Íîâîñòè
Äîêóìåíòàöèÿ
Download
Webboard
Ïîèñê
FAQ/×àÂî
Îáðàòíàÿ ñâÿçü




Chapter 5. MySQL Server Administration

Table of Contents

5.1. The MySQL Server
5.1.1. Server Option and Variable Reference
5.1.2. Server Command Options
5.1.3. Server System Variables
5.1.4. Session System Variables
5.1.5. Using System Variables
5.1.6. Server Status Variables
5.1.7. Server SQL Modes
5.1.8. Server-Side Help
5.1.9. Server Response to Signals
5.1.10. The Shutdown Process
5.2. MySQL Server Logs
5.2.1. The Error Log
5.2.2. The General Query Log
5.2.3. The Binary Log
5.2.4. The Slow Query Log
5.2.5. Server Log Maintenance
5.3. General Security Issues
5.3.1. General Security Guidelines
5.3.2. Making MySQL Secure Against Attackers
5.3.3. Security-Related mysqld Options
5.3.4. Security Issues with LOAD DATA LOCAL
5.3.5. How to Run MySQL as a Normal User
5.4. The MySQL Access Privilege System
5.4.1. Privileges Provided by MySQL
5.4.2. Privilege System Grant Tables
5.4.3. Specifying Account Names
5.4.4. Access Control, Stage 1: Connection Verification
5.4.5. Access Control, Stage 2: Request Verification
5.4.6. When Privilege Changes Take Effect
5.4.7. Causes of Access-Denied Errors
5.5. MySQL User Account Management
5.5.1. User Names and Passwords
5.5.2. Adding User Accounts
5.5.3. Removing User Accounts
5.5.4. Limiting Account Resources
5.5.5. Assigning Account Passwords
5.5.6. Password Security in MySQL
5.5.7. Using SSL for Secure Connections
5.5.8. Connecting to MySQL Remotely from Windows with SSH
5.5.9. Auditing MySQL Account Activity
5.6. Running Multiple MySQL Servers on the Same Machine
5.6.1. Running Multiple Servers on Windows
5.6.2. Running Multiple Servers on Unix
5.6.3. Using Client Programs in a Multiple-Server Environment

End of Product LifecycleActive development and support for MySQL Database Server version 5.0 has ended. However, there is still extended support available. For details, see http://www.mysql.com/about/legal/lifecycle/#calendar. According to the MySQL Lifecycle Policy (see http://www.mysql.com/about/legal/lifecycle/#policy), only Security and Severity Level 1 issues will still be fixed for MySQL 5.0. Please consider upgrading to a recent version.

MySQL Server (mysqld) is the main program that does most of the work in a MySQL installation. This section provides an overview of MySQL Server and covers topics that deal with administering a MySQL installation:

  • Server configuration

  • The server log files

  • Security issues and user-account management

  • Management of multiple servers on a single machine

5.1. The MySQL Server

mysqld is the MySQL server. The following discussion covers these MySQL server configuration topics:

  • Startup options that the server supports

  • Server system variables

  • Server status variables

  • How to set the server SQL mode

  • The server shutdown process

Note

Not all storage engines are supported by all MySQL server binaries and configurations. To find out how to determine which storage engines your MySQL server installation supports, see Section 12.5.5.13, “SHOW ENGINES Syntax”.

5.1.1. Server Option and Variable Reference

The following table provides a list of all the command line options, server and status variables applicable within mysqld.

The table lists command-line options (Cmd-line), options valid in configuration files (Option file), server system variables (System Var), and status variables (Status var) in one unified list, with notification of where each option/variable is valid. If a server option set on the command line or in an option file differs from the name of the corresponding server system or status variable, the variable name is noted immediately below the corresponding option. For status variables, the scope of the variable is shown (Scope) as either global, session, or both. Please see the corresponding sections for details on setting and using the options and variables. Where appropriate, a direct link to further information on the item as available.

