “Identifier Case Sensitivity”.
If you are using InnoDB tables, you
should set this variable to 1 on all platforms to force
names to be converted to lowercase.
You should not set this variable to 0
if you are running MySQL on a system that does not have
case-sensitive filenames (such as Windows or Mac OS X). If
this variable is not set at startup and the filesystem on
which the data directory is located does not have
case-sensitive filenames, MySQL automatically sets
lower_case_table_names to 2.
| Option Sets Variable | Yes, max_allowed_packet | ||||||
| Variable Name | max_allowed_packet | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The maximum size of one packet or any generated/intermediate string.
The packet message buffer is initialized to
net_buffer_length bytes, but can grow up
to max_allowed_packet bytes when needed.
This value by default is small, to catch large (possibly
incorrect) packets.
You must increase this value if you are using large
BLOB columns or long strings. It should
be as big as the largest BLOB you want to
use. The protocol limit for
max_allowed_packet is 1GB. The value
should be a multiple of 1024; non-multiples are rounded down
to the nearest multiple.
| Option Sets Variable | Yes, max_binlog_cache_size | ||||||
| Variable Name | max_binlog_cache_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If a multiple-statement transaction requires more than this
many bytes of memory, the server generates a
Multi-statement transaction required more than
'max_binlog_cache_size' bytes of storage error.
The minimum value is 4096, the maximum and default values
are 4GB.
| Option Sets Variable | Yes, max_binlog_size | ||||||
| Variable Name | max_binlog_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If a write to the binary log causes the current log file size to exceed the value of this variable, the server rotates the binary logs (closes the current file and opens the next one). You cannot set this variable to more than 1GB or to less than 4096 bytes. The default value is 1GB.
A transaction is written in one chunk to the binary log, so
it is never split between several binary logs. Therefore, if
you have big transactions, you might see binary logs larger
than max_binlog_size.
If max_relay_log_size is 0, the value of
max_binlog_size applies to relay logs as
well.
| Option Sets Variable | Yes, max_connect_errors | ||||||
| Variable Name | max_connect_errors | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If there are more than this number of interrupted
connections from a host, that host is blocked from further
connections. You can unblock blocked hosts with the
FLUSH HOSTS statement.
| Option Sets Variable | Yes, max_connections | ||||
| Variable Name | max_connections | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The number of simultaneous client connections allowed. By
default, this is 100. See
Section B.1.2.7, “Too many connections”, for more
information.
MySQL Enterprise
For notification that the maximum number of connections is
getting dangerously high and for advice on setting the
optimum value for max_connections
subscribe to the MySQL Enterprise Monitor. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
Increasing this value increases the number of file descriptors that mysqld requires. See Section 7.4.8, “How MySQL Opens and Closes Tables”, for comments on file descriptor limits.
| Option Sets Variable | Yes, max_delayed_threads | ||||||
| Variable Name | max_delayed_threads | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Do not start more than this number of threads to handle
INSERT DELAYED statements. If you try to
insert data into a new table after all INSERT
DELAYED threads are in use, the row is inserted as
if the DELAYED attribute wasn't
specified. If you set this to 0, MySQL never creates a
thread to handle DELAYED rows; in effect,
this disables DELAYED entirely.
For the SESSION value of this variable,
the only valid values are 0 or the GLOBAL
value.
| Option Sets Variable | Yes, max_error_count | ||||||
| Variable Name | max_error_count | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The maximum number of error, warning, and note messages to
be stored for display by the SHOW ERRORS
and SHOW WARNINGS statements.
| Option Sets Variable | Yes, max_heap_table_size | ||||||
| Variable Name | max_heap_table_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This variable sets the maximum size to which
MEMORY tables are allowed to grow. The
value of the variable is used to calculate
MEMORY table MAX_ROWS
values. Setting this variable has no effect on any existing
MEMORY table, unless the table is
re-created with a statement such as CREATE
TABLE or altered with ALTER
TABLE or TRUNCATE TABLE. A
server restart also sets the maximum size of existing
MEMORY tables to the global
max_heap_table_size value.
MySQL Enterprise
Subscribers to the MySQL Enterprise Monitor receive
recommendations for the optimum setting for
max_heap_table_size. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
| Variable Name | max_insert_delayed_threads | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
This variable is a synonym for
max_delayed_threads.
| Option Sets Variable | Yes, max_join_size | ||||||
| Variable Name | max_join_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Do not allow SELECT statements that
probably need to examine more than
max_join_size rows (for single-table
statements) or row combinations (for multiple-table
statements) or that are likely to do more than
max_join_size disk seeks. By setting this
value, you can catch SELECT statements
where keys are not used properly and that would probably
take a long time. Set it if your users tend to perform joins
that lack a WHERE clause, that take a
long time, or that return millions of rows.
Setting this variable to a value other than
DEFAULT resets the value of
SQL_BIG_SELECTS to 0.
If you set the SQL_BIG_SELECTS value
again, the max_join_size variable is
ignored.
If a query result is in the query cache, no result size check is performed, because the result has previously been computed and it does not burden the server to send it to the client.
This variable previously was named
sql_max_join_size.
| Option Sets Variable | Yes, max_length_for_sort_data | ||||||
| Variable Name | max_length_for_sort_data | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The cutoff on the size of index values that determines which
filesort algorithm to use. See
Section 7.2.12, “ORDER BY Optimization”.
| Version Introduced | 5.0.21 | ||||||
| Command Line Format | --max_prepared_stmt_count=# | ||||||
| Config File Format | max_prepared_stmt_count | ||||||
| Option Sets Variable | Yes, max_prepared_stmt_count | ||||||
| Variable Name | max_prepared_stmt_count | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
This variable limits the total number of prepared statements in the server. It can be used in environments where there is the potential for denial-of-service attacks based on running the server out of memory by preparing huge numbers of statements. The default value is 16,382. The allowable range of values is from 0 to 1 million. If the value is set lower than the current number of prepared statements, existing statements are not affected and can be used, but no new statements can be prepared until the current number drops below the limit. This variable was added in MySQL 5.0.21.
| Option Sets Variable | Yes, max_relay_log_size | ||||||
| Variable Name | max_relay_log_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If a write by a replication slave to its relay log causes
the current log file size to exceed the value of this
variable, the slave rotates the relay logs (closes the
current file and opens the next one). If
max_relay_log_size is 0, the server uses
max_binlog_size for both the binary log
and the relay log. If max_relay_log_size
is greater than 0, it constrains the size of the relay log,
which enables you to have different sizes for the two logs.
You must set max_relay_log_size to
between 4096 bytes and 1GB (inclusive), or to 0. The default
value is 0. See
Section 18.4.1, “Replication Implementation Details”.
| Option Sets Variable | Yes, max_seeks_for_key | ||||||
| Variable Name | max_seeks_for_key | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Limit the assumed maximum number of seeks when looking up
rows based on a key. The MySQL optimizer assumes that no
more than this number of key seeks are required when
searching for matching rows in a table by scanning an index,
regardless of the actual cardinality of the index (see
Section 12.5.5.15, “SHOW INDEX Syntax”). By setting this to a low
value (say, 100), you can force MySQL to prefer indexes
instead of table scans.
| Option Sets Variable | Yes, max_sort_length | ||||||
| Variable Name | max_sort_length | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of bytes to use when sorting
BLOB or TEXT values.
Only the first max_sort_length bytes of
each value are used; the rest are ignored.
| Version Introduced | 5.0.17 | ||||||
| Option Sets Variable | Yes, max_sp_recursion_depth | ||||||
| Variable Name | max_sp_recursion_depth | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of times that any given stored procedure may be called recursively. The default value for this option is 0, which completely disallows recursion in stored procedures. The maximum value is 255.
Stored procedure recursion increases the demand on thread
stack space. If you increase the value of
max_sp_recursion_depth, it may be
necessary to increase thread stack size by increasing the
value of thread_stack at server startup.
This variable was added in MySQL 5.0.17.
| Option Sets Variable | Yes, max_tmp_tables | ||||||
| Variable Name | max_tmp_tables | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The maximum number of temporary tables a client can keep open at the same time. (This option does not yet do anything.)
| Option Sets Variable | Yes, max_user_connections | ||||
| Variable Name | max_user_connections | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The maximum number of simultaneous connections allowed to any given MySQL account. A value of 0 means “no limit.”
Before MySQL 5.0.3, this variable has only global scope.
Beginning with MySQL 5.0.3, it also has a read-only session
scope. The session variable has the same value as the global
variable unless the current account has a non-zero
MAX_USER_CONNECTIONS resource limit. In
that case, the session value reflects the account limit.
| Option Sets Variable | Yes, max_write_lock_count | ||||||
| Variable Name | max_write_lock_count | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
After this many write locks, allow some pending read lock requests to be processed in between.
| Option Sets Variable | Yes, myisam_block_size | ||||||
| Variable Name | myisam_block_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The block size to be used for MyISAM
index pages.
| Option Sets Variable | Yes, myisam_data_pointer_size | ||||||
| Variable Name | myisam_data_pointer_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set (<= 5.0.6) |
| ||||||
| Value Set (>= 5.0.6) |
|
The default pointer size in bytes, to be used by
CREATE TABLE for
MyISAM tables when no
MAX_ROWS option is specified. This
variable cannot be less than 2 or larger than 7. The default
value is 6 (4 before MySQL 5.0.6). See
Section B.1.2.12, “The table is full”.
myisam_max_extra_sort_file_size
(DEPRECATED)
This variable is not used. It was removed in MySQL 5.0.6.
| Option Sets Variable | Yes, myisam_max_sort_file_size | ||||
| Variable Name | myisam_max_sort_file_size | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The maximum size of the temporary file that MySQL is allowed
to use while re-creating a MyISAM index
(during REPAIR TABLE, ALTER
TABLE, or LOAD DATA INFILE). If
the file size would be larger than this value, the index is
created using the key cache instead, which is slower. The
value is given in bytes.
The default value is 2GB. If MyISAM index
files exceed this size and disk space is available,
increasing the value may help performance.
| Variable Name | myisam_recover_options |
| Variable Scope | Global |
| Dynamic Variable | No |
The value of the --myisam-recover option.
See Section 5.1.2, “Command Options”.
| Option Sets Variable | Yes, myisam_repair_threads | ||||||
| Variable Name | myisam_repair_threads | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If this value is greater than 1, MyISAM
table indexes are created in parallel (each index in its own
thread) during the Repair by sorting
process. The default value is 1.
Multi-threaded repair is still beta-quality code.
| Option Sets Variable | Yes, myisam_sort_buffer_size | ||||||
| Variable Name | myisam_sort_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size of the buffer that is allocated when sorting
MyISAM indexes during a REPAIR
TABLE or when creating indexes with
CREATE INDEX or ALTER
TABLE.
The maximum allowable setting for
myisam_sort_buffer_size is 4GB.
| Version Introduced | 5.0.14 | ||||
| Option Sets Variable | Yes, myisam_stats_method | ||||
| Variable Name | myisam_stats_method | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set (<= 5.0) |
| ||||
| Value Set (>= 5.0) |
|
How the server treats NULL values when
collecting statistics about the distribution of index values
for MyISAM tables. This variable has two
possible values, nulls_equal and
nulls_unequal. For
nulls_equal, all NULL
index values are considered equal and form a single value
group that has a size equal to the number of
NULL values. For
nulls_unequal, NULL
values are considered unequal, and each
NULL forms a distinct value group of size
1.
The method that is used for generating table statistics
influences how the optimizer chooses indexes for query
execution, as described in
Section 7.4.7, “MyISAM Index Statistics Collection”.
Any unique prefix of a valid value may be used to set the value of this variable.
This variable was added in MySQL 5.0.14. For older versions,
the statistics collection method is equivalent to
nulls_equal.
| Variable Name | named_pipe |
| Variable Scope | Global |
| Dynamic Variable | No |
| Platform Specific | windows |
(Windows only.) Indicates whether the server supports connections over named pipes.
| Option Sets Variable | Yes, net_buffer_length | ||||||
| Variable Name | net_buffer_length | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Each client thread is associated with a connection buffer
and result buffer. Both begin with a size given by
net_buffer_length but are dynamically
enlarged up to max_allowed_packet bytes
as needed. The result buffer shrinks to
net_buffer_length after each SQL
statement.
This variable should not normally be changed, but if you
have very little memory, you can set it to the expected
length of statements sent by clients. If statements exceed
this length, the connection buffer is automatically
enlarged. The maximum value to which
net_buffer_length can be set is 1MB.
| Option Sets Variable | Yes, net_read_timeout | ||||||
| Variable Name | net_read_timeout | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of seconds to wait for more data from a
connection before aborting the read. This timeout applies
only to TCP/IP connections, not to connections made via Unix
socket files, named pipes, or shared memory. When the server
is reading from the client,
net_read_timeout is the timeout value
controlling when to abort. When the server is writing to the
client, net_write_timeout is the timeout
value controlling when to abort. See also
slave_net_timeout.
| Option Sets Variable | Yes, net_retry_count | ||||||
| Variable Name | net_retry_count | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If a read on a communication port is interrupted, retry this many times before giving up. This value should be set quite high on FreeBSD because internal interrupts are sent to all threads.
| Option Sets Variable | Yes, net_write_timeout | ||||||
| Variable Name | net_write_timeout | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of seconds to wait for a block to be written to a
connection before aborting the write. This timeout applies
only to TCP/IP connections, not to connections made via Unix
socket files, named pipes, or shared memory. See also
net_read_timeout.
| Option Sets Variable | Yes, new | ||||
| Variable Name | new | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Disabled by | skip-new | ||||
| Value Set |
|
This variable was used in MySQL 4.0 to turn on some 4.1
behaviors, and is retained for backward compatibility. In
MySQL 5.0, its value is always
OFF.
| Option Sets Variable | Yes, old_passwords | ||||
| Variable Name | old_passwords | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Whether the server should use pre-4.1-style passwords for
MySQL user accounts. See Section B.1.2.4, “Client does not support authentication protocol”.
This is not a variable, but it can be used when setting some
variables. It is described in Section 12.5.4, “SET Syntax”.
| Option Sets Variable | Yes, open_files_limit | ||||||
| Variable Name | open_files_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
The number of files that the operating system allows
mysqld to open. This is the real value
allowed by the system and might be different from the value
you gave using the --open-files-limit
option to mysqld or
mysqld_safe. The value is 0 on systems
where MySQL can't change the number of open files.
| Version Introduced | 5.0.1 | ||||
| Option Sets Variable | Yes, optimizer_prune_level | ||||
| Variable Name | optimizer_prune_level | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Controls the heuristics applied during query optimization to prune less-promising partial plans from the optimizer search space. A value of 0 disables heuristics so that the optimizer performs an exhaustive search. A value of 1 causes the optimizer to prune plans based on the number of rows retrieved by intermediate plans. This variable was added in MySQL 5.0.1.
| Version Introduced | 5.0.1 | ||||
| Option Sets Variable | Yes, optimizer_search_depth | ||||
| Variable Name | optimizer_search_depth | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The maximum depth of search performed by the query optimizer. Values larger than the number of relations in a query result in better query plans, but take longer to generate an execution plan for a query. Values smaller than the number of relations in a query return an execution plan quicker, but the resulting plan may be far from being optimal. If set to 0, the system automatically picks a reasonable value. If set to the maximum number of tables used in a query plus 2, the optimizer switches to the algorithm used in MySQL 5.0.0 (and previous versions) for performing searches. This variable was added in MySQL 5.0.1.
| Option Sets Variable | Yes, pid_file | ||
| Variable Name | pid_file | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The pathname of the process ID (PID) file. This variable can
be set with the --pid-file option.
| Version Introduced | 5.0.67 | ||||
| Option Sets Variable | Yes, plugin_dir | ||||
| Variable Name | plugin_dir | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The pathname of the plugin directory. This variable was added in MySQL 5.0.67. If the value is non-empty, user-defined function object files must be located in this directory. If the value is empty, the behavior that is used before 5.0.67 applies: The UDF object files must be located in a directory that is searched by your system's dynamic linker.
port
| Option Sets Variable | Yes, port | ||||
| Variable Name | port | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The number of the port on which the server listens for
TCP/IP connections. This variable can be set with the
--port option.
| Option Sets Variable | Yes, preload_buffer_size | ||||||
| Variable Name | preload_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size of the buffer that is allocated when preloading indexes.
| Version Introduced | 5.0.21 | ||
| Variable Name | prepared_stmt_count | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The current number of prepared statements. (The maximum
number of statements is given by the
max_prepared_stmt_count system variable.)
This variable was added in MySQL 5.0.21. In MySQL 5.0.32, it
was converted to the global
Prepared_stmt_count status variable.
| Variable Name | protocol_version | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The version of the client/server protocol used by the MySQL server.
| Option Sets Variable | Yes, query_alloc_block_size | ||||||
| Variable Name | query_alloc_block_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The allocation size of memory blocks that are allocated for objects created during statement parsing and execution. If you have problems with memory fragmentation, it might help to increase this a bit.
| Option Sets Variable | Yes, query_cache_limit | ||||||
| Variable Name | query_cache_limit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Don't cache results that are larger than this number of bytes. The default value is 1MB.
| Option Sets Variable | Yes, query_cache_min_res_unit | ||||||
| Variable Name | query_cache_min_res_unit | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The minimum size (in bytes) for blocks allocated by the query cache. The default value is 4096 (4KB). Tuning information for this variable is given in Section 7.5.4.3, “Query Cache Configuration”.
| Option Sets Variable | Yes, query_cache_size | ||||
| Variable Name | query_cache_size | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The amount of memory allocated for caching query results.
The default value is 0, which disables the query cache. The
allowable values are multiples of 1024; other values are
rounded down to the nearest multiple. Note that
query_cache_size bytes of memory are
allocated even if query_cache_type is set
to 0. See Section 7.5.4.3, “Query Cache Configuration”, for
more information.
The query cache needs a minimum size of about 40KB to
allocate its structures. (The exact size depends on system
architecture.) If you set the value of
query_cache_size too small, you'll get a
warning, as described in
Section 7.5.4.3, “Query Cache Configuration”.
| Option Sets Variable | Yes, query_cache_type | ||||||
| Variable Name | query_cache_type | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Set the query cache type. Setting the
GLOBAL value sets the type for all
clients that connect thereafter. Individual clients can set
the SESSION value to affect their own use
of the query cache. Possible values are shown in the
following table:
| Option | Description |
0 or OFF | Don't cache results in or retrieve results from the query cache. Note
that this does not deallocate the query cache
buffer. To do that, you should set
query_cache_size to 0. |
1 or ON | Cache all cacheable query results except for those that begin with
SELECT SQL_NO_CACHE. |
2 or DEMAND | Cache results only for cacheable queries that begin with SELECT
SQL_CACHE. |
This variable defaults to ON.
Any unique prefix of a valid value may be used to set the value of this variable.
| Option Sets Variable | Yes, query_cache_wlock_invalidate | ||||
| Variable Name | query_cache_wlock_invalidate | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Normally, when one client acquires a
WRITE lock on a MyISAM
table, other clients are not blocked from issuing statements
that read from the table if the query results are present in
the query cache. Setting this variable to 1 causes
acquisition of a WRITE lock for a table
to invalidate any queries in the query cache that refer to
the table. This forces other clients that attempt to access
the table to wait while the lock is in effect.
| Option Sets Variable | Yes, query_prealloc_size | ||||||
| Variable Name | query_prealloc_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The size of the persistent buffer used for statement parsing
and execution. This buffer is not freed between statements.
If you are running complex queries, a larger
query_prealloc_size value might be
helpful in improving performance, because it can reduce the
need for the server to perform memory allocation during
query execution operations.
| Option Sets Variable | Yes, range_alloc_block_size | ||||||
| Variable Name | range_alloc_block_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set (>= 5.0.54) |
|
The size of blocks that are allocated when doing range optimization.
| Option Sets Variable | Yes, read_buffer_size | ||||||
| Variable Name | read_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Each thread that does a sequential scan allocates a buffer of this size (in bytes) for each table it scans. If you do many sequential scans, you might want to increase this value, which defaults to 131072. The value of this variable should be a multiple of 4KB. If it is set to a value that is not a multiple of 4KB, its value will be rounded down to the nearest multiple of 4KB.
The maximum allowable setting for
read_buffer_size is 2GB.
read_buffer_size and
read_rnd_buffer_size are not specific to
any storage engine and apply in a general manner for
optimization. See Section 7.5.8, “How MySQL Uses Memory”, for example.
| Option Sets Variable | Yes, read_only | ||||
| Variable Name | read_only | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
This variable is off by default. When it is enabled, the
server allows no updates except from users that have the
SUPER privilege or (on a slave server)
from updates performed by slave threads. On a slave server,
this can be useful to ensure that the slave accepts updates
only from its master server and not from clients. As of
MySQL 5.0.16, this variable does not apply to
TEMPORARY tables.
read_only exists only as a
GLOBAL variable, so changes to its value
require the SUPER privilege. Changes to
read_only on a master server are not
replicated to slave servers. The value can be set on a slave
server independent of the setting on the master.
| Option Sets Variable | Yes, read_rnd_buffer_size | ||||||
| Variable Name | read_rnd_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
When reading rows in sorted order following a key-sorting
operation, the rows are read through this buffer to avoid
disk seeks. See Section 7.2.12, “ORDER BY Optimization”.
Setting the variable to a large value can improve
ORDER BY performance by a lot. However,
this is a buffer allocated for each client, so you should
not set the global variable to a large value. Instead,
change the session variable only from within those clients
that need to run large queries.
The maximum allowable setting for
read_rnd_buffer_size is 2GB.
read_buffer_size and
read_rnd_buffer_size are not specific to
any storage engine and apply in a general manner for
optimization. See Section 7.5.8, “How MySQL Uses Memory”, for example.
| Option Sets Variable | Yes, relay_log_purge | ||||
| Variable Name | relay_log_purge | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Disables or enables automatic purging of relay log files as
soon as they are not needed any more. The default value is 1
(ON).
| Option Sets Variable | Yes, relay_log_space_limit | ||||
| Variable Name | relay_log_space_limit | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The maximum amount of space to use for all relay logs.
This variable is unused.
| Option Sets Variable | Yes, secure_auth | ||||
| Variable Name | secure_auth | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If the MySQL server has been started with the
--secure-auth option, it blocks connections
from all accounts that have passwords stored in the old
(pre-4.1) format. In that case, the value of this variable
is ON, otherwise it is
OFF.
You should enable this option if you want to prevent all use of passwords employing the old format (and hence insecure communication over the network).
Server startup fails with an error if this option is enabled
and the privilege tables are in pre-4.1 format. See
Section B.1.2.4, “Client does not support authentication protocol”.
| Version Introduced | 5.0.38 | ||
| Option Sets Variable | Yes, secure_file_priv | ||
| Variable Name | secure_file_priv | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
By default, this variable is empty. If set to the name of a
directory, it limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in that
directory.
This variable was added in MySQL 5.0.38.
| Option Sets Variable | Yes, server_id | ||||
| Variable Name | server_id | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The server ID. This value is set by the
--server-id option. It is used for
replication to enable master and slave servers to identify
themselves uniquely.
| Variable Name | shared_memory |
| Variable Scope | Global |
| Dynamic Variable | No |
| Platform Specific | windows |
(Windows only.) Whether the server allows shared-memory connections.
| Variable Name | shared_memory_base_name |
| Variable Scope | Global |
| Dynamic Variable | No |
| Platform Specific | windows |
(Windows only.) The name of shared memory to use for
shared-memory connections. This is useful when running
multiple MySQL instances on a single physical machine. The
default name is MYSQL. The name is case
sensitive.
This is OFF if mysqld
uses external locking, ON if external
locking is disabled.
skip_networking
This is ON if the server allows only
local (non-TCP/IP) connections. On Unix, local connections
use a Unix socket file. On Windows, local connections use a
named pipe or shared memory. On NetWare, only TCP/IP
connections are supported, so do not set this variable to
ON. This variable can be set to
ON with the
--skip-networking option.
This prevents people from using the SHOW
DATABASES statement if they do not have the
SHOW DATABASES privilege. This can
improve security if you have concerns about users being able
to see databases belonging to other users. Its effect
depends on the SHOW DATABASES privilege:
If the variable value is ON, the
SHOW DATABASES statement is allowed only
to users who have the SHOW DATABASES
privilege, and the statement displays all database names. If
the value is OFF, SHOW
DATABASES is allowed to all users, but displays
the names of only those databases for which the user has the
SHOW DATABASES or other privilege.
| Option Sets Variable | Yes, slave_compressed_protocol | ||||
| Variable Name | slave_compressed_protocol | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
Whether to use compression of the slave/master protocol if both the slave and the master support it.
| Option Sets Variable | Yes, slave_load_tmpdir | ||||
| Variable Name | slave_load_tmpdir | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | No | ||||
| Value Set |
|
The name of the directory where the slave creates temporary
files for replicating LOAD DATA INFILE
statements.
| Option Sets Variable | Yes, slave_net_timeout | ||||||
| Variable Name | slave_net_timeout | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The number of seconds to wait for more data from a master/slave connection before aborting the read. This timeout applies only to TCP/IP connections, not to connections made via Unix socket files, named pipes, or shared memory.
slave_skip_errors
| Option Sets Variable | Yes, slave_skip_errors |
| Variable Name | slave_skip_errors |
| Variable Scope | Global |
| Dynamic Variable | No |
Normally, replication stops when an error occurs on the slave. This gives you the opportunity to resolve the inconsistency in the data manually. This variable tells the slave SQL thread to continue replication when a statement returns any of the errors listed in the variable value.
| Version Introduced | 5.0.3 | ||||||
| Option Sets Variable | Yes, slave_transaction_retries | ||||||
| Variable Name | slave_transaction_retries | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If a replication slave SQL thread fails to execute a
transaction because of an InnoDB deadlock
or exceeded InnoDB's
innodb_lock_wait_timeout or NDBCLUSTER's
TransactionDeadlockDetectionTimeout or
TransactionInactiveTimeout, it
automatically retries
slave_transaction_retries times before
stopping with an error. The default prior to MySQL 4.0.3 is
0. You must explicitly set the value greater than 0 to
enable the “retry” behavior, which is probably
a good idea. In MySQL 5.0.3 or newer, the default is 10.
| Option Sets Variable | Yes, slow_launch_time | ||||
| Variable Name | slow_launch_time | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If creating a thread takes longer than this many seconds,
the server increments the
Slow_launch_threads status variable.
socket
| Option Sets Variable | Yes, socket | ||||||
| Variable Name | socket | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
| ||||||
| Value Set |
| ||||||
| Value Set |
| ||||||
| Value Set |
|
On Unix platforms, this variable is the name of the socket
file that is used for local client connections. The default
is /tmp/mysql.sock. (For some
distribution formats, the directory might be different, such
as /var/lib/mysql for RPMs.)
On Windows, this variable is the name of the named pipe that
is used for local client connections. The default value is
MySQL (not case sensitive).
| Option Sets Variable | Yes, sort_buffer_size | ||||||
| Variable Name | sort_buffer_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Each thread that needs to do a sort allocates a buffer of
this size. Increase this value for faster ORDER
BY or GROUP BY operations. See
Section B.1.4.4, “Where MySQL Stores Temporary Files”.
The maximum allowable setting for
sort_buffer_size is 4GB.
| Option Sets Variable | Yes, sql_mode | ||||||
| Variable Name | sql_mode | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The current server SQL mode, which can be set dynamically. See Section 5.1.7, “SQL Modes”.
| Variable Name | sql_slave_skip_counter | ||
| Variable Scope | Global | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The number of events from the master that a slave server
should skip. See
Section 12.6.2.6, “SET GLOBAL SQL_SLAVE_SKIP_COUNTER Syntax”.
| Version Introduced | 5.0.23 | ||
| Option Sets Variable | Yes, ssl_ca | ||
| Variable Name | ssl_ca | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The path to a file with a list of trusted SSL CAs. This variable was added in MySQL 5.0.23.
| Version Introduced | 5.0.23 | ||
| Option Sets Variable | Yes, ssl_capath | ||
| Variable Name | ssl_capath | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The path to a directory that contains trusted SSL CA certificates in PEM format. This variable was added in MySQL 5.0.23.
| Version Introduced | 5.0.23 | ||
| Option Sets Variable | Yes, ssl_cert | ||
| Variable Name | ssl_cert | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The name of the SSL certificate file to use for establishing a secure connection. This variable was added in MySQL 5.0.23.
| Version Introduced | 5.0.23 | ||
| Option Sets Variable | Yes, ssl_cipher | ||
| Variable Name | ssl_cipher | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
A list of allowable ciphers to use for SSL encryption. This variable was added in MySQL 5.0.23.
| Version Introduced | 5.0.23 | ||
| Option Sets Variable | Yes, ssl_key | ||
| Variable Name | ssl_key | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The name of the SSL key file to use for establishing a secure connection. This variable was added in MySQL 5.0.23.
| Variable Name | storage_engine | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The default storage engine (table type). To set the storage
engine at server startup, use the
--default-storage-engine option. See
Section 5.1.2, “Command Options”.
| Version Introduced | 5.0.1 | ||||||
| Option Sets Variable | Yes, sync_binlog | ||||||
| Variable Name | sync_binlog | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
If the value of this variable is positive, the MySQL server
synchronizes its binary log to disk (using
fdatasync()) after every
sync_binlog writes to the binary log.
Note that there is one write to the binary log per statement
if autocommit is enabled, and one write per transaction
otherwise. The default value is 0, which does no
synchronizing to disk. A value of 1 is the safest choice,
because in the event of a crash you lose at most one
statement or transaction from the binary log. However, it is
also the slowest choice (unless the disk has a
battery-backed cache, which makes synchronization very
fast).
If the value of sync_binlog is 0 (the
default), no extra flushing is done. The server relies on
the operating system to flush the file contents occasionally
as for any other file.
| Option Sets Variable | Yes, sync_frm | ||||
| Variable Name | sync_frm | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
If this variable is set to 1, when any non-temporary table
is created its .frm file is
synchronized to disk (using fdatasync()).
This is slower but safer in case of a crash. The default is
1.
| Variable Name | system_time_zone | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The server system time zone. When the server begins
executing, it inherits a time zone setting from the machine
defaults, possibly modified by the environment of the
account used for running the server or the startup script.
The value is used to set
system_time_zone. Typically the time zone
is specified by the TZ environment
variable. It also can be specified using the
--timezone option of the
mysqld_safe script.
The system_time_zone variable differs
from time_zone. Although they might have
the same value, the latter variable is used to initialize
the time zone for each client that connects. See
Section 9.7, “MySQL Server Time Zone Support”.
| Option Sets Variable | Yes, table_cache | ||||||
| Variable Name | table_cache | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Deprecated | 5.1.3, by table_open_cache | ||||||
| Value Set |
|
The number of open tables for all threads. Increasing this
value increases the number of file descriptors that
mysqld requires. You can check whether
you need to increase the table cache by checking the
Opened_tables status variable. See
Section 5.1.6, “Status Variables”. If the value of
Opened_tables is large and you don't do
FLUSH TABLES often (which just forces all
tables to be closed and reopened), then you should increase
the value of the table_cache variable.
For more information about the table cache, see
Section 7.4.8, “How MySQL Opens and Closes Tables”.
| Version Introduced | 5.0.10 | ||||||
| Option Sets Variable | Yes, table_lock_wait_timeout | ||||||
| Variable Name | table_lock_wait_timeout | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
Specifies a wait timeout for table-level locks, in seconds.
The default timeout is 50 seconds. The timeout is active
only if the connection has open cursors. This variable can
also be set globally at runtime (you need the
SUPER privilege to do this). It's
available as of MySQL 5.0.10.
| Variable Name | table_type | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Deprecated | 5.2.5, by storage_engine | ||
| Value Set |
|
This variable is a synonym for
storage_engine. In MySQL
5.0, storage_engine is the
preferred name.
| Option Sets Variable | Yes, thread_cache_size | ||||||
| Variable Name | thread_cache_size | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
How many threads the server should cache for reuse. When a
client disconnects, the client's threads are put in the
cache if there are fewer than
thread_cache_size threads there. Requests
for threads are satisfied by reusing threads taken from the
cache if possible, and only when the cache is empty is a new
thread created. This variable can be increased to improve
performance if you have a lot of new connections. (Normally,
this doesn't provide a notable performance improvement if
you have a good thread implementation.) By examining the
difference between the Connections and
Threads_created status variables, you can
see how efficient the thread cache is. For details, see
Section 5.1.6, “Status Variables”.
| Option Sets Variable | Yes, thread_concurrency | ||||||
| Variable Name | thread_concurrency | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
On Solaris, mysqld calls
thr_setconcurrency() with this value.
This function enables applications to give the threads
system a hint about the desired number of threads that
should be run at the same time.
| Option Sets Variable | Yes, thread_stack | ||||||
| Variable Name | thread_stack | ||||||
| Variable Scope | Global | ||||||
| Dynamic Variable | No | ||||||
| Value Set |
|
The stack size for each thread. Many of the limits detected
by the crash-me test are dependent on
this value. See Section 7.1.4, “The MySQL Benchmark Suite”. The
default (192KB) is large enough for normal operation. If the
thread stack size is too small, it limits the complexity of
the SQL statements that the server can handle, the recursion
depth of stored procedures, and other memory-consuming
actions.