Table 5.1. Option/Variable Summary

NameCmd-LineOption fileSystem VarStatus VarVar ScopeDynamic
abort-slave-event-countYesYes    
Aborted_clients   YesGlobalNo
Aborted_connects   YesGlobalNo
allow-suspicious-udfsYesYes    
ansiYesYes    
auto_increment_incrementYesYesYes BothYes
auto_increment_offsetYesYesYes BothYes
autocommit  Yes SessionYes
automatic_sp_privileges  Yes GlobalYes
back_logYesYesYes GlobalNo
basedirYesYesYes GlobalNo
bdb_cache_sizeYesYesYes GlobalNo
bdb-homeYesYes  GlobalNo
- Variable: bdb_home  Yes GlobalNo
bdb-lock-detectYesYes  GlobalNo
- Variable: bdb_lock_detect  Yes GlobalNo
bdb_log_buffer_sizeYesYesYes GlobalNo
bdb-logdirYesYes  GlobalNo
- Variable: bdb_logdir  Yes GlobalNo
bdb_max_lockYesYesYes GlobalNo
bdb-no-recoverYesYes    
bdb-shared-dataYesYes  GlobalNo
- Variable: bdb_shared_data  Yes GlobalNo
bdb-tmpdirYesYes  GlobalNo
- Variable: bdb_tmpdir  Yes GlobalNo
big-tablesYesYes  SessionYes
- Variable: big_tables  Yes SessionYes
bind-addressYesYes    
Binlog_cache_disk_use   YesGlobalNo
binlog_cache_sizeYesYesYes GlobalYes
Binlog_cache_use   YesGlobalNo
binlog-do-dbYesYes    
binlog-ignore-dbYesYes    
bootstrapYesYes    
bulk_insert_buffer_sizeYesYesYes BothYes
Bytes_received   YesBothNo
Bytes_sent   YesBothNo
character_set_client  Yes BothYes
character-set-client-handshakeYesYes    
character_set_connection  Yes BothYes
character_set_database[a]  Yes BothYes
character-set-filesystemYesYes  BothYes
- Variable: character_set_filesystem  Yes BothYes
character_set_results  Yes BothYes
character-set-serverYesYes  BothYes
- Variable: character_set_server  Yes BothYes
character_set_system  Yes GlobalNo
character-sets-dirYesYes  GlobalNo
- Variable: character_sets_dir  Yes GlobalNo
chrootYesYes    
collation_connection  Yes BothYes
collation_database[b]  Yes BothYes
collation-serverYesYes  BothYes
- Variable: collation_server  Yes BothYes
Com_admin_commands   YesBothNo
Com_alter_db   YesBothNo
Com_alter_event   YesBothNo
Com_alter_table   YesBothNo
Com_analyze   YesBothNo
Com_backup_table   YesBothNo
Com_begin   YesBothNo
Com_call_procedure   YesBothNo
Com_change_db   YesBothNo
Com_change_master   YesBothNo
Com_check   YesBothNo
Com_checksum   YesBothNo
Com_commit   YesBothNo
Com_create_db   YesBothNo
Com_create_event   YesBothNo
Com_create_function   YesBothNo
Com_create_index   YesBothNo
Com_create_table   YesBothNo
Com_create_user   YesBothNo
Com_dealloc_sql   YesBothNo
Com_delete   YesBothNo
Com_delete_multi   YesBothNo
Com_do   YesBothNo
Com_drop_db   YesBothNo
Com_drop_event   YesBothNo
Com_drop_function   YesBothNo
Com_drop_index   YesBothNo
Com_drop_table   YesBothNo
Com_drop_user   YesBothNo
Com_execute_sql   YesBothNo
Com_flush   YesBothNo
Com_grant   YesBothNo
Com_ha_close   YesBothNo
Com_ha_open   YesBothNo
Com_ha_read   YesBothNo
Com_help   YesBothNo
Com_insert   YesBothNo
Com_insert_select   YesBothNo
Com_kill   YesBothNo
Com_load   YesBothNo
Com_lock_tables   YesBothNo
Com_optimize   YesBothNo
Com_preload_keys   YesBothNo
Com_prepare_sql   YesBothNo
Com_purge   YesBothNo
Com_purge_before_date   YesBothNo
Com_rename_table   YesBothNo
Com_repair   YesBothNo
Com_replace   YesBothNo
Com_replace_select   YesBothNo
Com_reset   YesBothNo
Com_restore_table   YesBothNo
Com_revoke   YesBothNo
Com_revoke_all   YesBothNo
Com_rollback   YesBothNo
Com_savepoint   YesBothNo
Com_select   YesBothNo
Com_set_option   YesBothNo
Com_show_binlog_events   YesBothNo
Com_show_binlogs   YesBothNo
Com_show_charsets   YesBothNo
Com_show_collations   YesBothNo
Com_show_column_types   YesBothNo
Com_show_create_db   YesBothNo
Com_show_create_event   YesBothNo
Com_show_create_table   YesBothNo
Com_show_databases   YesBothNo
Com_show_engine_logs   YesBothNo
Com_show_engine_mutex   YesBothNo
Com_show_engine_status   YesBothNo
Com_show_errors   YesBothNo
Com_show_events   YesBothNo
Com_show_fields   YesBothNo
Com_show_grants   YesBothNo
Com_show_innodb_status   YesBothNo
Com_show_keys   YesBothNo
Com_show_logs   YesBothNo
Com_show_master_status   YesBothNo
Com_show_ndb_status   YesBothNo
Com_show_new_master   YesBothNo
Com_show_open_tables   YesBothNo
Com_show_plugins   YesBothNo
Com_show_privileges   YesBothNo
Com_show_processlist   YesBothNo
Com_show_slave_hosts   YesBothNo
Com_show_slave_status   YesBothNo
Com_show_status   YesBothNo
Com_show_storage_engines   YesBothNo
Com_show_tables   YesBothNo
Com_show_triggers   YesBothNo
Com_show_variables   YesBothNo
Com_show_warnings   YesBothNo
Com_slave_start   YesBothNo
Com_slave_stop   YesBothNo
Com_stmt_close   YesBothNo
Com_stmt_execute   YesBothNo
Com_stmt_fetch   YesBothNo
Com_stmt_prepare   YesBothNo
Com_stmt_reset   YesBothNo
Com_stmt_send_long_data   YesBothNo
Com_truncate   YesBothNo
Com_unlock_tables   YesBothNo
Com_update   YesBothNo
Com_update_multi   YesBothNo
Com_xa_commit   YesBothNo
Com_xa_end   YesBothNo
Com_xa_prepare   YesBothNo
Com_xa_recover   YesBothNo
Com_xa_rollback   YesBothNo
Com_xa_start   YesBothNo
completion_typeYesYesYes BothYes
Compression   YesSessionNo
concurrent_insertYesYesYes GlobalYes
connect_timeoutYesYesYes GlobalYes
Connections   YesGlobalNo
consoleYesYes    
core-fileYesYes    
Created_tmp_disk_tables   YesBothNo
Created_tmp_files   YesGlobalNo
Created_tmp_tables   YesBothNo
datadirYesYesYes GlobalNo
date_format  Yes BothNo
datetime_formatYesYesYes BothNo
debugYesYesYes BothYes
default-character-setYesYes    
default-storage-engineYesYes    
default-table-typeYesYes    
default-time-zoneYesYes    
default_week_formatYesYesYes BothYes
defaults-extra-fileYes     
defaults-fileYes     
defaults-group-suffixYes     
delay-key-writeYesYes  GlobalYes
- Variable: delay_key_write  Yes GlobalYes
Delayed_errors   YesGlobalNo
delayed_insert_limitYesYesYes GlobalYes
Delayed_insert_threads   YesGlobalNo
delayed_insert_timeoutYesYesYes GlobalYes
delayed_queue_sizeYesYesYes GlobalYes
Delayed_writes   YesGlobalNo
des-key-fileYesYes    
disconnect-slave-event-countYesYes    
div_precision_incrementYesYesYes BothYes
enable-lockingYesYes    
enable-named-pipeYesYes    
enable-pstackYesYes    
engine-condition-pushdownYesYes  BothYes
- Variable: engine_condition_pushdown  Yes BothYes
error_count  Yes SessionNo
exit-infoYesYes    
expire_logs_daysYesYesYes GlobalYes
external-lockingYesYes    
- Variable: skip_external_locking      
flushYesYesYes GlobalYes
Flush_commands   YesGlobalNo
flush_timeYesYesYes GlobalYes
foreign_key_checks  Yes SessionYes
ft_boolean_syntaxYesYesYes GlobalYes
ft_max_word_lenYesYesYes GlobalNo
ft_min_word_lenYesYesYes GlobalNo
ft_query_expansion_limitYesYesYes GlobalNo
ft_stopword_fileYesYesYes GlobalNo
gdbYesYes    
group_concat_max_lenYesYesYes BothYes
Handler_commit   YesBothNo
Handler_delete   YesBothNo
Handler_discover   YesBothNo
Handler_prepare   YesBothNo
Handler_read_first   YesBothNo
Handler_read_key   YesBothNo
Handler_read_next   YesBothNo
Handler_read_prev   YesBothNo
Handler_read_rnd   YesBothNo
Handler_read_rnd_next   YesBothNo
Handler_rollback   YesBothNo
Handler_savepoint   YesBothNo
Handler_savepoint_rollback   YesBothNo
Handler_update   YesBothNo
Handler_write   YesBothNo
have_archive  Yes GlobalNo
have_bdb  Yes GlobalNo
have_blackhole_engine  Yes GlobalNo
have_compress  Yes GlobalNo
have_crypt  Yes GlobalNo
have_csv  Yes GlobalNo
have_example_engine  Yes GlobalNo
have_federated_engine  Yes GlobalNo
have_geometry  Yes GlobalNo
have_innodb  Yes GlobalNo
have_isam  Yes GlobalNo
have_merge_engine  Yes GlobalNo
have_ndbcluster  Yes GlobalNo
have_openssl  Yes GlobalNo
have_query_cache  Yes GlobalNo
have_raid  Yes GlobalNo
have_rtree_keys  Yes GlobalNo
have_ssl  Yes GlobalNo
have_symlink  Yes GlobalNo
helpYesYes    
hostname  Yes GlobalNo
identity  Yes SessionYes
init_connectYesYesYes GlobalYes
init-fileYesYes  GlobalNo
- Variable: init_file  Yes GlobalNo
init_slaveYesYesYes GlobalYes
innodbYesYes    
innodb_adaptive_hash_indexYesYesYes GlobalNo
innodb_additional_mem_pool_sizeYesYesYes GlobalNo
innodb_autoextend_incrementYesYesYes GlobalYes
innodb_buffer_pool_awe_mem_mbYesYesYes GlobalNo
Innodb_buffer_pool_pages_data   YesGlobalNo
Innodb_buffer_pool_pages_dirty   YesGlobalNo
Innodb_buffer_pool_pages_flushed   YesGlobalNo
Innodb_buffer_pool_pages_free   YesGlobalNo
Innodb_buffer_pool_pages_latched   YesGlobalNo
Innodb_buffer_pool_pages_misc   YesGlobalNo
Innodb_buffer_pool_pages_total   YesGlobalNo
Innodb_buffer_pool_read_ahead_rnd   YesGlobalNo
Innodb_buffer_pool_read_ahead_seq   YesGlobalNo
Innodb_buffer_pool_read_requests   YesGlobalNo
Innodb_buffer_pool_reads   YesGlobalNo
innodb_buffer_pool_sizeYesYesYes GlobalNo
Innodb_buffer_pool_wait_free   YesGlobalNo
Innodb_buffer_pool_write_requests   YesGlobalNo
innodb_checksumsYesYesYes GlobalNo
innodb_commit_concurrencyYesYesYes GlobalYes
innodb_concurrency_ticketsYesYesYes GlobalYes
innodb_data_file_pathYesYesYes GlobalNo
Innodb_data_fsyncs   YesGlobalNo
innodb_data_home_dirYesYesYes GlobalNo
Innodb_data_pending_fsyncs   YesGlobalNo
Innodb_data_pending_reads   YesGlobalNo
Innodb_data_pending_writes   YesGlobalNo
Innodb_data_read   YesGlobalNo
Innodb_data_reads   YesGlobalNo
Innodb_data_writes   YesGlobalNo
Innodb_data_written   YesGlobalNo
Innodb_dblwr_pages_written   YesGlobalNo
Innodb_dblwr_writes   YesGlobalNo
innodb_doublewriteYesYesYes GlobalNo
innodb_fast_shutdownYesYesYes GlobalYes
innodb_file_io_threadsYesYesYes GlobalNo
innodb_file_per_tableYesYesYes GlobalNo
innodb_flush_log_at_trx_commitYesYesYes GlobalYes
innodb_flush_methodYesYesYes GlobalNo
innodb_force_recoveryYesYesYes GlobalNo
innodb_lock_wait_timeoutYesYesYes GlobalNo
innodb_locks_unsafe_for_binlogYesYesYes GlobalNo
innodb_log_arch_dirYesYesYes GlobalNo
innodb_log_archiveYesYesYes GlobalNo
innodb_log_buffer_sizeYesYesYes GlobalNo
innodb_log_file_sizeYesYesYes GlobalNo
innodb_log_files_in_groupYesYesYes GlobalNo
innodb_log_group_home_dirYesYesYes GlobalNo
Innodb_log_waits   YesGlobalNo
Innodb_log_write_requests   YesGlobalNo
Innodb_log_writes   YesGlobalNo
innodb_max_dirty_pages_pctYesYesYes GlobalYes
innodb_max_purge_lagYesYesYes GlobalYes
innodb_mirrored_log_groupsYesYesYes GlobalNo
innodb_open_filesYesYesYes GlobalNo
Innodb_os_log_fsyncs   YesGlobalNo
Innodb_os_log_pending_fsyncs   YesGlobalNo
Innodb_os_log_pending_writes   YesGlobalNo
Innodb_os_log_written   YesGlobalNo
Innodb_page_size   YesGlobalNo
Innodb_pages_created   YesGlobalNo
Innodb_pages_read   YesGlobalNo
Innodb_pages_written   YesGlobalNo
innodb_rollback_on_timeoutYesYesYes GlobalNo
Innodb_row_lock_current_waits   YesGlobalNo
Innodb_row_lock_time   YesGlobalNo
Innodb_row_lock_time_avg   YesGlobalNo
Innodb_row_lock_time_max   YesGlobalNo
Innodb_row_lock_waits   YesGlobalNo
Innodb_rows_deleted   YesGlobalNo
Innodb_rows_inserted   YesGlobalNo
Innodb_rows_read   YesGlobalNo
Innodb_rows_updated   YesGlobalNo
innodb_safe_binlogYesYes    
innodb_status_fileYesYes    
innodb_support_xaYesYesYes BothYes
innodb_sync_spin_loopsYesYesYes GlobalYes
innodb_table_locksYesYesYes BothYes
innodb_thread_concurrencyYesYesYes GlobalYes
innodb_thread_sleep_delayYesYesYes GlobalYes
innodb_use_legacy_cardinality_algorithmYesYesYes GlobalYes
insert_id  Yes SessionYes
interactive_timeoutYesYesYes BothYes
join_buffer_sizeYesYesYes BothYes
keep_files_on_createYesYesYes BothYes
Key_blocks_not_flushed   YesGlobalNo
Key_blocks_unused   YesGlobalNo
Key_blocks_used   YesGlobalNo
key_buffer_sizeYesYesYes GlobalYes
key_cache_age_thresholdYesYesYes GlobalYes
key_cache_block_sizeYesYesYes GlobalYes
key_cache_division_limitYesYesYes GlobalYes
Key_read_requests   YesGlobalNo
Key_reads   YesGlobalNo
Key_write_requests   YesGlobalNo
Key_writes   YesGlobalNo
languageYesYesYes GlobalNo
large_files_support  Yes GlobalNo
large_page_size  Yes GlobalNo
large-pagesYesYes  GlobalNo
- Variable: large_pages  Yes GlobalNo
last_insert_id  Yes SessionYes
Last_query_cost   YesSessionNo
lc_time_names  Yes BothYes
license  Yes GlobalNo
local_infile  Yes GlobalYes
local-infileYesYes    
- Variable: local_infile      
locked_in_memory  Yes GlobalNo
logYesYesYes GlobalNo
log_bin  Yes GlobalNo
log-binYesYesYes GlobalNo
log-bin-indexYesYes    
log-bin-trust-function-creatorsYesYes  GlobalYes
- Variable: log_bin_trust_function_creators  Yes GlobalYes
log-bin-trust-routine-creatorsYesYes  GlobalYes
- Variable: log_bin_trust_routine_creators  Yes GlobalYes
log-errorYesYes  GlobalNo
- Variable: log_error  Yes GlobalNo
log-isamYesYes    
log-queries-not-using-indexesYesYes  GlobalYes
- Variable: log_queries_not_using_indexes  Yes GlobalYes
log-short-formatYesYes    
log-slave-updatesYesYes  GlobalNo
- Variable: log_slave_updates  Yes GlobalNo
log-slow-admin-statementsYesYes    
log-slow-queriesYesYes  GlobalNo
- Variable: log_slow_queries  Yes GlobalNo
log-tcYesYes    
log-tc-sizeYesYes    
log-warningsYesYes  BothYes
- Variable: log_warnings  Yes BothYes
long_query_timeYesYesYes BothYes
low-priority-updatesYesYes  BothYes
- Variable: low_priority_updates  Yes BothYes
lower_case_file_systemYesYesYes GlobalNo
lower_case_table_namesYesYesYes GlobalNo
master-connect-retryYesYes    
master-hostYesYes    
master-info-fileYesYes    
master-passwordYesYes    
master-portYesYes    
master-retry-countYesYes    
master-sslYesYes    
master-ssl-caYesYes    
master-ssl-capathYesYes    
master-ssl-certYesYes    
master-ssl-cipherYesYes    
master-ssl-keyYesYes    
master-userYesYes    
max_allowed_packetYesYesYes BothYes
max_binlog_cache_sizeYesYesYes GlobalYes
max-binlog-dump-eventsYesYes    
max_binlog_sizeYesYesYes GlobalYes
max_connect_errorsYesYesYes GlobalYes
max_connectionsYesYesYes GlobalYes
max_delayed_threadsYesYesYes BothYes
max_error_countYesYesYes BothYes
max_heap_table_sizeYesYesYes BothYes
max_insert_delayed_threads  Yes BothYes
max_join_sizeYesYesYes BothYes
max_length_for_sort_dataYesYesYes BothYes
max_prepared_stmt_countYesYesYes GlobalYes
max_relay_log_sizeYesYesYes GlobalYes
max_seeks_for_keyYesYesYes BothYes
max_sort_lengthYesYesYes BothYes
max_sp_recursion_depthYesYesYes BothYes
max_tmp_tablesYesYesYes BothYes
Max_used_connections   YesGlobalNo
max_user_connectionsYesYesYes BothYes
max_write_lock_countYesYesYes GlobalYes
memlockYesYesYes GlobalNo
mergeYesYes    
multi_range_countYesYesYes BothYes
myisam-block-sizeYesYes    
myisam_data_pointer_sizeYesYesYes GlobalYes
myisam_max_extra_sort_file_sizeYesYesYes GlobalNo
myisam_max_sort_file_sizeYesYesYes GlobalYes
myisam_mmap_sizeYesYesYes GlobalNo
myisam-recoverYesYes    
myisam_recover_options  Yes GlobalNo
myisam_repair_threadsYesYesYes BothYes
myisam_sort_buffer_sizeYesYesYes BothYes
myisam_stats_methodYesYesYes BothYes
named_pipe  Yes GlobalNo
ndb_autoincrement_prefetch_szYesYesYes BothYes
ndb_cache_check_timeYesYesYes GlobalYes
Ndb_cluster_node_id   YesBothNo
Ndb_config_from_host   YesBothNo
Ndb_config_from_port   YesBothNo
ndb_force_sendYesYesYes BothYes
ndb_index_stat_cache_entriesYesYes    
ndb_index_stat_enableYesYes    
ndb_index_stat_update_freqYesYes    
ndb-mgmd-hostYesYes    
ndb-nodeidYesYes YesGlobalNo
ndb_optimized_node_selectionYesYes    
ndb_report_thresh_binlog_epoch_slipYesYes    
ndb_report_thresh_binlog_mem_usageYesYes    
ndb_use_exact_count  Yes BothYes
ndb_use_transactionsYesYesYes BothYes
ndbclusterYesYes    
- Variable: have_ndbcluster      
net_buffer_lengthYesYesYes BothYes
net_read_timeoutYesYesYes BothYes
net_retry_countYesYesYes BothYes
net_write_timeoutYesYesYes BothYes
newYesYesYes BothYes
no-defaultsYes     
Not_flushed_delayed_rows   YesGlobalNo
old-passwordsYesYes  BothYes
- Variable: old_passwords  Yes BothYes
old-style-user-limitsYesYes    
one-threadYesYes    
Open_files   YesGlobalNo
open-files-limitYesYes  GlobalNo
- Variable: open_files_limit  Yes GlobalNo
Open_streams   YesGlobalNo
Open_tables   YesBothNo
Opened_tables   YesBothNo
optimizer_prune_levelYesYesYes BothYes
optimizer_search_depthYesYesYes BothYes
pid-fileYesYes  GlobalNo
- Variable: pid_file  Yes GlobalNo
plugin_dirYesYesYes GlobalNo
portYesYesYes GlobalNo
port-open-timeoutYesYes    
preload_buffer_sizeYesYesYes BothYes
Prepared_stmt_count   YesGlobalNo
prepared_stmt_count  Yes GlobalNo
print-defaultsYes     
profiling  Yes SessionYes
profiling_history_size  Yes BothYes
protocol_version  Yes GlobalNo
pseudo_thread_id  Yes SessionYes
Qcache_free_blocks   YesGlobalNo
Qcache_free_memory   YesGlobalNo
Qcache_hits   YesGlobalNo
Qcache_inserts   YesGlobalNo
Qcache_lowmem_prunes   YesGlobalNo
Qcache_not_cached   YesGlobalNo
Qcache_queries_in_cache   YesGlobalNo
Qcache_total_blocks   YesGlobalNo
Queries   YesBothNo
query_alloc_block_sizeYesYesYes BothYes
query_cache_limitYesYesYes GlobalYes
query_cache_min_res_unitYesYesYes GlobalYes
query_cache_sizeYesYesYes GlobalYes
query_cache_typeYesYesYes BothYes
query_cache_wlock_invalidateYesYesYes BothYes
query_prealloc_sizeYesYesYes BothYes
Questions   YesBothNo
rand_seed1  Yes SessionYes
rand_seed2  Yes SessionYes
range_alloc_block_sizeYesYesYes BothYes
read_buffer_sizeYesYesYes BothYes
read_onlyYesYesYes GlobalYes
read_rnd_buffer_sizeYesYesYes BothYes
relay-logYesYes    
relay-log-indexYesYes    
- Variable: relay_log_index      
relay-log-info-fileYesYes    
- Variable: relay_log_info_file      
relay_log_purgeYesYesYes GlobalYes
relay_log_space_limitYesYesYes GlobalNo
replicate-do-dbYesYes    
replicate-do-tableYesYes    
replicate-ignore-dbYesYes    
replicate-ignore-tableYesYes    
replicate-rewrite-dbYesYes    
replicate-same-server-idYesYes    
replicate-wild-do-tableYesYes    
replicate-wild-ignore-tableYesYes    
report-hostYesYes  GlobalNo
- Variable: report_host  Yes GlobalNo
report-passwordYesYes  GlobalNo
- Variable: report_password  Yes GlobalNo
report-portYesYes  GlobalNo
- Variable: report_port  Yes GlobalNo
report-userYesYes  GlobalNo
- Variable: report_user  Yes GlobalNo
rpl_recovery_rank  Yes GlobalYes
Rpl_status   YesGlobalNo
safe-modeYesYes    
safe-show-databaseYesYesYes GlobalYes
safe-user-createYesYes    
safemalloc-mem-limitYesYes    
secure-authYesYes  GlobalYes
- Variable: secure_auth  Yes GlobalYes
secure-file-privYesYes  GlobalNo
- Variable: secure_file_priv  Yes GlobalNo
Select_full_join   YesBothNo
Select_full_range_join   YesBothNo
Select_range   YesBothNo
Select_range_check   YesBothNo
Select_scan   YesBothNo
server-idYesYes  GlobalYes
- Variable: server_id  Yes GlobalYes
set-variableYesYes    
shared_memory  Yes GlobalNo
shared_memory_base_name  Yes GlobalNo
show-slave-auth-infoYesYes    
skip-bdbYesYes    
skip-character-set-client-handshakeYesYes    
skip-concurrent-insertYesYes    
- Variable: concurrent_insert      
skip-external-lockingYesYes  GlobalNo
- Variable: skip_external_locking  Yes GlobalNo
skip-grant-tablesYesYes    
skip-host-cacheYesYes    
skip-innodbYesYes    
skip-innodb-checksumsYesYes    
skip-lockingYesYes    
skip-log-warningsYes     
skip-mergeYesYes    
- Variable:       
skip-name-resolveYesYes    
skip-networkingYesYes  GlobalNo
- Variable: skip_networking  Yes GlobalNo
skip-newYesYes    
skip-safemallocYesYes    
skip-show-databaseYesYes  GlobalNo
- Variable: skip_show_database  Yes GlobalNo
skip-slave-startYesYes    
skip-sslYesYes    
skip-stack-traceYesYes    
skip-symbolic-linksYes     
skip-symlinkYesYes    
skip-sync-bdb-logsYesYesYes GlobalNo
skip-thread-priorityYesYes    
slave_compressed_protocolYesYesYes GlobalYes
slave-load-tmpdirYesYes  GlobalNo
- Variable: slave_load_tmpdir  Yes GlobalNo
slave-net-timeoutYesYes  GlobalYes
- Variable: slave_net_timeout  Yes GlobalYes
Slave_open_temp_tables   YesGlobalNo
Slave_retried_transactions   YesGlobalNo
Slave_running   YesGlobalNo
slave-skip-errorsYesYes  GlobalNo
- Variable: slave_skip_errors  Yes GlobalNo
slave_transaction_retriesYesYesYes GlobalYes
Slow_launch_threads   YesBothNo
slow_launch_timeYesYesYes GlobalYes
Slow_queries   YesBothNo
socketYesYesYes GlobalNo
sort_buffer_sizeYesYesYes BothYes
Sort_merge_passes   YesBothNo
Sort_range   YesBothNo
Sort_rows   YesBothNo
Sort_scan   YesBothNo
sporadic-binlog-dump-failYesYes    
sql_auto_is_null  Yes SessionYes
sql_big_selects  Yes BothYes
sql_big_tables  Yes SessionYes
sql_buffer_result  Yes SessionYes
sql_log_bin  Yes SessionYes
sql_log_off  Yes SessionYes
sql_log_update  Yes SessionYes
sql_low_priority_updates  Yes BothYes
sql_max_join_size  Yes BothYes
sql-modeYesYes  BothYes
- Variable: sql_mode  Yes BothYes
sql_notes  Yes SessionYes
sql_quote_show_create  Yes SessionYes
sql_safe_updates  Yes SessionYes
sql_select_limit  Yes BothYes
sql_slave_skip_counter  Yes GlobalYes
sql_warnings  Yes SessionYes
sslYesYes    
Ssl_accept_renegotiates   YesGlobalNo
Ssl_accepts   YesGlobalNo
ssl-caYesYes  GlobalNo
- Variable: ssl_ca  Yes GlobalNo
Ssl_callback_cache_hits   YesGlobalNo
ssl-capathYesYes  GlobalNo
- Variable: ssl_capath  Yes GlobalNo
ssl-certYesYes  GlobalNo
- Variable: ssl_cert  Yes GlobalNo
ssl-cipherYesYes  GlobalNo
- Variable: ssl_cipher  Yes GlobalNo
Ssl_cipher   YesBothNo
Ssl_cipher_list   YesBothNo
Ssl_client_connects   YesGlobalNo
Ssl_connect_renegotiates   YesGlobalNo
Ssl_ctx_verify_depth   YesGlobalNo
Ssl_ctx_verify_mode   YesGlobalNo
Ssl_default_timeout   YesBothNo
Ssl_finished_accepts   YesGlobalNo
Ssl_finished_connects   YesGlobalNo
ssl-keyYesYes  GlobalNo
- Variable: ssl_key  Yes GlobalNo
Ssl_session_cache_hits   YesGlobalNo
Ssl_session_cache_misses   YesGlobalNo
Ssl_session_cache_mode   YesGlobalNo
Ssl_session_cache_overflows   YesGlobalNo
Ssl_session_cache_size   YesGlobalNo
Ssl_session_cache_timeouts   YesGlobalNo
Ssl_sessions_reused   YesBothNo
Ssl_used_session_cache_entries   YesGlobalNo
Ssl_verify_depth   YesBothNo
Ssl_verify_mode   YesBothNo
Ssl_version   YesBothNo
standaloneYesYes    
storage_engine  Yes BothYes
symbolic-linksYesYes    
sync-bdb-logsYesYes  GlobalNo
- Variable: sync_bdb_logs  Yes GlobalNo
sync_binlogYesYesYes GlobalYes
sync_frmYesYesYes GlobalYes
sysdate-is-nowYesYes    
system_time_zone  Yes GlobalNo
table_cacheYesYesYes GlobalYes
table_lock_wait_timeoutYesYesYes GlobalYes
Table_locks_immediate   YesGlobalNo
Table_locks_waited   YesGlobalNo
table_type  Yes BothYes
tc-heuristic-recoverYesYes    
Tc_log_max_pages_used   YesGlobalNo
Tc_log_page_size   YesGlobalNo
Tc_log_page_waits   YesGlobalNo
temp-poolYesYes    
thread_cache_sizeYesYesYes GlobalYes
thread_concurrencyYesYesYes GlobalNo
thread_stackYesYesYes GlobalNo
Threads_cached   YesGlobalNo
Threads_connected   YesGlobalNo
Threads_created   YesGlobalNo
Threads_running   YesGlobalNo
time_formatYesYesYes BothNo
time_zoneYesYesYes BothYes
timed_mutexesYesYesYes GlobalYes
timestamp  Yes SessionYes
tmp_table_sizeYesYesYes BothYes
tmpdirYesYesYes GlobalNo
transaction_alloc_block_sizeYesYesYes BothYes
transaction-isolationYesYes    
transaction_prealloc_sizeYesYesYes BothYes
tx_isolation  Yes BothYes
unique_checks  Yes SessionYes
updatable_views_with_limitYesYesYes BothYes
Uptime   YesGlobalNo
Uptime_since_flush_status   YesGlobalNo
userYesYes    
verboseYesYes    
versionYesYesYes GlobalNo
version_comment  Yes GlobalNo
version_compile_machine  Yes GlobalNo
version_compile_os  Yes GlobalNo
wait_timeoutYesYesYes BothYes
warning_count  Yes SessionNo
warningsYesYes    