This variable is unused.
| Variable Name | time_zone | ||
| Variable Scope | Both | ||
| Dynamic Variable | Yes | ||
| Value Set |
|
The current time zone. This variable is used to initialize
the time zone for each client that connects. By default, the
initial value of this is 'SYSTEM' (which
means, “use the value of
system_time_zone”). The value can
be specified explicitly at server startup with the
--default-time-zone option. See
Section 9.7, “MySQL Server Time Zone Support”.
| Version Introduced | 5.0.3 | ||||
| Option Sets Variable | Yes, timed_mutexes | ||||
| Variable Name | timed_mutexes | ||||
| Variable Scope | Global | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
This variable controls whether InnoDB
mutexes are timed. If this variable is set to 0 or
OFF (the default), mutex timing is
disabled. If the variable is set to 1 or
ON, mutex timing is enabled. With timing
enabled, the os_wait_times value in the
output from SHOW ENGINE INNODB MUTEX
indicates the amount of time (in ms) spent in operating
system waits. Otherwise, the value is 0. This variable was
added in MySQL 5.0.3.
| Option Sets Variable | Yes, tmp_table_size | ||||||
| Variable Name | tmp_table_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The maximum size of internal in-memory temporary tables.
(The actual limit is determined as the smaller of
max_heap_table_size and
tmp_table_size.) If an in-memory
temporary table exceeds the limit, MySQL automatically
converts it to an on-disk MyISAM table.
Increase the value of tmp_table_size (and
max_heap_table_size if necessary) if you
do many advanced GROUP BY queries and you
have lots of memory. This variable does not apply to
user-created MEMORY tables.
tmpdir
| Option Sets Variable | Yes, tmpdir | ||
| Variable Name | tmpdir | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The directory used for temporary files and temporary tables.
This variable can be set to a list of several paths that are
used in round-robin fashion. Paths should be separated by
colon characters (“:”) on
Unix and semicolon characters
(“;”) on Windows, NetWare,
and OS/2.
The multiple-directory feature can be used to spread the
load between several physical disks. If the MySQL server is
acting as a replication slave, you should not set
tmpdir to point to a directory on a
memory-based filesystem or to a directory that is cleared
when the server host restarts. A replication slave needs
some of its temporary files to survive a machine restart so
that it can replicate temporary tables or LOAD DATA
INFILE operations. If files in the temporary file
directory are lost when the server restarts, replication
fails. However, if you are using MySQL 4.0.0 or later, you
can set the slave's temporary directory using the
slave_load_tmpdir variable. In that case,
the slave won't use the general tmpdir
value and you can set tmpdir to a
non-permanent location.
| Option Sets Variable | Yes, transaction_alloc_block_size | ||||||
| Variable Name | transaction_alloc_block_size | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The amount in bytes by which to increase a per-transaction
memory pool which needs memory. See the description of
transaction_prealloc_size.
| Option Sets Variable | Yes, transaction_prealloc_size | ||||
| Variable Name | transaction_prealloc_size | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
There is a per-transaction memory pool from which various
transaction-related allocations take memory. The initial
size of the pool in bytes is
transaction_prealloc_size. For every
allocation that cannot be satisfied from the pool because it
has insufficient memory available, the pool is increased by
transaction_alloc_block_size bytes. When
the transaction ends, the pool is truncated to
transaction_prealloc_size bytes.
By making transaction_prealloc_size
sufficiently large to contain all statements within a single
transaction, you can avoid many malloc()
calls.
| Variable Name | tx_isolation | ||||||
| Variable Scope | Both | ||||||
| Dynamic Variable | Yes | ||||||
| Value Set |
|
The default transaction isolation level. Defaults to
REPEATABLE-READ.
This variable is set by the SET TRANSACTION
ISOLATION LEVEL statement. See
Section 12.4.6, “SET TRANSACTION Syntax”. If you set
tx_isolation directly to an isolation
level name that contains a space, the name should be
enclosed within quotes, with the space replaced by a dash.
For example:
SET tx_isolation = 'READ-COMMITTED';
Any unique prefix of a valid value may be used to set the value of this variable.
| Version Introduced | 5.0.2 | ||||
| Option Sets Variable | Yes, updatable_views_with_limit | ||||
| Variable Name | updatable_views_with_limit | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
This variable controls whether updates to a view can be made
when the view does not contain all columns of the primary
key defined in the underlying table, if the update statement
contains a LIMIT clause. (Such updates
often are generated by GUI tools.) An update is an
UPDATE or DELETE
statement. Primary key here means a PRIMARY
KEY, or a UNIQUE index in which
no column can contain NULL.
The variable can have two values:
1 or YES: Issue a
warning only (not an error message). This is the default
value.
0 or NO: Prohibit
the update.
This variable was added in MySQL 5.0.2.
version
| Variable Name | version |
| Variable Scope | Global |
| Dynamic Variable | No |
The version number for the server.
| Variable Name | version |
| Variable Scope | Global |
| Dynamic Variable | No |
Starting with MySQL 5.0.24, the version number will also
indicate whether the server is a standard release
(Community) or Enterprise release (for example,
5.0.28-enterprise-gpl-nt).
The BDB storage engine version.
The configure script has a
--with-comment option that allows a comment
to be specified when building MySQL. This variable contains
the value of that comment.
For precompiled binaries, this variable will hold the server
version and license information. Starting with MySQL 5.0.24,
version_comment will include the full
server type and license. For community users this will
appear as MySQL Community Edition - Standard
(GPL). For Enterprise users, the version might be
displayed as MySQL Enterprise Server
(GPL). The corresponding license for your MySQL
binary is shown in parentheses. For server compiled from
source, the default value will be the same as that for
Community releases.
The type of machine or architecture on which MySQL was built.
| Variable Name | version_compile_os | ||
| Variable Scope | Global | ||
| Dynamic Variable | No | ||
| Value Set |
|
The type of operating system on which MySQL was built.
| Option Sets Variable | Yes, wait_timeout | ||||
| Variable Name | wait_timeout | ||||
| Variable Scope | Both | ||||
| Dynamic Variable | Yes | ||||
| Value Set |
|
The number of seconds the server waits for activity on a non-interactive connection before closing it. This timeout applies only to TCP/IP and Unix socket file connections, not to connections made via named pipes, or shared memory.
On thread startup, the session
wait_timeout value is initialized from
the global wait_timeout value or from the
global interactive_timeout value,
depending on the type of client (as defined by the
CLIENT_INTERACTIVE connect option to
mysql_real_connect()). See
also interactive_timeout.
MySQL Enterprise Expert use of server system variables is part of the service offered by the MySQL Enterprise Monitor. To subscribe, see http://www.mysql.com/products/enterprise/advisors.html.
Several system variables exist only as session variables. These
cannot be set at server startup but can be assigned values at
runtime using the SET statement (except for
those that are read only). Most of them are not displayed by
SHOW VARIABLES, but you can obtain their
values using SELECT. This section describes
the session system variables. For information about setting or
displaying their values, see
Section 5.1.5, “Using System Variables”. For example:
mysql> SELECT @@AUTOCOMMIT;
+--------------+
| @@AUTOCOMMIT |
+--------------+
| 1 |
+--------------+
The lettercase of these variables does not matter.
The following table lists the system variables that have only session scope:
| Name | Cmd-Line | Option file | System Var | Dynamic |
|---|---|---|---|---|
| autocommit | Yes | Yes | ||
| big-tables | Yes | Yes | ||
| - Variable: big_tables | Yes | Yes | ||
| error_count | Yes | No | ||
| foreign_key_checks | Yes | Yes | ||
| identity | Yes | Yes | ||
| insert_id | Yes | Yes | ||
| last_insert_id | Yes | Yes | ||
| profiling | Yes | Yes | ||
| rand_seed1 | Yes | Yes | ||
| rand_seed2 | Yes | Yes | ||
| sql_auto_is_null | Yes | Yes | ||
| sql_big_tables | Yes | Yes | ||
| sql_buffer_result | Yes | Yes | ||
| sql_log_bin | Yes | Yes | ||
| sql_log_off | Yes | Yes | ||
| sql_log_update | Yes | Yes | ||
| sql_notes | Yes | Yes | ||
| sql_quote_show_create | Yes | Yes | ||
| sql_safe_updates | Yes | Yes | ||
| sql_warnings | Yes | Yes | ||
| timestamp | Yes | Yes | ||
| unique_checks | Yes | Yes | ||
| warning_count | Yes | No |
Set the autocommit mode. If set to 1, all changes to a table
take effect immediately. If set to 0 you have to use
COMMIT to accept a transaction or
ROLLBACK to cancel it. By default, client
connections begin with AUTOCOMMIT set to
1. If you change AUTOCOMMIT mode from 0
to 1, MySQL performs an automatic COMMIT
of any open transaction. Another way to begin a transaction
is to use a START TRANSACTION or
BEGIN statement. See
Section 12.4.1, “START TRANSACTION, COMMIT, and
ROLLBACK Syntax”.
BIG_TABLES = {0 | 1}
If set to 1, all temporary tables are stored on disk rather
than in memory. This is a little slower, but the error
The table does not occur for tbl_name is
fullSELECT
operations that require a large temporary table. The default
value for a new connection is 0 (use in-memory temporary
tables). Normally, you should never need to set this
variable, because in-memory tables are automatically
converted to disk-based tables as required.
This variable was formerly named
SQL_BIG_TABLES.
The number of errors that resulted from the last statement
that generated messages. This variable is read only. See
Section 12.5.5.13, “SHOW ERRORS Syntax”.
If set to 1 (the default), foreign key constraints for
InnoDB tables are checked. If set to 0,
they are ignored. Disabling foreign key checking can be
useful for reloading InnoDB tables in an
order different from that required by their parent/child
relationships. See
Section 13.2.6.4, “FOREIGN KEY Constraints”.
Setting FOREIGN_KEY_CHECKS to 0 also
affects data definition statements: DROP
DATABASE drops a database even if it contains
tables that have foreign keys that are referred to by tables
outside the database, and DROP TABLE
drops tables that have foreign keys that are referred to by
other tables.
Setting FOREIGN_KEY_CHECKS to 1 does
not trigger a scan of the existing table data. Therefore,
rows added to the table while
FOREIGN_KEY_CHECKS=0 will not be
verified for consistency.
This variable is a synonym for the
LAST_INSERT_ID variable. It exists for
compatibility with other database systems. You can read its
value with SELECT @@IDENTITY, and set it
using SET IDENTITY.
Set the value to be used by the following
INSERT or ALTER TABLE
statement when inserting an
AUTO_INCREMENT value. This is mainly used
with the binary log.
Set the value to be returned from
LAST_INSERT_ID(). This is
stored in the binary log when you use
LAST_INSERT_ID() in a
statement that updates a table. Setting this variable does
not update the value returned by the
mysql_insert_id() C API
function.
If set to 0 (the default), statement profiling is disabled.
If set to 1, statement profiling is enabled and the
SHOW PROFILES and SHOW
PROFILE statements provide access to profiling
information. See Section 12.5.5.25, “SHOW PROFILES and SHOW PROFILE
Syntax”. This
variable was added in MySQL 5.0.37.
Note: This option does not apply to
MySQL Enterprise Server users.
PROFILING_HISTORY_SIZE =
value
The number of statements for which to maintain profiling
information if PROFILING is enabled. The
default value is 15. The maximum value is 100. Setting the
value to 0 effectively disables profiling. See
Section 12.5.5.25, “SHOW PROFILES and SHOW PROFILE
Syntax”. This variable was added in
MySQL 5.0.37. Note: This option does
not apply to MySQL Enterprise Server users.
These two variables exist as session variables only, and can
be set but not read. They are not shown in the output of
SHOW VARIABLES.
The purpose of these variables is to support replication of
the RAND() function. For statements that
invoke RAND(), the master passes two
values to the slave, where they are used to seed the random
number generator. The slave uses these values to set the
session variables rand_seed1 and
rand_seed2 so that
RAND() on the slave generates the same
value as on the master.
If set to 1 (the default), you can find the last inserted
row for a table that contains an
AUTO_INCREMENT column by using the
following construct:
WHERE auto_increment_column IS NULL
This behavior is used by some ODBC programs, such as Access.
If set to 0, MySQL aborts SELECT
statements that are likely to take a very long time to
execute (that is, statements for which the optimizer
estimates that the number of examined rows exceeds the value
of max_join_size). This is useful when an
inadvisable WHERE statement has been
issued. The default value for a new connection is 1, which
allows all SELECT statements.
If you set the max_join_size system
variable to a value other than DEFAULT,
SQL_BIG_SELECTS is set to 0.
If set to 1, SQL_BUFFER_RESULT forces
results from SELECT statements to be put
into temporary tables. This helps MySQL free the table locks
early and can be beneficial in cases where it takes a long
time to send results to the client. The default value is 0.
If set to 0, no logging is done to the binary log for the
client. The client must have the SUPER
privilege to set this option. The default value is 1.
If set to 1, no logging is done to the general query log for
this client. The client must have the
SUPER privilege to set this option. The
default value is 0.
This variable is deprecated, and is mapped to
SQL_LOG_BIN.
If set to 1 (the default), warnings of
Note level are recorded. If set to 0,
Note warnings are suppressed.
mysqldump includes output to set this
variable to 0 so that reloading the dump file does not
produce warnings for events that do not affect the integrity
of the reload operation. SQL_NOTES was
added in MySQL 5.0.3.
SQL_QUOTE_SHOW_CREATE = {0 | 1}
If set to 1 (the default), the server quotes identifiers for
SHOW CREATE TABLE and SHOW
CREATE DATABASE statements. If set to 0, quoting
is disabled. This option is enabled by default so that
replication works for identifiers that require quoting. See
Section 12.5.5.8, “SHOW CREATE TABLE Syntax”, and
Section 12.5.5.6, “SHOW CREATE DATABASE Syntax”.
If set to 1, MySQL aborts UPDATE or
DELETE statements that do not use a key
in the WHERE clause or a
LIMIT clause. This makes it possible to
catch UPDATE or DELETE
statements where keys are not used properly and that would
probably change or delete a large number of rows. The
default value is 0.
SQL_SELECT_LIMIT =
{
value | DEFAULT}
The maximum number of rows to return from
SELECT statements. The default value for
a new connection is the maximum number of rows that the
server allows per table, which depends on the server
configuration and may be affected if the server build was
configured with --with-big-tables. Typical
default values are (232)–1
or (264)–1. If you have
changed the limit, the default value can be restored by
assigning a value of DEFAULT.
If a SELECT has a
LIMIT clause, the
LIMIT takes precedence over the value of
SQL_SELECT_LIMIT.
SQL_SELECT_LIMIT does not apply to
SELECT statements executed within stored
routines. It also does not apply to
SELECT statements that do not produce a
result set to be returned to the client. These include
SELECT statements in subqueries,
CREATE TABLE ... SELECT, and
INSERT INTO ... SELECT.
This variable controls whether single-row
INSERT statements produce an information
string if warnings occur. The default is 0. Set the value to
1 to produce an information string.
TIMESTAMP =
{
timestamp_value |
DEFAULT}
Set the time for this client. This is used to get the
original timestamp if you use the binary log to restore
rows. timestamp_value should be a Unix
epoch timestamp, not a MySQL timestamp.
SET TIMESTAMP affects the value returned
by NOW() but not by
SYSDATE(). This means that
timestamp settings in the binary log have no effect on
invocations of SYSDATE().
The server can be started with the
--sysdate-is-now option to cause
SYSDATE() to be an alias for
NOW(), in which case
SET TIMESTAMP affects both functions.
If set to 1 (the default), uniqueness checks for secondary
indexes in InnoDB tables are performed.
If set to 0, storage engines are allowed to assume that
duplicate keys are not present in input data. If you know
for certain that your data does not contain uniqueness
violations, you can set this to 0 to speed up large table
imports to InnoDB.
Note that setting this variable to 0 does not require storage engines to ignore duplicate keys. An engine is still allowed to check for them and issue duplicate-key errors if it detects them.
The number of errors, warnings, and notes that resulted from
the last statement that generated messages. This variable is
read only. See Section 12.5.5.33, “SHOW WARNINGS Syntax”.
The MySQL server maintains many system variables that indicate
how it is configured. Section 5.1.3, “System Variables”,
describes the meaning of these variables. Each system variable
has a default value. System variables can be set at server
startup using options on the command line or in an option file.
Most of them can be changed dynamically while the server is
running by means of the SET statement, which
enables you to modify operation of the server without having to
stop and restart it. You can refer to system variable values in
expressions.
The server maintains two kinds of system variables. Global variables affect the overall operation of the server. Session variables affect its operation for individual client connections. A given system variable can have both a global and a session value. Global and session system variables are related as follows:
When the server starts, it initializes all global variables to their default values. These defaults can be changed by options specified on the command line or in an option file. (See Section 4.2.3, “Specifying Program Options”.)
The server also maintains a set of session variables for
each client that connects. The client's session variables
are initialized at connect time using the current values of
the corresponding global variables. For example, the
client's SQL mode is controlled by the session
sql_mode value, which is initialized when
the client connects to the value of the global
sql_mode value.
System variable values can be set globally at server startup by
using options on the command line or in an option file. When you
use a startup option to set a variable that takes a numeric
value, the value can be given with a suffix of
K, M, or
G (either uppercase or lowercase) to indicate
a multiplier of 1024, 10242 or
10243; that is, units of kilobytes,
megabytes, or gigabytes, respectively. Thus, the following
command starts the server with a query cache size of 16
megabytes and a maximum packet size of one gigabyte:
mysqld --query_cache_size=16M --max_allowed_packet=1G
Within an option file, those variables are set like this:
[mysqld] query_cache_size=16M max_allowed_packet=1G
The lettercase of suffix letters does not matter;
16M and 16m are
equivalent, as are 1G and
1g.
If you want to restrict the maximum value to which a system
variable can be set at runtime with the SET
statement, you can specify this maximum by using an option of
the form
--maximum-
at server startup. For example, to prevent the value of
var_name=valuequery_cache_size from being increased to more
than 32MB at runtime, use the option
--maximum-query_cache_size=32M.
Many system variables are dynamic and can be changed while the
server runs by using the SET statement. For a
list, see Section 5.1.5.2, “Dynamic System Variables”. To change
a system variable with SET, refer to it as
var_name, optionally preceded by a
modifier:
To indicate explicitly that a variable is a global variable,
precede its name by GLOBAL or
@@global.. The SUPER
privilege is required to set global variables.
To indicate explicitly that a variable is a session
variable, precede its name by SESSION,
@@session., or @@.
Setting a session variable requires no special privilege,
but a client can change only its own session variables, not
those of any other client.
LOCAL and @@local. are
synonyms for SESSION and
@@session..
If no modifier is present, SET changes
the session variable.
A SET statement can contain multiple variable
assignments, separated by commas. If you set several system
variables, the most recent GLOBAL or
SESSION modifier in the statement is used for
following variables that have no modifier specified.
Examples:
SET sort_buffer_size=10000; SET @@local.sort_buffer_size=10000; SET GLOBAL sort_buffer_size=1000000, SESSION sort_buffer_size=1000000; SET @@sort_buffer_size=1000000; SET @@global.sort_buffer_size=1000000, @@local.sort_buffer_size=1000000;
The @@
syntax for system variables is supported for compatibility with
some other database systems.
var_name
If you change a session system variable, the value remains in effect until your session ends or until you change the variable to a different value. The change is not visible to other clients.
If you change a global system variable, the value is remembered
and used for new connections until the server restarts. (To make
a global system variable setting permanent, you should set it in
an option file.) The change is visible to any client that
accesses that global variable. However, the change affects the
corresponding session variable only for clients that connect
after the change. The global variable change does not affect the
session variable for any client that is currently connected (not
even that of the client that issues the SET
GLOBAL statement).
To prevent incorrect usage, MySQL produces an error if you use
SET GLOBAL with a variable that can only be
used with SET SESSION or if you do not
specify GLOBAL (or
@@global.) when setting a global variable.
To set a SESSION variable to the
GLOBAL value or a GLOBAL
value to the compiled-in MySQL default value, use the
DEFAULT keyword. For example, the following
two statements are identical in setting the session value of
max_join_size to the global value:
SET max_join_size=DEFAULT; SET @@session.max_join_size=@@global.max_join_size;
Not all system variables can be set to
DEFAULT. In such cases, use of
DEFAULT results in an error.
You can refer to the values of specific global or sesson system
variables in expressions by using one of the
@@-modifiers. For example, you can retrieve
values in a SELECT statement like this:
SELECT @@global.sql_mode, @@session.sql_mode, @@sql_mode;
When you refer to a system variable in an expression as
@@ (that
is, when you do not specify var_name@@global. or
@@session.), MySQL returns the session value
if it exists and the global value otherwise. (This differs from
SET @@, which always refers
to the session value.)
var_name =
value
Suffixes for specifying a value multiplier can be used when
setting a variable at server startup, but not to set the value
with SET at runtime. On the other hand, with
SET you can assign a variable's value using
an expression, which is not true when you set a variable at
server startup. For example, the first of the following lines is
legal at server startup, but the second is not:
shell>mysql --max_allowed_packet=16Mshell>mysql --max_allowed_packet=16*1024*1024
Conversely, the second of the following lines is legal at runtime, but the first is not:
mysql>SET GLOBAL max_allowed_packet=16M;mysql>SET GLOBAL max_allowed_packet=16*1024*1024;
Some system variables can be enabled with the
SET statement by setting them to
ON or 1, or disabled by
setting them to OFF or
0. However, to set such a variable on the
command line or in an option file, you must set it to
1 or 0; setting it to
ON or OFF will not work.
For example, on the command line,
--delay_key_write=1 works but
--delay_key_write=ON does not.
To display system variable names and values, use the
SHOW VARIABLES statement:
mysql> SHOW VARIABLES;
+--------+--------------------------------------------------------------+
| Variable_name | Value |
+--------+--------------------------------------------------------------+
| auto_increment_increment | 1 |
| auto_increment_offset | 1 |
| automatic_sp_privileges | ON |
| back_log | 50 |
| basedir | / |
| bdb_cache_size | 8388600 |
| bdb_home | /var/lib/mysql/ |
| bdb_log_buffer_size | 32768 |
| bdb_logdir | |
| bdb_max_lock | 10000 |
| bdb_shared_data | OFF |
| bdb_tmpdir | /tmp/ |
| binlog_cache_size | 32768 |
| bulk_insert_buffer_size | 8388608 |
| character_set_client | latin1 |
| character_set_connection | latin1 |
| character_set_database | latin1 |
| character_set_results | latin1 |
| character_set_server | latin1 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
| collation_connection | latin1_swedish_ci |
| collation_database | latin1_swedish_ci |
| collation_server | latin1_swedish_ci |
...
| innodb_additional_mem_pool_size | 1048576 |
| innodb_autoextend_increment | 8 |
| innodb_buffer_pool_awe_mem_mb | 0 |
| innodb_buffer_pool_size | 8388608 |
| innodb_checksums | ON |
| innodb_commit_concurrency | 0 |
| innodb_concurrency_tickets | 500 |
| innodb_data_file_path | ibdata1:10M:autoextend |
| innodb_data_home_dir | |
...
| version | 5.0.19 |
| version_comment | MySQL Community Edition - (GPL) |
| version_compile_machine | i686 |
| version_compile_os | pc-linux-gnu |
| wait_timeout | 28800 |
+--------+--------------------------------------------------------------+
With a LIKE clause, the
statement displays only those variables that match the pattern.
To obtain a specific variable name, use a
LIKE clause as shown:
SHOW VARIABLES LIKE 'max_join_size'; SHOW SESSION VARIABLES LIKE 'max_join_size';
To get a list of variables whose name match a pattern, use the
“%” wildcard character in a
LIKE clause:
SHOW VARIABLES LIKE '%size%'; SHOW GLOBAL VARIABLES LIKE '%size%';
Wildcard characters can be used in any position within the
pattern to be matched. Strictly speaking, because
“_” is a wildcard that matches
any single character, you should escape it as
“\_” to match it literally. In
practice, this is rarely necessary.
For SHOW VARIABLES, if you specify neither
GLOBAL nor SESSION, MySQL
returns SESSION values.
The reason for requiring the GLOBAL keyword
when setting GLOBAL-only variables but not
when retrieving them is to prevent problems in the future. If we
were to remove a SESSION variable that has
the same name as a GLOBAL variable, a client
with the SUPER privilege might accidentally
change the GLOBAL variable rather than just
the SESSION variable for its own connection.
If we add a SESSION variable with the same
name as a GLOBAL variable, a client that
intends to change the GLOBAL variable might
find only its own SESSION variable changed.
A structured variable differs from a regular system variable in two respects:
Its value is a structure with components that specify server parameters considered to be closely related.
There might be several instances of a given type of structured variable. Each one has a different name and refers to a different resource maintained by the server.
MySQL 5.0 supports one structured variable type, which specifies parameters governing the operation of key caches. A key cache structured variable has these components:
key_buffer_size
key_cache_block_size
key_cache_division_limit
key_cache_age_threshold
This section describes the syntax for referring to structured
variables. Key cache variables are used for syntax examples,
but specific details about how key caches operate are found
elsewhere, in Section 7.4.6, “The MyISAM Key Cache”.
To refer to a component of a structured variable instance, you
can use a compound name in
instance_name.component_name
format. Examples:
hot_cache.key_buffer_size hot_cache.key_cache_block_size cold_cache.key_cache_block_size
For each structured system variable, an instance with the name
of default is always predefined. If you
refer to a component of a structured variable without any
instance name, the default instance is
used. Thus, default.key_buffer_size and
key_buffer_size both refer to the same
system variable.
Structured variable instances and components follow these naming rules:
For a given type of structured variable, each instance
must have a name that is unique
within variables of that type.
However, instance names need not be unique
across structured variable types. For
example, each structured variable has an instance named
default, so default
is not unique across variable types.
The names of the components of each structured variable type must be unique across all system variable names. If this were not true (that is, if two different types of structured variables could share component member names), it would not be clear which default structured variable to use for references to member names that are not qualified by an instance name.
If a structured variable instance name is not legal as an
unquoted identifier, refer to it as a quoted identifier
using backticks. For example, hot-cache
is not legal, but `hot-cache` is.
global, session, and
local are not legal instance names.
This avoids a conflict with notation such as
@@global.
for referring to non-structured system variables.
var_name
Currently, the first two rules have no possibility of being violated because the only structured variable type is the one for key caches. These rules will assume greater significance if some other type of structured variable is created in the future.
With one exception, you can refer to structured variable components using compound names in any context where simple variable names can occur. For example, you can assign a value to a structured variable using a command-line option:
shell> mysqld --hot_cache.key_buffer_size=64K
In an option file, use this syntax:
[mysqld] hot_cache.key_buffer_size=64K
If you start the server with this option, it creates a key
cache named hot_cache with a size of 64KB
in addition to the default key cache that has a default size
of 8MB.
Suppose that you start the server as follows:
shell>mysqld --key_buffer_size=256K \--extra_cache.key_buffer_size=128K \--extra_cache.key_cache_block_size=2048
In this case, the server sets the size of the default key
cache to 256KB. (You could also have written
--default.key_buffer_size=256K.) In addition,
the server creates a second key cache named
extra_cache that has a size of 128KB, with
the size of block buffers for caching table index blocks set
to 2048 bytes.
The following example starts the server with three different key caches having sizes in a 3:1:1 ratio:
shell>mysqld --key_buffer_size=6M \--hot_cache.key_buffer_size=2M \--cold_cache.key_buffer_size=2M
Structured variable values may be set and retrieved at runtime
as well. For example, to set a key cache named
hot_cache to a size of 10MB, use either of
these statements:
mysql>SET GLOBAL hot_cache.key_buffer_size = 10*1024*1024;mysql>SET @@global.hot_cache.key_buffer_size = 10*1024*1024;
To retrieve the cache size, do this:
mysql> SELECT @@global.hot_cache.key_buffer_size;
However, the following statement does not work. The variable
is not interpreted as a compound name, but as a simple string
for a LIKE pattern-matching
operation:
mysql> SHOW GLOBAL VARIABLES LIKE 'hot_cache.key_buffer_size';
This is the exception to being able to use structured variable names anywhere a simple variable name may occur.
Many server system variables are dynamic and can be set at
runtime using SET GLOBAL or SET
SESSION. You can also obtain their values using
SELECT. See
Section 5.1.5, “Using System Variables”.
The following table shows the full list of all dynamic system
variables. The last column indicates for each variable whether
GLOBAL or SESSION (or
both) apply. The table also lists session options that can be
set with the SET statement.
Section 5.1.4, “Session System Variables”, discusses these
options.
Variables that have a type of “string” take a
string value. Variables that have a type of
“numeric” take a numeric value. Variables that
have a type of “boolean” can be set to 0, 1,
ON or OFF. (If you set
them on the command line or in an option file, use the numeric
values.) Variables that are marked as
“enumeration” normally should be set to one of
the available values for the variable, but can also be set to
the number that corresponds to the desired enumeration value.