[a] This option is dynamic, but only the server should set this information. You should not set the value of this variable manually.

[b] This option is dynamic, but only the server should set this information. You should not set the value of this variable manually.

5.1.2. Server Command Options

When you start the mysqld server, you can specify program options using any of the methods described in Section 4.2.3, “Specifying Program Options”. The most common methods are to provide options in an option file or on the command line. However, in most cases it is desirable to make sure that the server uses the same options each time it runs. The best way to ensure this is to list them in an option file. See Section 4.2.3.3, “Using Option Files”.

MySQL Enterprise For expert advice on setting command options, subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

mysqld reads options from the [mysqld] and [server] groups. mysqld_safe reads options from the [mysqld], [server], [mysqld_safe], and [safe_mysqld] groups. mysql.server reads options from the [mysqld] and [mysql.server] groups.

An embedded MySQL server usually reads options from the [server], [embedded], and [xxxxx_SERVER] groups, where xxxxx is the name of the application into which the server is embedded.

mysqld accepts many command options. For a brief summary, execute mysqld --help. To see the full list, use mysqld --verbose --help.

The following list shows some of the most common server options. Additional options are described in other sections:

You can also set the values of server system variables by using variable names as options, as described at the end of this section.

Some options control the size of buffers or caches. For a given buffer, the server might need to allocate internal data structures. These structures typically are allocated from the total memory allocated to the buffer, and the amount of space required might be platform dependent. This means that when you assign a value to an option that controls a buffer size, the amount of space actually available might differ from the value assigned. In some cases, the amount might be less than the value assigned. It is also possible that the server will adjust a value upward. For example, if you assign a value of 0 to an option for which the minimal value is 1024, the server will set the value to 1024.

Values for buffer sizes, lengths, and stack sizes are given in bytes unless otherwise specified.

Some options take file name values. Unless otherwise specified, the default file location is the data directory if the value is a relative path name. To specify the location explicitly, use an absolute path name. Suppose that the data directory is /var/mysql/data. If a file-valued option is given as a relative path name, it will be located under /var/mysql/data. If the value is an absolute path name, its location is as given by the path name.

  • --help, -?

    Command-Line Format-?
    Config-File Formathelp

    Display a short help message and exit. Use both the --verbose and --help options to see the full message.