For enumerated system variables, the first enumeration value
corresponds to 0. This differs from ENUM
columns, for which the first enumeration value corresponds to
1.
| Variable Name | Variable Type | Variable Scope |
|---|---|---|
autocommit | boolean | SESSION |
auto_increment_increment | numeric | GLOBAL | SESSION |
auto_increment_offset | numeric | GLOBAL | SESSION |
automatic_sp_privileges | boolean | GLOBAL |
big_tables | boolean | SESSION |
binlog_cache_size | numeric | GLOBAL |
bulk_insert_buffer_size | numeric | GLOBAL | SESSION |
character_set_client | string | GLOBAL | SESSION |
character_set_connection | string | GLOBAL | SESSION |
character_set_database | string | GLOBAL | SESSION |
character_set_filesystem | string | GLOBAL | SESSION |
character_set_results | string | GLOBAL | SESSION |
character_set_server | string | GLOBAL | SESSION |
collation_connection | string | GLOBAL | SESSION |
collation_database | string | GLOBAL | SESSION |
collation_server | string | GLOBAL | SESSION |
completion_type | numeric | GLOBAL | SESSION |
concurrent_insert | boolean | GLOBAL |
connect_timeout | numeric | GLOBAL |
date_format | string | GLOBAL | SESSION |
datetime_format | string | GLOBAL | SESSION |
debug | string | GLOBAL | SESSION |
default_week_format | numeric | GLOBAL | SESSION |
delayed_insert_limit | numeric | GLOBAL |
delayed_insert_timeout | numeric | GLOBAL |
delayed_queue_size | numeric | GLOBAL |
delay_key_write | enumeration | GLOBAL |
div_precision_increment | numeric | GLOBAL | SESSION |
engine_condition_pushdown | boolean | GLOBAL | SESSION |
expire_logs_days | numeric | GLOBAL |
flush | boolean | GLOBAL |
flush_time | numeric | GLOBAL |
foreign_key_checks | boolean | SESSION |
ft_boolean_syntax | string | GLOBAL |
group_concat_max_len | numeric | GLOBAL | SESSION |
identity | numeric | SESSION |
init_connect | string | GLOBAL |
init_slave | string | GLOBAL |
innodb_autoextend_increment | numeric | GLOBAL |
innodb_commit_concurrency | numeric | GLOBAL |
innodb_concurrency_tickets | numeric | GLOBAL |
innodb_fast_shutdown | boolean | GLOBAL |
innodb_flush_log_at_trx_commit | numeric | GLOBAL |
innodb_max_dirty_pages_pct | numeric | GLOBAL |
innodb_max_purge_lag | numeric | GLOBAL |
innodb_support_xa | boolean | GLOBAL | SESSION |
innodb_sync_spin_loops | numeric | GLOBAL |
innodb_table_locks | boolean | GLOBAL | SESSION |
innodb_thread_concurrency | numeric | GLOBAL |
innodb_thread_sleep_delay | numeric | GLOBAL |
insert_id | numeric | SESSION |
interactive_timeout | numeric | GLOBAL | SESSION |
join_buffer_size | numeric | GLOBAL | SESSION |
keep_files_on_create | boolean | GLOBAL | SESSION |
key_buffer_size | numeric | GLOBAL |
key_cache_age_threshold | numeric | GLOBAL |
key_cache_block_size | numeric | GLOBAL |
key_cache_division_limit | numeric | GLOBAL |
last_insert_id | numeric | SESSION |
lc_time_names | string | GLOBAL | SESSION |
local_infile | GLOBAL | |
log_bin_trust_function_creators | boolean | GLOBAL |
log_bin_trust_routine_creators | boolean | GLOBAL |
log_queries_not_using_indexes | boolean | GLOBAL |
log-warnings | numeric | GLOBAL | SESSION |
long_query_time | numeric | GLOBAL | SESSION |
low_priority_updates | boolean | GLOBAL | SESSION |
max_allowed_packet | numeric | GLOBAL | SESSION |
max_binlog_cache_size | numeric | GLOBAL |
max_binlog_size | numeric | GLOBAL |
max_connect_errors | numeric | GLOBAL |
max_connections | numeric | GLOBAL |
max_delayed_threads | numeric | GLOBAL | SESSION |
max_error_count | numeric | GLOBAL | SESSION |
max_heap_table_size | numeric | GLOBAL | SESSION |
max_insert_delayed_threads | numeric | GLOBAL | SESSION |
max_join_size | numeric | GLOBAL | SESSION |
max_length_for_sort_data | numeric | GLOBAL | SESSION |
max_prepared_stmt_count | numeric | GLOBAL |
max_relay_log_size | numeric | GLOBAL |
max_seeks_for_key | numeric | GLOBAL | SESSION |
max_sort_length | numeric | GLOBAL | SESSION |
max_sp_recursion_depth | numeric | GLOBAL | SESSION |
max_tmp_tables | numeric | GLOBAL | SESSION |
max_user_connections | numeric | GLOBAL | SESSION |
max_write_lock_count | numeric | GLOBAL |
multi_range_count | numeric | GLOBAL | SESSION |
myisam_block_size | numeric | GLOBAL | SESSION |
myisam_data_pointer_size | numeric | GLOBAL |
myisam_max_sort_file_size | numeric | GLOBAL |
myisam_repair_threads | numeric | GLOBAL | SESSION |
myisam_sort_buffer_size | numeric | GLOBAL | SESSION |
myisam_stats_method | enumeration | GLOBAL | SESSION |
ndb_autoincrement_prefetch_sz | numeric | GLOBAL | SESSION |
ndb_cache_check_time | numeric | GLOBAL |
ndbcluster | boolean | GLOBAL | SESSION |
ndb_force_send | boolean | GLOBAL | SESSION |
ndb_use_exact_count | boolean | GLOBAL | SESSION |
net_buffer_length | numeric | GLOBAL | SESSION |
net_read_timeout | numeric | GLOBAL | SESSION |
net_retry_count | numeric | GLOBAL | SESSION |
net_write_timeout | numeric | GLOBAL | SESSION |
new | boolean | GLOBAL | SESSION |
old_passwords | boolean | GLOBAL | SESSION |
optimizer_prune_level | boolean | GLOBAL | SESSION |
optimizer_search_depth | numeric | GLOBAL | SESSION |
preload_buffer_size | numeric | GLOBAL | SESSION |
profiling | boolean | SESSION |
profiling_history_size | numeric | GLOBAL | SESSION |
query_alloc_block_size | numeric | GLOBAL | SESSION |
query_cache_limit | numeric | GLOBAL |
query_cache_min_res_unit | numeric | GLOBAL |
query_cache_size | numeric | GLOBAL |
query_cache_type | enumeration | GLOBAL | SESSION |
query_cache_wlock_invalidate | boolean | GLOBAL | SESSION |
query_prealloc_size | numeric | GLOBAL | SESSION |
rand_seed1 | numeric | SESSION |
rand_seed2 | numeric | SESSION |
range_alloc_block_size | numeric | GLOBAL | SESSION |
read_buffer_size | numeric | GLOBAL | SESSION |
read_only | numeric | GLOBAL |
read_rnd_buffer_size | numeric | GLOBAL | SESSION |
relay_log_purge | boolean | GLOBAL |
rpl_recovery_rank | numeric | GLOBAL |
secure_auth | boolean | GLOBAL |
server_id | numeric | GLOBAL |
slave_compressed_protocol | boolean | GLOBAL |
slave_net_timeout | numeric | GLOBAL |
slave_transaction_retries | numeric | GLOBAL |
slow_launch_time | numeric | GLOBAL |
sort_buffer_size | numeric | GLOBAL | SESSION |
sql_auto_is_null | boolean | SESSION |
sql_big_selects | boolean | GLOBAL | SESSION |
sql_big_tables | boolean | SESSION |
sql_buffer_result | boolean | SESSION |
sql_log_bin | boolean | SESSION |
sql_log_off | boolean | SESSION |
sql_log_update | boolean | SESSION |
sql_low_priority_updates | boolean | GLOBAL | SESSION |
sql_max_join_size | numeric | GLOBAL | SESSION |
sql_mode | enumeration | GLOBAL | SESSION |
sql_notes | boolean | SESSION |
sql_quote_show_create | boolean | SESSION |
sql_safe_updates | boolean | SESSION |
sql_select_limit | numeric | GLOBAL | SESSION |
sql_slave_skip_counter | numeric | GLOBAL |
sql_warnings | boolean | SESSION |
storage_engine | enumeration | GLOBAL | SESSION |
sync_binlog | numeric | GLOBAL |
sync_frm | boolean | GLOBAL |
table_cache | numeric | GLOBAL |
table_lock_wait_timeout | numeric | GLOBAL |
table_open_cache | numeric | GLOBAL |
table_type | enumeration | GLOBAL | SESSION |
thread_cache_size | numeric | GLOBAL |
timed_mutexes | boolean | GLOBAL |
time_format | string | GLOBAL | SESSION |
timestamp | string | SESSION |
time_zone | string | GLOBAL | SESSION |
tmp_table_size | numeric | GLOBAL | SESSION |
transaction_alloc_block_size | numeric | GLOBAL | SESSION |
transaction_prealloc_size | numeric | GLOBAL | SESSION |
tx_isolation | enumeration | GLOBAL | SESSION |
unique_checks | boolean | SESSION |
updatable_views_with_limit | boolean | GLOBAL | SESSION |
wait_timeout | numeric | GLOBAL | SESSION |
MySQL Enterprise Improper configuration of system variables can adversely affect performance and security. The MySQL Enterprise Monitor continually monitors system variables and provides expert advice about appropriate settings. For more information see http://www.mysql.com/products/enterprise/advisors.html.
The server maintains many status variables that provide
information about its operation. You can view these variables
and their values by using the SHOW [GLOBAL | SESSION]
STATUS statement (see Section 12.5.5.28, “SHOW STATUS Syntax”).
The optional GLOBAL keyword aggregates the
values over all connections, and SESSION
shows the values for the current connection.
mysql> SHOW GLOBAL STATUS;
+-----------------------------------+------------+
| Variable_name | Value |
+-----------------------------------+------------+
| Aborted_clients | 0 |
| Aborted_connects | 0 |
| Bytes_received | 155372598 |
| Bytes_sent | 1176560426 |
...
| Connections | 30023 |
| Created_tmp_disk_tables | 0 |
| Created_tmp_files | 3 |
| Created_tmp_tables | 2 |
...
| Threads_created | 217 |
| Threads_running | 88 |
| Uptime | 1389872 |
+-----------------------------------+------------+
The following table lists all available server status variables:
| Variable Name | Variable Type | Variable Scope |
|---|---|---|
Aborted_clients | numeric | GLOBAL | SESSION |
Aborted_connects | numeric | GLOBAL |
Binlog_cache_disk_use | numeric | GLOBAL | SESSION |
Binlog_cache_use | numeric | GLOBAL | SESSION |
Bytes_received | numeric | GLOBAL | SESSION |
Bytes_sent | numeric | GLOBAL | SESSION |
Com_admin_commands | numeric | GLOBAL | SESSION |
Com_alter_db | numeric | GLOBAL | SESSION |
Com_alter_event | numeric | GLOBAL | SESSION |
Com_alter_table | numeric | GLOBAL | SESSION |
Com_analyze | numeric | GLOBAL | SESSION |
Com_backup_table | numeric | GLOBAL | SESSION |
Com_begin | numeric | GLOBAL | SESSION |
Com_call_procedure | numeric | GLOBAL | SESSION |
Com_change_db | numeric | GLOBAL | SESSION |
Com_change_master | numeric | GLOBAL | SESSION |
Com_check | numeric | GLOBAL | SESSION |
Com_checksum | numeric | GLOBAL | SESSION |
Com_commit | numeric | GLOBAL | SESSION |
Com_create_db | numeric | GLOBAL | SESSION |
Com_create_event | numeric | GLOBAL | SESSION |
Com_create_function | numeric | GLOBAL | SESSION |
Com_create_index | numeric | GLOBAL | SESSION |
Com_create_table | numeric | GLOBAL | SESSION |
Com_create_user | numeric | GLOBAL | SESSION |
Com_dealloc_sql | numeric | GLOBAL | SESSION |
Com_delete | numeric | GLOBAL | SESSION |
Com_delete_multi | numeric | GLOBAL | SESSION |
Com_do | numeric | GLOBAL | SESSION |
Com_drop_db | numeric | GLOBAL | SESSION |
Com_drop_event | numeric | GLOBAL | SESSION |
Com_drop_function | numeric | GLOBAL | SESSION |
Com_drop_index | numeric | GLOBAL | SESSION |
Com_drop_table | numeric | GLOBAL | SESSION |
Com_drop_user | numeric | GLOBAL | SESSION |
Com_execute_sql | numeric | GLOBAL | SESSION |
Com_flush | numeric | GLOBAL | SESSION |
Com_grant | numeric | GLOBAL | SESSION |
Com_ha_close | numeric | GLOBAL | SESSION |
Com_ha_open | numeric | GLOBAL | SESSION |
Com_ha_read | numeric | GLOBAL | SESSION |
Com_help | numeric | GLOBAL | SESSION |
Com_insert | numeric | GLOBAL | SESSION |
Com_insert_select | numeric | GLOBAL | SESSION |
Com_kill | numeric | GLOBAL | SESSION |
Com_load | numeric | GLOBAL | SESSION |
Com_lock_tables | numeric | GLOBAL | SESSION |
Com_optimize | numeric | GLOBAL | SESSION |
Com_preload_keys | numeric | GLOBAL | SESSION |
Com_prepare_sql | numeric | GLOBAL | SESSION |
Compression | numeric | GLOBAL | SESSION |
Com_purge | numeric | GLOBAL | SESSION |
Com_purge_before_date | numeric | GLOBAL | SESSION |
Com_rename_table | numeric | GLOBAL | SESSION |
Com_repair | numeric | GLOBAL | SESSION |
Com_replace | numeric | GLOBAL | SESSION |
Com_replace_select | numeric | GLOBAL | SESSION |
Com_reset | numeric | GLOBAL | SESSION |
Com_restore_table | numeric | GLOBAL | SESSION |
Com_revoke | numeric | GLOBAL | SESSION |
Com_revoke_all | numeric | GLOBAL | SESSION |
Com_rollback | numeric | GLOBAL | SESSION |
Com_savepoint | numeric | GLOBAL | SESSION |
Com_select | numeric | GLOBAL | SESSION |
Com_set_option | numeric | GLOBAL | SESSION |
Com_show_binlog_events | numeric | GLOBAL | SESSION |
Com_show_binlogs | numeric | GLOBAL | SESSION |
Com_show_charsets | numeric | GLOBAL | SESSION |
Com_show_collations | numeric | GLOBAL | SESSION |
Com_show_column_types | numeric | GLOBAL | SESSION |
Com_show_create_db | numeric | GLOBAL | SESSION |
Com_show_create_event | numeric | GLOBAL | SESSION |
Com_show_create_table | numeric | GLOBAL | SESSION |
Com_show_databases | numeric | GLOBAL | SESSION |
Com_show_engine_logs | numeric | GLOBAL | SESSION |
Com_show_engine_mutex | numeric | GLOBAL | SESSION |
Com_show_engine_status | numeric | GLOBAL | SESSION |
Com_show_errors | numeric | GLOBAL | SESSION |
Com_show_events | numeric | GLOBAL | SESSION |
Com_show_fields | numeric | GLOBAL | SESSION |
Com_show_grants | numeric | GLOBAL | SESSION |
Com_show_innodb_status | numeric | GLOBAL | SESSION |
Com_show_keys | numeric | GLOBAL | SESSION |
Com_show_logs | numeric | GLOBAL | SESSION |
Com_show_master_status | numeric | GLOBAL | SESSION |
Com_show_ndb_status | numeric | GLOBAL | SESSION |
Com_show_new_master | numeric | GLOBAL | SESSION |
Com_show_open_tables | numeric | GLOBAL | SESSION |
Com_show_plugins | numeric | GLOBAL | SESSION |
Com_show_privileges | numeric | GLOBAL | SESSION |
Com_show_processlist | numeric | GLOBAL | SESSION |
Com_show_slave_hosts | numeric | GLOBAL | SESSION |
Com_show_slave_status | numeric | GLOBAL | SESSION |
Com_show_status | numeric | GLOBAL | SESSION |
Com_show_storage_engines | numeric | GLOBAL | SESSION |
Com_show_tables | numeric | GLOBAL | SESSION |
Com_show_triggers | numeric | GLOBAL | SESSION |
Com_show_variables | numeric | GLOBAL | SESSION |
Com_show_warnings | numeric | GLOBAL | SESSION |
Com_slave_start | numeric | GLOBAL | SESSION |
Com_slave_stop | numeric | GLOBAL | SESSION |
Com_stmt_close | numeric | GLOBAL | SESSION |
Com_stmt_execute | numeric | GLOBAL | SESSION |
Com_stmt_fetch | numeric | GLOBAL | SESSION |
Com_stmt_prepare | numeric | GLOBAL | SESSION |
Com_stmt_reset | numeric | GLOBAL | SESSION |
Com_stmt_send_long_data | numeric | GLOBAL | SESSION |
Com_truncate | numeric | GLOBAL | SESSION |
Com_unlock_tables | numeric | GLOBAL | SESSION |
Com_update | numeric | GLOBAL | SESSION |
Com_update_multi | numeric | GLOBAL | SESSION |
Com_xa_commit | numeric | GLOBAL | SESSION |
Com_xa_end | numeric | GLOBAL | SESSION |
Com_xa_prepare | numeric | GLOBAL | SESSION |
Com_xa_recover | numeric | GLOBAL | SESSION |
Com_xa_rollback | numeric | GLOBAL | SESSION |
Com_xa_start | numeric | GLOBAL | SESSION |
Connections | numeric | GLOBAL | SESSION |
Created_tmp_disk_tables | numeric | GLOBAL | SESSION |
Created_tmp_files | numeric | GLOBAL | SESSION |
Created_tmp_tables | numeric | GLOBAL | SESSION |
Delayed_errors | numeric | GLOBAL | SESSION |
Delayed_insert_threads | numeric | GLOBAL | SESSION |
Delayed_writes | numeric | GLOBAL | SESSION |
Flush_commands | numeric | GLOBAL | SESSION |
Handler_commit | numeric | GLOBAL | SESSION |
Handler_delete | numeric | GLOBAL | SESSION |
Handler_discover | numeric | GLOBAL | SESSION |
Handler_prepare | numeric | GLOBAL | SESSION |
Handler_read_first | numeric | GLOBAL | SESSION |
Handler_read_key | numeric | GLOBAL | SESSION |
Handler_read_next | numeric | GLOBAL | SESSION |
Handler_read_prev | numeric | GLOBAL | SESSION |
Handler_read_rnd | numeric | GLOBAL | SESSION |
Handler_read_rnd_next | numeric | GLOBAL | SESSION |
Handler_rollback | numeric | GLOBAL | SESSION |
Handler_savepoint | numeric | GLOBAL | SESSION |
Handler_savepoint_rollback | numeric | GLOBAL | SESSION |
Handler_update | numeric | GLOBAL | SESSION |
Handler_write | numeric | GLOBAL | SESSION |
Innodb_buffer_pool_pages_data | numeric | GLOBAL |
Innodb_buffer_pool_pages_dirty | numeric | GLOBAL |
Innodb_buffer_pool_pages_flushed | numeric | GLOBAL |
Innodb_buffer_pool_pages_free | numeric | GLOBAL |
Innodb_buffer_pool_pages_latched | numeric | GLOBAL |
Innodb_buffer_pool_pages_misc | numeric | GLOBAL |
Innodb_buffer_pool_pages_total | numeric | GLOBAL |
Innodb_buffer_pool_read_ahead_rnd | numeric | GLOBAL |
Innodb_buffer_pool_read_ahead_seq | numeric | GLOBAL |
Innodb_buffer_pool_read_requests | numeric | GLOBAL |
Innodb_buffer_pool_reads | numeric | GLOBAL |
Innodb_buffer_pool_wait_free | numeric | GLOBAL |
Innodb_buffer_pool_write_requests | numeric | GLOBAL |
Innodb_data_fsyncs | numeric | GLOBAL |
Innodb_data_pending_fsyncs | numeric | GLOBAL |
Innodb_data_pending_reads | numeric | GLOBAL |
Innodb_data_pending_writes | numeric | GLOBAL |
Innodb_data_read | numeric | GLOBAL |
Innodb_data_reads | numeric | GLOBAL |
Innodb_data_writes | numeric | GLOBAL |
Innodb_data_written | numeric | GLOBAL |
Innodb_dblwr_pages_written | numeric | GLOBAL |
Innodb_dblwr_writes | numeric | GLOBAL |
Innodb_log_waits | numeric | GLOBAL |
Innodb_log_write_requests | numeric | GLOBAL |
Innodb_log_writes | numeric | GLOBAL |
Innodb_os_log_fsyncs | numeric | GLOBAL |
Innodb_os_log_pending_fsyncs | numeric | GLOBAL |
Innodb_os_log_pending_writes | numeric | GLOBAL |
Innodb_os_log_written | numeric | GLOBAL |
Innodb_pages_created | numeric | GLOBAL |
Innodb_page_size | numeric | GLOBAL |
Innodb_pages_read | numeric | GLOBAL |
Innodb_pages_written | numeric | GLOBAL |
Innodb_row_lock_current_waits | numeric | GLOBAL |
Innodb_row_lock_time | numeric | GLOBAL |
Innodb_row_lock_time_avg | numeric | GLOBAL |
Innodb_row_lock_time_max | numeric | GLOBAL |
Innodb_row_lock_waits | numeric | GLOBAL |
Innodb_rows_deleted | numeric | GLOBAL |
Innodb_rows_inserted | numeric | GLOBAL |
Innodb_rows_read | numeric | GLOBAL |
Innodb_rows_updated | numeric | GLOBAL |
Key_blocks_not_flushed | numeric | GLOBAL | SESSION |
Key_blocks_unused | numeric | GLOBAL | SESSION |
Key_blocks_used | numeric | GLOBAL | SESSION |
Key_read_requests | numeric | GLOBAL | SESSION |
Key_reads | numeric | GLOBAL | SESSION |
Key_write_requests | numeric | GLOBAL | SESSION |
Key_writes | numeric | GLOBAL | SESSION |
Last_query_cost | numeric | GLOBAL | SESSION |
Max_used_connections | numeric | GLOBAL | SESSION |
Ndb_cluster_node_id | numeric | GLOBAL | SESSION |
Ndb_config_from_host | numeric | GLOBAL | SESSION |
Ndb_config_from_port | numeric | GLOBAL | SESSION |
Not_flushed_delayed_rows | numeric | GLOBAL | SESSION |
Opened_tables | numeric | GLOBAL | SESSION |
Open_files | numeric | GLOBAL | SESSION |
Open_streams | numeric | GLOBAL | SESSION |
Open_tables | numeric | GLOBAL | SESSION |
prepared_stmt_count | numeric | GLOBAL |
Qcache_free_blocks | numeric | GLOBAL | SESSION |
Qcache_free_memory | numeric | GLOBAL | SESSION |
Qcache_hits | numeric | GLOBAL | SESSION |
Qcache_inserts | numeric | GLOBAL | SESSION |
Qcache_lowmem_prunes | numeric | GLOBAL | SESSION |
Qcache_not_cached | numeric | GLOBAL | SESSION |
Qcache_queries_in_cache | numeric | GLOBAL | SESSION |
Qcache_total_blocks | numeric | GLOBAL | SESSION |
Questions | numeric | GLOBAL | SESSION |
Rpl_status | string | GLOBAL | SESSION |
Select_full_join | numeric | GLOBAL | SESSION |
Select_full_range_join | numeric | GLOBAL | SESSION |
Select_range | numeric | GLOBAL | SESSION |
Select_range_check | numeric | GLOBAL | SESSION |
Select_scan | numeric | GLOBAL | SESSION |
Slave_open_temp_tables | numeric | GLOBAL | SESSION |
Slave_retried_transactions | numeric | GLOBAL | SESSION |
Slave_running | boolean | GLOBAL | SESSION |
Slow_launch_threads | numeric | GLOBAL | SESSION |
Slow_queries | numeric | GLOBAL | SESSION |
Sort_merge_passes | numeric | GLOBAL | SESSION |
Sort_range | numeric | GLOBAL | SESSION |
Sort_rows | numeric | GLOBAL | SESSION |
Sort_scan | numeric | GLOBAL | SESSION |
Table_locks_immediate | numeric | GLOBAL | SESSION |
Table_locks_waited | numeric | GLOBAL | SESSION |
Tc_log_max_pages_used | numeric | GLOBAL | SESSION |
Tc_log_page_size | numeric | GLOBAL | SESSION |
Tc_log_page_waits | numeric | GLOBAL | SESSION |
Threads_cached | numeric | GLOBAL | SESSION |
Threads_connected | numeric | GLOBAL | SESSION |
Threads_created | numeric | GLOBAL | SESSION |
Threads_running | numeric | GLOBAL | SESSION |
Uptime | numeric | GLOBAL | SESSION |
Uptime_since_flush_status | numeric | GLOBAL | SESSION |
Before MySQL 5.0.2, SHOW STATUS returned
global status values. Because the default as of 5.0.2 is to
return session values, this is incompatible with previous
versions. To issue a SHOW STATUS statement
that will retrieve global status values for all versions of
MySQL, write it like this:
SHOW /*!50002 GLOBAL */ STATUS;
Many status variables are reset to 0 by the FLUSH
STATUS statement.
MySQL Enterprise For expert advice on using status variables, subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
The status variables have the following meanings. Variables with no version indicated were already present prior to MySQL 5.0. For information regarding their implementation history, see MySQL 3.23, 4.0, 4.1 Reference Manual.
The number of connections that were aborted because the client died without closing the connection properly. See Section B.1.2.11, “Communication Errors and Aborted Connections”.
The number of failed attempts to connect to the MySQL server. See Section B.1.2.11, “Communication Errors and Aborted Connections”.
The number of transactions that used the temporary binary
log cache but that exceeded the value of
binlog_cache_size and used a temporary
file to store statements from the transaction.
The number of transactions that used the temporary binary log cache.
The number of bytes received from all clients.
The number of bytes sent to all clients.
The Com_
statement counter variables indicate the number of times
each xxxxxx statement has been
executed. There is one status variable for each type of
statement. For example, Com_delete and
Com_insert count
DELETE and INSERT
statements, respectively. However, if a query result is
returned from query cache, the server increments the
Qcache_hits status variable, not
Com_select. See
Section 7.5.4.4, “Query Cache Status and Maintenance”.
All of the
Com_stmt_
variables are increased even if a prepared statement
argument is unknown or an error occurred during execution.
In other words, their values correspond to the number of
requests issued, not to the number of requests successfully
completed.
xxx
The
Com_stmt_
status variables were added in 5.0.8:
xxx
Com_stmt_prepare
Com_stmt_execute
Com_stmt_fetch
Com_stmt_send_long_data
Com_stmt_reset
Com_stmt_close
Those variables stand for prepared statement commands. Their
names refer to the
COM_
command set used in the network layer. In other words, their
values increase whenever prepared statement API calls such
as mysql_stmt_prepare(),
mysql_stmt_execute(), and so forth are
executed. However, xxxCom_stmt_prepare,
Com_stmt_execute and
Com_stmt_close also increase for
PREPARE, EXECUTE, or
DEALLOCATE PREPARE, respectively.
Additionally, the values of the older (available since MySQL
4.1.3) statement counter variables
Com_prepare_sql,
Com_execute_sql, and
Com_dealloc_sql increase for the
PREPARE, EXECUTE, and
DEALLOCATE PREPARE statements.
Com_stmt_fetch stands for the total
number of network round-trips issued when fetching from
cursors.
Whether the client connection uses compression in the client/server protocol. Added in MySQL 5.0.16.
The number of connection attempts (successful or not) to the MySQL server.
The number of temporary tables on disk created automatically by the server while executing statements.
How many temporary files mysqld has created.
The number of in-memory temporary tables created
automatically by the server while executing statements. If
Created_tmp_disk_tables is large, you may
want to increase the tmp_table_size value
to cause temporary tables to be memory-based instead of
disk-based.
The number of rows written with INSERT
DELAYED for which some error occurred (probably
duplicate key).
The number of INSERT DELAYED handler
threads in use.
The number of INSERT DELAYED rows
written.
The number of executed FLUSH statements.
The number of internal COMMIT statements.
The number of times that rows have been deleted from tables.
A counter for the prepare phase of two-phase commit operations. Added in MySQL 5.0.3.
The number of times the first entry was read from an index.
If this value is high, it suggests that the server is doing
a lot of full index scans; for example, SELECT col1
FROM foo, assuming that col1 is
indexed.
The number of requests to read a row based on a key. If this value is high, it is a good indication that your tables are properly indexed for your queries.
The number of requests to read the next row in key order. This value is incremented if you are querying an index column with a range constraint or if you are doing an index scan.
The number of requests to read the previous row in key
order. This read method is mainly used to optimize
ORDER BY ... DESC.
The number of requests to read a row based on a fixed position. This value is high if you are doing a lot of queries that require sorting of the result. You probably have a lot of queries that require MySQL to scan entire tables or you have joins that don't use keys properly.
The number of requests to read the next row in the data file. This value is high if you are doing a lot of table scans. Generally this suggests that your tables are not properly indexed or that your queries are not written to take advantage of the indexes you have.
The number of requests for a storage engine to perform a rollback operation.
The number of requests for a storage engine to place a savepoint. Added in MySQL 5.0.3.
The number of requests for a storage engine to roll back to a savepoint. Added in MySQL 5.0.3.
The number of requests to update a row in a table.
The number of requests to insert a row in a table.
The number of pages containing data (dirty or clean). Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_dirty
The number of pages currently dirty. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_flushed
The number of buffer pool page-flush requests. Added in MySQL 5.0.2.
The number of free pages. Added in MySQL 5.0.2.
Innodb_buffer_pool_pages_latched
The number of latched pages in InnoDB
buffer pool. These are pages currently being read or written
or that cannot be flushed or removed for some other reason.
Added in MySQL 5.0.2.
The number of pages that are busy because they have been
allocated for administrative overhead such as row locks or
the adaptive hash index. This value can also be calculated
as Innodb_buffer_pool_pages_total –
Innodb_buffer_pool_pages_free –
Innodb_buffer_pool_pages_data. Added in
MySQL 5.0.2.
Innodb_buffer_pool_pages_total
The total size of buffer pool, in pages. Added in MySQL 5.0.2.
Innodb_buffer_pool_read_ahead_rnd
The number of “random” read-aheads initiated by
InnoDB. This happens when a query scans a
large portion of a table but in random order. Added in MySQL
5.0.2.
Innodb_buffer_pool_read_ahead_seq
The number of sequential read-aheads initiated by
InnoDB. This happens when
InnoDB does a sequential full table scan.
Added in MySQL 5.0.2.
Innodb_buffer_pool_read_requests
The number of logical read requests
InnoDB has done. Added in MySQL 5.0.2.
The number of logical reads that InnoDB
could not satisfy from the buffer pool and had to do a
single-page read. Added in MySQL 5.0.2.
Normally, writes to the InnoDB buffer
pool happen in the background. However, if it is necessary
to read or create a page and no clean pages are available,
it is also necessary to wait for pages to be flushed first.
This counter counts instances of these waits. If the buffer
pool size has been set properly, this value should be small.
Added in MySQL 5.0.2.
Innodb_buffer_pool_write_requests
The number writes done to the InnoDB
buffer pool. Added in MySQL 5.0.2.
The number of fsync() operations so far.
Added in MySQL 5.0.2.
The current number of pending fsync()
operations. Added in MySQL 5.0.2.
The current number of pending reads. Added in MySQL 5.0.2.
The current number of pending writes. Added in MySQL 5.0.2.
The amount of data read so far, in bytes. Added in MySQL 5.0.2.
The total number of data reads. Added in MySQL 5.0.2.
The total number of data writes. Added in MySQL 5.0.2.
The amount of data written so far, in bytes. Added in MySQL 5.0.2.
The number of doublewrite operations that have been
performed. Added in MySQL 5.0.2. See
Section 13.2.14.1, “InnoDB Disk I/O”.
The number of pages that have been written for doublewrite
operations. Added in MySQL 5.0.2. See
Section 13.2.14.1, “InnoDB Disk I/O”.
The number of times that the log buffer was too small and a wait was required for it to be flushed before continuing. Added in MySQL 5.0.2.
The number of log write requests. Added in MySQL 5.0.2.
The number of physical writes to the log file. Added in MySQL 5.0.2.
The number of fsync() writes done to the
log file. Added in MySQL 5.0.2.
The number of pending log file fsync()
operations. Added in MySQL 5.0.2.
The number of pending log file writes. Added in MySQL 5.0.2.
The number of bytes written to the log file. Added in MySQL 5.0.2.
The compiled-in InnoDB page size (default
16KB). Many values are counted in pages; the page size
allows them to be easily converted to bytes. Added in MySQL
5.0.2.
The number of pages created. Added in MySQL 5.0.2.
The number of pages read. Added in MySQL 5.0.2.
The number of pages written. Added in MySQL 5.0.2.
The number of row locks currently being waited for. Added in MySQL 5.0.3.
The total time spent in acquiring row locks, in milliseconds. Added in MySQL 5.0.3.
The average time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.
The maximum time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.
The number of times a row lock had to be waited for. Added in MySQL 5.0.3.
The number of rows deleted from InnoDB
tables. Added in MySQL 5.0.2.
The number of rows inserted into InnoDB
tables. Added in MySQL 5.0.2.
The number of rows read from InnoDB
tables. Added in MySQL 5.0.2.
The number of rows updated in InnoDB
tables. Added in MySQL 5.0.2.
The number of key blocks in the key cache that have changed but have not yet been flushed to disk.
The number of unused blocks in the key cache. You can use
this value to determine how much of the key cache is in use;
see the discussion of key_buffer_size in
Section 5.1.3, “System Variables”.
The number of used blocks in the key cache. This value is a high-water mark that indicates the maximum number of blocks that have ever been in use at one time.
The number of requests to read a key block from the cache.
The number of physical reads of a key block from disk. If
Key_reads is large, then your
key_buffer_size value is probably too
small. The cache miss rate can be calculated as
Key_reads/Key_read_requests.
The number of requests to write a key block to the cache.
The number of physical writes of a key block to disk.
The total cost of the last compiled query as computed by the
query optimizer. This is useful for comparing the cost of
different query plans for the same query. The default value
of 0 means that no query has been compiled yet. This
variable was added in MySQL 5.0.1, with a default value of
-1. In MySQL 5.0.7, the default was changed to 0; also in
version 5.0.7, the scope of
Last_query_cost was changed to session
rather than global.
The Last_query_cost value can be computed
accurately only for simple “flat” queries, not
complex queries such as those with subqueries or
UNION. For the latter, the value is set
to 0.
Prior to MySQL 5.0.16, this variable was not updated for queries served from the query cache.
The maximum number of connections that have been in use simultaneously since the server started.
The number of rows waiting to be written in INSERT
DELAY queues.
The number of files that are open.
The number of streams that are open (used mainly for logging).
The number of tables that are open.
The number of tables that have been opened. If
Opened_tables is big, your
table_cache value is probably too small.
The current number of prepared statements. (The maximum
number of statements is given by the
max_prepared_stmt_count system variable.)
This variable was added in MySQL 5.0.32.
The number of free memory blocks in the query cache.
The amount of free memory for the query cache.
The number of query cache hits.
The number of queries added to the query cache.
The number of queries that were deleted from the query cache because of low memory.
The number of non-cached queries (not cacheable, or not
cached due to the query_cache_type
setting).
The number of queries registered in the query cache.
The total number of blocks in the query cache.
The number of statements that clients have sent to the server.
The status of fail-safe replication (not yet implemented).
The number of joins that perform table scans because they do not use indexes. If this value is not 0, you should carefully check the indexes of your tables.
The number of joins that used a range search on a reference table.
The number of joins that used ranges on the first table. This is normally not a critical issue even if the value is quite large.
The number of joins without keys that check for key usage after each row. If this is not 0, you should carefully check the indexes of your tables.
The number of joins that did a full scan of the first table.
The number of temporary tables that the slave SQL thread currently has open.
The total number of times since startup that the replication slave SQL thread has retried transactions. This variable was added in version 5.0.4.
This is ON if this server is a slave that
is connected to a master, and both the I/O SQL and threads
are running.
The number of threads that have taken more than
slow_launch_time seconds to create.
The number of queries that have taken more than
long_query_time seconds. See
Section 5.2.4, “The Slow Query Log”.
The number of merge passes that the sort algorithm has had
to do. If this value is large, you should consider
increasing the value of the
sort_buffer_size system variable.
The number of sorts that were done using ranges.
The number of sorted rows.
The number of sorts that were done by scanning the table.
Ssl_
xxx
Variables used for SSL connections.
The number of times that a request for a table lock could be granted immediately.
The number of times that a request for a table lock could not be granted immediately and a wait was needed. If this is high and you have performance problems, you should first optimize your queries, and then either split your table or tables or use replication.