  • --allow-suspicious-udfs

    Version Introduced5.0.3
    Command-Line Format--allow-suspicious-udfs
    Config-File Formatallow-suspicious-udfs
     Permitted Values
    Typeboolean
    DefaultFALSE

    This option controls whether user-defined functions that have only an xxx symbol for the main function can be loaded. By default, the option is off and only UDFs that have at least one auxiliary symbol can be loaded; this prevents attempts at loading functions from shared object files other than those containing legitimate UDFs. This option was added in version 5.0.3. See Section 21.2.2.6, “User-Defined Function Security Precautions”.

  • --ansi

    Command-Line Format--ansi
    Config-File Formatansi

    Use standard (ANSI) SQL syntax instead of MySQL syntax. For more precise control over the server SQL mode, use the --sql-mode option instead. See Section 1.8.3, “Running MySQL in ANSI Mode”, and Section 5.1.7, “Server SQL Modes”.

  • --basedir=path, -b path

    Command-Line Format--basedir=name
    Config-File Formatbasedir
    Option Sets VariableYes, basedir
    Variable Namebasedir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path to the MySQL installation directory. All paths are usually resolved relative to this directory.

  • --big-tables

    Command-Line Format--big-tables
    Config-File Formatbig-tables
    Option Sets VariableYes, big_tables
    Variable Namebig-tables
    Variable ScopeSession
    Dynamic VariableYes
     Permitted Values
    Typeboolean

    Allow large result sets by saving all temporary sets in files. This option prevents most “table full” errors, but also slows down queries for which in-memory tables would suffice. Since MySQL 3.23.2, the server is able to handle large result sets automatically by using memory for small temporary tables and switching to disk tables where necessary.

  • --bind-address=IP

    Command-Line Format--bind-address=name
    Config-File Formatbind-address
     Permitted Values
    Typestring
    Default0.0.0.0
    Range0.0.0.0-255.255.255.255

    The IP address to bind to. Only one address can be selected. If this option is specified multiple times, the last address given is used.

    If no address or 0.0.0.0 is specified, the server listens on all interfaces.

  • --bootstrap

    Command-Line Format--bootstrap
    Config-File Formatbootstrap

    This option is used by the mysql_install_db script to create the MySQL privilege tables without having to start a full MySQL server.

    This option is unavailable if MySQL was configured with the --disable-grant-options option. See Section 2.16.2, “Typical configure Options”.

  • --character-sets-dir=path

    Command-Line Format--character-sets-dir=name
    Config-File Formatcharacter-sets-dir
    Option Sets VariableYes, character_sets_dir
    Variable Namecharacter-sets-dir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The directory where character sets are installed. See Section 9.2, “The Character Set Used for Data and Sorting”.

  • --character-set-client-handshake

    Command-Line Format--character-set-client-handshake
    Config-File Formatcharacter-set-client-handshake
     Permitted Values
    Typeboolean
    DefaultTRUE

    Don't ignore character set information sent by the client. To ignore client information and use the default server character set, use --skip-character-set-client-handshake; this makes MySQL behave like MySQL 4.0.

  • --character-set-filesystem=charset_name

    Version Introduced5.0.19
    Command-Line Format--character-set-filesystem=name
    Config-File Formatcharacter-set-filesystem
    Option Sets VariableYes, character_set_filesystem
    Variable Namecharacter_set_filesystem
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The file system character set. This option sets the character_set_filesystem system variable. It was added in MySQL 5.0.19.

  • --character-set-server=charset_name, -C charset_name

    Command-Line Format--character-set-server
    Config-File Formatcharacter-set-server
    Option Sets VariableYes, character_set_server
    Variable Namecharacter_set_server
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    Use charset_name as the default server character set. See Section 9.2, “The Character Set Used for Data and Sorting”. If you use this option to specify a nondefault character set, you should also use --collation-server to specify the collation.

  • --chroot=path, -r path

    Command-Line Format--chroot=name
    Config-File Formatchroot
     Permitted Values
    Typefilename

    Put the mysqld server in a closed environment during startup by using the chroot() system call. This is a recommended security measure. Note that use of this option somewhat limits LOAD DATA INFILE and SELECT ... INTO OUTFILE.

  • --collation-server=collation_name

    Command-Line Format--collation-server
    Config-File Formatcollation-server
    Option Sets VariableYes, collation_server
    Variable Namecollation_server
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    Use collation_name as the default server collation. See Section 9.2, “The Character Set Used for Data and Sorting”.

  • --console

    Command-Line Format--console
    Config-File Formatconsole
    Platform Specificwindows

    (Windows only.) Write error log messages to stderr and stdout even if --log-error is specified. mysqld does not close the console window if this option is used.

  • --core-file

    Command-Line Format--core-file
    Config-File Formatcore-file
     Permitted Values
    Typeboolean
    DefaultTRUE

    Write a core file if mysqld dies. The name and location of the core file is system dependent. On Linux, a core file named core.pid is written to the current working directory of the process, which for mysqld is the data directory. pid represents the process ID of the server process. On Mac OS X, a core file named core.pid is written to the /cores directory. On Solaris, use the coreadm command to specify where to write the core file and how to name it.

    For some systems, to get a core file you must also specify the --core-file-size option to mysqld_safe. See Section 4.3.2, “mysqld_safe — MySQL Server Startup Script”. On some systems, such as Solaris, you do not get a core file if you are also using the --user option. There might be additional restrictions or limitations. For example, it might be necessary to execute ulimit -c unlimited before starting the server. Consult your system documentation.

  • --datadir=path, -h path

    Command-Line Format--datadir=name
    Config-File Formatdatadir
    Option Sets VariableYes, datadir
    Variable Namedatadir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path to the data directory.

  • --debug[=debug_options], -# [debug_options]

    Command-Line Format--debug[=debug_options]
    Config-File Formatdebug
    Variable Namedebug
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring
    Default'd:t:o,/tmp/mysqld.trace'

    If MySQL is configured with --with-debug, you can use this option to get a trace file of what mysqld is doing. A typical debug_options string is 'd:t:o,file_name'. The default is 'd:t:i:o,mysqld.trace'. See MySQL Internals: Porting.

    As of MySQL 5.0.25, using --with-debug to configure MySQL with debugging support enables you to use the --debug="d,parser_debug" option when you start the server. This causes the Bison parser that is used to process SQL statements to dump a parser trace to the server's standard error output. Typically, this output is written to the error log.

  • --default-character-set=charset_name (DEPRECATED)

    Version Deprecated5.0
    Command-Line Format--default-character-set=name
    Config-File Formatdefault-character-set
    Deprecated5.0
     Permitted Values
    Typestring

    Use charset_name as the default character set. This option is deprecated in favor of --character-set-server. See Section 9.2, “The Character Set Used for Data and Sorting”.

  • --default-collation=collation_name

    Command-Line Format--default-collation=name
    Variable Namedefault-collation
    Variable Scope 
    Dynamic VariableNo
    Deprecated4.1.3
     Permitted Values
    Typestring

    Use collation_name as the default collation. This option is deprecated in favor of --collation-server. See Section 9.2, “The Character Set Used for Data and Sorting”.

  • --default-storage-engine=type

    Command-Line Format--default-storage-engine=name
    Config-File Formatdefault-storage-engine

    Set the default storage engine (table type) for tables. See Chapter 13, Storage Engines.

  • --default-table-type=type

    Version Deprecated5.0
    Command-Line Format--default-table-type=name
    Config-File Formatdefault-table-type
    Deprecated5.0, by default-storage-engine
     Permitted Values
    Typestring

    This option is a deprecated synonym for --default-storage-engine.

  • --default-time-zone=timezone

    Command-Line Format--default-time-zone=name
    Config-File Formatdefault-time-zone
     Permitted Values
    Typestring

    Set the default server time zone. This option sets the global time_zone system variable. If this option is not given, the default time zone is the same as the system time zone (given by the value of the system_time_zone system variable.

  • --delay-key-write[={OFF|ON|ALL}]

    Command-Line Format--delay-key-write[=name]
    Config-File Formatdelay-key-write
    Option Sets VariableYes, delay_key_write
    Variable Namedelay-key-write
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeenumeration
    DefaultON
    Valid ValuesON, OFF, ALL

    Specify how to use delayed key writes. Delayed key writing causes key buffers not to be flushed between writes for MyISAM tables. OFF disables delayed key writes. ON enables delayed key writes for those tables that were created with the DELAY_KEY_WRITE option. ALL delays key writes for all MyISAM tables. See Section 7.5.3, “Tuning Server Parameters”, and Section 13.1.1, “MyISAM Startup Options”.

    Note

    If you set this variable to ALL, you should not use MyISAM tables from within another program (such as another MySQL server or myisamchk) when the tables are in use. Doing so leads to index corruption.

  • --des-key-file=file_name

    Command-Line Format--des-key-file=name
    Config-File Formatdes-key-file

    Read the default DES keys from this file. These keys are used by the DES_ENCRYPT() and DES_DECRYPT() functions.

  • --enable-named-pipe

    Command-Line Format--named_pipe
    Config-File Formatenable-named-pipe
    Platform Specificwindows

    Enable support for named pipes. This option can be used only with the mysqld-nt and mysqld-debug servers that support named-pipe connections.

  • --enable-pstack

    Command-Line Format--enable-pstack
    Config-File Formatenable-pstack
     Permitted Values
    Typeboolean
    DefaultFALSE

    Print a symbolic stack trace on failure. This capability is available only on Intel Linux systems, and only if MySQL was configured with the --with-pstack option.

  • --engine-condition-pushdown={ON|OFF}

    Version Introduced5.0.3
    Command-Line Format--engine-condition-pushdown
    Config-File Formatengine-condition-pushdown
    Option Sets VariableYes, engine_condition_pushdown
    Variable Nameengine_condition_pushdown
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values (>= 5.0.3)
    Typeboolean
    DefaultOFF

    Sets the engine_condition_pushdown system variable. For more information, see Section 7.2.7, “Condition Pushdown Optimization”.

    This variable was added in MySQL 5.0.3.

  • --exit-info[=flags], -T [flags]

    Command-Line Format--exit-info[=flags]
    Config-File Formatexit-info
     Permitted Values
    Typenumeric

    This is a bit mask of different flags that you can use for debugging the mysqld server. Do not use this option unless you know exactly what it does!

  • --external-locking

    Command-Line Format--external-locking
    Config-File Formatexternal-locking
    Option Sets VariableYes, skip_external_locking
    Disabled byskip-external-locking
     Permitted Values
    Typeboolean
    DefaultFALSE

    Enable external locking (system locking), which is disabled by default as of MySQL 4.0. Note that if you use this option on a system on which lockd does not fully work (such as Linux), it is easy for mysqld to deadlock. This option previously was named --enable-locking.

    For more information about external locking, including conditions under which it can and cannot be used, see Section 7.3.4, “External Locking”.

  • --flush

    Command-Line Format--flush
    Config-File Formatflush
    Variable Nameflush
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultOFF

    Flush (synchronize) all changes to disk after each SQL statement. Normally, MySQL does a write of all changes to disk only after each SQL statement and lets the operating system handle the synchronizing to disk. See Section B.5.4.2, “What to Do If MySQL Keeps Crashing”.

  • --gdb

    Command-Line Format--gdb
    Config-File Formatgdb
     Permitted Values
    Typeboolean
    DefaultFALSE

    Install an interrupt handler for SIGINT (needed to stop mysqld with ^C to set breakpoints) and disable stack tracing and core file handling. See MySQL Internals: Porting.

  • --init-file=file_name

    Command-Line Format--init-file=name
    Config-File Formatinit-file
    Option Sets VariableYes, init_file
    Variable Nameinit_file
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    Read SQL statements from this file at startup. Each statement must be on a single line and should not include comments.

    This option is unavailable if MySQL was configured with the --disable-grant-options option. See Section 2.16.2, “Typical configure Options”.

  • --innodb_safe_binlog

    Version Removed5.0.3
    Version Deprecated5.0.3
    Command-Line Format--innodb_safe_binlog
    Config-File Formatinnodb_safe_binlog
    Deprecated5.0.3
     Permitted Values
    Typeboolean

    If this option is given, then after a crash recovery by InnoDB, mysqld truncates the binary log after the last not-rolled-back transaction in the log. The option also causes InnoDB to print an error if the binary log is smaller or shorter than it should be. See Section 5.2.3, “The Binary Log”. This option was removed in MySQL 5.0.3, having been made obsolete by the introduction of XA transaction support.