For the memory-mapped implementation of the log that is used
by mysqld when it acts as the transaction
coordinator for recovery of internal XA transactions, this
variable indicates the largest number of pages used for the
log since the server started. If the product of
Tc_log_max_pages_used and
Tc_log_page_size is always significantly
less than the log size, the size is larger than necessary
and can be reduced. (The size is set by the
--log-tc-size option. Currently, this
variable is unused: It is unneeded for binary log-based
recovery, and the memory-mapped recovery log method is not
used unless the number of storage engines capable of
two-phase commit is greater than one.
(InnoDB is the only applicable engine.)
Added in MySQL 5.0.3.
The page size used for the memory-mapped implementation of
the XA recovery log. The default value is determined using
getpagesize(). Currently, this variable
is unused for the same reasons as described for
Tc_log_max_pages_used. Added in MySQL
5.0.3.
For the memory-mapped implementation of the recovery log,
this variable increments each time the server was not able
to commit a transaction and had to wait for a free page in
the log. If this value is large, you might want to increase
the log size (with the --log-tc-size
option). For binary log-based recovery, this variable
increments each time the binary log cannot be closed because
there are two-phase commits in progress. (The close
operation waits until all such transactions are finished.)
Added in MySQL 5.0.3.
The number of threads in the thread cache.
The number of currently open connections.
The number of threads created to handle connections. If
Threads_created is big, you may want to
increase the thread_cache_size value. The
cache miss rate can be calculated as
Threads_created/Connections.
The number of threads that are not sleeping.
The number of seconds that the server has been up.
The MySQL server can operate in different SQL modes, and can apply these modes differently for different clients. This capability enables each application to tailor the server's operating mode to its own requirements.
For answers to some questions that are often asked about server SQL modes in MySQL, see Section A.3, “MySQL 5.0 FAQ — Server SQL Mode”.
Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform. This makes it easier to use MySQL in different environments and to use MySQL together with other database servers.
You can set the default SQL mode by starting
mysqld with the
--sql-mode="
option, or by using
modes"sql-mode=" in
modes"my.cnf (Unix operating systems) or
my.ini (Windows).
modes is a list of different modes
separated by comma (“,”)
characters. The default value is empty (no modes set). The
modes value also can be empty
(--sql-mode="" on the command line, or
sql-mode="" in my.cnf on
Unix systems or in my.ini on Windows) if
you want to clear it explicitly.
You can change the SQL mode at runtime by using a SET
[GLOBAL|SESSION]
sql_mode=' statement
to set the modes'sql_mode system value. Setting the
GLOBAL variable requires the
SUPER privilege and affects the operation of
all clients that connect from that time on. Setting the
SESSION variable affects only the current
client. Any client can change its own session
sql_mode value at any time.
You can retrieve the current global or session
sql_mode value with the following statements:
SELECT @@global.sql_mode; SELECT @@session.sql_mode;
The most important sql_mode values are
probably these:
This mode changes syntax and behavior to conform more closely to standard SQL.
If a value could not be inserted as given into a transactional table, abort the statement. For a non-transactional table, abort the statement if the value occurs in a single-row statement or the first row of a multiple-row statement. More detail is given later in this section. (Implemented in MySQL 5.0.2)
Make MySQL behave like a “traditional” SQL database system. A simple description of this mode is “give an error instead of a warning” when inserting an incorrect value into a column.
The INSERT/UPDATE
aborts as soon as the error is noticed. This may not be
what you want if you are using a non-transactional storage
engine, because data changes made prior to the error may
not be rolled back, resulting in a “partially
done” update. (Added in MySQL 5.0.2)
When this manual refers to “strict mode,” it means
a mode where at least one of
STRICT_TRANS_TABLES or
STRICT_ALL_TABLES is enabled.
The following list describes all supported modes:
Don't do full checking of dates. Check only that the month
is in the range from 1 to 12 and the day is in the range
from 1 to 31. This is very convenient for Web applications
where you obtain year, month, and day in three different
fields and you want to store exactly what the user inserted
(without date validation). This mode applies to
DATE and DATETIME
columns. It does not apply TIMESTAMP
columns, which always require a valid date.
This mode is implemented in MySQL 5.0.2. Before 5.0.2, this
was the default MySQL date-handling mode. As of 5.0.2, the
server requires that month and day values be legal, and not
merely in the range 1 to 12 and 1 to 31, respectively. With
strict mode disabled, invalid dates such as
'2004-04-31' are converted to
'0000-00-00' and a warning is generated.
With strict mode enabled, invalid dates generate an error.
To allow such dates, enable
ALLOW_INVALID_DATES.
Treat “"” as an identifier
quote character (like the
“`” quote character) and not
as a string quote character. You can still use
“`” to quote identifiers
with this mode enabled. With ANSI_QUOTES
enabled, you cannot use double quotes to quote literal
strings, because it is interpreted as an identifier.
Produce an error in strict mode (otherwise a warning) when a
division by zero (or
MOD(X,0)) occurs during an
INSERT or UPDATE. If
this mode is not enabled, MySQL instead returns
NULL for divisions by zero. For
INSERT IGNORE or UPDATE
IGNORE, MySQL generates a warning for divisions by
zero, but the result of the operation is
NULL. (Implemented in MySQL 5.0.2)
From MySQL 5.0.2 on, the precedence of the
NOT operator is such that
expressions such as NOT a BETWEEN b AND c
are parsed as NOT (a BETWEEN b AND c).
Before MySQL 5.0.2, the expression is parsed as
(NOT a) BETWEEN b AND c. The old
higher-precedence behavior can be obtained by enabling the
HIGH_NOT_PRECEDENCE SQL mode. (Added in
MySQL 5.0.2)
mysql>SET sql_mode = '';mysql>SELECT NOT 1 BETWEEN -5 AND 5;-> 0 mysql>SET sql_mode = 'HIGH_NOT_PRECEDENCE';mysql>SELECT NOT 1 BETWEEN -5 AND 5;-> 1
Allow spaces between a function name and the
“(” character. This causes
built-in function names to be treated as reserved words. As
a result, identifiers that are the same as function names
must be quoted as described in
Section 8.2, “Schema Object Names”. For example, because there is
a COUNT() function, the use
of count as a table name in the following
statement causes an error:
mysql> CREATE TABLE count (i INT);
ERROR 1064 (42000): You have an error in your SQL syntax
The table name should be quoted:
mysql> CREATE TABLE `count` (i INT);
Query OK, 0 rows affected (0.00 sec)
The IGNORE_SPACE SQL mode applies to
built-in functions, not to user-defined functions or stored
functions. It is always allowable to have spaces after a UDF
or stored function name, regardless of whether
IGNORE_SPACE is enabled.
For further discussion of IGNORE_SPACE,
see Section 8.2.3, “Function Name Parsing and Resolution”.
Prevent the GRANT statement from
automatically creating new users if it would otherwise do
so, unless a non-empty password also is specified. (Added in
MySQL 5.0.2)
NO_AUTO_VALUE_ON_ZERO affects handling of
AUTO_INCREMENT columns. Normally, you
generate the next sequence number for the column by
inserting either NULL or
0 into it.
NO_AUTO_VALUE_ON_ZERO suppresses this
behavior for 0 so that only
NULL generates the next sequence number.
This mode can be useful if 0 has been
stored in a table's AUTO_INCREMENT
column. (Storing 0 is not a recommended
practice, by the way.) For example, if you dump the table
with mysqldump and then reload it, MySQL
normally generates new sequence numbers when it encounters
the 0 values, resulting in a table with
contents different from the one that was dumped. Enabling
NO_AUTO_VALUE_ON_ZERO before reloading
the dump file solves this problem.
mysqldump now automatically includes in
its output a statement that enables
NO_AUTO_VALUE_ON_ZERO, to avoid this
problem.
Disable the use of the backslash character
(“\”) as an escape character
within strings. With this mode enabled, backslash becomes an
ordinary character like any other. (Implemented in MySQL
5.0.1)
When creating a table, ignore all INDEX
DIRECTORY and DATA DIRECTORY
directives. This option is useful on slave replication
servers.
NO_ENGINE_SUBSTITUTION
Control automatic substitution of the default storage engine
when a statement such as CREATE TABLE or
ALTER TABLE specifies a storage engine
that is disabled or not compiled in. (Implemented in MySQL
5.0.8)
With NO_ENGINE_SUBSTITUTION disabled, the
default engine is used and a warning occurs if the desired
engine is known but disabled or not compiled in. If the
desired engine is invalid (not a known engine name), an
error occurs and the table is not created or altered.
With NO_ENGINE_SUBSTITUTION enabled, an
error occurs and the table is not created or altered if the
desired engine is unavailable for any reason (whether
disabled or invalid).
Do not print MySQL-specific column options in the output of
SHOW CREATE TABLE. This mode is used by
mysqldump in portability mode.
Do not print MySQL-specific index options in the output of
SHOW CREATE TABLE. This mode is used by
mysqldump in portability mode.
Do not print MySQL-specific table options (such as
ENGINE) in the output of SHOW
CREATE TABLE. This mode is used by
mysqldump in portability mode.
In integer subtraction operations, do not mark the result as
UNSIGNED if one of the operands is
unsigned. In other words, the result of a
subtraction is always signed whenever this mode is in
effect, even if one of the operands is unsigned.
For example, compare the type of column
c2 in table t1 with
that of column c2 in table
t2:
mysql>SET SQL_MODE='';mysql>CREATE TABLE test (c1 BIGINT UNSIGNED NOT NULL);mysql>CREATE TABLE t1 SELECT c1 - 1 AS c2 FROM test;mysql>DESCRIBE t1;+-------+---------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+---------------------+------+-----+---------+-------+ | c2 | bigint(21) unsigned | | | 0 | | +-------+---------------------+------+-----+---------+-------+ mysql>SET SQL_MODE='NO_UNSIGNED_SUBTRACTION';mysql>CREATE TABLE t2 SELECT c1 - 1 AS c2 FROM test;mysql>DESCRIBE t2;+-------+------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+------------+------+-----+---------+-------+ | c2 | bigint(21) | | | 0 | | +-------+------------+------+-----+---------+-------+
Note that this means that BIGINT UNSIGNED
is not 100% usable in all contexts. See
Section 11.9, “Cast Functions and Operators”.
mysql>SET SQL_MODE = '';mysql>SELECT CAST(0 AS UNSIGNED) - 1;+-------------------------+ | CAST(0 AS UNSIGNED) - 1 | +-------------------------+ | 18446744073709551615 | +-------------------------+ mysql>SET SQL_MODE = 'NO_UNSIGNED_SUBTRACTION';mysql>SELECT CAST(0 AS UNSIGNED) - 1;+-------------------------+ | CAST(0 AS UNSIGNED) - 1 | +-------------------------+ | -1 | +-------------------------+
In strict mode, don't allow '0000-00-00'
as a valid date. You can still insert zero dates with the
IGNORE option. When not in strict mode,
the date is accepted but a warning is generated. (Added in
MySQL 5.0.2)
In strict mode, do not accept dates where the year part is
non-zero but the month or day part is 0 (for example,
'0000-00-00' is legal but
'2010-00-01' and
'2010-01-00' are not). If used with the
IGNORE option, MySQL inserts a
'0000-00-00' date for any such date. When
not in strict mode, the date is accepted but a warning is
generated. (Added in MySQL 5.0.2)
Do not allow queries for which the SELECT
list refers to non-aggregated columns that are not named in
the GROUP BY clause. The following query
is invalid with this mode enabled because
address is not named in the
GROUP BY clause:
SELECT name, address, MAX(age) FROM t GROUP BY name;
As of MySQL 5.0.23, this mode also restricts references to
non-aggregated columns in the HAVING
clause that are not named in the GROUP BY
clause.
Treat || as
a string concatenation operator (same as
CONCAT()) rather than as a
synonym for OR.
Treat REAL as a synonym for
FLOAT. By default, MySQL treats
REAL as a synonym for
DOUBLE.
Enable strict mode for all storage engines. Invalid data values are rejected. Additional detail follows. (Added in MySQL 5.0.2)
Enable strict mode for transactional storage engines, and when possible for non-transactional storage engines. Additional details follow. (Implemented in MySQL 5.0.2)
Strict mode controls how MySQL handles input values that are
invalid or missing. A value can be invalid for several reasons.
For example, it might have the wrong data type for the column,
or it might be out of range. A value is missing when a new row
to be inserted does not contain a value for a
non-NULL column that has no explicit
DEFAULT clause in its definition. (For a
NULL column, NULL is
inserted if the value is missing.)
For transactional tables, an error occurs for invalid or missing
values in a statement when either of the
STRICT_ALL_TABLES or
STRICT_TRANS_TABLES modes are enabled. The
statement is aborted and rolled back.
For non-transactional tables, the behavior is the same for either mode, if the bad value occurs in the first row to be inserted or updated. The statement is aborted and the table remains unchanged. If the statement inserts or modifies multiple rows and the bad value occurs in the second or later row, the result depends on which strict option is enabled:
For STRICT_ALL_TABLES, MySQL returns an
error and ignores the rest of the rows. However, in this
case, the earlier rows still have been inserted or updated.
This means that you might get a partial update, which might
not be what you want. To avoid this, it's best to use
single-row statements because these can be aborted without
changing the table.
For STRICT_TRANS_TABLES, MySQL converts
an invalid value to the closest valid value for the column
and insert the adjusted value. If a value is missing, MySQL
inserts the implicit default value for the column data type.
In either case, MySQL generates a warning rather than an
error and continues processing the statement. Implicit
defaults are described in
Section 10.1.4, “Data Type Default Values”.
Strict mode disallows invalid date values such as
'2004-04-31'. It does not disallow dates with
zero month or day parts such as '2004-04-00'
or “zero” dates. To disallow these as well, enable
the NO_ZERO_IN_DATE and
NO_ZERO_DATE SQL modes in addition to strict
mode.
If you are not using strict mode (that is, neither
STRICT_TRANS_TABLES nor
STRICT_ALL_TABLES is enabled), MySQL inserts
adjusted values for invalid or missing values and produces
warnings. In strict mode, you can produce this behavior by using
INSERT IGNORE or UPDATE
IGNORE. See Section 12.5.5.33, “SHOW WARNINGS Syntax”.
Strict mode does not affect whether foreign key constraints are
checked. FOREIGN_KEY_CHECKS can be used for
that. (See Section 5.1.4, “Session System Variables”.)
The following special modes are provided as shorthand for
combinations of mode values from the preceding list. All are
available in MySQL 5.0 beginning with version
5.0.0, except for TRADITIONAL, which was
implemented in MySQL 5.0.2.
The descriptions include all mode values that are available in the most recent version of MySQL. For older versions, a combination mode does not include individual mode values that are not available except in newer versions.
Equivalent to REAL_AS_FLOAT,
PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE. Before MySQL 5.0.3,
ANSI also includes
ONLY_FULL_GROUP_BY.
As of MySQL 5.0.40, ANSI mode also causes
the server to return an error for queries where a set
function S with an outer
reference
S(outer_ref)
SELECT * FROM t1 WHERE t1.a IN (SELECT MAX(t1.b) FROM t2 WHERE ...);
Here, MAX(t1.b) cannot
aggregated in the outer query because it appears in the
WHERE clause of that query. Standard SQL
requires an error in this situation. If
ANSI mode is not enabled, the server
treats
S(outer_ref)S(const)
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS,
NO_AUTO_CREATE_USER.
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
Equivalent to NO_FIELD_OPTIONS,
HIGH_NOT_PRECEDENCE.
Equivalent to NO_FIELD_OPTIONS,
HIGH_NOT_PRECEDENCE.
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS,
NO_AUTO_CREATE_USER.
Equivalent to PIPES_AS_CONCAT,
ANSI_QUOTES,
IGNORE_SPACE,
NO_KEY_OPTIONS,
NO_TABLE_OPTIONS,
NO_FIELD_OPTIONS.
Equivalent to STRICT_TRANS_TABLES,
STRICT_ALL_TABLES,
NO_ZERO_IN_DATE,
NO_ZERO_DATE,
ERROR_FOR_DIVISION_BY_ZERO,
NO_AUTO_CREATE_USER.
MySQL Server supports a HELP statement that
returns online information from the MySQL Reference manual (see
Section 12.3.3, “HELP Syntax”). The proper operation of this statement
requires that the help tables in the mysql
database be initialized with help topic information, which is
done by processing the contents of the
fill_help_tables.sql script.
For a MySQL binary distribution on Unix, help table setup occurs when you run mysql_install_db. For an RPM distribution on Linux or binary distribution on Windows, help table setup occurs as part of the MySQL installation process.
For a MySQL source distribution, you can find the
fill_help_tables.sql file in the
scripts directory. To load the file
manually, make sure that you have initialized the
mysql database by running
mysql_install_db, and then process the file
with the mysql client as follows:
shell> mysql -u root mysql < fill_help_tables.sql
If you are working with Bazaar and a MySQL development source
tree, the tree doesn't contain
fill_help_tables.sql. You can download the
proper file for your version of MySQL from
http://dev.mysql.com/doc/. After downloading and
uncompressing the file, process it with mysql
as just described.
On Unix, signals can be sent to processes. mysqld responds to signals sent to it as follows:
SIGTERM causes the server to shut down.
SIGHUP causes the server to reload the
grant tables and flush the logs (like FLUSH
PRIVILEGES and FLUSH LOGS). It
also writes a status report to the error log that has this
format:
Status information: Current dir: /var/mysql/data/ Running threads: 0 Stack size: 196608 Current locks: Key caches: default Buffer_size: 8388600 Block_size: 1024 Division_limit: 100 Age_limit: 300 blocks used: 0 not flushed: 0 w_requests: 0 writes: 0 r_requests: 0 reads: 0 handler status: read_key: 0 read_next: 0 read_rnd 0 read_first: 1 write: 0 delete 0 update: 0 Table status: Opened tables: 5 Open tables: 0 Open files: 7 Open streams: 0 Alarm status: Active alarms: 1 Max used alarms: 2 Next alarm time: 67
On some Mac OS X 10.3 versions, mysqld
ignores SIGHUP and
SIGQUIT.
The server shutdown process takes place as follows:
The shutdown process is initiated.
Server shutdown can be initiated several ways. For example,
a user with the SHUTDOWN privilege can
execute a mysqladmin shutdown command.
mysqladmin can be used on any platform
supported by MySQL. Other operating system-specific shutdown
initiation methods are possible as well: The server shuts
down on Unix when it receives a SIGTERM
signal. A server running as a service on Windows shuts down
when the services manager tells it to.
The server creates a shutdown thread if necessary.
Depending on how shutdown was initiated, the server might
create a thread to handle the shutdown process. If shutdown
was requested by a client, a shutdown thread is created. If
shutdown is the result of receiving a
SIGTERM signal, the signal thread might
handle shutdown itself, or it might create a separate thread
to do so. If the server tries to create a shutdown thread
and cannot (for example, if memory is exhausted), it issues
a diagnostic message that appears in the error log:
Error: Can't create thread to kill server
The server stops accepting new connections.
To prevent new activity from being initiated during shutdown, the server stops accepting new client connections. It does this by closing the network connections to which it normally listens for connections: the TCP/IP port, the Unix socket file, the Windows named pipe, and shared memory on Windows.
The server terminates current activity.
For each thread that is associated with a client connection,
the connection to the client is broken and the thread is
marked as killed. Threads die when they notice that they are
so marked. Threads for idle connections die quickly. Threads
that currently are processing statements check their state
periodically and take longer to die. For additional
information about thread termination, see
Section 12.5.6.3, “KILL Syntax”, in particular for the instructions
about killed REPAIR TABLE or
OPTIMIZE TABLE operations on
MyISAM tables.
For threads that have an open transaction, the transaction
is rolled back. Note that if a thread is updating a
non-transactional table, an operation such as a multiple-row
UPDATE or INSERT may
leave the table partially updated, because the operation can
terminate before completion.
If the server is a master replication server, threads associated with currently connected slaves are treated like other client threads. That is, each one is marked as killed and exits when it next checks its state.
If the server is a slave replication server, the I/O and SQL threads, if active, are stopped before client threads are marked as killed. The SQL thread is allowed to finish its current statement (to avoid causing replication problems), and then stops. If the SQL thread was in the middle of a transaction at this point, the transaction is rolled back.
Storage engines are shut down or closed.
At this stage, the table cache is flushed and all open tables are closed.
Each storage engine performs any actions necessary for
tables that it manages. For example,
MyISAM flushes any pending index writes
for a table. InnoDB flushes its buffer
pool to disk (starting from 5.0.5: unless
innodb_fast_shutdown is 2), writes the
current LSN to the tablespace, and terminates its own
internal threads.
The server exits.
MySQL has several different logs that can help you find out what is going on inside mysqld:
| Log Type | Information Written to Log |
| The error log | Problems encountered starting, running, or stopping mysqld |
| The general query log | Established client connections and statements received from clients |
| The binary log | All statements that change data (also used for replication) |
| The slow query log | All queries that took more than long_query_time
seconds to execute or didn't use indexes |
By default, all log files are created in the
mysqld data directory. You can force
mysqld to close and reopen the log files (or in
some cases switch to a new log) by flushing the logs. Log flushing
occurs when you issue a FLUSH LOGS statement or
execute mysqladmin flush-logs or
mysqladmin refresh. See
Section 12.5.6.2, “FLUSH Syntax”, and Section 4.5.2, “mysqladmin — Client for Administering a MySQL Server”.
If you are using MySQL replication capabilities, slave replication servers maintain additional log files called relay logs. Chapter 18, Replication, discusses relay log contents and configuration.
MySQL Enterprise The MySQL Enterprise Monitor provides a number of advisors specifically related to the various log files. For more information see http://www.mysql.com/products/enterprise/advisors.html.
The error log contains information indicating when mysqld was started and stopped and also any critical errors that occur while the server is running. If mysqld notices a table that needs to be automatically checked or repaired, it writes a message to the error log.
On some operating systems, the error log contains a stack trace if mysqld dies. The trace can be used to determine where mysqld died. See MySQL Internals: Porting.
You can specify where mysqld writes the error
log with the
--log-error[=
option. If no file_name]file_name value is
given, mysqld uses the name
host_name.errFLUSH LOGS, the error log is renamed
with the suffix -old and
mysqld creates a new empty log file. (No
renaming occurs if the --log-error option was
not given to mysqld.)
If you do not specify --log-error, or (on
Windows) if you use the --console option,
errors are written to stderr, the standard
error output. Usually this is your terminal.
On Windows, error output is always written to the
.err file if --console is
not given.
The --log-warnings option or
log_warnings system variable can be used to
control warning logging to the error log. The default value is
enabled (1). Warning logging can be disabled using a value of 0.
If the value is greater than 1, aborted connections are written
to the error log. See Section B.1.2.11, “Communication Errors and Aborted Connections”.
If you use mysqld_safe to start
mysqld, mysqld_safe
arranges for mysqld to write error messages
to a log file. If you specify a filename via
--log-error to mysqld_safe
or mysqld, that filename is used. Otherwise,
mysqld_safe uses the default error log file.
If mysqld_safe is used to start
mysqld and mysqld dies
unexpectedly, mysqld_safe notices that it
needs to restart mysqld and writes a
restarted mysqld message to the error log.
The general query log is a general record of what mysqld is doing. The server writes information to this log when clients connect or disconnect, and it logs each SQL statement received from clients. The general query log can be very useful when you suspect an error in a client and want to know exactly what the client sent to mysqld.
mysqld writes statements to the query log in the order that it receives them, which might differ from the order in which they are executed. This logging order contrasts to the binary log, for which statements are written after they are executed but before any locks are released. (Also, the query log contains all statements, whereas the binary log does not contain statements that only select data.)
To enable the general query log, start mysqld
with the
--log[= or
file_name]-l [
option.
file_name]
If no file_name value is given for
--log or -l, the default name
is host_name.log
Server restarts and log flushing do not cause a new general query log file to be generated (although flushing closes and reopens it). On Unix, you can rename the file and create a new one by using the following commands:
shell>mvshell>host_name.loghost_name-old.logmysqladmin flush-logsshell>cpshell>host_name-old.logbackup-directoryrmhost_name-old.log
Before 5.0.17, you cannot rename a log file on Windows while the
server has it open. You must stop the server and rename the
file, and then restart the server to create a new log file. As
of 5.0.17, this applies only to the error log. However, a stop
and restart can be avoided by using FLUSH
LOGS, which causes the server to rename the error log
with an -old suffix and open a new error
log.
The binary log contains all statements that update data or
potentially could have updated it (for example, a
DELETE which matched no rows). Statements are
stored in the form of “events” that describe the
modifications. The binary log also contains information about
how long each statement took that updated data. The binary log
has two important purposes:
For replication, the binary log is used on master replication servers as a record of the statements to be sent to slave servers. The master server sends the events contained in its binary log to its slaves, which execute those events to make the same data changes that were made on the master. See Section 18.4, “Replication Implementation Overview”.
Certain data recovery operations require use of the binary log. After a backup file has been restored, the events in the binary log that were recorded after the backup was made are re-executed. These events bring databases up to date from the point of the backup. See Section 6.2.2, “Using Backups for Recovery”.
The binary log has replaced the old update log, which is no longer available as of MySQL 5.0. The binary log contains all information that is available in the update log in a more efficient format and in a manner that is transaction-safe. If you are using transactions, you must use the MySQL binary log for backups instead of the old update log.
The binary log is not used for statements such as
SELECT or SHOW that do not
modify data. If you want to log all statements (for example, to
identify a problem query), use the general query log. See
Section 5.2.2, “The General Query Log”.
MySQL Enterprise The binary log can also be used to track significant DDL events. Analyzing the binary log in this way is an integral part of the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
Running the server with the binary log enabled makes performance about 1% slower. However, the benefits of the binary log for restore operations and in allowing you to set up replication generally outweigh this minor performance decrement.
When started with the
--log-bin[=
option, mysqld writes a log file containing
all SQL statements that update data (both DDL and DML
statements). If no base_name]base_name value is
given, the default name is the value of the
pid-file option (which by default is the name
of host machine) followed by -bin. If the
basename is given, but not as an absolute pathname, the server
writes the file in the data directory. It is recommended that
you specify a basename; see Section B.1.8.1, “Open Issues in MySQL”, for the
reason.
From MySQL 5.0.41 through 5.0.52, “mysql” was
used when no base_name was
specified. Also in these versions, a path given as part of the
--log-bin options was treated as absolute
rather than relative. The previous behaviors were restored in
MySQL 5.0.54. (See Bug#28603 and Bug#28597.)
If you supply an extension in the log name (for example,
--log-bin=),
the extension is silently removed and ignored.
base_name.extension
mysqld appends a numeric extension to the
binary log basename to generate binary log filenames. The number
increases each time the server creates a new log file, thus
creating an ordered series of files. The server creates a new
file in the series each time it starts or flushes the logs. The
server also creates a new binary log file automatically when the
current log's size reaches max_binlog_size. A
binary log file may become larger than
max_binlog_size if you are using large
transactions because a transaction is written to the file in one
piece, never split between files.
To keep track of which binary log files have been used,
mysqld also creates a binary log index file
that contains the names of all used binary log files. By
default, this has the same basename as the binary log file, with
the extension '.index'. You can change the
name of the binary log index file with the
--log-bin-index[=
option. You should not manually edit this file while
mysqld is running; doing so would confuse
mysqld.
file_name]
You can delete all binary log files with the RESET
MASTER statement, or a subset of them with
PURGE MASTER LOGS. See
Section 12.5.6.5, “RESET Syntax”, and
Section 12.6.1.1, “PURGE MASTER LOGS Syntax”.
Writes to the binary log file and binary log index file are
handled in the same way as writes to MyISAM
tables. See Section B.1.4.3, “How MySQL Handles a Full Disk”.
The binary log format has some known limitations that can affect recovery from backups. See Section 18.3.1, “Replication Features and Issues”.
Binary logging for stored routines and triggers is done as described in Section 21.4, “Binary Logging of Stored Routines and Triggers”.
A replication slave server by default does not write to its own
binary log any data modifications that are received from the
replication master. To log these modifications, start the slave
with the --log-slave-updates option.
You can use the following options to mysqld to affect what is logged to the binary log. See also the discussion that follows this option list.
If you are using replication, the options described here affect which statements are sent by a master server to its slaves. There are also options for slave servers that control which statements received from the master to execute or ignore. For details, see Section 18.1.2, “Replication Startup Options and Variables”.
Tell the server to restrict binary logging to updates for
which the default database is
db_name (that is, the database
selected by USE). All other databases
that are not explicitly mentioned are ignored. If you use
this option, you should ensure that you do updates only in
the default database.
There is an exception to this for CREATE
DATABASE, ALTER DATABASE, and
DROP DATABASE statements. The server uses
the database named in the statement (not the default
database) to decide whether it should log the statement.
An example of what does not work as you might expect: If the
server is started with
binlog-do-db=sales, and you run
USE prices; UPDATE sales.january SET
amount=amount+1000;, this statement is
not written into the binary log.
To log multiple databases, use multiple options, specifying the option once for each database.
Tell the server to suppress binary logging of updates for
which the default database is
db_name (that is, the database
selected by USE). If you use this option,
you should ensure that you do updates only in the default
database.
As with the --binlog-do-db option, there is
an exception for the CREATE DATABASE,
ALTER DATABASE, and DROP
DATABASE statements. The server uses the database
named in the statement (not the default database) to decide
whether it should log the statement.
An example of what does not work as you might expect: If the
server is started with
binlog-ignore-db=sales, and you run
USE prices; UPDATE sales.january SET
amount=amount+1000;, this statement
is written into the binary log.
To ignore multiple databases, use multiple options, specifying the option once for each database.
The server evaluates the options for logging or ignoring updates
to the binary log according to the following rules. As described
previously, there is an exception for the CREATE
DATABASE, ALTER DATABASE, and
DROP DATABASE statements. In those cases, the
database being created, altered, or dropped
replaces the default database in the following rules:
Are there --binlog-do-db or
--binlog-ignore-db rules?
No: Write the statement to the binary log and exit.
Yes: Go to the next step.
There are some rules (--binlog-do-db,
--binlog-ignore-db, or both). Is there a
default database (has any database been selected by
USE?)?
No: Do not write the statement, and exit.
Yes: Go to the next step.
There is a default database. Are there some
--binlog-do-db rules?
Yes: Does the default database match any of the
--binlog-do-db rules?
Yes: Write the statement and exit.
No: Do not write the statement, and exit.
No: Go to the next step.
There are some --binlog-ignore-db rules.
Does the default database match any of the
--binlog-ignore-db rules?
Yes: Do not write the statement, and exit.
No: Write the query and exit.
For example, a slave running with only
--binlog-do-db=sales does not write to the
binary log any statement for which the default database is
different from sales (in other words,
--binlog-do-db can sometimes mean “ignore
other databases”).
If you are using replication, you should not delete old binary
log files until you are sure that no slave still needs to use
them. For example, if your slaves never run more than three days
behind, once a day you can execute mysqladmin
flush-logs on the master and then remove any logs that
are more than three days old. You can remove the files manually,
but it is preferable to use PURGE MASTER
LOGS, which also safely updates the binary log index
file for you (and which can take a date argument). See
Section 12.6.1.1, “PURGE MASTER LOGS Syntax”.
A client that has the SUPER privilege can
disable binary logging of its own statements by using a
SET SQL_LOG_BIN=0 statement. See
Section 5.1.4, “Session System Variables”.
You can display the contents of binary log files with the mysqlbinlog utility. This can be useful when you want to reprocess statements in the log. For example, you can update a MySQL server from the binary log as follows:
shell> mysqlbinlog log_file | mysql -h server_name
See Section 4.6.7, “mysqlbinlog — Utility for Processing Binary Log Files”, for more information on the mysqlbinlog utility and how to use it. mysqlbinlog also can be used with relay log files because they are written using the same format as binary log files.
Binary logging is done immediately after a statement completes but before any locks are released or any commit is done. This ensures that the log is logged in execution order.
Updates to non-transactional tables are stored in the binary log
immediately after execution. Within an uncommitted transaction,
all updates (UPDATE,
DELETE, or INSERT) that
change transactional tables such as BDB or
InnoDB tables are cached until a
COMMIT statement is received by the server.
At that point, mysqld writes the entire
transaction to the binary log before the
COMMIT is executed. When the thread that
handles the transaction starts, it allocates a buffer of
binlog_cache_size to buffer statements. If a
statement is bigger than this, the thread opens a temporary file
to store the transaction. The temporary file is deleted when the
thread ends.
Modifications to non-transactional tables cannot be rolled back.
If a transaction that is rolled back includes modifications to
non-transactional tables, the entire transaction is logged with
a ROLLBACK statement at the end to ensure
that the modifications to those tables are replicated.
The Binlog_cache_use status variable shows
the number of transactions that used this buffer (and possibly a
temporary file) for storing statements. The
Binlog_cache_disk_use status variable shows
how many of those transactions actually had to use a temporary
file. These two variables can be used for tuning
binlog_cache_size to a large enough value
that avoids the use of temporary files.
The max_binlog_cache_size system variable
(default 4GB, which is also the maximum) can be used to restrict
the total size used to cache a multiple-statement transaction.
If a transaction is larger than this many bytes, it fails and
rolls back. The minimum value is 4096.
Note that the binary log format is different in MySQL 5.0 from previous versions of MySQL, due to enhancements in replication. See Section 18.3.2, “Replication Compatibility Between MySQL Versions”.
By default, the binary log is not synchronized to disk at each
write. So if the operating system or machine (not only the MySQL
server) crashes, there is a chance that the last statements of
the binary log are lost. To prevent this, you can make the
binary log be synchronized to disk after every
N writes to the binary log, with the
sync_binlog system variable. See
Section 5.1.3, “System Variables”. 1 is the safest value
for sync_binlog, but also the slowest. Even
with sync_binlog set to 1, there is still the
chance of an inconsistency between the table content and binary
log content in case of a crash. For example, if you are using
InnoDB tables and the MySQL server processes
a COMMIT statement, it writes the whole
transaction to the binary log and then commits this transaction
into InnoDB. If the server crashes between
those two operations, the transaction is rolled back by
InnoDB at restart but still exists in the
binary log. This problem can be solved with the
--innodb-safe-binlog option, which adds
consistency between the content of InnoDB
tables and the binary log. (Note:
--innodb-safe-binlog is unneeded as of MySQL
5.0; it was made obsolete by the introduction of XA transaction
support.)
For this option to provide a greater degree of safety, the MySQL
server should also be configured to synchronize the binary log
and the InnoDB logs to disk at every
transaction. The InnoDB logs are synchronized
by default, and sync_binlog=1 can be used to
synchronize the binary log. The effect of this option is that at
restart after a crash, after doing a rollback of transactions,
the MySQL server cuts rolled back InnoDB
transactions from the binary log. This ensures that the binary
log reflects the exact data of InnoDB tables,
and so, that the slave remains in synchrony with the master (not
receiving a statement which has been rolled back).
Note that --innodb-safe-binlog can be used even
if the MySQL server updates other storage engines than
InnoDB. Only statements and transactions that
affect InnoDB tables are subject to removal
from the binary log at InnoDB's crash
recovery. If the MySQL server discovers at crash recovery that
the binary log is shorter than it should have been, it lacks at
least one successfully committed InnoDB
transaction. This should not happen if
sync_binlog=1 and the disk/filesystem do an
actual sync when they are requested to (some don't), so the
server prints an error message The binary log
<name> is shorter than its expected size. In
this case, this binary log is not correct and replication should
be restarted from a fresh snapshot of the master's data.
For MySQL 5.0.46, the following session variables are written to the binary log and honoured by the replication slave when parsing the binary log:
FOREIGN_KEY_CHECKS
UNIQUE_CHECKS
SQL_AUTO_IS_NULL
The slow query log consists of all SQL statements that took more
than long_query_time seconds to execute. The
time to acquire the initial table locks is not counted as
execution time. mysqld writes a statement to
the slow query log after it has been executed and after all
locks have been released, so log order might be different from
execution order. The minimum and default values of
long_query_time are 1 and 10, respectively.
To enable the slow query log, start mysqld
with the
--log-slow-queries[=
option.
file_name]
If no file_name value is given for
--log-slow-queries, the default name is
host_name-slow.log
The slow query log can be used to find queries that take a long time to execute and are therefore candidates for optimization. However, examining a long slow query log can become a difficult task. To make this easier, you can process the slow query log using the mysqldumpslow command to summarize the queries that appear in the log. Use mysqldumpslow --help to see the options that this command supports.
In MySQL 5.0, queries that do not use indexes are
logged in the slow query log if the
--log-queries-not-using-indexes option is
specified. See Section 5.1.2, “Command Options”.
MySQL Enterprise Excessive table scans are indicative of missing or poorly optimized indexes. Using an advisor specifically designed for the task, the MySQL Enterprise Monitor can identify such problems and offer advice on resolution. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
In MySQL 5.0, the
--log-slow-admin-statements server option
enables you to request logging of slow administrative statements
such as OPTIMIZE TABLE, ANALYZE
TABLE, and ALTER TABLE to the slow
query log.
Queries handled by the query cache are not added to the slow query log, nor are queries that would not benefit from the presence of an index because the table has zero rows or one row.
MySQL Server can create a number of different log files that make it easy to see what is going on. See Section 5.2, “MySQL Server Logs”. However, you must clean up these files regularly to ensure that the logs do not take up too much disk space.
When using MySQL with logging enabled, you may want to back up and remove old log files from time to time and tell MySQL to start logging to new files. See Section 6.1, “Database Backups”.
On a Linux (Red Hat) installation, you can use the
mysql-log-rotate script for this. If you
installed MySQL from an RPM distribution, this script should
have been installed automatically. You should be careful with
this script if you are using the binary log for replication. You
should not remove binary logs until you are certain that their
contents have been processed by all slaves.
On other systems, you must install a short script yourself that you start from cron (or its equivalent) for handling log files.
For the binary log, you can set the
expire_logs_days system variable to expire
binary log files automatically after a given number of days (see
Section 5.1.3, “System Variables”). If you are using
replication, you should set the variable no lower than the
maximum number of days your slaves might lag behind the master.
You can force MySQL to start using new log files by issuing a
FLUSH LOGS statement or executing
mysqladmin flush-logs or mysqladmin
refresh. See Section 12.5.6.2, “FLUSH Syntax”, and
Section 4.5.2, “mysqladmin — Client for Administering a MySQL Server”.
A log flushing operation does the following:
If general query logging (--log) or slow
query logging (--log-slow-queries) to a log
file is enabled, the server closes and reopens the general
query log file or slow query log file.
If binary logging (--log-bin) is used, the
server closes the current log file and opens a new log file
with the next sequence number.
If the server was given an error log filename with the
--log-error option, it renames the error
log with the suffix -old and creates a
new empty error log file.
The server creates a new binary log file when you flush the
logs. However, it just closes and reopens the general and slow
query log files. To cause new files to be created on Unix,
rename the current logs before flushing them. At flush time, the
server will open new logs with the original names. For example,
if the general and slow query logs are named
mysql.log and
mysql-slow.log, you can use a series of
commands like this:
shell>cdshell>mysql-data-directorymv mysql.log mysql.oldshell>mv mysql-slow.log mysql-slow.oldshell>mysqladmin flush-logs
At this point, you can make a backup of
mysql.old and
mysql-slow.log and then remove them from
disk.
Before 5.0.17, you cannot rename a log file on Windows while the
server has it open. You must stop the server and rename the
file, and then restart the server to create a new log file. As
of 5.0.17, this applies only to the error log. However, a stop
and restart can be avoided by using FLUSH
LOGS, which causes the server to rename the error log
with an -old suffix and open a new error
log.
The session sql_log_off variable can be set
to ON or OFF to disable or
enable general query logging for the current connection.
This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Section 5.4, “The MySQL Access Privilege System”.
For answers to some questions that are often asked about MySQL Server security issues, see Section A.9, “MySQL 5.0 FAQ — Security”.
Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, we emphasize the necessity of fully protecting the entire server host (not just the MySQL server) against all types of applicable attacks: eavesdropping, altering, playback, and denial of service. We do not cover all aspects of availability and fault tolerance here.
MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform. There is also support for SSL-encrypted connections between MySQL clients and servers. Many of the concepts discussed here are not specific to MySQL at all; the same general ideas apply to almost all applications.
When running MySQL, follow these guidelines whenever possible:
Do not ever give anyone (except MySQL
root accounts) access to the
user table in the
mysql database! This is
critical.
Learn the MySQL access privilege system. The
GRANT and REVOKE
statements are used for controlling access to MySQL. Do not
grant more privileges than necessary. Never grant privileges
to all hosts.
Checklist:
Try mysql -u root. If you are able to
connect successfully to the server without being asked
for a password, anyone can connect to your MySQL server
as the MySQL root user with full
privileges! Review the MySQL installation instructions,
paying particular attention to the information about
setting a root password. See
Section 2.4.16.3, “Securing the Initial MySQL Accounts”.
Use the SHOW GRANTS statement to
check which accounts have access to what. Then use the
REVOKE statement to remove those
privileges that are not necessary.
Do not store any plain-text passwords in your database. If
your computer becomes compromised, the intruder can take the
full list of passwords and use them. Instead, use
MD5(),
SHA1(), or some other
one-way hashing function and store the hash value.
Do not choose passwords from dictionaries. Special programs exist to break passwords. Even passwords like “xfish98” are very bad. Much better is “duag98” which contains the same word “fish” but typed one key to the left on a standard QWERTY keyboard. Another method is to use a password that is taken from the first characters of each word in a sentence (for example, “Mary had a little lamb” results in a password of “Mhall”). The password is easy to remember and type, but difficult to guess for someone who does not know the sentence.
MySQL Enterprise MySQL Enterprise subscribers can find an example of a function that checks password security in the Knowledge Base article, Checking Password Complexity. To subscribe to MySQL Enterprise see http://www.mysql.com/products/enterprise/advisors.html.
Invest in a firewall. This protects you from at least 50% of all types of exploits in any software. Put MySQL behind the firewall or in a demilitarized zone (DMZ).
Checklist:
Try to scan your ports from the Internet using a tool
such as nmap. MySQL uses port 3306 by
default. This port should not be accessible from
untrusted hosts. Another simple way to check whether or
not your MySQL port is open is to try the following
command from some remote machine, where
server_host is the hostname
or IP number of the host on which your MySQL server
runs:
shell> telnet server_host 3306
If you get a connection and some garbage characters, the port is open, and should be closed on your firewall or router, unless you really have a good reason to keep it open. If telnet hangs or the connection is refused, the port is blocked, which is how you want it to be.
Do not trust any data entered by users of your applications.
They can try to trick your code by entering special or
escaped character sequences in Web forms, URLs, or whatever
application you have built. Be sure that your application
remains secure if a user enters something like
“; DROP DATABASE mysql;”.
This is an extreme example, but large security leaks and
data loss might occur as a result of hackers using similar
techniques, if you do not prepare for them.
A common mistake is to protect only string data values.
Remember to check numeric data as well. If an application
generates a query such as SELECT * FROM table WHERE
ID=234 when a user enters the value
234, the user can enter the value
234 OR 1=1 to cause the application to
generate the query SELECT * FROM table WHERE ID=234
OR 1=1. As a result, the server retrieves every
row in the table. This exposes every row and causes
excessive server load. The simplest way to protect from this
type of attack is to use single quotes around the numeric
constants: SELECT * FROM table WHERE
ID='234'. If the user enters extra information, it
all becomes part of the string. In a numeric context, MySQL
automatically converts this string to a number and strips
any trailing non-numeric characters from it.
Sometimes people think that if a database contains only publicly available data, it need not be protected. This is incorrect. Even if it is allowable to display any row in the database, you should still protect against denial of service attacks (for example, those that are based on the technique in the preceding paragraph that causes the server to waste resources). Otherwise, your server becomes unresponsive to legitimate users.
Checklist:
Try to enter single and double quote marks
(“'” and
“"”) in all of your Web
forms. If you get any kind of MySQL error, investigate
the problem right away.
Try to modify dynamic URLs by adding
%22
(“"”),
%23
(“#”), and
%27
(“'”) to them.
Try to modify data types in dynamic URLs from numeric to character types using the characters shown in the previous examples. Your application should be safe against these and similar attacks.
Try to enter characters, spaces, and special symbols rather than numbers in numeric fields. Your application should remove them before passing them to MySQL or else generate an error. Passing unchecked values to MySQL is very dangerous!
Check the size of data before passing it to MySQL.
Have your application connect to the database using a username different from the one you use for administrative purposes. Do not give your applications any access privileges they do not need.
Many application programming interfaces provide a means of escaping special characters in data values. Properly used, this prevents application users from entering values that cause the application to generate statements that have a different effect than you intend:
MySQL C API: Use the
mysql_real_escape_string()
API call.
MySQL++: Use the escape and
quote modifiers for query streams.
PHP: Use the
mysql_real_escape_string() function
(available as of PHP 4.3.0, prior to that PHP version
use mysql_escape_string(), and
prior to PHP 4.0.3, use
addslashes() ). Note that only
mysql_real_escape_string() is
character set-aware; the other functions can be
“bypassed” when using (invalid) multi-byte
character sets. In PHP 5, you can use the
mysqli extension, which supports the
improved MySQL authentication protocol and passwords, as
well as prepared statements with placeholders.
Perl DBI: Use placeholders or the
quote() method.
Ruby DBI: Use placeholders or the
quote() method.
Java JDBC: Use a PreparedStatement
object and placeholders.
Other programming interfaces might have similar capabilities.
Do not transmit plain (unencrypted) data over the Internet. This information is accessible to everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an encrypted protocol such as SSL or SSH. MySQL supports internal SSL connections as of version 4.0. Another technique is to use SSH port-forwarding to create an encrypted (and compressed) tunnel for the communication.
Learn to use the tcpdump and strings utilities. In most cases, you can check whether MySQL data streams are unencrypted by issuing a command like the following:
shell> tcpdump -l -i eth0 -w - src or dst port 3306 | strings
This works under Linux and should work with small modifications under other systems.
If you do not see plaintext data, this does not always mean that the information actually is encrypted. If you need high security, you should consult with a security expert.
When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure. If you are still using pre-4.1.1-style passwords, the encryption algorithm is not as strong as the newer algorithm. With some effort, a clever attacker who can sniff the traffic between the client and the server can crack the password. (See Section 5.4.8, “Password Hashing as of MySQL 4.1”, for a discussion of the different password handling methods.)
MySQL Enterprise The MySQL Enterprise Monitor enforces best practices for maximizing the security of your servers. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
All other information is transferred as text, and can be read by anyone who is able to watch the connection. If the connection between the client and the server goes through an untrusted network, and you are concerned about this, you can use the compressed protocol to make traffic much more difficult to decipher. You can also use MySQL's internal SSL support to make the connection even more secure. See Section 5.5.7, “Using SSL for Secure Connections”. Alternatively, use SSH to get an encrypted TCP/IP connection between a MySQL server and a MySQL client. You can find an Open Source SSH client at http://www.openssh.org/, and a commercial SSH client at http://www.ssh.com/.
To make a MySQL system secure, you should strongly consider the following suggestions:
Require all MySQL accounts to have a password. A client
program does not necessarily know the identity of the person
running it. It is common for client/server applications that
the user can specify any username to the client program. For
example, anyone can use the mysql program
to connect as any other person simply by invoking it as
mysql -u if
other_user
db_nameother_user has no password. If
all accounts have a password, connecting using another
user's account becomes much more difficult.
For a discussion of methods for setting passwords, see Section 5.5.5, “Assigning Account Passwords”.
Never run the MySQL server as the Unix
root user. This is extremely dangerous,
because any user with the FILE privilege
is able to cause the server to create files as
root (for example,
~root/.bashrc). To prevent this,
mysqld refuses to run as
root unless that is specified explicitly
using the --user=root option.
mysqld can (and should) be run as an
ordinary, unprivileged user instead. You can create a
separate Unix account named mysql to make
everything even more secure. Use this account only for
administering MySQL. To start mysqld as a
different Unix user, add a user option
that specifies the username in the
[mysqld] group of the
my.cnf option file where you specify
server options. For example:
[mysqld] user=mysql
This causes the server to start as the designated user whether you start it manually or by using mysqld_safe or mysql.server. For more details, see Section 5.3.5, “How to Run MySQL as a Normal User”.
Running mysqld as a Unix user other than
root does not mean that you need to
change the root username in the
user table. Usernames for MySQL
accounts have nothing to do with usernames for Unix
accounts.
Do not allow the use of symlinks to tables. (This capability
can be disabled with the
--skip-symbolic-links option.) This is
especially important if you run mysqld as
root, because anyone that has write
access to the server's data directory then could delete any
file in the system! See
Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.
Make sure that the only Unix user account with read or write privileges in the database directories is the account that is used for running mysqld.
Do not grant the PROCESS or
SUPER privilege to non-administrative
users. The output of mysqladmin
processlist and SHOW
PROCESSLIST shows the text of any statements
currently being executed, so any user who is allowed to see
the server process list might be able to see statements
issued by other users such as UPDATE user SET
password=PASSWORD('not_secure').
mysqld reserves an extra connection for
users who have the SUPER privilege, so
that a MySQL root user can log in and
check server activity even if all normal connections are in
use.
The SUPER privilege can be used to
terminate client connections, change server operation by
changing the value of system variables, and control
replication servers.
Do not grant the FILE privilege to
non-administrative users. Any user that has this privilege
can write a file anywhere in the filesystem with the
privileges of the mysqld daemon. To make
this a bit safer, files generated with SELECT ...
INTO OUTFILE do not overwrite existing files and
are writable by everyone.
The FILE privilege may also be used to
read any file that is world-readable or accessible to the
Unix user that the server runs as. With this privilege, you
can read any file into a database table. This could be
abused, for example, by using LOAD DATA
to load /etc/passwd into a table, which
then can be displayed with SELECT.
If you do not trust your DNS, you should use IP numbers rather than hostnames in the grant tables. In any case, you should be very careful about creating grant table entries using hostname values that contain wildcards.
If you want to restrict the number of connections allowed to
a single account, you can do so by setting the
max_user_connections variable in
mysqld. The GRANT
statement also supports resource control options for
limiting the extent of server use allowed to an account. See
Section 12.5.1.3, “GRANT Syntax”.
Options that begin with --ssl specify
whether to allow clients to connect via SSL and indicate
where to find SSL keys and certificates. See
Section 5.5.7.3, “SSL Command Options”.
The following mysqld options affect security:
| Name | Cmd-Line | Option file | System Var | Status Var | Var Scope | Dynamic |
|---|---|---|---|---|---|---|
| allow-suspicious-udfs | Yes | Yes | ||||
| automatic_sp_privileges | Yes | Global | Yes | |||
| chroot | Yes | Yes | ||||
| des-key-file | Yes | Yes | ||||
| local_infile | Yes | Global | Yes | |||
| local-infile | Yes | Yes | ||||
| old-passwords | Yes | Yes | Both | Yes | ||
| - Variable: old_passwords | Yes | Both | Yes | |||
| safe-user-create | Yes | Yes | ||||
| secure-auth | Yes | Yes | Global | Yes | ||
| - Variable: secure_auth | Yes | Global | Yes | |||
| secure-file-priv | Yes | Yes | Global | No | ||
| - Variable: secure_file_priv | Yes | Global | No | |||
| skip-grant-tables | Yes | Yes | ||||
| skip-name-resolve | Yes | Yes | ||||
| skip-networking | Yes | Yes | Global | No | ||
| - Variable: skip_networking | Yes | Global | No | |||
| skip-show-database | Yes | Yes | Global | No | ||
| - Variable: skip_show_database | Yes | Global | No |
This option controls whether user-defined functions that
have only an xxx symbol for the main
function can be loaded. By default, the option is off and
only UDFs that have at least one auxiliary symbol can be
loaded; this prevents attempts at loading functions from
shared object files other than those containing legitimate
UDFs. For MySQL 5.0, this option was added in MySQL 5.0.3.
See Section 28.2.2.6, “User-Defined Function Security Precautions”.
If you start the server with
--local-infile=0, clients cannot use
LOCAL in LOAD DATA
statements. See Section 5.3.4, “Security Issues with LOAD DATA LOCAL”.
Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.4.8, “Password Hashing as of MySQL 4.1”.
MySQL Enterprise The MySQL Enterprise Monitor offers advice on the security implications of using this option. For subscription information see http://www.mysql.com/products/enterprise/advisors.html.
--safe-show-database
(OBSOLETE)
In previous versions of MySQL, this option caused the
SHOW DATABASES statement to display the
names of only those databases for which the user had some
kind of privilege. In MySQL 5.0, this option is
no longer available as this is now the default behavior, and
there is a SHOW DATABASES privilege that
can be used to control access to database names on a
per-account basis. See Section 12.5.1.3, “GRANT Syntax”.
If this option is enabled, a user cannot create new MySQL
users by using the GRANT statement unless
the user has the INSERT privilege for the
mysql.user table or any column in the
table. If you want a user to have the ability to create new
users that have those privileges that the user has the right
to grant, you should grant the user the following privilege:
GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
This ensures that the user cannot change any privilege
columns directly, but has to use the
GRANT statement to give privileges to
other users.
Disallow authentication for accounts that have old (pre-4.1) passwords.
The mysql client also has a
--secure-auth option, which prevents
connections to a server if the server requires a password in
old format for the client account.
This option limits the effect of the
LOAD_FILE() function and the
LOAD DATA and SELECT ... INTO
OUTFILE statements to work only with files in the
specified directory.
This option was added in MySQL 5.0.38.
This option causes the server not to use the privilege
system at all. This gives anyone with access to the server
unrestricted access to all
databases. You can cause a running server to
start using the grant tables again by executing
mysqladmin flush-privileges or
mysqladmin reload command from a system
shell, or by issuing a MySQL FLUSH
PRIVILEGES statement. This option also suppresses
loading of user-defined functions (UDFs).
Hostnames are not resolved. All Host
column values in the grant tables must be IP numbers or
localhost.
Do not allow TCP/IP connections over the network. All connections to mysqld must be made via Unix socket files.
With this option, the SHOW DATABASES
statement is allowed only to users who have the
SHOW DATABASES privilege, and the
statement displays all database names. Without this option,
SHOW DATABASES is allowed to all users,
but displays each database name only if the user has the
SHOW DATABASES privilege or some
privilege for the database. Note that any global privilege
is a privilege for the database.
The LOAD DATA statement can load a file that
is located on the server host, or it can load a file that is
located on the client host when the LOCAL
keyword is specified.
There are two potential security issues with supporting the
LOCAL version of LOAD DATA
statements:
The transfer of the file from the client host to the server
host is initiated by the MySQL server. In theory, a patched
server could be built that would tell the client program to
transfer a file of the server's choosing rather than the
file named by the client in the LOAD DATA
statement. Such a server could access any file on the client
host to which the client user has read access.
In a Web environment where the clients are connecting from a
Web server, a user could use LOAD DATA
LOCAL to read any files that the Web server
process has read access to (assuming that a user could run
any command against the SQL server). In this environment,
the client with respect to the MySQL server actually is the
Web server, not the remote program being run by the user who
connects to the Web server.
To deal with these problems, we changed how LOAD DATA
LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2
(4.0.13 on Windows):
By default, all MySQL clients and libraries in binary
distributions are compiled with the
--enable-local-infile option, to be
compatible with MySQL 3.23.48 and before.
If you build MySQL from source but do not invoke
configure with the
--enable-local-infile option, LOAD
DATA LOCAL cannot be used by any client unless it
is written explicitly to invoke
mysql_options(...
MYSQL_OPT_LOCAL_INFILE, 0). See
Section 26.2.3.49, “mysql_options()”.
You can disable all LOAD DATA LOCAL
commands from the server side by starting
mysqld with the
--local-infile=0 option.
For the mysql command-line client,
LOAD DATA LOCAL can be enabled by
specifying the --local-infile[=1] option,
or disabled with the --local-infile=0
option. Similarly, for mysqlimport, the
--local or -L option
enables local data file loading. In any case, successful use
of a local loading operation requires that the server is
enabled to allow it.
If you use LOAD DATA LOCAL in Perl
scripts or other programs that read the
[client] group from option files, you can
add the local-infile=1 option to that
group. However, to keep this from causing problems for
programs that do not understand
local-infile, specify it using the
loose- prefix:
[client] loose-local-infile=1
If LOAD DATA LOCAL INFILE is disabled,
either in the server or the client, a client that attempts
to issue such a statement receives the following error
message:
ERROR 1148: The used command is not allowed with this MySQL version
MySQL Enterprise
Security advisors notify subscribers to the MySQL Enterprise
Monitor whenever a server is started with the
--local-infile option enabled. For more
information see
http://www.mysql.com/products/enterprise/advisors.html.
On Windows, you can run the server as a Windows service using a normal user account.
On Unix, the MySQL server mysqld can be
started and run by any user. However, you should avoid running
the server as the Unix root user for security
reasons. To change mysqld to run as a normal
unprivileged Unix user user_name, you
must do the following:
Stop the server if it's running (use mysqladmin shutdown).
Change the database directories and files so that
user_name has privileges to read
and write files in them (you might need to do this as the
Unix root user):
shell> chown -R user_name /path/to/mysql/datadir
If you do not do this, the server will not be able to access
databases or tables when it runs as
user_name.
If directories or files within the MySQL data directory are
symbolic links, you'll also need to follow those links and
change the directories and files they point to.
chown -R might not follow symbolic links
for you.
Start the server as user
user_name. If you are using MySQL
3.22 or later, another alternative is to start
mysqld as the Unix
root user and use the
--user=
option. mysqld starts up, then switches
to run as the Unix user user_nameuser_name
before accepting any connections.
To start the server as the given user automatically at
system startup time, specify the username by adding a
user option to the
[mysqld] group of the
/etc/my.cnf option file or the
my.cnf option file in the server's data
directory. For example:
[mysqld]
user=user_name
If your Unix machine itself isn't secured, you should assign
passwords to the MySQL root accounts in the
grant tables. Otherwise, any user with a login account on that
machine can run the mysql client with a
--user=root option and perform any operation.
(It is a good idea to assign passwords to MySQL accounts in any
case, but especially so when other login accounts exist on the
server host.) See Section 2.4.16, “Post-Installation Setup and Testing”.
Access denied ErrorsMySQL has an advanced but non-standard security and privilege system. The following discussion describes how it works.
The primary function of the MySQL privilege system is to
authenticate a user who connects from a given host and to
associate that user with privileges on a database such as
SELECT, INSERT,
UPDATE, and DELETE.
Additional functionality includes the ability to have anonymous
users and to grant privileges for MySQL-specific functions such
as LOAD DATA INFILE and administrative
operations.
The MySQL privilege system ensures that all users may perform only the operations allowed to them. As a user, when you connect to a MySQL server, your identity is determined by the host from which you connect and the username you specify. When you issue requests after connecting, the system grants privileges according to your identity and what you want to do.
MySQL considers both your hostname and username in identifying
you because there is little reason to assume that a given
username belongs to the same person everywhere on the Internet.
For example, the user joe who connects from
office.example.com need not be the same
person as the user joe who connects from
home.example.com. MySQL handles this by
allowing you to distinguish users on different hosts that happen
to have the same name: You can grant one set of privileges for
connections by joe from
office.example.com, and a different set of
privileges for connections by joe from
home.example.com.
MySQL access control involves two stages when you run a client program that connects to the server:
Stage 1: The server checks whether it should allow you to connect.
Stage 2: Assuming that you can connect, the server checks
each statement you issue to determine whether you have
sufficient privileges to perform it. For example, if you try
to select rows from a table in a database or drop a table
from the database, the server verifies that you have the
SELECT privilege for the table or the
DROP privilege for the database.
If your privileges are changed (either by yourself or someone else) while you are connected, those changes do not necessarily take effect immediately for the next statement that you issue. See Section 5.4.6, “When Privilege Changes Take Effect”, for details.
The server stores privilege information in the grant tables of
the mysql database (that is, in the database
named mysql). The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.4.6, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
Normally, you manipulate the contents of the grant tables
indirectly by using statements such as GRANT
and REVOKE to set up accounts and control the
privileges available to each one. See
Section 12.5.1, “Account Management Statements”. The discussion here
describes the underlying structure of the grant tables and how
the server uses their contents when interacting with clients.
The server uses the user,
db, and host tables in the
mysql database at both stages of access
control. The columns in the user and
db tables are shown here. The
host table is similar to the
db table but has a specialized use as
described in Section 5.4.5, “Access Control, Stage 2: Request Verification”.
| Table Name | user | db |
| Scope columns | Host | Host |
User | Db | |
Password | User | |
| Privilege columns | Select_priv | Select_priv |
Insert_priv | Insert_priv | |
Update_priv | Update_priv | |
Delete_priv | Delete_priv | |
Index_priv | Index_priv | |
Alter_priv | Alter_priv | |
Create_priv | Create_priv | |
Drop_priv | Drop_priv | |
Grant_priv | Grant_priv | |
Create_view_priv | Create_view_priv | |
Show_view_priv | Show_view_priv | |
Create_routine_priv | Create_routine_priv | |
Alter_routine_priv | Alter_routine_priv | |
Execute_priv | Execute_priv | |
Create_tmp_table_priv | Create_tmp_table_priv | |
Lock_tables_priv | Lock_tables_priv | |
References_priv | References_priv | |
Reload_priv | ||
Shutdown_priv | ||
Process_priv | ||
File_priv | ||
Show_db_priv | ||
Super_priv | ||
Repl_slave_priv | ||
Repl_client_priv | ||
Create_user_priv | ||
| Security columns | ssl_type | |
ssl_cipher | ||
x509_issuer | ||
x509_subject | ||
| Resource control columns | max_questions | |
max_updates | ||
max_connections | ||
max_user_connections |
Execute_priv was present in MySQL 5.0.0, but
did not become operational until MySQL 5.0.3.
The Create_view_priv and
Show_view_priv columns were added in MySQL
5.0.1.
The Create_routine_priv,
Alter_routine_priv, and
max_user_connections columns were added in
MySQL 5.0.3.
During the second stage of access control, the server performs
request verification to make sure that each client has
sufficient privileges for each request that it issues. In
addition to the user, db,
and host grant tables, the server may also
consult the tables_priv and
columns_priv tables for requests that involve
tables. The tables_priv and
columns_priv tables provide finer privilege
control at the table and column levels. They have the following
columns:
| Table Name | tables_priv | columns_priv |
| Scope columns | Host | Host |
Db | Db | |
User | User | |
Table_name | Table_name | |
Column_name | ||
| Privilege columns | Table_priv | Column_priv |
Column_priv | ||
| Other columns | Timestamp | Timestamp |
Grantor |
The Timestamp and Grantor
columns currently are unused and are discussed no further here.
For verification of requests that involve stored routines, the
server may consult the procs_priv table. This
table has the following columns:
| Table Name | procs_priv |
| Scope columns | Host |
Db | |
User | |
Routine_name | |
Routine_type | |
| Privilege columns | Proc_priv |
| Other columns | Timestamp |
Grantor |
The procs_priv table exists as of MySQL
5.0.3. The Routine_type column was added in
MySQL 5.0.6. It is an ENUM column with values
of 'FUNCTION' or
'PROCEDURE' to indicate the type of routine
the row refers to. This column allows privileges to be granted
separately for a function and a procedure with the same name.
The Timestamp and Grantor
columns currently are unused and are discussed no further here.
Each grant table contains scope columns and privilege columns:
Scope columns determine the scope of each row (entry) in the
tables; that is, the context in which the row applies. For
example, a user table row with
Host and User values
of 'thomas.loc.gov' and
'bob' would be used for authenticating
connections made to the server from the host
thomas.loc.gov by a client that specifies
a username of bob. Similarly, a
db table row with
Host, User, and
Db column values of
'thomas.loc.gov',
'bob' and 'reports'
would be used when bob connects from the
host thomas.loc.gov to access the
reports database. The
tables_priv and
columns_priv tables contain scope columns
indicating tables or table/column combinations to which each
row applies. The procs_priv scope columns
indicate the stored routine to which each row applies.
Privilege columns indicate which privileges are granted by a table row; that is, what operations can be performed. The server combines the information in the various grant tables to form a complete description of a user's privileges. Section 5.4.5, “Access Control, Stage 2: Request Verification”, describes the rules that are used to do this.
Scope columns contain strings. They are declared as shown here; the default value for each is the empty string:
| Column Name | Type |
Host | CHAR(60) |
User | CHAR(16) |
Password | CHAR(16) |
Db | CHAR(64) |
Table_name | CHAR(64) |
Column_name | CHAR(64) |
Routine_name | CHAR(64) |
For access-checking purposes, comparisons of
Host values are case insensitive.
User, Password,
Db, and Table_name values
are case sensitive. Column_name and
Routine_name values are case insensitive.
In the user, db, and
host tables, each privilege is listed in a
separate column that is declared as ENUM('N','Y')
DEFAULT 'N'. In other words, each privilege can be
disabled or enabled, with the default being disabled.
In the tables_priv,
columns_priv, and
procs_priv tables, the privilege columns are
declared as SET columns. Values in these
columns can contain any combination of the privileges controlled
by the table:
| Table Name | Column Name | Possible Set Elements |
tables_priv | Table_priv | 'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop',
'Grant', 'References', 'Index', 'Alter', 'Create View',
'Show view' |
tables_priv | Column_priv | 'Select', 'Insert', 'Update', 'References' |
columns_priv | Column_priv | 'Select', 'Insert', 'Update', 'References' |
procs_priv | Proc_priv | 'Execute', 'Alter Routine', 'Grant' |
Briefly, the server uses the grant tables in the following manner:
The user table scope columns determine
whether to reject or allow incoming connections. For allowed
connections, any privileges granted in the
user table indicate the user's global
(superuser) privileges. Any privilege granted in this table
applies to all databases on the server.
Because any global privilege is considered a privilege for
all databases, any global privilege enables a user to see
all database names with SHOW DATABASES
or by examining the SCHEMATA table of
INFORMATION_SCHEMA.
The db table scope columns determine
which users can access which databases from which hosts. The
privilege columns determine which operations are allowed. A
privilege granted at the database level applies to the
database and to all its tables.
The host table is used in conjunction
with the db table when you want a given
db table row to apply to several hosts.
For example, if you want a user to be able to use a database
from several hosts in your network, leave the
Host value empty in the user's
db table row, then populate the
host table with a row for each of those
hosts. This mechanism is described more detail in
Section 5.4.5, “Access Control, Stage 2: Request Verification”.