  • --innodb-xxx

    The InnoDB options are listed in Section 13.2.3, “InnoDB Startup Options and System Variables”.

  • --language=lang_name, -L lang_name

    Command-Line Format--language=name
    Config-File Formatlanguage
    Option Sets VariableYes, language
    Variable Namelanguage
    Variable ScopeGlobal
    Dynamic VariableNo
    Deprecated5.5.0, by lc-messages-dir
     Permitted Values
    Typefilename
    Default/usr/local/mysql/share/mysql/english/

    The language to use for error messages. lang_name can be given as the language name or as the full path name to the directory where the language files are installed. See Section 9.3, “Setting the Error Message Language”.

  • --large-pages

    Version Introduced5.0.3
    Command-Line Format--large-pages
    Config-File Formatlarge-pages
    Option Sets VariableYes, large_pages
    Variable Namelarge_pages
    Variable ScopeGlobal
    Dynamic VariableNo
    Platform Specificlinux
     Permitted Values
    Type (linux)boolean
    DefaultFALSE

    Some hardware/operating system architectures support memory pages greater than the default (usually 4KB). The actual implementation of this support depends on the underlying hardware and operating system. Applications that perform a lot of memory accesses may obtain performance improvements by using large pages due to reduced Translation Lookaside Buffer (TLB) misses.

    Currently, MySQL supports only the Linux implementation of large page support (which is called HugeTLB in Linux). See Section 7.5.9, “Enabling Large Page Support”.

    --large-pages is disabled by default. It was added in MySQL 5.0.3.

  • --log[=file_name], -l [file_name]

    Command-Line Format--log[=name]
    Config-File Formatlog
    Option Sets VariableYes, log
    Variable Namelog
    Variable ScopeGlobal
    Dynamic VariableNo
    Deprecated5.1.29, by general-log
     Permitted Values
    Typestring
    DefaultOFF

    Log connections and SQL statements received from clients to this file. See Section 5.2.2, “The General Query Log”. If you omit the file name, MySQL uses host_name.log as the file name.

  • --log-error[=file_name]

    Command-Line Format--log-error[=name]
    Config-File Formatlog-error
    Option Sets VariableYes, log_error
    Variable Namelog_error
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    Log errors and startup messages to this file. See Section 5.2.1, “The Error Log”. If you omit the file name, MySQL uses host_name.err. If the file name has no extension, the server adds an extension of .err.

  • --log-isam[=file_name]

    Command-Line Format--log-isam[=name]
    Config-File Formatlog-isam
     Permitted Values
    Typefilename

    Log all MyISAM changes to this file (used only when debugging MyISAM).

  • --log-long-format (DEPRECATED)

    Command-Line Format--log-long-format
    Config-File Formatlog-long-format
    Deprecated4.1

    Log extra information to the update log, binary update log, and slow query log, if they have been activated. For example, the user name and timestamp are logged for all queries. This option is deprecated, as it now represents the default logging behavior. (See the description for --log-short-format.) The --log-queries-not-using-indexes option is available for the purpose of logging queries that do not use indexes to the slow query log.

  • --log-queries-not-using-indexes

    Command-Line Format--log-queries-not-using-indexes
    Config-File Formatlog-queries-not-using-indexes
    Option Sets VariableYes, log_queries_not_using_indexes
    Variable Namelog_queries_not_using_indexes
    Variable ScopeGlobal
    Dynamic VariableYes
    Deprecated5.1.29, by slow-query-log
     Permitted Values
    Typeboolean

    If you are using this option with the slow query log enabled, queries that are expected to retrieve all rows are logged. See Section 5.2.4, “The Slow Query Log”. This option does not necessarily mean that no index is used. For example, a query that uses a full index scan uses an index but would be logged because the index would not limit the number of rows.

  • --log-short-format

    Command-Line Format--log-short-format
    Config-File Formatlog-short-format
     Permitted Values
    Typeboolean
    DefaultFALSE

    Originally intended to log less information to the update log, binary log and slow query log, if they have been activated. However, this option is not operational.

  • --log-slow-admin-statements

    Command-Line Format--log-slow-admin-statements
    Config-File Formatlog-slow-admin-statements
     Permitted Values
    Typeboolean
    DefaultFALSE

    Log slow administrative statements such as OPTIMIZE TABLE, ANALYZE TABLE, and ALTER TABLE to the slow query log.

  • --log-slow-queries[=file_name]

    Command-Line Format--log-slow-queries[=name]
    Config-File Formatlog-slow-queries
    Option Sets VariableYes, log_slow_queries
    Variable Namelog_slow_queries
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typeboolean

    Log all queries that have taken more than long_query_time seconds to execute to this file. See Section 5.2.4, “The Slow Query Log”. See the descriptions of the --log-long-format and --log-short-format options for details.

  • --log-tc=file_name

    Version Introduced5.0.3
    Command-Line Format--log-tc=name
    Config-File Formatlog-tc
     Permitted Values
    Typefilename
    Defaulttc.log

    The name of the memory-mapped transaction coordinator log file (for XA transactions that affect multiple storage engines when the binary log is disabled). The default name is tc.log. The file is created under the data directory if not given as a full path name. Currently, this option is unused. Added in MySQL 5.0.3.

  • --log-tc-size=size

    Version Introduced5.0.3
    Command-Line Format--log-tc-size=#
    Config-File Formatlog-tc-size
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default24576
    Max Value4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default24576
    Max Value18446744073709547520

    The size in bytes of the memory-mapped transaction coordinator log. The default size is 24KB. Added in MySQL 5.0.3.

  • --log-warnings[=level], -W [level]

    Command-Line Format--log-warnings[=#]
    Config-File Formatlog-warnings
    Option Sets VariableYes, log_warnings
    Variable Namelog_warnings
    Variable ScopeBoth
    Dynamic VariableYes
    Disabled byskip-log-warnings
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1
    Range0-18446744073709547520

    Print out warnings such as Aborted connection... to the error log. Enabling this option is recommended, for example, if you use replication (you get more information about what is happening, such as messages about network failures and reconnections). This option is enabled (1) by default, and the default level value if omitted is 1. To disable this option, use --log-warnings=0. If the value is greater than 1, aborted connections are written to the error log. See Section B.5.2.11, “Communication Errors and Aborted Connections”.

    If a slave server was started with --log-warnings enabled, the slave prints messages to the error log to provide information about its status, such as the binary log and relay log coordinates where it starts its job, when it is switching to another relay log, when it reconnects after a disconnect, and so forth.

  • --low-priority-updates

    Command-Line Format--low-priority-updates
    Config-File Formatlow-priority-updates
    Option Sets VariableYes, low_priority_updates
    Variable Namelow_priority_updates
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    Give table-modifying operations (INSERT, REPLACE, DELETE, UPDATE) lower priority than selects. This can also be done via {INSERT | REPLACE | DELETE | UPDATE} LOW_PRIORITY ... to lower the priority of only one query, or by SET LOW_PRIORITY_UPDATES=1 to change the priority in one thread. This affects only storage engines that use only table-level locking (MyISAM, MEMORY, MERGE). See Section 7.3.2, “Table Locking Issues”.

  • --memlock

    Command-Line Format--memlock
    Config-File Formatmemlock
    Variable Namelocked_in_memory
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typeboolean
    DefaultFALSE

    Lock the mysqld process in memory. This option might help if you have a problem where the operating system is causing mysqld to swap to disk.

    --memlock works on systems that support the mlockall() system call; this includes Solaris as well as most Linux distributions that use a 2.4 or newer kernel. On Linux systems, you can tell whether or not mlockall() (and thus this option) is supported by checking to see whether or not it is defined in the system mman.h file, like this:

    shell> grep mlockall /usr/include/sys/mman.h
    

    If mlockall() is supported, you should see in the output of the previous command something like the following:

    extern int mlockall (int __flags) __THROW;
    

    Important

    Using this option requires that you run the server as root, which, for reasons of security, is normally not a good idea. See Section 5.3.5, “How to Run MySQL as a Normal User”.

    You must not try to use this option on a system that does not support the mlockall() system call; if you do so, mysqld will very likely crash as soon as you try to start it.

  • --myisam-block-size=N

    Command-Line Format--myisam-block-size=#
    Config-File Formatmyisam-block-size
     Permitted Values
    Typenumeric
    Default1024
    Range1024-16384

    The block size to be used for MyISAM index pages.

  • --myisam-recover[=option[,option]...]]

    Command-Line Format--myisam-recover[=name]
    Config-File Formatmyisam-recover
     Permitted Values
    Typeenumeration
    DefaultOFF
    Valid ValuesDEFAULT, BACKUP, FORCE, QUICK

    Set the MyISAM storage engine recovery mode. The option value is any combination of the values of DEFAULT, BACKUP, FORCE, or QUICK. If you specify multiple values, separate them by commas. Specifying the option with no argument is the same as specifying DEFAULT, and specifying with an explicit value of "" disables recovery (same as not giving the option). If recovery is enabled, each time mysqld opens a MyISAM table, it checks whether the table is marked as crashed or wasn't closed properly. (The last option works only if you are running with external locking disabled.) If this is the case, mysqld runs a check on the table. If the table was corrupted, mysqld attempts to repair it.

    The following options affect how the repair works.

    OptionDescription
    DEFAULTRecovery without backup, forcing, or quick checking.
    BACKUPIf the data file was changed during recovery, save a backup of the tbl_name.MYD file as tbl_name-datetime.BAK.
    FORCERun recovery even if we would lose more than one row from the .MYD file.
    QUICKDon't check the rows in the table if there aren't any delete blocks.

    Before the server automatically repairs a table, it writes a note about the repair to the error log. If you want to be able to recover from most problems without user intervention, you should use the options BACKUP,FORCE. This forces a repair of a table even if some rows would be deleted, but it keeps the old data file as a backup so that you can later examine what happened.

    See Section 13.1.1, “MyISAM Startup Options”.

  • --old-passwords

    Command-Line Format--old_passwords
    Config-File Formatold-passwords
    Option Sets VariableYes, old_passwords
    Variable Nameold_passwords
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.5.6.3, “Password Hashing in MySQL”.

  • --old-style-user-limits

    Version Introduced5.0.3
    Command-Line Format--old-style-user-limits
    Config-File Formatold-style-user-limits
     Permitted Values
    Typeboolean
    DefaultFALSE

    Enable old-style user limits. (Before MySQL 5.0.3, account resource limits were counted separately for each host from which a user connected rather than per account row in the user table.) See Section 5.5.4, “Limiting Account Resources”. This option was added in MySQL 5.0.3.

  • --one-thread

    Command-Line Format--one-thread
    Config-File Formatone-thread

    Only use one thread (for debugging under Linux). This option is available only if the server is built with debugging enabled. See MySQL Internals: Porting.

  • --open-files-limit=count

    Command-Line Format--open-files-limit=#
    Config-File Formatopen-files-limit
    Option Sets VariableYes, open_files_limit
    Variable Nameopen_files_limit
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default0
    Range0-65535

    Changes the number of file descriptors available to mysqld. You should try increasing the value of this option if mysqld gives you the error Too many open files. mysqld uses the option value to reserve descriptors with setrlimit(). If the requested number of file descriptors cannot be allocated, mysqld writes a warning to the error log.

    mysqld may attempt to allocate more than the requested number of descriptors (if they are available), using the values of max_connections and table_cache to estimate whether more descriptors will be needed.

  • --pid-file=path

    Command-Line Format--pid-file=name
    Config-File Formatpid-file
    Option Sets VariableYes, pid_file
    Variable Namepid_file
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path name of the process ID file. The server creates the file in the data directory unless an absolute path name is given to specify a different directory. This file is used by other programs such as mysqld_safe to determine the server's process ID.

  • --port=port_num, -P port_num

    Command-Line Format--port=#
    Config-File Formatport
    Option Sets VariableYes, port
    Variable Nameport
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default3306

    The port number to use when listening for TCP/IP connections. The port number must be 1024 or higher unless the server is started by the root system user.

  • --port-open-timeout=num

    Version Introduced5.0.19
    Command-Line Format--port-open-timeout=#
    Config-File Formatport-open-timeout
     Permitted Values
    Typenumeric
    Default0

    On some systems, when the server is stopped, the TCP/IP port might not become available immediately. If the server is restarted quickly afterward, its attempt to reopen the port can fail. This option indicates how many seconds the server should wait for the TCP/IP port to become free if it cannot be opened. The default is not to wait. This option was added in MySQL 5.0.19.