The host table must be modified
directly with statements such as
INSERT, UPDATE, and
DELETE. It is not affected by
statements such as GRANT and
REVOKE that modify the grant tables
indirectly. Most MySQL installations need not use this
table at all.
The tables_priv and
columns_priv tables are similar to the
db table, but are more fine-grained: They
apply at the table and column levels rather than at the
database level. A privilege granted at the table level
applies to the table and to all its columns. A privilege
granted at the column level applies only to a specific
column.
The procs_priv table applies to stored
routines. A privilege granted at the routine level applies
only to a single routine.
Administrative privileges (such as RELOAD or
SHUTDOWN) are specified only in the
user table. The reason for this is that
administrative operations are operations on the server itself
and are not database-specific, so there is no reason to list
these privileges in the other grant tables. In fact, to
determine whether you can perform an administrative operation,
the server need consult only the user table.
The FILE privilege also is specified only in
the user table. It is not an administrative
privilege as such, but your ability to read or write files on
the server host is independent of the database you are
accessing.
The mysqld server reads the contents of the
grant tables into memory when it starts. You can tell it to
re-read the tables by issuing a FLUSH
PRIVILEGES statement or executing a
mysqladmin flush-privileges or
mysqladmin reload command. Changes to the
grant tables take effect as indicated in
Section 5.4.6, “When Privilege Changes Take Effect”.
When you modify the contents of the grant tables, it is a good
idea to make sure that your changes set up privileges the way
you want. To check the privileges for a given account, use the
SHOW GRANTS statement. (See
Section 12.5.5.14, “SHOW GRANTS Syntax”.) For example, to determine the
privileges that are granted to an account with
Host and User values of
pc84.example.com and bob,
issue this statement:
SHOW GRANTS FOR 'bob'@'pc84.example.com';
For additional help in diagnosing privilege-related problems,
see Section 5.4.7, “Causes of Access denied Errors”. For general advice on
security issues, see Section 5.3, “General Security Issues”.
Information about account privileges is stored in the
user, db,
host, tables_priv,
columns_priv, and
procs_priv tables in the
mysql database. The MySQL server reads the
contents of these tables into memory when it starts and re-reads
them under the circumstances indicated in
Section 5.4.6, “When Privilege Changes Take Effect”. Access-control decisions
are based on the in-memory copies of the grant tables.
The names used in the GRANT and
REVOKE statements to refer to privileges are
shown in the following table, along with the column name
associated with each privilege in the grant tables and the
context in which the privilege applies. Further information
about the meaning of each privilege may be found at
Section 12.5.1.3, “GRANT Syntax”.
| Privilege | Column | Context |
CREATE | Create_priv | databases, tables, or indexes |
DROP | Drop_priv | databases or tables |
GRANT OPTION | Grant_priv | databases, tables, or stored routines |
REFERENCES | References_priv | databases or tables (unused) |
ALTER | Alter_priv | tables |
DELETE | Delete_priv | tables |
INDEX | Index_priv | tables |
INSERT | Insert_priv | tables |
SELECT | Select_priv | tables |
UPDATE | Update_priv | tables |
CREATE VIEW | Create_view_priv | views |
SHOW VIEW | Show_view_priv | views |
ALTER ROUTINE | Alter_routine_priv | stored routines |
CREATE ROUTINE | Create_routine_priv | stored routines |
EXECUTE | Execute_priv | stored routines |
FILE | File_priv | file access on server host |
CREATE TEMPORARY TABLES | Create_tmp_table_priv | server administration |
LOCK TABLES | Lock_tables_priv | server administration |
CREATE USER | Create_user_priv | server administration |
PROCESS | Process_priv | server administration |
RELOAD | Reload_priv | server administration |
REPLICATION CLIENT | Repl_client_priv | server administration |
REPLICATION SLAVE | Repl_slave_priv | server administration |
SHOW DATABASES | Show_db_priv | server administration |
SHUTDOWN | Shutdown_priv | server administration |
SUPER | Super_priv | server administration |
Some releases of MySQL introduce changes to the structure of the grant tables to add new privileges or features. Whenever you update to a new version of MySQL, you should update your grant tables to make sure that they have the current structure so that you can take advantage of any new capabilities. See Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.
CREATE VIEW and SHOW VIEW
were added in MySQL 5.0.1. CREATE USER,
CREATE ROUTINE, and ALTER
ROUTINE were added in MySQL 5.0.3. Although
EXECUTE was present in MySQL 5.0.0, it did
not become operational until MySQL 5.0.3.
To create or alter stored routines if binary logging is enabled,
you may also need the SUPER privilege, as
described in Section 21.4, “Binary Logging of Stored Routines and Triggers”.
The CREATE and DROP
privileges allow you to create new databases and tables, or to
drop (remove) existing databases and tables. If you
grant the DROP privilege for the
mysql database to a user, that user can drop
the database in which the MySQL access privileges are
stored.
The SELECT, INSERT,
UPDATE, and DELETE
privileges allow you to perform operations on rows in existing
tables in a database. INSERT is also required
for the ANALYZE TABLE, OPTIMIZE
TABLE, and REPAIR TABLE
table-maintenance statements.
SELECT statements require the
SELECT privilege only if they actually
retrieve rows from a table. Some SELECT
statements do not access tables and can be executed without
permission for any database. For example, you can use the
mysql client as a simple calculator to
evaluate expressions that make no reference to tables:
SELECT 1+1; SELECT PI()*2;
The INDEX privilege enables you to create or
drop (remove) indexes. INDEX applies to
existing tables. If you have the CREATE
privilege for a table, you can include index definitions in the
CREATE TABLE statement.
The ALTER privilege enables you to use
ALTER TABLE to change the structure of or
rename tables.
MySQL Enterprise
In some circumstances the ALTER privilege
is entirely unnecessary — on slaves where there are no
non-replicated tables, for instance. The MySQL Enterprise
Monitor notifies subscribers when accounts have inappropriate
privileges. For more information, see
http://www.mysql.com/products/enterprise/advisors.html.
The CREATE ROUTINE privilege is needed for
creating stored routines (functions and procedures).
ALTER ROUTINE privilege is needed for
altering or dropping stored routines, and
EXECUTE is needed for executing stored
routines.
The GRANT privilege enables you to give to
other users those privileges that you yourself possess. It can
be used for databases, tables, and stored routines.
The FILE privilege gives you permission to
read and write files on the server host using the LOAD
DATA INFILE and SELECT ... INTO
OUTFILE statements. A user who has the
FILE privilege can read any file on the
server host that is either world-readable or readable by the
MySQL server. (This implies the user can read any file in any
database directory, because the server can access any of those
files.) The FILE privilege also enables the
user to create new files in any directory where the MySQL server
has write access. As a security measure, the server will not
overwrite existing files.
The REFERENCES privilege currently is unused.
The remaining privileges are used for administrative operations. Many of them can be performed by using the mysqladmin program or by issuing SQL statements. The following table shows which mysqladmin commands each administrative privilege enables you to execute:
| Privilege | Commands Permitted to Privilege Holders |
RELOAD | flush-hosts, flush-logs,
flush-privileges,
flush-status,
flush-tables,
flush-threads,
refresh, reload |
SHUTDOWN | shutdown |
PROCESS | processlist |
SUPER | kill |
The reload command tells the server to
re-read the grant tables into memory.
flush-privileges is a synonym for
reload. The refresh
command closes and reopens the log files and flushes all tables.
The other
flush- commands
perform functions similar to xxxrefresh, but are
more specific and may be preferable in some instances. For
example, if you want to flush just the log files,
flush-logs is a better choice than
refresh.
The shutdown command shuts down the server.
There is no corresponding SQL statement.
The processlist command displays information
about the threads executing within the server (that is,
information about the statements being executed by clients). The
kill command terminates server threads. You
can always display or kill your own threads, but you need the
PROCESS privilege to display threads
initiated by other users and the SUPER
privilege to kill them. See Section 12.5.6.3, “KILL Syntax”.
The CREATE TEMPORARY TABLES privilege enables
the use of the keyword TEMPORARY in
CREATE TABLE statements.
The LOCK TABLES privilege enables the use of
explicit LOCK TABLES statements to lock
tables for which you have the SELECT
privilege. This includes the use of write locks, which prevents
anyone else from reading the locked table.
The REPLICATION CLIENT privilege enables the
use of SHOW MASTER STATUS and SHOW
SLAVE STATUS.
The REPLICATION SLAVE privilege should be
granted to accounts that are used by slave servers to connect to
the current server as their master. Without this privilege, the
slave cannot request updates that have been made to databases on
the master server.
The SHOW DATABASES privilege allows the
account to see database names by issuing the SHOW
DATABASE statement. Accounts that do not have this
privilege see only databases for which they have some
privileges, and cannot use the statement at all if the server
was started with the --skip-show-database
option. Note that any global privilege is a
privilege for the database.
It is a good idea to grant to an account only those privileges
that it needs. You should exercise particular caution in
granting the FILE and administrative
privileges:
The FILE privilege can be abused to read
into a database table any files that the MySQL server can
read on the server host. This includes all world-readable
files and files in the server's data directory. The table
can then be accessed using SELECT to
transfer its contents to the client host.
The GRANT privilege enables users to give
their privileges to other users. Two users that have
different privileges and with the GRANT
privilege are able to combine privileges.
The ALTER privilege may be used to
subvert the privilege system by renaming tables.
The SHUTDOWN privilege can be abused to
deny service to other users entirely by terminating the
server.
The PROCESS privilege can be used to view
the plain text of currently executing statements, including
statements that set or change passwords.
The SUPER privilege can be used to
terminate other clients or change how the server operates.
Privileges granted for the mysql database
itself can be used to change passwords and other access
privilege information. Passwords are stored encrypted, so a
malicious user cannot simply read them to know the plain
text password. However, a user with write access to the
user table Password
column can change an account's password, and then connect to
the MySQL server using that account.
MySQL Enterprise Accounts with unnecessary global privileges constitute a security risk. Subscribers to the MySQL Enterprise Monitor are automatically alerted to the existence of such accounts. For detailed information see http://www.mysql.com/products/enterprise/advisors.html.
There are some things that you cannot do with the MySQL privilege system:
You cannot explicitly specify that a given user should be denied access. That is, you cannot explicitly match a user and then refuse the connection.
You cannot specify that a user has privileges to create or drop tables in a database but not to create or drop the database itself.
A password applies globally to an account. You cannot associate a password with a specific object such as a database, table, or routine.
When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password. If not, the server denies access to you completely. Otherwise, the server accepts the connection, and then enters Stage 2 and waits for requests.
Your identity is based on two pieces of information:
The client host from which you connect
Your MySQL username
Identity checking is performed using the three
user table scope columns
(Host, User, and
Password). The server accepts the connection
only if the Host and User
columns in some user table row match the
client hostname and username and the client supplies the
password specified in that row.
Host values in the user
table may be specified as follows:
A Host value may be a hostname or an IP
number, or 'localhost' to indicate the
local host.
You can use the wildcard characters
“%” and
“_” in
Host column values. These have the same
meaning as for pattern-matching operations performed with
the LIKE operator. For
example, a Host value of
'%' matches any hostname, whereas a value
of '%.mysql.com' matches any host in the
mysql.com domain.
MySQL Enterprise
An overly broad host specifier such as
“%” constitutes a security
risk. The MySQL Enterprise Monitor provides safeguards
against this kind of vulnerability. For more information,
see http://www.mysql.com/products/enterprise/advisors.html.
For Host values specified as IP numbers,
you can specify a netmask indicating how many address bits
to use for the network number. For example:
GRANT ALL PRIVILEGES ON db.* TO david@'192.58.197.0/255.255.255.0';
This allows david to connect from any
client host having an IP number client_ip
for which the following condition is true:
client_ip & netmask = host_ip
That is, for the GRANT statement just
shown:
client_ip & 255.255.255.0 = 192.58.197.0
IP numbers that satisfy this condition and can connect to
the MySQL server are those in the range from
192.58.197.0 to
192.58.197.255.
Note: The netmask can only be used to tell the server to use 8, 16, 24, or 32 bits of the address. Examples:
192.0.0.0/255.0.0.0: anything on the
192 class A network
192.168.0.0/255.255.0.0: anything on
the 192.168 class B network
192.168.1.0/255.255.255.0: anything
on the 192.168.1 class C network
192.168.1.1: only this specific IP
The following netmask (28 bits) will not work:
192.168.0.1/255.255.255.240
A blank Host value in a
db table row means that its privileges
should be combined with those in the row in the
host table that matches the client
hostname. The privileges are combined using an AND
(intersection) operation, not OR (union).
Section 5.4.5, “Access Control, Stage 2: Request Verification”, discusses use of the
host table further.
A blank Host value in the other grant
tables is the same as '%'.
Because you can use IP wildcard values in the
Host column (for example,
'144.155.166.%' to match every host on a
subnet), someone could try to exploit this capability by naming
a host 144.155.166.somewhere.com. To foil
such attempts, MySQL disallows matching on hostnames that start
with digits and a dot. Thus, if you have a host named something
like 1.2.foo.com, its name never matches the
Host column of the grant tables. An IP
wildcard value can match only IP numbers, not hostnames.
In the User column, wildcard characters are
not allowed, but you can specify a blank value, which matches
any name. If the user table row that matches
an incoming connection has a blank username, the user is
considered to be an anonymous user with no name, not a user with
the name that the client actually specified. This means that a
blank username is used for all further access checking for the
duration of the connection (that is, during Stage 2).
The Password column can be blank. This is not
a wildcard and does not mean that any password matches. It means
that the user must connect without specifying a password.
Non-blank Password values in the
user table represent encrypted passwords.
MySQL does not store passwords in plaintext form for anyone to
see. Rather, the password supplied by a user who is attempting
to connect is encrypted (using the
PASSWORD() function). The
encrypted password then is used during the connection process
when checking whether the password is correct. (This is done
without the encrypted password ever traveling over the
connection.) From MySQL's point of view, the encrypted password
is the real password, so you should never
give anyone access to it. In particular, do not give
non-administrative users read access to tables in the
mysql database.
MySQL 5.0 employs the stronger authentication
method (first implemented in MySQL 4.1) that has better password
protection during the connection process than in earlier
versions. It is secure even if TCP/IP packets are sniffed or the
mysql database is captured.
Section 5.4.8, “Password Hashing as of MySQL 4.1”, discusses password
encryption further.
The following table shows how various combinations of
Host and User values in
the user table apply to incoming connections.
Host Value | User Value | Allowable Connections |
'thomas.loc.gov' | 'fred' | fred, connecting from
thomas.loc.gov |
'thomas.loc.gov' | '' | Any user, connecting from thomas.loc.gov |
'%' | 'fred' | fred, connecting from any host |
'%' | '' | Any user, connecting from any host |
'%.loc.gov' | 'fred' | fred, connecting from any host in the
loc.gov domain |
'x.y.%' | 'fred' | fred, connecting from x.y.net,
x.y.com, x.y.edu,
and so on (this is probably not useful) |
'144.155.166.177' | 'fred' | fred, connecting from the host with IP address
144.155.166.177 |
'144.155.166.%' | 'fred' | fred, connecting from any host in the
144.155.166 class C subnet |
'144.155.166.0/255.255.255.0' | 'fred' | Same as previous example |
It is possible for the client hostname and username of an
incoming connection to match more than one row in the
user table. The preceding set of examples
demonstrates this: Several of the entries shown match a
connection from thomas.loc.gov by
fred.
When multiple matches are possible, the server must determine which of them to use. It resolves this issue as follows:
Whenever the server reads the user table
into memory, it sorts the rows.
When a client attempts to connect, the server looks through the rows in sorted order.
The server uses the first row that matches the client hostname and username.
To see how this works, suppose that the user
table looks like this:
+-----------+----------+- | Host | User | ... +-----------+----------+- | % | root | ... | % | jeffrey | ... | localhost | root | ... | localhost | | ... +-----------+----------+-
When the server reads the table into memory, it orders the rows
with the most-specific Host values first.
Literal hostnames and IP numbers are the most specific. (The
specificity if a literal IP number is not affected by whether it
has a netmask, so 192.168.1.13 and
192.168.1.0/255.255.255.0 are considered
equally specific.) The pattern '%' means
“any host” and is least specific. Rows with the
same Host value are ordered with the
most-specific User values first (a blank
User value means “any user” and
is least specific). For the user table just
shown, the result after sorting looks like this:
+-----------+----------+- | Host | User | ... +-----------+----------+- | localhost | root | ... | localhost | | ... | % | jeffrey | ... | % | root | ... +-----------+----------+-
When a client attempts to connect, the server looks through the
sorted rows and uses the first match found. For a connection
from localhost by jeffrey,
two of the rows from the table match: the one with
Host and User values of
'localhost' and '', and
the one with values of '%' and
'jeffrey'. The 'localhost'
row appears first in sorted order, so that is the one the server
uses.
Here is another example. Suppose that the
user table looks like this:
+----------------+----------+- | Host | User | ... +----------------+----------+- | % | jeffrey | ... | thomas.loc.gov | | ... +----------------+----------+-
The sorted table looks like this:
+----------------+----------+- | Host | User | ... +----------------+----------+- | thomas.loc.gov | | ... | % | jeffrey | ... +----------------+----------+-
A connection by jeffrey from
thomas.loc.gov is matched by the first row,
whereas a connection by jeffrey from
whitehouse.gov is matched by the second.
It is a common misconception to think that, for a given
username, all rows that explicitly name that user are used first
when the server attempts to find a match for the connection.
This is simply not true. The previous example illustrates this,
where a connection from thomas.loc.gov by
jeffrey is first matched not by the row
containing 'jeffrey' as the
User column value, but by the row with no
username. As a result, jeffrey is
authenticated as an anonymous user, even though he specified a
username when connecting.
If you are able to connect to the server, but your privileges
are not what you expect, you probably are being authenticated as
some other account. To find out what account the server used to
authenticate you, use the
CURRENT_USER() function. (See
Section 11.10.3, “Information Functions”.) It returns a value in
user_name@host_nameUser and
Host values from the matching
user table row. Suppose that
jeffrey connects and issues the following
query:
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| @localhost |
+----------------+
The result shown here indicates that the matching
user table row had a blank
User column value. In other words, the server
is treating jeffrey as an anonymous user.
Another thing you can do to diagnose authentication problems is
to print out the user table and sort it by
hand to see where the first match is being made.
After you establish a connection, the server enters Stage 2 of
access control. For each request that you issue via that
connection, the server determines what operation you want to
perform, then checks whether you have sufficient privileges to
do so. This is where the privilege columns in the grant tables
come into play. These privileges can come from any of the
user, db,
host, tables_priv,
columns_priv, or
procs_priv tables. (You may find it helpful
to refer to Section 5.4.2, “How the Privilege System Works”, which lists the
columns present in each of the grant tables.)
The user table grants privileges that are
assigned to you on a global basis and that apply no matter what
the default database is. For example, if the
user table grants you the
DELETE privilege, you can delete rows from
any table in any database on the server host! In other words,
user table privileges are superuser
privileges. It is wise to grant privileges in the
user table only to superusers such as
database administrators. For other users, you should leave all
privileges in the user table set to
'N' and grant privileges at more specific
levels only. You can grant privileges for particular databases,
tables, columns, or routines.
The db and host tables
grant database-specific privileges. Values in the scope columns
of these tables can take the following forms:
The wildcard characters “%”
and “_” can be used in the
Host and Db columns of
either table. These have the same meaning as for
pattern-matching operations performed with the
LIKE operator. If you want
to use either character literally when granting privileges,
you must escape it with a backslash. For example, to include
the underscore character
(“_”) as part of a database
name, specify it as “\_” in
the GRANT statement.
A '%' Host value in
the db table means “any
host.” A blank Host value in the
db table means “consult the
host table for further
information” (a process that is described later in
this section).
A '%' or blank Host
value in the host table means “any
host.”
A '%' or blank Db
value in either table means “any database.”
A blank User value in the
db table matches the anonymous user.
The server reads the db and
host tables into memory and sorts them at the
same time that it reads the user table. The
server sorts the db table based on the
Host, Db, and
User scope columns, and sorts the
host table based on the
Host and Db scope columns.
As with the user table, sorting puts the
most-specific values first and least-specific values last, and
when the server looks for matching entries, it uses the first
match that it finds.
The tables_priv
columns_priv, and
procs_priv tables grant table-specific,
column-specific, and routine-specific privileges. Values in the
scope columns of these tables can take the following forms:
The wildcard characters “%”
and “_” can be used in the
Host column. These have the same meaning
as for pattern-matching operations performed with the
LIKE operator.
A '%' or blank Host
value means “any host.”
The Db, Table_name,
and Column_name columns cannot contain
wildcards or be blank.
The server sorts the tables_priv,
columns_priv, and
procs_priv tables based on the
Host, Db, and
User columns. This is similar to
db table sorting, but simpler because only
the Host column can contain wildcards.
The server uses the sorted tables to verify each request that it
receives. For requests that require administrative privileges
such as SHUTDOWN or
RELOAD, the server checks only the
user table row because that is the only table
that specifies administrative privileges. The server grants
access if the row allows the requested operation and denies
access otherwise. For example, if you want to execute
mysqladmin shutdown but your
user table row doesn't grant the
SHUTDOWN privilege to you, the server denies
access without even checking the db or
host tables. (They contain no
Shutdown_priv column, so there is no need to
do so.)
For database-related requests (INSERT,
UPDATE, and so on), the server first checks
the user's global (superuser) privileges by looking in the
user table row. If the row allows the
requested operation, access is granted. If the global privileges
in the user table are insufficient, the
server determines the user's database-specific privileges by
checking the db and host
tables:
The server looks in the db table for a
match on the Host, Db,
and User columns. The
Host and User columns
are matched to the connecting user's hostname and MySQL
username. The Db column is matched to the
database that the user wants to access. If there is no row
for the Host and User,
access is denied.
If there is a matching db table row and
its Host column is not blank, that row
defines the user's database-specific privileges.
If the matching db table row's
Host column is blank, it signifies that
the host table enumerates which hosts
should be allowed access to the database. In this case, a
further lookup is done in the host table
to find a match on the Host and
Db columns. If no host
table row matches, access is denied. If there is a match,
the user's database-specific privileges are computed as the
intersection (not the union!) of the
privileges in the db and
host table entries; that is, the
privileges that are 'Y' in both entries.
(This way you can grant general privileges in the
db table row and then selectively
restrict them on a host-by-host basis using the
host table entries.)
After determining the database-specific privileges granted by
the db and host table
entries, the server adds them to the global privileges granted
by the user table. If the result allows the
requested operation, access is granted. Otherwise, the server
successively checks the user's table and column privileges in
the tables_priv and
columns_priv tables, adds those to the user's
privileges, and allows or denies access based on the result. For
stored routine operations, the server uses the
procs_priv table rather than
tables_priv and
columns_priv.
Expressed in boolean terms, the preceding description of how a user's privileges are calculated may be summarized like this:
global privileges OR (database privileges AND host privileges) OR table privileges OR column privileges OR routine privileges
It may not be apparent why, if the global
user row privileges are initially found to be
insufficient for the requested operation, the server adds those
privileges to the database, table, and column privileges later.
The reason is that a request might require more than one type of
privilege. For example, if you execute an INSERT INTO
... SELECT statement, you need both the
INSERT and the SELECT
privileges. Your privileges might be such that the
user table row grants one privilege and the
db table row grants the other. In this case,
you have the necessary privileges to perform the request, but
the server cannot tell that from either table by itself; the
privileges granted by the entries in both tables must be
combined.
The host table is not affected by the
GRANT or REVOKE
statements, so it is unused in most MySQL installations. If you
modify it directly, you can use it for some specialized
purposes, such as to maintain a list of secure servers. For
example, at TcX, the host table contains a
list of all machines on the local network. These are granted all
privileges.
You can also use the host table to indicate
hosts that are not secure. Suppose that you
have a machine public.your.domain that is
located in a public area that you do not consider secure. You
can allow access to all hosts on your network except that
machine by using host table entries like
this:
+--------------------+----+- | Host | Db | ... +--------------------+----+- | public.your.domain | % | ... (all privileges set to 'N') | %.your.domain | % | ... (all privileges set to 'Y') +--------------------+----+-
Naturally, you should always test your changes to the grant
tables (for example, by using SHOW GRANTS) to
make sure that your access privileges are actually set up the
way you think they are.
When mysqld starts, it reads all grant table contents into memory. The in-memory tables become effective for access control at that point.
When the server reloads the grant tables, privileges for existing client connections are affected as follows:
Table and column privilege changes take effect with the client's next request.
Database privilege changes take effect at the next
USE
statement.
db_name
Client applications may cache the database name; thus,
this effect may not be visible to them without actually
changing to a different database or executing a
FLUSH PRIVILEGES statement.
Changes to global privileges and passwords take effect the next time the client connects.
If you modify the grant tables indirectly using statements such
as GRANT, REVOKE, or
SET PASSWORD, the server notices these
changes and loads the grant tables into memory again
immediately.
If you modify the grant tables directly using statements such as
INSERT, UPDATE, or
DELETE, your changes have no effect on
privilege checking until you either restart the server or tell
it to reload the tables. To reload the grant tables manually,
issue a FLUSH PRIVILEGES statement or execute
a mysqladmin flush-privileges or
mysqladmin reload command.
If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!
If you encounter problems when you try to connect to the MySQL server, the following items describe some courses of action you can take to correct the problem.
Make sure that the server is running. If it is not running, you cannot connect to it. For example, if you attempt to connect to the server and see a message such as one of those following, one cause might be that the server is not running:
shell>mysqlERROR 2003: Can't connect to MySQL server on 'host_name' (111) shell>mysqlERROR 2002: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111)
It might also be that the server is running, but you are
trying to connect using a TCP/IP port, named pipe, or Unix
socket file different from the one on which the server is
listening. To correct this when you invoke a client program,
specify a --port option to indicate the
proper port number, or a --socket option to
indicate the proper named pipe or Unix socket file. To find
out where the socket file is, you can use this command:
shell> netstat -ln | grep mysql
The grant tables must be properly set up so that the server
can use them for access control. For some distribution types
(such as binary distributions on Windows, or RPM
distributions on Linux), the installation process
initializes the mysql database containing
the grant tables. For distributions that do not do this, you
must initialize the grant tables manually by running the
mysql_install_db script. For details, see
Section 2.4.16.2, “Unix Post-Installation Procedures”.
One way to determine whether you need to initialize the
grant tables is to look for a mysql
directory under the data directory. (The data directory
normally is named data or
var and is located under your MySQL
installation directory.) Make sure that you have a file
named user.MYD in the
mysql database directory. If you do
not, execute the mysql_install_db script.
After running this script and starting the server, test the
initial privileges by executing this command:
shell> mysql -u root test
The server should let you connect without error.
After a fresh installation, you should connect to the server and set up your users and their access permissions:
shell> mysql -u root mysql
The server should let you connect because the MySQL
root user has no password initially. That
is also a security risk, so setting the password for the
root accounts is something you should do
while you're setting up your other MySQL accounts. For
instructions on setting the initial passwords, see
Section 2.4.16.3, “Securing the Initial MySQL Accounts”.
MySQL Enterprise The MySQL Enterprise Monitor enforces security-related best practices. For example, subscribers are alerted whenever there is any account without a password. For more information see http://www.mysql.com/products/enterprise/advisors.html.
If you have updated an existing MySQL installation to a newer version, did you run the mysql_upgrade script? If not, do so. The structure of the grant tables changes occasionally when new capabilities are added, so after an upgrade you should always make sure that your tables have the current structure. For instructions, see Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.
If a client program receives the following error message when it tries to connect, it means that the server expects passwords in a newer format than the client is capable of generating:
shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
For information on how to deal with this, see
Section 5.4.8, “Password Hashing as of MySQL 4.1”, and
Section B.1.2.4, “Client does not support authentication protocol”.
If you try to connect as root and get the
following error, it means that you do not have a row in the
user table with a User
column value of 'root' and that
mysqld cannot resolve the hostname for
your client:
Access denied for user ''@'unknown' to database mysql
In this case, you must restart the server with the
--skip-grant-tables option and edit your
/etc/hosts file or
\windows\hosts file to add an entry for
your host.
Remember that client programs use connection parameters
specified in option files or environment variables. If a
client program seems to be sending incorrect default
connection parameters when you have not specified them on
the command line, check your environment and any applicable
option files. For example, if you get Access
denied when you run a client without any options,
make sure that you have not specified an old password in any
of your option files!
You can suppress the use of option files by a client program
by invoking it with the --no-defaults
option. For example:
shell> mysqladmin --no-defaults -u root version
The option files that clients use are listed in Section 4.2.3.2, “Using Option Files”. Environment variables are listed in Section 2.4.20, “Environment Variables”.
If you get the following error, it means that you are using
an incorrect root password:
shell> mysqladmin -u root -pxxxx ver
Access denied for user 'root'@'localhost' (using password: YES)
If the preceding error occurs even when you have not
specified a password, it means that you have an incorrect
password listed in some option file. Try the
--no-defaults option as described in the
previous item.
For information on changing passwords, see Section 5.5.5, “Assigning Account Passwords”.
If you have lost or forgotten the root
password, you can restart mysqld with
--skip-grant-tables to change the password.
See Section B.1.4.1, “How to Reset the Root Password”.
If you change a password by using SET
PASSWORD, INSERT, or
UPDATE, you must encrypt the password
using the PASSWORD()
function. If you do not use
PASSWORD() for these
statements, the password will not work. For example, the
following statement sets a password, but fails to encrypt
it, so the user is not able to connect afterward:
SET PASSWORD FOR 'abe'@'host_name' = 'eagle';
Instead, set the password like this:
SET PASSWORD FOR 'abe'@'host_name' = PASSWORD('eagle');
The PASSWORD() function is
unnecessary when you specify a password using the
GRANT or (beginning with MySQL 5.0.2)
CREATE USER statements, or the
mysqladmin password command. Each of
those automatically uses
PASSWORD() to encrypt the
password. See Section 5.5.5, “Assigning Account Passwords”, and
Section 12.5.1.1, “CREATE USER Syntax”.
localhost is a synonym for your local
hostname, and is also the default host to which clients try
to connect if you specify no host explicitly.
To avoid this problem on such systems, you can use a
--host=127.0.0.1 option to name the server
host explicitly. This will make a TCP/IP connection to the
local mysqld server. You can also use
TCP/IP by specifying a --host option that
uses the actual hostname of the local host. In this case,
the hostname must be specified in a user
table row on the server host, even though you are running
the client program on the same host as the server.
If you get an Access denied error when
trying to connect to the database with mysql -u
, you may have
a problem with the user_nameuser table. Check this
by executing mysql -u root mysql and
issuing this SQL statement:
SELECT * FROM user;
The result should include a row with the
Host and User columns
matching your computer's hostname and your MySQL username.
The Access denied error message tells you
who you are trying to log in as, the client host from which
you are trying to connect, and whether you were using a
password. Normally, you should have one row in the
user table that exactly matches the
hostname and username that were given in the error message.
For example, if you get an error message that contains
using password: NO, it means that you
tried to log in without a password.
If the following error occurs when you try to connect from a
host other than the one on which the MySQL server is
running, it means that there is no row in the
user table with a Host
value that matches the client host:
Host ... is not allowed to connect to this MySQL server
You can fix this by setting up an account for the combination of client hostname and username that you are using when trying to connect.
If you do not know the IP number or hostname of the machine
from which you are connecting, you should put a row with
'%' as the Host column
value in the user table. After trying to
connect from the client machine, use a SELECT
USER() query to see how you really did connect.
(Then change the '%' in the
user table row to the actual hostname
that shows up in the log. Otherwise, your system is left
insecure because it allows connections from any host for the
given username.)
On Linux, another reason that this error might occur is that
you are using a binary MySQL version that is compiled with a
different version of the glibc library
than the one you are using. In this case, you should either
upgrade your operating system or glibc,
or download a source distribution of MySQL version and
compile it yourself. A source RPM is normally trivial to
compile and install, so this is not a big problem.
If you specify a hostname when trying to connect, but get an error message where the hostname is not shown or is an IP number, it means that the MySQL server got an error when trying to resolve the IP number of the client host to a name:
shell> mysqladmin -u root -pxxxx -h some_hostname ver
Access denied for user 'root'@'' (using password: YES)
This indicates a DNS problem. To fix it, execute mysqladmin flush-hosts to reset the internal DNS hostname cache. See Section 7.5.10, “How MySQL Uses DNS”.
Some permanent solutions are:
Determine what is wrong with your DNS server and fix it.
Specify IP numbers rather than hostnames in the MySQL grant tables.
Put an entry for the client machine name in
/etc/hosts or
\windows\hosts.
Start mysqld with the
--skip-name-resolve option.
Start mysqld with the
--skip-host-cache option.
On Unix, if you are running the server and the client on
the same machine, connect to
localhost. Unix connections to
localhost use a Unix socket file
rather than TCP/IP.
On Windows, if you are running the server and the client
on the same machine and the server supports named pipe
connections, connect to the hostname
. (period). Connections to
. use a named pipe rather than
TCP/IP.
If mysql -u root test works but
mysql -h results in your_hostname
-u root testAccess
denied (where
your_hostname is the actual
hostname of the local host), you may not have the correct
name for your host in the user table. A
common problem here is that the Host
value in the user table row specifies an
unqualified hostname, but your system's name resolution
routines return a fully qualified domain name (or vice
versa). For example, if you have an entry with host
'tcx' in the user
table, but your DNS tells MySQL that your hostname is
'tcx.subnet.se', the entry does not work.
Try adding an entry to the user table
that contains the IP number of your host as the
Host column value. (Alternatively, you
could add an entry to the user table with
a Host value that contains a wildcard;
for example, 'tcx.%'. However, use of
hostnames ending with “%” is
insecure and is
not recommended!)
If mysql -u works but user_name
testmysql -u
does not,
you have not granted database access for
user_name
other_db_nameother_db_name to the given user.
If mysql -u
works when
executed on the server host, but user_namemysql -h
does not work
when executed on a remote client host, you have not enabled
access to the server for the given username from the remote
host.
host_name -u
user_name
If you cannot figure out why you get Access
denied, remove from the user
table all entries that have Host values
containing wildcards (entries that contain
“%” or
“_”). A very common error is
to insert a new entry with
Host='%' and
User=',
thinking that this allows you to specify
some_user'localhost to connect from the same
machine. The reason that this does not work is that the
default privileges include an entry with
Host='localhost' and
User=''. Because that
entry has a Host value
'localhost' that is more specific than
'%', it is used in preference to the new
entry when connecting from localhost! The
correct procedure is to insert a second entry with
Host='localhost' and
User=',
or to delete the entry with
some_user'Host='localhost' and
User=''. After
deleting the entry, remember to issue a FLUSH
PRIVILEGES statement to reload the grant tables.
If you get the following error, you may have a problem with
the db or host table:
Access to database denied
If the entry selected from the db table
has an empty value in the Host column,
make sure that there are one or more corresponding entries
in the host table specifying which hosts
the db table entry applies to.
If you are able to connect to the MySQL server, but get an
Access denied message whenever you issue
a SELECT ... INTO OUTFILE or
LOAD DATA INFILE statement, your entry in
the user table does not have the
FILE privilege enabled.
If you change the grant tables directly (for example, by
using INSERT, UPDATE,
or DELETE statements) and your changes
seem to be ignored, remember that you must execute a
FLUSH PRIVILEGES statement or a
mysqladmin flush-privileges command to
cause the server to re-read the privilege tables. Otherwise,
your changes have no effect until the next time the server
is restarted. Remember that after you change the
root password with an
UPDATE command, you won't need to specify
the new password until after you flush the privileges,
because the server won't know you've changed the password
yet!
If your privileges seem to have changed in the middle of a session, it may be that a MySQL administrator has changed them. Reloading the grant tables affects new client connections, but it also affects existing connections as indicated in Section 5.4.6, “When Privilege Changes Take Effect”.
If you have access problems with a Perl, PHP, Python, or
ODBC program, try to connect to the server with
mysql -u or
user_name
db_namemysql -u . If you are
able to connect using the mysql client,
the problem lies with your program, not with the access
privileges. (There is no space between user_name
-pyour_pass
db_name-p
and the password; you can also use the
--password=
syntax to specify the password. If you use the
your_pass-p --passwordoption with
no password value, MySQL prompts you for the password.)
For testing, start the mysqld server with
the --skip-grant-tables option. Then you
can change the MySQL grant tables and use the
mysqlaccess script to check whether your
modifications have the desired effect. When you are
satisfied with your changes, execute mysqladmin
flush-privileges to tell the
mysqld server to start using the new
grant tables. (Reloading the grant tables overrides the
--skip-grant-tables option. This enables
you to tell the server to begin using the grant tables again
without stopping and restarting it.)
If everything else fails, start the
mysqld server with a debugging option
(for example, --debug=d,general,query).
This prints host and user information about attempted
connections, as well as information about each command
issued. See
MySQL
Internals: Porting.
If you have any other problems with the MySQL grant tables
and feel you must post the problem to the mailing list,
always provide a dump of the MySQL grant tables. You can
dump the tables with the mysqldump mysql
command. To file a bug report, see the instructions at
Section 1.7, “How to Report Bugs or Problems”. In some cases, you may need
to restart mysqld with
--skip-grant-tables to run
mysqldump.
MySQL user accounts are listed in the user
table of the mysql database. Each MySQL
account is assigned a password, although what is stored in the
Password column of the
user table is not the plaintext version of
the password, but a hash value computed from it. Password hash
values are computed by the
PASSWORD() function.
MySQL uses passwords in two phases of client/server communication:
When a client attempts to connect to the server, there is an
initial authentication step in which the client must present
a password that has a hash value matching the hash value
stored in the user table for the account
that the client wants to use.
After the client connects, it can (if it has sufficient
privileges) set or change the password hashes for accounts
listed in the user table. The client can
do this by using the
PASSWORD() function to
generate a password hash, or by using the
GRANT or SET PASSWORD
statements.
In other words, the server uses hash values
during authentication when a client first attempts to connect.
The server generates hash values if a
connected client invokes the
PASSWORD() function or uses a
GRANT or SET PASSWORD
statement to set or change a password.
The password hashing mechanism was updated in MySQL 4.1 to provide better security and to reduce the risk of passwords being intercepted. However, this new mechanism is understood only by MySQL 4.1 (and newer) servers and clients, which can result in some compatibility problems. A 4.1 or newer client can connect to a pre-4.1 server, because the client understands both the old and new password hashing mechanisms. However, a pre-4.1 client that attempts to connect to a 4.1 or newer server may run into difficulties. For example, a 3.23 mysql client that attempts to connect to a 5.0 server may fail with the following error message:
shell> mysql -h localhost -u root
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
Another common example of this phenomenon occurs for attempts to
use the older PHP mysql extension after
upgrading to MySQL 4.1 or newer. (See
Section 26.3.4, “Common Problems with MySQL and PHP”.)
The following discussion describes the differences between the
old and new password mechanisms, and what you should do if you
upgrade your server but need to maintain backward compatibility
with pre-4.1 clients. Additional information can be found in
Section B.1.2.4, “Client does not support authentication protocol”. This information is of particular
importance to PHP programmers migrating MySQL databases from
version 4.0 or lower to version 4.1 or higher.
This discussion contrasts 4.1 behavior with pre-4.1 behavior, but the 4.1 behavior described here actually begins with 4.1.1. MySQL 4.1.0 is an “odd” release because it has a slightly different mechanism than that implemented in 4.1.1 and up. Differences between 4.1.0 and more recent versions are described further in MySQL 3.23, 4.0, 4.1 Reference Manual.
Prior to MySQL 4.1, password hashes computed by the
PASSWORD() function are 16 bytes
long. Such hashes look like this:
mysql> SELECT PASSWORD('mypass');
+--------------------+
| PASSWORD('mypass') |
+--------------------+
| 6f8c114b58f2ce9e |
+--------------------+
The Password column of the
user table (in which these hashes are stored)
also is 16 bytes long before MySQL 4.1.
As of MySQL 4.1, the PASSWORD()
function has been modified to produce a longer 41-byte hash
value:
mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass') |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
Accordingly, the Password column in the
user table also must be 41 bytes long to
store these values:
If you perform a new installation of MySQL 5.0,
the Password column is made 41 bytes long
automatically.
Upgrading from MySQL 4.1 (4.1.1 or later in the 4.1 series) to MySQL 5.0 should not give rise to any issues in this regard because both versions use the same password hashing mechanism. If you wish to upgrade an older release of MySQL to version 5.0, you should upgrade to version 4.1 first, then upgrade the 4.1 installation to 5.0.
A widened Password column can store password
hashes in both the old and new formats. The format of any given
password hash value can be determined two ways:
The obvious difference is the length (16 bytes versus 41 bytes).
A second difference is that password hashes in the new
format always begin with a
“*” character, whereas
passwords in the old format never do.
The longer password hash format has better cryptographic properties, and client authentication based on long hashes is more secure than that based on the older short hashes.
The differences between short and long password hashes are relevant both for how the server uses passwords during authentication and for how it generates password hashes for connected clients that perform password-changing operations.
The way in which the server uses password hashes during
authentication is affected by the width of the
Password column:
If the column is short, only short-hash authentication is used.
If the column is long, it can hold either short or long hashes, and the server can use either format:
Pre-4.1 clients can connect, although because they know only about the old hashing mechanism, they can authenticate only using accounts that have short hashes.
4.1 and later clients can authenticate using accounts that have short or long hashes.
Even for short-hash accounts, the authentication process is actually a bit more secure for 4.1 and later clients than for older clients. In terms of security, the gradient from least to most secure is:
Pre-4.1 client authenticating with short password hash
4.1 or later client authenticating with short password hash
4.1 or later client authenticating with long password hash
The way in which the server generates password hashes for
connected clients is affected by the width of the
Password column and by the
--old-passwords option. A 4.1 or later server
generates long hashes only if certain conditions are met: The
Password column must be wide enough to hold
long values and the --old-passwords option must
not be given. These conditions apply as follows:
The Password column must be wide enough
to hold long hashes (41 bytes). If the column has not been
updated and still has the pre-4.1 width of 16 bytes, the
server notices that long hashes cannot fit into it and
generates only short hashes when a client performs
password-changing operations using
PASSWORD(),
GRANT, or SET
PASSWORD. This is the behavior that occurs if you
have upgraded to 4.1 but have not yet run the
mysql_fix_privilege_tables script to
widen the Password column.
If the Password column is wide, it can
store either short or long password hashes. In this case,
PASSWORD(),
GRANT, and SET
PASSWORD generate long hashes unless the server
was started with the --old-passwords
option. That option forces the server to generate short
password hashes instead.
The purpose of the --old-passwords option is to
enable you to maintain backward compatibility with pre-4.1
clients under circumstances where the server would otherwise
generate long password hashes. The option doesn't affect
authentication (4.1 and later clients can still use accounts
that have long password hashes), but it does prevent creation of
a long password hash in the user table as the
result of a password-changing operation. Were that to occur, the
account no longer could be used by pre-4.1 clients. Without the
--old-passwords option, the following
undesirable scenario is possible:
An old client connects to an account that has a short password hash.
The client changes its own password. Without
--old-passwords, this results in the
account having a long password hash.
The next time the old client attempts to connect to the account, it cannot, because the account has a long password hash that requires the new hashing mechanism during authentication. (Once an account has a long password hash in the user table, only 4.1 and later clients can authenticate for it, because pre-4.1 clients do not understand long hashes.)
This scenario illustrates that, if you must support older
pre-4.1 clients, it is dangerous to run a 4.1 or newer server
without using the --old-passwords option. By
running the server with --old-passwords,
password-changing operations do not generate long password
hashes and thus do not cause accounts to become inaccessible to
older clients. (Those clients cannot inadvertently lock
themselves out by changing their password and ending up with a
long password hash.)
The downside of the --old-passwords option is
that any passwords you create or change use short hashes, even
for 4.1 clients. Thus, you lose the additional security provided
by long password hashes. If you want to create an account that
has a long hash (for example, for use by 4.1 clients), you must
do so while running the server without
--old-passwords.
MySQL Enterprise
Subscribers to the MySQL Enterprise Monitor are automatically
alerted whenever a server is running with the
--old-passwords option. For more information,
see http://www.mysql.com/products/enterprise/advisors.html.
The following scenarios are possible for running a 4.1 or later server:
Scenario 1: Short
Password column in user table:
Only short hashes can be stored in the
Password column.
The server uses only short hashes during client authentication.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
The --old-passwords option can be used but
is superfluous because with a short
Password column, the server generates
only short password hashes anyway.
Scenario 2: Long
Password column; server not started with
--old-passwords option:
Short or long hashes can be stored in the
Password column.
4.1 and later clients can authenticate using accounts that have short or long hashes.
Pre-4.1 clients can authenticate only using accounts that have short hashes.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use long hashes exclusively. A change to an account's
password results in that account having a long password
hash.
As indicated earlier, a danger in this scenario is that it is
possible for accounts that have a short password hash to become
inaccessible to pre-4.1 clients. A change to such an account's
password made via GRANT,
PASSWORD(), or SET
PASSWORD results in the account being given a long
password hash. From that point on, no pre-4.1 client can
authenticate to that account until the client upgrades to 4.1.
To deal with this problem, you can change a password in a
special way. For example, normally you use SET
PASSWORD as follows to change an account password:
SET PASSWORD FOR 'some_user'@'some_host' = PASSWORD('mypass');
To change the password but create a short hash, use the
OLD_PASSWORD() function instead:
SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('mypass');
OLD_PASSWORD() is useful for
situations in which you explicitly want to generate a short
hash.
Scenario 3: Long
Password column; 4.1 or newer server started
with --old-passwords option:
Short or long hashes can be stored in the
Password column.
4.1 and later clients can authenticate for accounts that
have short or long hashes (but note that it is possible to
create long hashes only when the server is started without
--old-passwords).
Pre-4.1 clients can authenticate only for accounts that have short hashes.
For connected clients, password hash-generating operations
involving PASSWORD(),
GRANT, or SET PASSWORD
use short hashes exclusively. Any change to an account's
password results in that account having a short password
hash.
In this scenario, you cannot create accounts that have long
password hashes, because the --old-passwords
option prevents generation of long hashes. Also, if you create
an account with a long hash before using the
--old-passwords option, changing the account's
password while --old-passwords is in effect
results in the account being given a short password, causing it
to lose the security benefits of a longer hash.
The disadvantages for these scenarios may be summarized as follows:
In scenario 1, you cannot take advantage of longer hashes that provide more secure authentication.
In scenario 2, accounts with short hashes become inaccessible to
pre-4.1 clients if you change their passwords without explicitly
using OLD_PASSWORD().
In scenario 3, --old-passwords prevents
accounts with short hashes from becoming inaccessible, but
password-changing operations cause accounts with long hashes to
revert to short hashes, and you cannot change them back to long
hashes while --old-passwords is in effect.
An upgrade to MySQL version 4.1 or later can cause
compatibility issues for applications that use
PASSWORD() to generate
passwords for their own purposes. Applications really should
not do this, because
PASSWORD() should be used only
to manage passwords for MySQL accounts. But some applications
use PASSWORD() for their own
purposes anyway.
If you upgrade to 4.1 or later from a pre-4.1 version of MySQL
and run the server under conditions where it generates long
password hashes, an application using
PASSWORD() for its own
passwords breaks. The recommended course of action in such
cases is to modify the application to use another function,
such as SHA1() or
MD5(), to produce hashed
values. If that is not possible, you can use the
OLD_PASSWORD() function, which
is provided for generate short hashes in the old format.
However, you should note that
OLD_PASSWORD() may one day no
longer be supported.
If the server is running under circumstances where it
generates short hashes,
OLD_PASSWORD() is available
but is equivalent to
PASSWORD().
PHP programmers migrating their MySQL databases from version 4.0 or lower to version 4.1 or higher should see Section 26.3, “MySQL PHP API”.
This section describes how to set up accounts for clients of your MySQL server. It discusses the following topics:
The meaning of account names and passwords as used in MySQL and how that compares to names and passwords used by your operating system
How to set up new accounts and remove existing accounts
How to change passwords
Guidelines for using passwords securely
How to use secure connections with SSL
A MySQL account is defined in terms of a username and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way usernames and passwords are used by MySQL and the way they are used by your operating system:
Usernames, as used by MySQL for authentication purposes,
have nothing to do with usernames (login names) as used by
Windows or Unix. On Unix, most MySQL clients by default try
to log in using the current Unix username as the MySQL
username, but that is for convenience only. The default can
be overridden easily, because client programs allow any
username to be specified with a -u or
--user option. Because this means that
anyone can attempt to connect to the server using any
username, you cannot make a database secure in any way
unless all MySQL accounts have passwords. Anyone who
specifies a username for an account that has no password is
able to connect successfully to the server.
MySQL usernames can be up to 16 characters long. This limit
is hard-coded in the MySQL servers and clients, and trying
to circumvent it by modifying the definitions of the tables
in the mysql database does not
work.
You should never alter any of the tables in the
mysql database in any manner whatsoever
except by means of the procedure prescribed by MySQL AB
that is described in Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.
Attempting to redefine MySQL's system tables in any other
fashion results in undefined (and unsupported!)
behavior.
Operating system usernames are completely unrelated to MySQL usernames and may even be of a different maximum length. For example, Unix usernames typically are limited to eight characters.
MySQL passwords have nothing to do with passwords for logging in to your operating system. There is no necessary connection between the password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.
MySQL encrypts passwords using its own algorithm. This
encryption is different from that used during the Unix login
process. MySQL password encryption is the same as that
implemented by the
PASSWORD() SQL function.
Unix password encryption is the same as that implemented by
the ENCRYPT() SQL function.
See the descriptions of the
PASSWORD() and
ENCRYPT() functions in
Section 11.10.2, “Encryption and Compression Functions”. From version 4.1 on,
MySQL employs a stronger authentication method that has
better password protection during the connection process
than in earlier versions. It is secure even if TCP/IP
packets are sniffed or the mysql database
is captured. (In earlier versions, even though passwords are
stored in encrypted form in the user
table, knowledge of the encrypted password value could be
used to connect to the MySQL server.)
When you install MySQL, the grant tables are populated with an
initial set of accounts. These accounts have names and access
privileges that are described in
Section 2.4.16.3, “Securing the Initial MySQL Accounts”, which also discusses how
to assign passwords to them. Thereafter, you normally set up,
modify, and remove MySQL accounts using statements such as
GRANT and REVOKE. See
Section 12.5.1, “Account Management Statements”.
When you connect to a MySQL server with a command-line client, you should specify the username and password for the account that you want to use:
shell> mysql --user=monty --password=guess db_name
If you prefer short options, the command looks like this:
shell> mysql -u monty -pguess db_name
There must be no space between the
-p option and the following password value. See
Section 4.2.2, “Connecting to the MySQL Server”.
The preceding commands include the password value on the command
line, which can be a security risk. See
Section 5.5.6, “Keeping Your Password Secure”. To avoid this problem,
specify the --password or -p
option without any following password value:
shell>mysql --user=monty --passwordshell>db_namemysql -u monty -pdb_name
When the password option has no password value, the client
program prints a prompt and waits for you to enter the password.
(In these examples, db_name is
not interpreted as a password because it is
separated from the preceding password option by a space.)
On some systems, the library routine that MySQL uses to prompt for a password automatically limits the password to eight characters. That is a problem with the system library, not with MySQL. Internally, MySQL doesn't have any limit for the length of the password. To work around the problem, change your MySQL password to a value that is eight or fewer characters long, or put your password in an option file.
You can create MySQL accounts in two ways:
By using statements intended for creating accounts, such as
CREATE USER or GRANT
By manipulating the MySQL grant tables directly with
statements such as INSERT,
UPDATE, or DELETE
The preferred method is to use account-creation statements
because they are more concise and less error-prone.
CREATE USER and GRANT are
described in Section 12.5.1.1, “CREATE USER Syntax”, and
Section 12.5.1.3, “GRANT Syntax”.
Another option for creating accounts is to use one of several
available third-party programs that offer capabilities for MySQL
account administration. phpMyAdmin is one
such program.
The following examples show how to use the
mysql client program to set up new users.
These examples assume that privileges are set up according to
the defaults described in Section 2.4.16.3, “Securing the Initial MySQL Accounts”.
This means that to make changes, you must connect to the MySQL
server as the MySQL root user, and the
root account must have the
INSERT privilege for the
mysql database and the
RELOAD administrative privilege.
As noted in the examples where appropriate, some of the
statements will fail if you have the server's SQL mode has been
set to enable certain restrictions. In particular, strict mode
(STRICT_TRANS_TABLES,
STRICT_ALL_TABLES) and
NO_AUTO_CREATE_USER will prevent the server
from accepting some of the statements. Workarounds are indicated
for these cases. For more information about SQL modes and their
effect on grant table manipulation, see
Section 5.1.7, “SQL Modes”, and Section 12.5.1.3, “GRANT Syntax”.
First, use the mysql program to connect to
the server as the MySQL root user:
shell> mysql --user=root mysql
If you have assigned a password to the root
account, you'll also need to supply a
--password or -p option for
this mysql command and also for those later
in this section.
After connecting to the server as root, you
can add new accounts. The following statements use
GRANT to set up four new accounts:
mysql>GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'->IDENTIFIED BY 'some_pass' WITH GRANT OPTION;mysql>GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'->IDENTIFIED BY 'some_pass' WITH GRANT OPTION;mysql>GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';mysql>GRANT USAGE ON *.* TO 'dummy'@'localhost';
The accounts created by these GRANT
statements have the following properties:
Two of the accounts have a username of
monty and a password of
some_pass. Both accounts are superuser
accounts with full privileges to do anything. One account
('monty'@'localhost') can be used only
when connecting from the local host. The other
('monty'@'%') can be used to connect from
any other host. Note that it is necessary to have both
accounts for monty to be able to connect
from anywhere as monty. Without the
localhost account, the anonymous-user
account for localhost that is created by
mysql_install_db would take precedence
when monty connects from the local host.
As a result, monty would be treated as an
anonymous user. The reason for this is that the
anonymous-user account has a more specific
Host column value than the
'monty'@'%' account and thus comes
earlier in the user table sort order.
(user table sorting is discussed in
Section 5.4.4, “Access Control, Stage 1: Connection Verification”.)
One account has a username of admin and
no password. This account can be used only by connecting
from the local host. It is granted the
RELOAD and PROCESS
administrative privileges. These privileges allow the
admin user to execute the
mysqladmin reload, mysqladmin
refresh, and mysqladmin
flush-xxx commands, as
well as mysqladmin processlist . No
privileges are granted for accessing any databases. You
could add such privileges later by issuing additional
GRANT statements.
One account has a username of dummy and
no password. This account can be used only by connecting
from the local host. No privileges are granted. The
USAGE privilege in the
GRANT statement enables you to create an
account without giving it any privileges. It has the effect
of setting all the global privileges to
'N'. It is assumed that you will grant
specific privileges to the account later.
The statements that create accounts with no password will
fail if the NO_AUTO_CREATE_USER SQL mode
is enabled. To deal with this, use an IDENTIFIED
BY clause that specifies a non-empty password.
As an alternative to GRANT, you can create
the same accounts directly by issuing INSERT
statements and then telling the server to reload the grant
tables using FLUSH PRIVILEGES:
shell>mysql --user=root mysqlmysql>INSERT INTO user->VALUES('localhost','monty',PASSWORD('some_pass'),->'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');mysql>INSERT INTO user->VALUES('%','monty',PASSWORD('some_pass'),->'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',->'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',->'','','','',0,0,0,0);mysql>INSERT INTO user SET Host='localhost',User='admin',->Reload_priv='Y', Process_priv='Y';mysql>INSERT INTO user (Host,User,Password)->VALUES('localhost','dummy','');mysql>FLUSH PRIVILEGES;
The reason for using FLUSH PRIVILEGES when
you create accounts with INSERT is to tell
the server to re-read the grant tables. Otherwise, the changes
go unnoticed until you restart the server. With
GRANT, FLUSH PRIVILEGES is
unnecessary.
The reason for using the
PASSWORD() function with
INSERT is to encrypt the password. The
GRANT statement encrypts the password for
you, so PASSWORD() is
unnecessary.
The 'Y' values enable privileges for the
accounts. Depending on your MySQL version, you may have to use a
different number of 'Y' values in the first
two INSERT statements. For the
admin account, you may also employ the more
readable extended INSERT syntax using
SET.
In the INSERT statement for the
dummy account, only the
Host, User, and
Password columns in the
user table row are assigned values. None of
the privilege columns are set explicitly, so MySQL assigns them
all the default value of 'N'. This is
equivalent to what GRANT USAGE does.
If strict SQL mode is enabled, all columns that have no default
value must have a value specified. In this case,
INSERT statements must explicitly specify
values for the ssl_cipher,
x509_issuer, and
x509_subject columns.
Note that to set up a superuser account, it is necessary only to
create a user table entry with the privilege
columns set to 'Y'. user
table privileges are global, so no entries in any of the other
grant tables are needed.
The next examples create three accounts and give them access to
specific databases. Each of them has a username of
custom and password of
obscure.
To create the accounts with GRANT, use the
following statements:
shell>mysql --user=root mysqlmysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP->ON bankaccount.*->TO 'custom'@'localhost'->IDENTIFIED BY 'obscure';mysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP->ON expenses.*->TO 'custom'@'whitehouse.gov'->IDENTIFIED BY 'obscure';mysql>GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP->ON customer.*->TO 'custom'@'server.domain'->IDENTIFIED BY 'obscure';
The three accounts can be used as follows:
The first account can access the
bankaccount database, but only from the
local host.
The second account can access the
expenses database, but only from the host
whitehouse.gov.
The third account can access the customer
database, but only from the host
server.domain.
To set up the custom accounts without
GRANT, use INSERT
statements as follows to modify the grant tables directly:
shell>mysql --user=root mysqlmysql>INSERT INTO user (Host,User,Password)->VALUES('localhost','custom',PASSWORD('obscure'));mysql>INSERT INTO user (Host,User,Password)->VALUES('whitehouse.gov','custom',PASSWORD('obscure'));mysql>INSERT INTO user (Host,User,Password)->VALUES('server.domain','custom',PASSWORD('obscure'));mysql>INSERT INTO db->(Host,Db,User,Select_priv,Insert_priv,->Update_priv,Delete_priv,Create_priv,Drop_priv)->VALUES('localhost','bankaccount','custom',->'Y','Y','Y','Y','Y','Y');mysql>INSERT INTO db->(Host,Db,User,Select_priv,Insert_priv,->Update_priv,Delete_priv,Create_priv,Drop_priv)->VALUES('whitehouse.gov','expenses','custom',->'Y','Y','Y','Y','Y','Y');mysql>INSERT INTO db->(Host,Db,User,Select_priv,Insert_priv,->Update_priv,Delete_priv,Create_priv,Drop_priv)->VALUES('server.domain','customer','custom',->'Y','Y','Y','Y','Y','Y');mysql>FLUSH PRIVILEGES;
The first three INSERT statements add
user table entries that allow the user
custom to connect from the various hosts with
the given password, but grant no global privileges (all
privileges are set to the default value of
'N'). The next three
INSERT statements add db
table entries that grant privileges to custom
for the bankaccount,
expenses, and customer
databases, but only when accessed from the proper hosts. As
usual when you modify the grant tables directly, you must tell
the server to reload them with FLUSH
PRIVILEGES so that the privilege changes take effect.
If you want to give a specific user access from all machines in
a given domain (for example, mydomain.com),
you can issue a GRANT statement that uses the
“%” wildcard character in the
host part of the account name:
mysql>GRANT ...->ON *.*->TO 'myname'@'%.mydomain.com'->IDENTIFIED BY 'mypass';
To do the same thing by modifying the grant tables directly, do this:
mysql>INSERT INTO user (Host,User,Password,...)->VALUES('%.mydomain.com','myname',PASSWORD('mypass'),...);mysql>FLUSH PRIVILEGES;
To remove an account, use the DROP USER
statement, which is described in Section 12.5.1.2, “DROP USER Syntax”.
One means of limiting use of MySQL server resources is to set
the max_user_connections system variable to a
non-zero value. However, this method is strictly global, and
does not allow for management of individual accounts. In
addition, it limits only the number of simultaneous connections
made using a single account, and not what a client can do once
connected. Both types of control are of interest to many MySQL
administrators, particularly those working for Internet Service
Providers.
In MySQL 5.0, you can limit the following server resources for individual accounts:
The number of queries that an account can issue per hour
The number of updates that an account can issue per hour
The number of times an account can connect to the server per hour
Any statement that a client can issue counts against the query limit. Only statements that modify databases or tables count against the update limit.
From MySQL 5.0.3 on, it is also possible to limit the number of simultaneous connections to the server on a per-account basis.
Before MySQL 5.0.3, an “account” in this context is
assessed against the actual host from which a user connects.
Suppose that there is a row in the user table
that has User and Host
values of usera and
%.example.com, to allow
usera to connect from any host in the
example.com domain. If
usera connects simultaneously from
host1.example.com and
host2.example.com, the server applies the
account resource limits separately to each connection. If
usera connects again from
host1.example.com, the server applies the
limits for that connection together with the existing connection
from that host.
As of MySQL 5.0.3, an “account” is assessed as a
single row in the user table. That is,
connections are assessed against the Host
value in the user table row that applies to
the connection. In this case, the server applies resource limits
collectively to all connections by usera from
any host in the example.com domain. The
pre-5.0.3 method of accounting may be selected by starting the
server with the --old-style-user-limits option.
As a prerequisite for using this feature, the
user table in the mysql
database must contain the resource-related columns. Resource
limits are stored in the max_questions,
max_updates,
max_connections, and
max_user_connections columns. If your
user table doesn't have these columns, it
must be upgraded; see Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.
To set resource limits with a GRANT
statement, use a WITH clause that names each
resource to be limited and a per-hour count indicating the limit
value. For example, to create a new account that can access the
customer database, but only in a limited
fashion, issue this statement:
mysql>GRANT ALL ON customer.* TO 'francis'@'localhost'->IDENTIFIED BY 'frank'->WITH MAX_QUERIES_PER_HOUR 20->MAX_UPDATES_PER_HOUR 10->MAX_CONNECTIONS_PER_HOUR 5->MAX_USER_CONNECTIONS 2;
The limit types need not all be named in the
WITH clause, but those named can be present
in any order. The value for each per-hour limit should be an
integer representing a count per hour. If the
GRANT statement has no
WITH clause, the limits are each set to the
default value of zero (that is, no limit). For
MAX_USER_CONNECTIONS, the limit is an integer
indicating the maximum number of simultaneous connections the
account can make at any one time. If the limit is set to the
default value of zero, the
max_user_connections system variable
determines the number of simultaneous connections for the
account.
To set or change limits for an existing account, use a
GRANT USAGE statement at the global level
(ON *.*). The following statement changes the
query limit for francis to 100:
mysql>GRANT USAGE ON *.* TO 'francis'@'localhost'->WITH MAX_QUERIES_PER_HOUR 100;
This statement leaves the account's existing privileges unchanged and modifies only the limit values specified.
To remove an existing limit, set its value to zero. For example,
to remove the limit on how many times per hour
francis can connect, use this statement:
mysql>GRANT USAGE ON *.* TO 'francis'@'localhost'->WITH MAX_CONNECTIONS_PER_HOUR 0;
Resource-use counting takes place when any account has a non-zero limit placed on its use of any of the resources.
As the server runs, it counts the number of times each account uses resources. If an account reaches its limit on number of connections within the last hour, further connections for the account are rejected until that hour is up. Similarly, if the account reaches its limit on the number of queries or updates, further queries or updates are rejected until the hour is up. In all such cases, an appropriate error message is issued.
Resource counting is done per account, not per client. For example, if your account has a query limit of 50, you cannot increase your limit to 100 by making two simultaneous client connections to the server. Queries issued on both connections are counted together.
Queries for which results are served from the query cache do not
count against the MAX_QUERIES_PER_HOUR limit.
The current per-hour resource-use counts can be reset globally for all accounts, or individually for a given account:
To reset the current counts to zero for all accounts, issue
a FLUSH USER_RESOURCES statement. The
counts also can be reset by reloading the grant tables (for
example, with a FLUSH PRIVILEGES
statement or a mysqladmin reload
command).
The counts for an individual account can be set to zero by
re-granting it any of its limits. To do this, use
GRANT USAGE as described earlier and
specify a limit value equal to the value that the account
currently has.
Counter resets do not affect the
MAX_USER_CONNECTIONS limit.
All counts begin at zero when the server starts; counts are not carried over through a restart.
Passwords may be assigned from the command line by using the mysqladmin command:
shell> mysqladmin -u user_name -h host_name password "newpwd"
The account for which this command resets the password is the
one with a user table row that matches
user_name in the
User column and the client host
from which you connect in the
Host column.
Another way to assign a password to an account is to issue a
SET PASSWORD statement:
mysql> SET PASSWORD FOR 'jeffrey'@'%' = PASSWORD('biscuit');
Only users such as root that have update
access to the mysql database can change the
password for other users. If you are not connected as an
anonymous user, you can change your own password by omitting the
FOR clause:
mysql> SET PASSWORD = PASSWORD('biscuit');
You can also use a GRANT USAGE statement at
the global level (ON *.*) to assign a
password to an account without affecting the account's current
privileges:
mysql> GRANT USAGE ON *.* TO 'jeffrey'@'%' IDENTIFIED BY 'biscuit';
Although it is generally preferable to assign passwords using
one of the preceding methods, you can also do so by modifying
the user table directly:
To establish a password when creating a new account, provide
a value for the Password column:
shell>mysql -u root mysqlmysql>INSERT INTO user (Host,User,Password)->VALUES('%','jeffrey',PASSWORD('biscuit'));mysql>FLUSH PRIVILEGES;
To change the password for an existing account, use
UPDATE to set the
Password column value:
shell>mysql -u root mysqlmysql>UPDATE user SET Password = PASSWORD('bagel')->WHERE Host = '%' AND User = 'francis';mysql>FLUSH PRIVILEGES;
When you assign an account a non-empty password using
SET PASSWORD, INSERT, or
UPDATE, you must use the
PASSWORD() function to encrypt
it. PASSWORD() is necessary
because the user table stores passwords in
encrypted form, not as plaintext. If you forget that fact, you
are likely to set passwords like this:
shell>mysql -u root mysqlmysql>INSERT INTO user (Host,User,Password)->VALUES('%','jeffrey','biscuit');mysql>FLUSH PRIVILEGES;
The result is that the literal value
'biscuit' is stored as the password in the
user table, not the encrypted value. When
jeffrey attempts to connect to the server
using this password, the value is encrypted and compared to the
value stored in the user table. However, the
stored value is the literal string 'biscuit',
so the comparison fails and the server rejects the connection:
shell> mysql -u jeffrey -pbiscuit test
Access denied
If you assign passwords using the GRANT ... IDENTIFIED
BY statement or the mysqladmin
password command, they both take care of encrypting
the password for you. In these cases, using
PASSWORD() function is
unnecessary.