  • --safe-mode

    Version Deprecated5.0
    Command-Line Format--safe-mode
    Config-File Formatsafe-mode
    Deprecated5.0

    Skip some optimization stages.

  • --safe-show-database (DEPRECATED)

    Command-Line Format--safe-show-database
    Config-File Formatsafe-show-database
    Variable Namesafe_show_database
    Variable ScopeGlobal
    Dynamic VariableYes
    Deprecated4.0.2
     Permitted Values
    Typeboolean

    See Section 5.4.1, “Privileges Provided by MySQL”.

  • --safe-user-create

    Command-Line Format--safe-user-create
    Config-File Formatsafe-user-create
     Permitted Values
    Typeboolean
    DefaultFALSE

    If this option is enabled, a user cannot create new MySQL users by using the GRANT statement unless the user has the INSERT privilege for the mysql.user table or any column in the table. If you want a user to have the ability to create new users that have those privileges that the user has the right to grant, you should grant the user the following privilege:

    GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
    

    This ensures that the user cannot change any privilege columns directly, but has to use the GRANT statement to give privileges to other users.

  • --secure-auth

    Command-Line Format--secure-auth
    Config-File Formatsecure-auth
    Option Sets VariableYes, secure_auth
    Variable Namesecure_auth
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    Disallow authentication by clients that attempt to use accounts that have old (pre-4.1) passwords.

  • --secure-file-priv=path

    Version Introduced5.0.38
    Command-Line Format--secure-file-priv
    Config-File Formatsecure-file-priv
    Option Sets VariableYes, secure_file_priv
    Variable Namesecure_file_priv
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    This option limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT ... INTO OUTFILE statements to work only with files in the specified directory.

    This option was added in MySQL 5.0.38.

  • --shared-memory

    Enable shared-memory connections by local clients. This option is available only on Windows.

  • --shared-memory-base-name=name

    The name of shared memory to use for shared-memory connections. This option is available only on Windows. The default name is MYSQL. The name is case sensitive.

  • --skip-bdb

    Disable the BDB storage engine. This saves memory and might speed up some operations. Do not use this option if you require BDB tables.

  • --skip-concurrent-insert

    Turn off the ability to select and insert at the same time on MyISAM tables. (This is to be used only if you think you have found a bug in this feature.) See Section 7.3.3, “Concurrent Inserts”.

  • --skip-external-locking

    Do not use external locking (system locking). For more information about external locking, including conditions under which it can and cannot be used, see Section 7.3.4, “External Locking”.

    External locking has been disabled by default since MySQL 4.0.

  • --skip-grant-tables

    This option causes the server to start without using the privilege system at all, which gives anyone with access to the server unrestricted access to all databases. You can cause a running server to start using the grant tables again by executing mysqladmin flush-privileges or mysqladmin reload command from a system shell, or by issuing a MySQL FLUSH PRIVILEGES statement after connecting to the server. This option also suppresses loading of user-defined functions (UDFs).

    This option is unavailable if MySQL was configured with the --disable-grant-options option. See Section 2.16.2, “Typical configure Options”.

  • --skip-host-cache

    Do not use the internal host name cache for faster name-to-IP resolution. Instead, query the DNS server every time a client connects. See Section 7.5.11, “How MySQL Uses DNS”.

  • --skip-innodb

    Disable the InnoDB storage engine. This saves memory and disk space and might speed up some operations. Do not use this option if you require InnoDB tables.

  • --skip-merge

    Disable the MERGE storage engine. This option was added in MySQL 5.0.24. It can be used if the following behavior is undesirable: If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m.

  • --skip-name-resolve

    Do not resolve host names when checking client connections. Use only IP numbers. If you use this option, all Host column values in the grant tables must be IP numbers or localhost. See Section 7.5.11, “How MySQL Uses DNS”.

  • --skip-networking

    Don't listen for TCP/IP connections at all. All interaction with mysqld must be made via named pipes or shared memory (on Windows) or Unix socket files (on Unix). This option is highly recommended for systems where only local clients are allowed. See Section 7.5.11, “How MySQL Uses DNS”.

  • --ssl*

    Options that begin with --ssl specify whether to allow clients to connect via SSL and indicate where to find SSL keys and certificates. See Section 5.5.7.3, “SSL Command Options”.

  • --standalone

    Command-Line Format--standalone
    Config-File Formatstandalone
    Platform Specificwindows

    Instructs the MySQL server not to run as a service.

  • --symbolic-links, --skip-symbolic-links

    Command-Line Format--symbolic-links
    Config-File Formatsymbolic-links

    Enable or disable symbolic link support. This option has different effects on Windows and Unix:

  • --skip-safemalloc

    Command-Line Format--skip-safe-malloc
    Config-File Formatskip-safemalloc

    If MySQL is configured with --with-debug=full, all MySQL programs check for memory overruns during each memory allocation and memory freeing operation. This checking is very slow, so for the server you can avoid it when you don't need it by using the --skip-safemalloc option.

  • --skip-show-database

    Command-Line Format--skip-show-database
    Config-File Formatskip-show-database
    Option Sets VariableYes, skip_show_database
    Variable Nameskip_show_database
    Variable ScopeGlobal
    Dynamic VariableNo

    With this option, the SHOW DATABASES statement is allowed only to users who have the SHOW DATABASES privilege, and the statement displays all database names. Without this option, SHOW DATABASES is allowed to all users, but displays each database name only if the user has the SHOW DATABASES privilege or some privilege for the database. Note that any global privilege is considered a privilege for the database.

  • --skip-stack-trace

    Command-Line Format--skip-stack-trace
    Config-File Formatskip-stack-trace

    Don't write stack traces. This option is useful when you are running mysqld under a debugger. On some systems, you also must use this option to get a core file. See MySQL Internals: Porting.

  • --skip-thread-priority

    Command-Line Format--skip-thread-priority
    Config-File Formatskip-thread-priority
    Deprecated5.1.29

    Disable using thread priorities for faster response time.

    mysqld makes a large number of invalid calls to thread scheduling routines on Linux. These calls do not affect performance noticeably but may be a source of “noise” for debugging tools. For example, they can overwhelm other information of more interest in kernel logs. To avoid these calls, start the server with the --skip-thread-priority option.

  • --socket=path

    Command-Line Format--socket=name
    Config-File Formatsocket
    Option Sets VariableYes, socket
    Variable Namesocket
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename
    Default/tmp/mysql.sock

    On Unix, this option specifies the Unix socket file to use when listening for local connections. The default value is /tmp/mysql.sock. If this option is given, the server creates the file in the data directory unless an absolute path name is given to specify a different directory. On Windows, the option specifies the pipe name to use when listening for local connections that use a named pipe. The default value is MySQL (not case sensitive).

  • --sql-mode=value[,value[,value...]]

    Command-Line Format--sql-mode=name
    Config-File Formatsql-mode
    Option Sets VariableYes, sql_mode
    Variable Namesql_mode
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeset
    Default''
    Valid ValuesALLOW_INVALID_DATES, ANSI_QUOTES, ERROR_FOR_DIVISION_BY_ZERO, HIGH_NOT_PRECEDENCE, IGNORE_SPACE, NO_AUTO_CREATE_USER, NO_AUTO_VALUE_ON_ZERO, NO_BACKSLASH_ESCAPES, NO_DIR_IN_CREATE, NO_ENGINE_SUBSTITUTION, NO_FIELD_OPTIONS, NO_KEY_OPTIONS, NO_TABLE_OPTIONS, NO_UNSIGNED_SUBTRACTION, NO_ZERO_DATE, NO_ZERO_IN_DATE, ONLY_FULL_GROUP_BY, PAD_CHAR_TO_FULL_LENGTH, PIPES_AS_CONCAT, REAL_AS_FLOAT, STRICT_ALL_TABLES, STRICT_TRANS_TABLES

    Set the SQL mode. See Section 5.1.7, “Server SQL Modes”.

  • --sysdate-is-now

    Version Introduced5.0.20
    Command-Line Format--sysdate-is-now
    Config-File Formatsysdate-is-now
     Permitted Values
    Typeboolean
    DefaultFALSE

    As of MySQL 5.0.12, SYSDATE() by default returns the time at which it executes, not the time at which the statement in which it occurs begins executing. This differs from the behavior of NOW(). This option causes SYSDATE() to be an alias for NOW(). For information about the implications for binary logging and replication, see the description for SYSDATE() in Section 11.6, “Date and Time Functions” and for SET TIMESTAMP in Section 5.1.4, “Session System Variables”.

    This option was added in MySQL 5.0.20.

  • --tc-heuristic-recover={COMMIT|ROLLBACK}

    Version Introduced5.0.3
    Command-Line Format--tc-heuristic-recover=name
    Config-File Formattc-heuristic-recover
     Permitted Values
    Typeenumeration
    Valid ValuesCOMMIT, RECOVER

    The type of decision to use in the heuristic recovery process. Currently, this option is unused. Added in MySQL 5.0.3.

  • --temp-pool

    Command-Line Format--temp-pool
    Config-File Formattemp-pool
     Permitted Values
    Typeboolean
    DefaultTRUE

    This option causes most temporary files created by the server to use a small set of names, rather than a unique name for each new file. This works around a problem in the Linux kernel dealing with creating many new files with different names. With the old behavior, Linux seems to “leak” memory, because it is being allocated to the directory entry cache rather than to the disk cache.

  • --transaction-isolation=level

    Command-Line Format--transaction-isolation=name
    Config-File Formattransaction-isolation
     Permitted Values
    Typeenumeration
    Valid ValuesREAD-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, SERIALIZABLE

    Sets the default transaction isolation level. The level value can be READ-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, or SERIALIZABLE. See Section 12.4.6, “SET TRANSACTION Syntax”.

  • --tmpdir=path, -t path

    Command-Line Format--tmpdir=name
    Config-File Formattmpdir
    Option Sets VariableYes, tmpdir
    Variable Nametmpdir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path of the directory to use for creating temporary files. It might be useful if your default /tmp directory resides on a partition that is too small to hold temporary tables. This option accepts several paths that are used in round-robin fashion. Paths should be separated by colon characters (“:”) on Unix and semicolon characters (“;”) on Windows, NetWare, and OS/2. If the MySQL server is acting as a replication slave, you should not set --tmpdir to point to a directory on a memory-based file system or to a directory that is cleared when the server host restarts. For more information about the storage location of temporary files, see Section B.5.4.4, “Where MySQL Stores Temporary Files”. A replication slave needs some of its temporary files to survive a machine restart so that it can replicate temporary tables or LOAD DATA INFILE operations. If files in the temporary file directory are lost when the server restarts, replication fails.

  • --user={user_name|user_id}, -u {user_name|user_id}

    Command-Line Format--user=name
    Config-File Formatuser
     Permitted Values
    Typestring

    Run the mysqld server as the user having the name user_name or the numeric user ID user_id. (“User” in this context refers to a system login account, not a MySQL user listed in the grant tables.)

    This option is mandatory when starting mysqld as root. The server changes its user ID during its startup sequence, causing it to run as that particular user rather than as root. See Section 5.3.1, “General Security Guidelines”.

    To avoid a possible security hole where a user adds a --user=root option to a my.cnf file (thus causing the server to run as root), mysqld uses only the first --user option specified and produces a warning if there are multiple --user options. Options in /etc/my.cnf and $MYSQL_HOME/my.cnf are processed before command-line options, so it is recommended that you put a --user option in /etc/my.cnf and specify a value other than root. The option in /etc/my.cnf is found before any other --user options, which ensures that the server runs as a user other than root, and that a warning results if any other --user option is found.

  • --verbose, -v

    Use this option with the --help option for detailed help.

  • --version, -V

    Command-Line Format--version
    Config-File Formatversion
    Variable Nameversion
    Variable ScopeGlobal
    Dynamic VariableNo

    Display version information and exit.

You can assign a value to a server system variable by using an option of the form --var_name=value. For example, --key_buffer_size=32M sets the key_buffer_size variable to a value of 32MB.

Note that when you assign a value to a variable, MySQL might automatically correct the value to stay within a given range, or adjust the value to the closest allowable value if only certain values are allowed.

If you want to restrict the maximum value to which a variable can be set at runtime with SET, you can define this by using the --maximum-var_name=value command-line option.

It is also possible to set variables by using --set-variable=var_name=value or -O var_name=value syntax. This syntax is deprecated.

You can change the values of most system variables for a running server with the SET statement. See Section 12.5.4, “SET Syntax”.