PASSWORD() encryption is
different from Unix password encryption. See
Section 5.5.1, “MySQL Usernames and Passwords”.
On an administrative level, you should never grant access to the
user grant table to any non-administrative
accounts.
When you run a client program to connect to the MySQL server, it is inadvisable to specify your password in a way that exposes it to discovery by other users. The methods you can use to specify your password when you run client programs are listed here, along with an assessment of the risks of each method:
Use a
-p or
your_pass--password=
option on the command line. For example:
your_pass
shell> mysql -u francis -pfrank db_name
This is convenient but insecure, because your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrite the command-line password argument with zeros during their initialization sequence. However, there is still a brief interval during which the value is visible. On some systems this strategy is ineffective, anyway, and the password remains visible to ps. (SystemV Unix systems and perhaps others are subject to this problem.)
Use the -p or --password
option with no password value specified. In this case, the
client program solicits the password from the terminal:
shell> mysql -u francis -p db_name
Enter password: ********
The “*” characters indicate
where you enter your password. The password is not displayed
as you enter it.
It is more secure to enter your password this way than to specify it on the command line because it is not visible to other users. However, this method of entering a password is suitable only for programs that you run interactively. If you want to invoke a client from a script that runs non-interactively, there is no opportunity to enter the password from the terminal. On some systems, you may even find that the first line of your script is read and interpreted (incorrectly) as your password.
Store your password in an option file. For example, on Unix
you can list your password in the
[client] section of the
.my.cnf file in your home directory:
[client] password=your_pass
If you store your password in .my.cnf,
the file should not be accessible to anyone but yourself. To
ensure this, set the file access mode to
400 or 600. For
example:
shell> chmod 600 .my.cnf
Section 4.2.3.2, “Using Option Files”, discusses option files in more detail.
Store your password in the MYSQL_PWD
environment variable. This method of specifying your MySQL
password must be considered extremely
insecure and should not be used. Some versions of
ps include an option to display the
environment of running processes. If you set
MYSQL_PWD, your password is exposed to
any other user who runs ps. Even on
systems without such a version of ps, it
is unwise to assume that there are no other methods by which
users can examine process environments. See
Section 2.4.20, “Environment Variables”.
All in all, the safest methods are to have the client program prompt for the password or to specify the password in a properly protected option file.
MySQL supports secure (encrypted) connections between MySQL
clients and the server using the Secure Sockets Layer (SSL)
protocol. This section discusses how to use SSL connections. It
also describes a way to set up SSH on Windows. For information
on how to require users to use SSL connections, see the
discussion of the REQUIRE clause of the
GRANT statement in Section 12.5.1.3, “GRANT Syntax”.
The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a CPU-intensive operation that requires the computer to do additional work and can delay other MySQL tasks. For applications that require the security provided by encrypted connections, the extra computation is warranted.
MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal unencrypted connection or a secure encrypted SSL connection according the requirements of individual applications.
Secure connections are based on the OpenSSL API and are available through the MySQL C API. Replication uses the C API, so secure connections can be used between master and slave servers.
To understand how MySQL uses SSL, it is necessary to explain some basic SSL and X509 concepts. People who are familiar with these can skip this part of the discussion.
By default, MySQL uses unencrypted connections between the
client and the server. This means that someone with access to
the network could watch all your traffic and look at the data
being sent or received. They could even change the data while
it is in transit between client and server. To improve
security a little, you can compress client/server traffic by
using the --compress option when invoking
client programs. However, this does not foil a determined
attacker.
When you need to move information over a network in a secure fashion, an unencrypted connection is unacceptable. Encryption is the way to make any kind of data unreadable. In fact, today's practice requires many additional security elements from encryption algorithms. They should resist many kind of known attacks such as changing the order of encrypted messages or replaying data twice.
SSL is a protocol that uses different encryption algorithms to ensure that data received over a public network can be trusted. It has mechanisms to detect any data change, loss, or replay. SSL also incorporates algorithms that provide identity verification using the X509 standard.
X509 makes it possible to identify someone on the Internet. It is most commonly used in e-commerce applications. In basic terms, there should be some company called a “Certificate Authority” (or CA) that assigns electronic certificates to anyone who needs them. Certificates rely on asymmetric encryption algorithms that have two encryption keys (a public key and a secret key). A certificate owner can show the certificate to another party as proof of identity. A certificate consists of its owner's public key. Any data encrypted with this public key can be decrypted only using the corresponding secret key, which is held by the owner of the certificate.
If you need more information about SSL, X509, or encryption, use your favorite Internet search engine to search for the keywords in which you are interested.
To use SSL connections between the MySQL server and client programs, your system must support either OpenSSL or yaSSL and your version of MySQL must be built with SSL support.
To make it easier to use secure connections, MySQL is bundled with yaSSL as of MySQL 5.0.10. (MySQL and yaSSL employ the same licensing model, whereas OpenSSL uses an Apache-style license.) yaSSL support initially was available only for a few platforms, but now it is available on all platforms supported by MySQL AB.
To get secure connections to work with MySQL and SSL, you must do the following:
If you are not using a binary (precompiled) version of MySQL that has been built with SSL support, and you are going to use OpenSSL rather than the bundled yaSSL library, install OpenSSL if it has not already been installed. We have tested MySQL with OpenSSL 0.9.6. To obtain OpenSSL, visit http://www.openssl.org.
If you are not using a binary (precompiled) version of MySQL that has been built with SSL support, configure a MySQL source distribution to use SSL. When you configure MySQL, invoke the configure script with the appropriate option to select the SSL library that you want to use.
For yaSSL:
shell> ./configure --with-yassl
For OpenSSL:
shell> ./configure --with-openssl
Before MySQL 5.0, it was also neccessary to use
--with-vio, but that option is no longer
required.
Note that yaSSL support on Unix platforms requires that
either /dev/urandom or
/dev/random be available to retrieve
true random numbers. For additional information
(especially regarding yaSSL on Solaris versions prior to
2.8 and HP-UX), see Bug#13164.
Make sure that you have upgraded your grant tables to
include the SSL-related columns in the
mysql.user table. This is necessary if
your grant tables date from a version of MySQL older than
4.0. The upgrade procedure is described in
Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.
To check whether a server binary is compiled with SSL
support, invoke it with the --ssl option.
An error will occur if the server does not support SSL:
shell> mysqld --ssl --help
060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
To check whether a running mysqld
server supports SSL, examine the value of the
have_ssl system variable:
mysql> SHOW VARIABLES LIKE 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl | YES |
+---------------+-------+
If the value is YES, the server
supports SSL connections. If the value is
DISABLED, the server supports SSL
connections but was not started with the appropriate
--ssl-
options (described later in this section). If the value is
xxxYES, the server supports SSL
connections.
To enable SSL connections, the proper SSL-related command options must be used (see Section 5.5.7.3, “SSL Command Options”).
To start the MySQL server so that it allows clients to connect via SSL, use the options that identify the key and certificate files the server needs when establishing a secure connection:
shell>mysqld --ssl-ca=cacert.pem\--ssl-cert=server-cert.pem\--ssl-key=server-key.pem
--ssl-ca identifies the Certificate
Authority (CA) certificate.
--ssl-cert identifies the server public
key. This can be sent to the client and authenticated
against the CA certificate that it has.
--ssl-key identifies the server private
key.
To establish a secure connection to a MySQL server with SSL
support, the options that a client must specify depend on the
SSL requirements of the user account that the client uses.
(See the discussion of the REQUIRE clause
in Section 12.5.1.3, “GRANT Syntax”.)
If the account has no special SSL requirements or was created
using a GRANT statement that includes the
REQUIRE SSL option, a client can connect
securely by using just the --ssl-ca option:
shell> mysql --ssl-ca=cacert.pem
To require that a client certificate also be specified, create
the account using the REQUIRE X509 option.
Then the client must also specify the proper client key and
certificate files or the server will reject the connection:
shell>mysql --ssl-ca=cacert.pem\--ssl-cert=client-cert.pem\--ssl-key=client-key.pem
In other words, the options are similar to those used for the server. Note that the Certificate Authority certificate has to be the same.
A client can determine whether the current connection with the
server uses SSL by checking the value of the
Ssl_cipher status variable. The value of
Ssl_cipher is non-empty if SSL is used, and
empty otherwise. For example:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
For the mysql client, you can use the
STATUS or \s command and
check the SSL line:
mysql> \s
...
SSL: Not in use
...
Or:
mysql> \s
...
SSL: Cipher in use is DHE-RSA-AES256-SHA
...
To establish a secure connection from within an application
program, use the
mysql_ssl_set() C API
function to set the appropriate certificate options before
calling mysql_real_connect().
See Section 26.2.3.67, “mysql_ssl_set()”. After the connection is
established, you can use
mysql_get_ssl_cipher() to
determine whether SSL is in use. A non-NULL
return value indicates a secure connection and names the SSL
cipher used for encryption. A NULL return
value indicates that SSL is not being used. See
Section 26.2.3.33, “mysql_get_ssl_cipher()”.
The following list describes options that are used for
specifying the use of SSL, certificate files, and key files.
They can be given on the command line or in an option file.
These options are not available unless MySQL has been built
with SSL support. See Section 5.5.7.2, “Using SSL Connections”.
(There are also --master-ssl* options that
can be used for setting up a secure connection from a slave
replication server to a master server; see
Section 18.1.2, “Replication Startup Options and Variables”.)
| Name | Cmd-Line | Option file | System Var | Status Var | Var Scope | Dynamic |
|---|---|---|---|---|---|---|
| have_openssl | Yes | Global | No | |||
| have_ssl | Yes | Global | No | |||
| skip-ssl | Yes | Yes | ||||
| ssl | Yes | Yes | ||||
| ssl-ca | Yes | Yes | Global | No | ||
| - Variable: ssl_ca | Yes | Global | No | |||
| ssl-capath | Yes | Yes | Global | No | ||
| - Variable: ssl_capath | Yes | Global | No | |||
| ssl-cert | Yes | Yes | Global | No | ||
| - Variable: ssl_cert | Yes | Global | No | |||
| ssl-cipher | Yes | Yes | Global | No | ||
| - Variable: ssl_cipher | Yes | Global | No | |||
| ssl-key | Yes | Yes | Global | No | ||
| - Variable: ssl_key | Yes | Global | No |
For the server, this option specifies that the server
allows SSL connections. For a client program, it allows
the client to connect to the server using SSL. This option
is not sufficient in itself to cause an SSL connection to
be used. You must also specify the
--ssl-ca option, and possibly the
--ssl-cert and --ssl-key
options.
This option is more often used in its opposite form to
override any other SSL options and indicate that SSL
should not be used. To do this,
specify the option as --skip-ssl or
--ssl=0.
Note that use of --ssl does not
require an SSL connection. For
example, if the server or client is compiled without SSL
support, a normal unencrypted connection is used.
The secure way to require use of an SSL connection is to
create an account on the server that includes a
REQUIRE SSL clause in the
GRANT statement. Then use that account
to connect to the server, where both the server and the
client have SSL support enabled.
The REQUIRE clause allows other
SSL-related restrictions as well. The description of
REQUIRE in Section 12.5.1.3, “GRANT Syntax”,
provides additional detail about which SSL command options
may or must be specified by clients that connect using
accounts that are created using the various
REQUIRE options.
The path to a file that contains a list of trusted SSL CAs.
The path to a directory that contains trusted SSL CA certificates in PEM format.
The name of the SSL certificate file to use for establishing a secure connection.
A list of allowable ciphers to use for SSL encryption. For
greatest portability,
cipher_list should be a list of
one or more cipher names, separated by colons. Examples:
--ssl-cipher=AES128-SHA --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA
This format is understood both by OpenSSL and yaSSL. OpenSSL supports a more flexible syntax for specifying ciphers, as described in the OpenSSL documentation at http://www.openssl.org/docs/apps/ciphers.html. However, this extended syntax will fail if used with a MySQL installation compiled against yaSSL.
If no cipher in the list is supported, SSL connections will not work.
The name of the SSL key file to use for establishing a secure connection.
This option is available for client programs. It causes the server's Common Name value in the certificate that the server sends to the client to be verified against the hostname that the client uses for connecting to the server, and the connection is rejected if there is a mismatch. This feature can be used to prevent man-in-the-middle attacks. Verification is disabled by default. This option was added in MySQL 5.0.23.
As of MySQL 5.0.40, if you use SSL when establishing a client
connection, you can tell the client not to authenticate the
server certificate by specifying neither
--ssl-ca nor --ssl-capath.
The server still verifies the client according to any
applicable requirements established via
GRANT statements for the client, and it
still uses any
--ssl-ca/--ssl-capath values
that were passed to server at startup time.
This section demonstrates how to set up SSL certificate and key files for use by MySQL servers and clients. The first example shows a simplified procedure such as you might use from the command line. The second shows a script that contains more detail. Both examples use the openssl command that is part of OpenSSL.
The following example shows a set of commands to create MySQL server and client certificate and key files. You will need to respond to several prompts by the openssl commands. For testing, you can press Enter to all prompts. For production use, you should provide non-empty responses.
# Create clean environment shell>rm -rf newcertsshell>mkdir newcerts && cd newcerts# Create CA certificate shell>openssl genrsa 2048 > ca-key.pemshell>openssl req -new -x509 -nodes -days 1000 \-key ca-key.pem > ca-cert.pem# Create server certificate shell>openssl req -newkey rsa:2048 -days 1000 \-nodes -keyout server-key.pem > server-req.pemshell>openssl x509 -req -in server-req.pem -days 1000 \-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem# Create client certificate shell>openssl req -newkey rsa:2048 -days 1000 \-nodes -keyout client-key.pem > client-req.pemshell>openssl x509 -req -in client-req.pem -days 1000 \-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Here is an example script that shows how to set up SSL certificates for MySQL:
DIR=`pwd`/openssl
PRIV=$DIR/private
mkdir $DIR $PRIV $DIR/newcerts
cp /usr/share/ssl/openssl.cnf $DIR
replace ./demoCA $DIR -- $DIR/openssl.cnf
# Create necessary files: $database, $serial and $new_certs_dir
# directory (optional)
touch $DIR/index.txt
echo "01" > $DIR/serial
#
# Generation of Certificate Authority(CA)
#
openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \
-config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ................++++++
# .........++++++
# writing new private key to '/home/monty/openssl/private/cakey.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL admin
# Email Address []:
#
# Create server request and key
#
openssl req -new -keyout $DIR/server-key.pem -out \
$DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ..++++++
# ..........++++++
# writing new private key to '/home/monty/openssl/server-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL server
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:
#
# Remove the passphrase from the key
#
openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem
#
# Sign server cert
#
openssl ca -policy policy_anything -out $DIR/server-cert.pem \
-config $DIR/openssl.cnf -infiles $DIR/server-req.pem
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName :PRINTABLE:'FI'
# organizationName :PRINTABLE:'MySQL AB'
# commonName :PRINTABLE:'MySQL admin'
# Certificate is to be certified until Sep 13 14:22:46 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated
#
# Create client request and key
#
openssl req -new -keyout $DIR/client-key.pem -out \
$DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# .....................................++++++
# .............................................++++++
# writing new private key to '/home/monty/openssl/client-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL user
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:
#
# Remove the passphrase from the key
#
openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem
#
# Sign client cert
#
openssl ca -policy policy_anything -out $DIR/client-cert.pem \
-config $DIR/openssl.cnf -infiles $DIR/client-req.pem
# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName :PRINTABLE:'FI'
# organizationName :PRINTABLE:'MySQL AB'
# commonName :PRINTABLE:'MySQL user'
# Certificate is to be certified until Sep 13 16:45:17 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated
#
# Create a my.cnf file that you can use to test the certificates
#
cnf=""
cnf="$cnf [client]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/client-cert.pem"
cnf="$cnf ssl-key=$DIR/client-key.pem"
cnf="$cnf [mysqld]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/server-cert.pem"
cnf="$cnf ssl-key=$DIR/server-key.pem"
echo $cnf | replace " " '
' > $DIR/my.cnf
To test SSL connections, start the server as follows, where
$DIR is the pathname to the directory where
the sample my.cnf option file is located:
shell> mysqld --defaults-file=$DIR/my.cnf &
Then invoke a client program using the same option file:
shell> mysql --defaults-file=$DIR/my.cnf
If you have a MySQL source distribution, you can also test
your setup by modifying the preceding
my.cnf file to refer to the demonstration
certificate and key files in the SSL
directory of the distribution.
Here is a note that describes how to get a secure connection
to a remote MySQL server with SSH (by David Carlson
<dcarlson@mplcomm.com>):
Install an SSH client on your Windows machine. As a user,
the best non-free one I have found is from
SecureCRT from
http://www.vandyke.com/. Another option is
f-secure from
http://www.f-secure.com/. You can also find
some free ones on Google at
http://directory.google.com/Top/Computers/Internet/Protocols/SSH/Clients/Windows/.
Start your Windows SSH client. Set Host_Name =
.
Set
yourmysqlserver_URL_or_IPuserid=
to log in to your server. This your_useriduserid
value might not be the same as the username of your MySQL
account.
Set up port forwarding. Either do a remote forward (Set
local_port: 3306, remote_host:
,
yourmysqlservername_or_ipremote_port: 3306 ) or a local forward
(Set port: 3306, host:
localhost, remote port:
3306).
Save everything, otherwise you will have to redo it the next time.
Log in to your server with the SSH session you just created.
On your Windows machine, start some ODBC application (such as Access).
Create a new file in Windows and link to MySQL using the
ODBC driver the same way you normally do, except type in
localhost for the MySQL host server,
not yourmysqlservername.
At this point, you should have an ODBC connection to MySQL, encrypted using SSH.
In some cases, you might want to run multiple mysqld servers on the same machine. You might want to test a new MySQL release while leaving your existing production setup undisturbed. Or you might want to give different users access to different mysqld servers that they manage themselves. (For example, you might be an Internet Service Provider that wants to provide independent MySQL installations for different customers.)
To run multiple servers on a single machine, each server must have unique values for several operating parameters. These can be set on the command line or in option files. See Section 4.2.3, “Specifying Program Options”.
At least the following options must be different for each server:
--port=
port_num
--port controls the port number for TCP/IP
connections. (Alternatively, if the host has multiple network
addresses, you can use --bind-adress to cause
different servers to listen to different interfaces.)
--socket=
path
--socket controls the Unix socket file path
on Unix and the name of the named pipe on Windows. On Windows,
it is necessary to specify distinct pipe names only for those
servers that support named-pipe connections.
--shared-memory-base-name=
name
This option currently is used only on Windows. It designates the shared-memory name used by a Windows server to allow clients to connect via shared memory. It is necessary to specify distinct shared-memory names only for those servers that support shared-memory connections.
--pid-file=
file_name
This option is used only on Unix. It indicates the pathname of the file in which the server writes its process ID.
If you use the following log file options, they must be different for each server:
--log=
file_name
--log-bin=
file_name
--log-update=
file_name
--log-error=
file_name
--bdb-logdir=
file_name
Section 5.2.5, “Server Log Maintenance”, discusses the log file options further.
For better performance, you can specify the following options differently for each server, to spread the load between several physical disks:
--tmpdir=
path
--bdb-tmpdir=
path
Having different temporary directories is also recommended to make it easier to determine which MySQL server created any given temporary file.
With very limited exceptions, each server should use a different
data directory, which is specified using the
--datadir= option.
path
Normally, you should never have two servers that update data in
the same databases. This may lead to unpleasant surprises if
your operating system does not support fault-free system
locking. If (despite this warning) you run multiple servers
using the same data directory and they have logging enabled, you
must use the appropriate options to specify log filenames that
are unique to each server. Otherwise, the servers try to log to
the same files. Please note that this kind of setup only works
with MyISAM and MERGE
tables, and not with any of the other storage engines.
The warning against sharing a data directory among servers also applies in an NFS environment. Allowing multiple MySQL servers to access a common data directory over NFS is a very bad idea.
The primary problem is that NFS is the speed bottleneck. It is not meant for such use.
Another risk with NFS is that you must devise a way to ensure
that two or more servers do not interfere with each other.
Usually NFS file locking is handled by the
lockd daemon, but at the moment there is no
platform that performs locking 100% reliably in every
situation.
Make it easy for yourself: Forget about sharing a data directory among servers over NFS. A better solution is to have one computer that contains several CPUs and use an operating system that handles threads efficiently.
If you have multiple MySQL installations in different locations,
you can specify the base installation directory for each server
with the
--basedir= option
to cause each server to use a different data directory, log files,
and PID file. (The defaults for all these values are determined
relative to the base directory). In that case, the only other
options you need to specify are the path--socket and
--port options. For example, suppose that you
install different versions of MySQL using tar
file binary distributions. These install in different locations,
so you can start the server for each installation using the
command bin/mysqld_safe under its corresponding
base directory. mysqld_safe determines the
proper --basedir option to pass to
mysqld, and you need specify only the
--socket and --port options to
mysqld_safe.
As discussed in the following sections, it is possible to start
additional servers by setting environment variables or by
specifying appropriate command-line options. However, if you need
to run multiple servers on a more permanent basis, it is more
convenient to use option files to specify for each server those
option values that must be unique to it. The
--defaults-file option is useful for this
purpose.
You can run multiple servers on Windows by starting them manually from the command line, each with appropriate operating parameters. You also have the option of installing several servers as Windows services and running them that way. General instructions for running MySQL servers from the command line or as services are given in Section 2.4.8, “Installing MySQL on Windows”. This section describes how to make sure that you start each server with different values for those startup options that must be unique per server, such as the data directory. These options are described in Section 5.6, “Running Multiple MySQL Servers on the Same Machine”.
To start multiple servers manually from the command line, you
can specify the appropriate options on the command line or in
an option file. It is more convenient to place the options in
an option file, but it is necessary to make sure that each
server gets its own set of options. To do this, create an
option file for each server and tell the server the filename
with a --defaults-file option when you run
it.
Suppose that you want to run mysqld on port
3307 with a data directory of C:\mydata1,
and mysqld-debug on port 3308 with a data
directory of C:\mydata2. (To do this,
make sure that before you start the servers, each data
directory exists and has its own copy of the
mysql database that contains the grant
tables.) Then create two option files. For example, create one
file named C:\my-opts1.cnf that looks
like this:
[mysqld] datadir = C:/mydata1 port = 3307
Create a second file named
C:\my-opts2.cnf that looks like this:
[mysqld] datadir = C:/mydata2 port = 3308
Then start each server with its own option file:
C:\>C:\mysql\bin\mysqld --defaults-file=C:\my-opts1.cnfC:\>C:\mysql\bin\mysqld-debug --defaults-file=C:\my-opts2.cnf
Each server starts in the foreground (no new prompt appears until the server exits later), so you will need to issue those two commands in separate console windows.
To shut down the servers, you must connect to each using the appropriate port number:
C:\>C:\mysql\bin\mysqladmin --port=3307 shutdownC:\>C:\mysql\bin\mysqladmin --port=3308 shutdown
Servers configured as just described allow clients to connect
over TCP/IP. If your version of Windows supports named pipes
and you also want to allow named-pipe connections, use the
mysqld-nt or
mysqld-debug server and specify options
that enable the named pipe and specify its name. Each server
that supports named-pipe connections must use a unique pipe
name. For example, the C:\my-opts1.cnf
file might be written like this:
[mysqld] datadir = C:/mydata1 port = 3307 enable-named-pipe socket = mypipe1
Then start the server this way:
C:\> C:\mysql\bin\mysqld-nt --defaults-file=C:\my-opts1.cnf
Modify C:\my-opts2.cnf similarly for use
by the second server.
A similar procedure applies for servers that you want to
support shared-memory connections. Enable such connections
with the --shared-memory option and specify a
unique shared-memory name for each server with the
--shared-memory-base-name option.
A MySQL server can run as a Windows service. The procedures for installing, controlling, and removing a single MySQL service are described in Section 2.4.8.11, “Starting MySQL as a Windows Service”.
You can also install multiple MySQL servers as services. In this case, you must make sure that each server uses a different service name in addition to all the other parameters that must be unique for each server.
For the following instructions, assume that you want to run
the mysqld-nt server from two different
versions of MySQL that are installed at
C:\mysql-4.1.8 and
C:\mysql-5.0.68, respectively.
(This might be the case if you're running 4.1.8 as your
production server, but also want to conduct tests using
5.0.68.)
The following principles apply when installing a MySQL service
with the --install or
--install-manual option:
If you specify no service name, the server uses the
default service name of MySQL and the
server reads options from the [mysqld]
group in the standard option files.
If you specify a service name after the
--install option, the server ignores the
[mysqld] option group and instead reads
options from the group that has the same name as the
service. The server reads options from the standard option
files.
If you specify a --defaults-file option
after the service name, the server ignores the standard
option files and reads options only from the
[mysqld] group of the named file.
Before MySQL 4.0.17, only a server installed using the
default service name (MySQL) or one
installed explicitly with a service name of
mysqld will read the
[mysqld] group in the standard option
files. As of 4.0.17, all servers read the
[mysqld] group if they read the standard
option files, even if they are installed using another
service name. This allows you to use the
[mysqld] group for options that should be
used by all MySQL services, and an option group named after
each service for use by the server installed with that
service name.
Based on the preceding information, you have several ways to set up multiple services. The following instructions describe some examples. Before trying any of them, be sure that you shut down and remove any existing MySQL services first.
Approach 1: Specify the
options for all services in one of the standard option
files. To do this, use a different service name for each
server. Suppose that you want to run the 4.1.8
mysqld-nt using the service name of
mysqld1 and the 5.0.68
mysqld-nt using the service name
mysqld2. In this case, you can use the
[mysqld1] group for 4.1.8 and the
[mysqld2] group for 5.0.68.
For example, you can set up C:\my.cnf
like this:
# options for mysqld1 service [mysqld1] basedir = C:/mysql-4.1.8 port = 3307 enable-named-pipe socket = mypipe1 # options for mysqld2 service [mysqld2] basedir = C:/mysql-5.0.68 port = 3308 enable-named-pipe socket = mypipe2
Install the services as follows, using the full server pathnames to ensure that Windows registers the correct executable program for each service:
C:\>C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1C:\>C:\mysql-5.0.68\bin\mysqld-nt --install mysqld2
To start the services, use the services manager, or use NET START with the appropriate service names:
C:\>NET START mysqld1C:\>NET START mysqld2
To stop the services, use the services manager, or use NET STOP with the appropriate service names:
C:\>NET STOP mysqld1C:\>NET STOP mysqld2
Approach 2: Specify
options for each server in separate files and use
--defaults-file when you install the
services to tell each server what file to use. In this
case, each file should list options using a
[mysqld] group.
With this approach, to specify options for the 4.1.8
mysqld-nt, create a file
C:\my-opts1.cnf that looks like this:
[mysqld] basedir = C:/mysql-4.1.8 port = 3307 enable-named-pipe socket = mypipe1
For the 5.0.68 mysqld-nt,
create a file C:\my-opts2.cnf that
looks like this:
[mysqld] basedir = C:/mysql-5.0.68 port = 3308 enable-named-pipe socket = mypipe2
Install the services as follows (enter each command on a single line):
C:\>C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1--defaults-file=C:\my-opts1.cnfC:\>C:\mysql-5.0.68\bin\mysqld-nt --install mysqld2--defaults-file=C:\my-opts2.cnf
To use a --defaults-file option when you
install a MySQL server as a service, you must precede the
option with the service name.
After installing the services, start and stop them the same way as in the preceding example.
To remove multiple services, use mysqld
--remove for each one, specifying a service name
following the --remove option. If the service
name is the default (MySQL), you can omit
it.
The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.
Assume that an existing 4.1.8 server is configured for the
default TCP/IP port number (3306) and Unix socket file
(/tmp/mysql.sock). To configure a new
5.0.68 server to have different operating parameters,
use a configure command something like this:
shell>./configure --with-tcp-port=port_number\--with-unix-socket-path=file_name\--prefix=/usr/local/mysql-5.0.68
Here, port_number and
file_name must be different from the
default TCP/IP port number and Unix socket file pathname, and
the --prefix value should specify an
installation directory different from the one under which the
existing MySQL installation is located.
If you have a MySQL server listening on a given port number, you can use the following command to find out what operating parameters it is using for several important configurable variables, including the base directory and Unix socket filename:
shell> mysqladmin --host=host_name --port=port_number variables
With the information displayed by that command, you can tell what option values not to use when configuring an additional server.
Note that if you specify localhost as a
hostname, mysqladmin defaults to using a Unix
socket file connection rather than TCP/IP. From MySQL 4.1
onward, you can explicitly specify the connection protocol to
use by using the
--protocol={TCP|SOCKET|PIPE|MEMORY} option.
You don't have to compile a new MySQL server just to start with a different Unix socket file and TCP/IP port number. It is also possible to use the same server binary and start each invocation of it with different parameter values at runtime. One way to do so is by using command-line options:
shell> mysqld_safe --socket=file_name --port=port_number
To start a second server, provide different
--socket and --port option
values, and pass a
--datadir=
option to mysqld_safe so that the server uses
a different data directory.
path
Another way to achieve a similar effect is to use environment variables to set the Unix socket filename and TCP/IP port number:
shell>MYSQL_UNIX_PORT=/tmp/mysqld-new.sockshell>MYSQL_TCP_PORT=3307shell>export MYSQL_UNIX_PORT MYSQL_TCP_PORTshell>mysql_install_db --user=mysqlshell>mysqld_safe --datadir=/path/to/datadir &
This is a quick way of starting a second server to use for testing. The nice thing about this method is that the environment variable settings apply to any client programs that you invoke from the same shell. Thus, connections for those clients are automatically directed to the second server.
Section 2.4.20, “Environment Variables”, includes a list of other environment variables you can use to affect mysqld.
For automatic server execution, the startup script that is executed at boot time should execute the following command once for each server with an appropriate option file path for each command:
shell> mysqld_safe --defaults-file=file_name
Each option file should contain option values specific to a given server.
On Unix, the mysqld_multi script is another way to start multiple servers. See Section 4.3.4, “mysqld_multi — Manage Multiple MySQL Servers”.
To connect with a client program to a MySQL server that is listening to different network interfaces from those compiled into your client, you can use one of the following methods:
Start the client with
--host= to
connect via TCP/IP to a remote server, with
host_name
--port=port_number--host=127.0.0.1
--port= to
connect via TCP/IP to a local server, or with
port_number--host=localhost
--socket= to
connect to a local server via a Unix socket file or a
Windows named pipe.
file_name
As of MySQL 4.1, start the client with
--protocol=TCP to connect via TCP/IP,
--protocol=SOCKET to connect via a Unix
socket file, --protocol=PIPE to connect via
a named pipe, or --protocol=MEMORY to
connect via shared memory. For TCP/IP connections, you may
also need to specify --host and
--port options. For the other types of
connections, you may need to specify a
--socket option to specify a Unix socket
file or Windows named-pipe name, or a
--shared-memory-base-name option to specify
the shared-memory name. Shared-memory connections are
supported only on Windows.
On Unix, set the MYSQL_UNIX_PORT and
MYSQL_TCP_PORT environment variables to
point to the Unix socket file and TCP/IP port number before
you start your clients. If you normally use a specific
socket file or port number, you can place commands to set
these environment variables in your
.login file so that they apply each
time you log in. See
Section 2.4.20, “Environment Variables”.
Specify the default Unix socket file and TCP/IP port number
in the [client] group of an option file.
For example, you can use C:\my.cnf on
Windows, or the .my.cnf file in your
home directory on Unix. See Section 4.2.3.2, “Using Option Files”.
In a C program, you can specify the socket file or port
number arguments in the
mysql_real_connect() call.
You can also have the program read option files by calling
mysql_options(). See
Section 26.2.3, “C API Function Descriptions”.
If you are using the Perl DBD::mysql
module, you can read options from MySQL option files. For
example:
$dsn = "DBI:mysql:test;mysql_read_default_group=client;"
. "mysql_read_default_file=/usr/local/mysql/data/my.cnf";
$dbh = DBI->connect($dsn, $user, $password);
See Section 26.4, “MySQL Perl API”.
Other programming interfaces may provide similar capabilities for reading option files.
MySQL Enterprise Subscribers to MySQL Enterprise will find additional information on running multiple MySQL servers on one machine in the MySQL Enterprise Knowledge Base article found at https://kb.mysql.com/view.php?id=4926.