Section 5.1.3, “Server System Variables”, provides a full description for all variables, and additional information for setting them at server startup and runtime. Section 7.5.3, “Tuning Server Parameters”, includes information on optimizing the server by tuning system variables.

5.1.3. Server System Variables

The MySQL server maintains many system variables that indicate how it is configured. Each system variable has a default value. System variables can be set at server startup using options on the command line or in an option file. Most of them can be changed dynamically while the server is running by means of the SET statement, which enables you to modify operation of the server without having to stop and restart it. You can refer to system variable values in expressions.

There are several ways to see the names and values of system variables:

  • To see the values that a server will use based on its compiled-in defaults and any option files that it reads, use this command:

    mysqld --verbose --help
    
  • To see the values that a server will use based on its compiled-in defaults, ignoring the settings in any option files, use this command:

    mysqld --no-defaults --verbose --help
    
  • To see the current values used by a running server, use the SHOW VARIABLES statement.

This section provides a description of each system variable. Variables with no version indicated are present in all MySQL 5.0 releases. For historical information concerning their implementation, please see http://www.mysql.com/products/enterprise//4.1/en/.

The following table lists all available system variables:

Table 5.2. System Variable Summary

NameCmd-LineOption fileSystem VarVar ScopeDynamic
auto_increment_incrementYesYesYesBothYes
auto_increment_offsetYesYesYesBothYes
autocommit  YesSessionYes
automatic_sp_privileges  YesGlobalYes
back_logYesYesYesGlobalNo
basedirYesYesYesGlobalNo
bdb_cache_sizeYesYesYesGlobalNo
bdb-homeYesYes  No
- Variable: bdb_home  YesGlobalNo
bdb-lock-detectYesYes  No
- Variable: bdb_lock_detect  YesGlobalNo
bdb_log_buffer_sizeYesYesYesGlobalNo
bdb-logdirYesYes  No
- Variable: bdb_logdir  YesGlobalNo
bdb_max_lockYesYesYesGlobalNo
bdb-shared-dataYesYes  No
- Variable: bdb_shared_data  YesGlobalNo
bdb-tmpdirYesYes  No
- Variable: bdb_tmpdir  YesGlobalNo
big-tablesYesYes  Yes
- Variable: big_tables  YesSessionYes
binlog_cache_sizeYesYesYesGlobalYes
bulk_insert_buffer_sizeYesYesYesBothYes
character_set_client  YesBothYes
character_set_connection  YesBothYes
character_set_database[a]  YesBothYes
character-set-filesystemYesYes  Yes
- Variable: character_set_filesystem  YesBothYes
character_set_results  YesBothYes
character-set-serverYesYes  Yes
- Variable: character_set_server  YesBothYes
character_set_system  YesGlobalNo
character-sets-dirYesYes  No
- Variable: character_sets_dir  YesGlobalNo
collation_connection  YesBothYes
collation_database[b]  YesBothYes
collation-serverYesYes  Yes
- Variable: collation_server  YesBothYes
completion_typeYesYesYesBothYes
concurrent_insertYesYesYesGlobalYes
connect_timeoutYesYesYesGlobalYes
datadirYesYesYesGlobalNo
date_format  YesBothNo
datetime_formatYesYesYesBothNo
debugYesYesYesBothYes
default_week_formatYesYesYesBothYes
delay-key-writeYesYes  Yes
- Variable: delay_key_write  YesGlobalYes
delayed_insert_limitYesYesYesGlobalYes
delayed_insert_timeoutYesYesYesGlobalYes
delayed_queue_sizeYesYesYesGlobalYes
div_precision_incrementYesYesYesBothYes
engine-condition-pushdownYesYes  Yes
- Variable: engine_condition_pushdown  YesBothYes
error_count  YesSessionNo
expire_logs_daysYesYesYesGlobalYes
flushYesYesYesGlobalYes
flush_timeYesYesYesGlobalYes
foreign_key_checks  YesSessionYes
ft_boolean_syntaxYesYesYesGlobalYes
ft_max_word_lenYesYesYesGlobalNo
ft_min_word_lenYesYesYesGlobalNo
ft_query_expansion_limitYesYesYesGlobalNo
ft_stopword_fileYesYesYesGlobalNo
group_concat_max_lenYesYesYesBothYes
have_archive  YesGlobalNo
have_bdb  YesGlobalNo
have_blackhole_engine  YesGlobalNo
have_compress  YesGlobalNo
have_crypt  YesGlobalNo
have_csv  YesGlobalNo
have_example_engine  YesGlobalNo
have_federated_engine  YesGlobalNo
have_geometry  YesGlobalNo
have_innodb  YesGlobalNo
have_isam  YesGlobalNo
have_merge_engine  YesGlobalNo
have_ndbcluster  YesGlobalNo
have_openssl  YesGlobalNo
have_query_cache  YesGlobalNo
have_raid  YesGlobalNo
have_rtree_keys  YesGlobalNo
have_ssl  YesGlobalNo
have_symlink  YesGlobalNo
hostname  YesGlobalNo
identity  YesSessionYes
init_connectYesYesYesGlobalYes
init-fileYesYes  No
- Variable: init_file  YesGlobalNo
init_slaveYesYesYesGlobalYes
innodb_adaptive_hash_indexYesYesYesGlobalNo
innodb_additional_mem_pool_sizeYesYesYesGlobalNo
innodb_autoextend_incrementYesYesYesGlobalYes
innodb_buffer_pool_awe_mem_mbYesYesYesGlobalNo
innodb_buffer_pool_sizeYesYesYesGlobalNo
innodb_checksumsYesYesYesGlobalNo
innodb_commit_concurrencyYesYesYesGlobalYes
innodb_concurrency_ticketsYesYesYesGlobalYes
innodb_data_file_pathYesYesYesGlobalNo
innodb_data_home_dirYesYesYesGlobalNo
innodb_doublewriteYesYesYesGlobalNo
innodb_fast_shutdownYesYesYesGlobalYes
innodb_file_io_threadsYesYesYesGlobalNo
innodb_file_per_tableYesYesYesGlobalNo
innodb_flush_log_at_trx_commitYesYesYesGlobalYes
innodb_flush_methodYesYesYesGlobalNo
innodb_force_recoveryYesYesYesGlobalNo
innodb_lock_wait_timeoutYesYesYesGlobalNo
innodb_locks_unsafe_for_binlogYesYesYesGlobalNo
innodb_log_arch_dirYesYesYesGlobalNo
innodb_log_archiveYesYesYesGlobalNo
innodb_log_buffer_sizeYesYesYesGlobalNo
innodb_log_file_sizeYesYesYesGlobalNo
innodb_log_files_in_groupYesYesYesGlobalNo
innodb_log_group_home_dirYesYesYesGlobalNo
innodb_max_dirty_pages_pctYesYesYesGlobalYes
innodb_max_purge_lagYesYesYesGlobalYes
innodb_mirrored_log_groupsYesYesYesGlobalNo
innodb_open_filesYesYesYesGlobalNo
innodb_rollback_on_timeoutYesYesYesGlobalNo
innodb_support_xaYesYesYesBothYes
innodb_sync_spin_loopsYesYesYesGlobalYes
innodb_table_locksYesYesYesBothYes
innodb_thread_concurrencyYesYesYesGlobalYes
innodb_thread_sleep_delayYesYesYesGlobalYes
innodb_use_legacy_cardinality_algorithmYesYesYesGlobalYes
insert_id  YesSessionYes
interactive_timeoutYesYesYesBothYes
join_buffer_sizeYesYesYesBothYes
keep_files_on_createYesYesYesBothYes
key_buffer_sizeYesYesYesGlobalYes
key_cache_age_thresholdYesYesYesGlobalYes
key_cache_block_sizeYesYesYesGlobalYes
key_cache_division_limitYesYesYesGlobalYes
languageYesYesYesGlobalNo
large_files_support  YesGlobalNo
large_page_size  YesGlobalNo
large-pagesYesYes  No
- Variable: large_pages  YesGlobalNo
last_insert_id  YesSessionYes
lc_time_names  YesBothYes
license  YesGlobalNo
local_infile  YesGlobalYes
locked_in_memory  YesGlobalNo
logYesYesYesGlobalNo
log_bin  YesGlobalNo
log-binYesYesYesGlobalNo
log-bin-trust-function-creatorsYesYes  Yes
- Variable: log_bin_trust_function_creators  YesGlobalYes
log-bin-trust-routine-creatorsYesYes  Yes
- Variable: log_bin_trust_routine_creators  YesGlobalYes
log-errorYesYes  No
- Variable: log_error  YesGlobalNo
log-queries-not-using-indexesYesYes  Yes
- Variable: log_queries_not_using_indexes  YesGlobalYes
log-slave-updatesYesYes  No
- Variable: log_slave_updates  YesGlobalNo
log-slow-queriesYesYes  No
- Variable: log_slow_queries  YesGlobalNo
log-warningsYesYes  Yes
- Variable: log_warnings  YesBothYes
long_query_timeYesYesYesBothYes
low-priority-updatesYesYes  Yes
- Variable: low_priority_updates  YesBothYes
lower_case_file_systemYesYesYesGlobalNo
lower_case_table_namesYesYesYesGlobalNo
max_allowed_packetYesYesYesBothYes
max_binlog_cache_sizeYesYesYesGlobalYes
max_binlog_sizeYesYesYesGlobalYes
max_connect_errorsYesYesYesGlobalYes
max_connectionsYesYesYesGlobalYes
max_delayed_threadsYesYesYesBothYes
max_error_countYesYesYesBothYes
max_heap_table_sizeYesYesYesBothYes
max_insert_delayed_threads  YesBothYes
max_join_sizeYesYesYesBothYes
max_length_for_sort_dataYesYesYesBothYes
max_prepared_stmt_countYesYesYesGlobalYes
max_relay_log_sizeYesYesYesGlobalYes
max_seeks_for_keyYesYesYesBothYes
max_sort_lengthYesYesYesBothYes
max_sp_recursion_depthYesYesYesBothYes
max_tmp_tablesYesYesYesBothYes
max_user_connectionsYesYesYesBothYes
max_write_lock_countYesYesYesGlobalYes
memlockYesYesYesGlobalNo
multi_range_countYesYesYesBothYes
myisam_data_pointer_sizeYesYesYesGlobalYes
myisam_max_extra_sort_file_sizeYesYesYesGlobalNo
myisam_max_sort_file_sizeYesYesYesGlobalYes
myisam_mmap_sizeYesYesYesGlobalNo
myisam_recover_options  YesGlobalNo
myisam_repair_threadsYesYesYesBothYes
myisam_sort_buffer_sizeYesYesYesBothYes
myisam_stats_methodYesYesYesBothYes
named_pipe  YesGlobalNo
ndb_autoincrement_prefetch_szYesYesYesBothYes
ndb_cache_check_timeYesYesYesGlobalYes
ndb_force_sendYesYesYesBothYes
ndb_use_exact_count  YesBothYes
ndb_use_transactionsYesYesYesBothYes
net_buffer_lengthYesYesYesBothYes
net_read_timeoutYesYesYesBothYes
net_retry_countYesYesYesBothYes
net_write_timeoutYesYesYesBothYes
newYesYesYesBothYes
old-passwordsYesYes  Yes
- Variable: old_passwords  YesBothYes
open-files-limitYesYes  No
- Variable: open_files_limit  YesGlobalNo
optimizer_prune_levelYesYesYesBothYes
optimizer_search_depthYesYesYesBothYes
pid-fileYesYes  No
- Variable: pid_file  YesGlobalNo
plugin_dirYesYesYesGlobalNo
portYesYesYesGlobalNo
preload_buffer_sizeYesYesYesBothYes
prepared_stmt_count  YesGlobalNo
profiling  YesSessionYes
profiling_history_size  YesBothYes
protocol_version  YesGlobalNo
pseudo_thread_id  YesSessionYes
query_alloc_block_sizeYesYesYesBothYes
query_cache_limitYesYesYesGlobalYes
query_cache_min_res_unitYesYesYesGlobalYes
query_cache_sizeYesYesYesGlobalYes
query_cache_typeYesYesYesBothYes
query_cache_wlock_invalidateYesYesYesBothYes
query_prealloc_sizeYesYesYesBothYes
rand_seed1  YesSessionYes
rand_seed2  YesSessionYes
range_alloc_block_sizeYesYesYesBothYes
read_buffer_sizeYesYesYesBothYes
read_onlyYesYesYesGlobalYes
read_rnd_buffer_sizeYesYesYesBothYes
relay_log_purgeYesYesYesGlobalYes
relay_log_space_limitYesYesYesGlobalNo
report-hostYesYes  No
- Variable: report_host  YesGlobalNo
report-passwordYesYes  No
- Variable: report_password  YesGlobalNo
report-portYesYes  No
- Variable: report_port  YesGlobalNo
report-userYesYes  No
- Variable: report_user  YesGlobalNo
rpl_recovery_rank  YesGlobalYes
safe-show-databaseYesYesYesGlobalYes
secure-authYesYes  Yes
- Variable: secure_auth  YesGlobalYes
secure-file-privYesYes  No
- Variable: secure_file_priv  YesGlobalNo
server-idYesYes  Yes
- Variable: server_id  YesGlobalYes
shared_memory  YesGlobalNo
shared_memory_base_name  YesGlobalNo
skip-external-lockingYesYes  No
- Variable: skip_external_locking  YesGlobalNo
skip-networkingYesYes  No
- Variable: skip_networking  YesGlobalNo
skip-show-databaseYesYes  No
- Variable: skip_show_database  YesGlobalNo
skip-sync-bdb-logsYesYesYesGlobalNo
slave_compressed_protocolYesYesYesGlobalYes
slave-load-tmpdirYesYes  No
- Variable: slave_load_tmpdir  YesGlobalNo
slave-net-timeoutYesYes  Yes
- Variable: slave_net_timeout  YesGlobalYes
slave-skip-errorsYesYes  No
- Variable: slave_skip_errors  YesGlobalNo
slave_transaction_retriesYesYesYesGlobalYes
slow_launch_timeYesYesYesGlobalYes
socketYesYesYesGlobalNo
sort_buffer_sizeYesYesYesBothYes
sql_auto_is_null  YesSessionYes
sql_big_selects  YesBothYes
sql_big_tables  YesSessionYes
sql_buffer_result  YesSessionYes
sql_log_bin  YesSessionYes
sql_log_off  YesSessionYes
sql_log_update  YesSessionYes
sql_low_priority_updates  YesBothYes
sql_max_join_size  YesBothYes
sql-modeYesYes  Yes
- Variable: sql_mode  YesBothYes
sql_notes  YesSessionYes
sql_quote_show_create  YesSessionYes
sql_safe_updates  YesSessionYes
sql_select_limit  YesBothYes
sql_slave_skip_counter  YesGlobalYes
sql_warnings  YesSessionYes
ssl-caYesYes  No
- Variable: ssl_ca  YesGlobalNo
ssl-capathYesYes  No
- Variable: ssl_capath  YesGlobalNo
ssl-certYesYes  No
- Variable: ssl_cert  YesGlobalNo
ssl-cipherYesYes  No
- Variable: ssl_cipher  YesGlobalNo
ssl-keyYesYes  No
- Variable: ssl_key  YesGlobalNo
storage_engine  YesBothYes
sync-bdb-logsYesYes  No
- Variable: sync_bdb_logs  YesGlobalNo
sync_binlogYesYesYesGlobalYes
sync_frmYesYesYesGlobalYes
system_time_zone  YesGlobalNo
table_cacheYesYesYesGlobalYes
table_lock_wait_timeoutYesYesYesGlobalYes
table_type  YesBothYes
thread_cache_sizeYesYesYesGlobalYes
thread_concurrencyYesYesYesGlobalNo
thread_stackYesYesYesGlobalNo
time_formatYesYesYesBothNo
time_zoneYesYesYesBothYes
timed_mutexesYesYesYesGlobalYes
timestamp  YesSessionYes
tmp_table_sizeYesYesYesBothYes
tmpdirYesYesYesGlobalNo
transaction_alloc_block_sizeYesYesYesBothYes
transaction_prealloc_sizeYesYesYesBothYes
tx_isolation  YesBothYes
unique_checks  YesSessionYes
updatable_views_with_limitYesYesYesBothYes
versionYesYesYesGlobalNo
version_comment  YesGlobalNo
version_compile_machine  YesGlobalNo
version_compile_os  YesGlobalNo
wait_timeoutYesYesYesBothYes
warning_count  YesSessionNo

[a] This option is dynamic, but only the server should set this information. You should not set the value of this variable manually.

[b] This option is dynamic, but only the server should set this information. You should not set the value of this variable manually.

For additional system variable information, see these sections:

Note

Some of the following variable descriptions refer to “enabling” or “disabling” a variable. These variables can be enabled with the SET statement by setting them to ON or 1, or disabled by setting them to OFF or 0. However, to set such a variable on the command line or in an option file, you must set it to 1 or 0; setting it to ON or OFF will not work. For example, on the command line, --delay_key_write=1 works but --delay_key_write=ON does not.

Some system variables control the size of buffers or caches. For a given buffer, the server might need to allocate internal data structures. These structures typically are allocated from the total memory allocated to the buffer, and the amount of space required might be platform dependent. This means that when you assign a value to a system variable that controls a buffer size, the amount of space actually available might differ from the value assigned. In some cases, the amount might be less than the value assigned. It is also possible that the server will adjust a value upward. For example, if you assign a value of 0 to a variable for which the minimal value is 1024, the server will set the value to 1024.

Values for buffer sizes, lengths, and stack sizes are given in bytes unless otherwise specified.

Some system variables take file name values. Unless otherwise specified, the default file location is the data directory if the value is a relative path name. To specify the location explicitly, use an absolute path name. Suppose that the data directory is /var/mysql/data. If a file-valued variable is given as a relative path name, it will be located under /var/mysql/data. If the value is an absolute path name, its location is as given by the path name.

  • automatic_sp_privileges

    Version Introduced5.0.3
    Variable Nameautomatic_sp_privileges
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultTRUE

    When this variable has a value of 1 (the default), the server automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine, if the user cannot already execute and alter or drop the routine. (The ALTER ROUTINE privilege is required to drop the routine.) The server also automatically drops those privileges from the creator when the routine is dropped. If automatic_sp_privileges is 0, the server does not automatically add or drop these privileges.

    The creator of a routine is the account used to execute the CREATE statement for it. This might not be the same as the account named as the DEFINER in the routine definition.

    See also Section 18.2.2, “Stored Routines and MySQL Privileges”.

    This variable was added in MySQL 5.0.3.

  • back_log

    Command-Line Format--back_log=#
    Config-File Formatback_log
    Option Sets VariableYes, back_log
    Variable Nameback_log
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default50
    Range1-65535

    The number of outstanding connection requests MySQL can have. This comes into play when the main MySQL thread gets very many connection requests in a very short time. It then takes some time (although very little) for the main thread to check the connection and start a new thread. The back_log value indicates how many requests can be stacked during this short time before MySQL momentarily stops answering new requests. You need to increase this only if you expect a large number of connections in a short period of time.

    In other words, this value is the size of the listen queue for incoming TCP/IP connections. Your operating system has its own limit on the size of this queue. The manual page for the Unix listen() system call should have more details. Check your OS documentation for the maximum value for this variable. back_log cannot be set higher than your operating system limit.

  • basedir

    Command-Line Format--basedir=name
    Config-File Formatbasedir
    Option Sets VariableYes, basedir
    Variable Namebasedir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The MySQL installation base directory. This variable can be set with the --basedir option. Relative path names for other variables usually are resolved relative to the base directory.

  • bdb_cache_size

    Command-Line Format--bdb_cache_size=#
    Config-File Formatbdb_cache_size
    Option Sets VariableYes, bdb_cache_size
    Variable Namebdb_cache_size
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Min Value20480

    The size of the buffer that is allocated for caching indexes and rows for BDB tables. If you don't use BDB tables, you should start mysqld with --skip-bdb to not allocate memory for this cache.

  • bdb_home

    Command-Line Format--bdb-home=name
    Config-File Formatbdb-home=name
    Option Sets VariableYes, bdb_home
    Variable Namebdb_home
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The base directory for BDB tables. This should be assigned the same value as the datadir variable.

  • bdb_log_buffer_size

    Command-Line Format--bdb_log_buffer_size=#
    Config-File Formatbdb_log_buffer_size
    Option Sets VariableYes, bdb_log_buffer_size
    Variable Namebdb_log_buffer_size
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Range262144-4294967295

    The size of the buffer that is allocated for caching indexes and rows for BDB tables. If you don't use BDB tables, you should set this to 0 or start mysqld with --skip-bdb to not allocate memory for this cache.

  • bdb_logdir

    Command-Line Format--bdb-logdir=file_name
    Config-File Formatbdb-logdir=file_name
    Option Sets VariableYes, bdb_logdir
    Variable Namebdb_logdir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The directory where the BDB storage engine writes its log files. This variable can be set with the --bdb-logdir option.

  • bdb_max_lock

    Command-Line Format--bdb_max_lock=#
    Config-File Formatbdb_max_lock
    Option Sets VariableYes, bdb_max_lock
    Variable Namebdb_max_lock
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default10000

    The maximum number of locks that can be active for a BDB table (10,000 by default). You should increase this value if errors such as the following occur when you perform long transactions or when mysqld has to examine many rows to calculate a query:

    bdb: Lock table is out of available locks
    Got error 12 from ...
    
  • bdb_shared_data

    Command-Line Format--bdb-shared-data
    Config-File Formatbdb-shared-data
    Option Sets VariableYes, bdb_shared_data
    Variable Namebdb-shared-data
    Variable ScopeGlobal
    Dynamic VariableNo

    This is ON if you are using --bdb-shared-data to start Berkeley DB in multi-process mode. (Do not use DB_PRIVATE when initializing Berkeley DB.)

  • bdb_tmpdir

    Command-Line Format--bdb-tmpdir=name
    Config-File Formatbdb-tmpdir=name
    Option Sets VariableYes, bdb_tmpdir
    Variable Namebdb-tmpdir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The BDB temporary file directory.

  • binlog_cache_size

    Command-Line Format--binlog_cache_size=#
    Config-File Formatbinlog_cache_size
    Option Sets VariableYes, binlog_cache_size
    Variable Namebinlog_cache_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default32768
    Range4096-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default32768
    Range4096-18446744073709547520

    The size of the cache to hold the SQL statements for the binary log during a transaction. A binary log cache is allocated for each client if the server supports any transactional storage engines and if the server has the binary log enabled (--log-bin option). If you often use large, multiple-statement transactions, you can increase this cache size to get more performance. The Binlog_cache_use and Binlog_cache_disk_use status variables can be useful for tuning the size of this variable. See Section 5.2.3, “The Binary Log”.

    MySQL Enterprise For recommendations on the optimum setting for binlog_cache_size subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • bulk_insert_buffer_size

    Command-Line Format--bulk_insert_buffer_size=#
    Config-File Formatbulk_insert_buffer_size
    Option Sets VariableYes, bulk_insert_buffer_size
    Variable Namebulk_insert_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default8388608
    Range0-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default8388608
    Range0-18446744073709547520

    MyISAM uses a special tree-like cache to make bulk inserts faster for INSERT ... SELECT, INSERT ... VALUES (...), (...), ..., and LOAD DATA INFILE when adding data to nonempty tables. This variable limits the size of the cache tree in bytes per thread. Setting it to 0 disables this optimization. The default value is 8MB.

  • character_set_client

    Variable Namecharacter_set_client
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The character set for statements that arrive from the client. The session value of this variable is set using the character set requested by the client when the client connects to the server. (Many clients support a --default-character-set option to enable this character set to be specified explicitly. See also Section 9.1.4, “Connection Character Sets and Collations”.) The global value of the variable is used to set the session value in cases when the client-requested value is unknown or not available, or the server is configured to ignore client requests:

    • The client is from a version of MySQL older than MySQL 4.1, and thus does not request a character set.

    • The client requests a character set not known to the server. For example, a Japanese-enabled client requests sjis when connecting to a server not configured with sjis support.

    • mysqld was started with the --skip-character-set-client-handshake option, which causes it to ignore client character set configuration. This reproduces MySQL 4.0 behavior and is useful should you wish to upgrade the server without upgrading all the clients.

  • character_set_connection

    Variable Namecharacter_set_connection
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The character set used for literals that do not have a character set introducer and for number-to-string conversion.

  • character_set_database

    Variable Namecharacter_set_database
    Variable ScopeBoth
    Dynamic VariableYes
    FootnoteThis option is dynamic, but only the server should set this information. You should not set the value of this variable manually.
     Permitted Values
    Typestring

    The character set used by the default database. The server sets this variable whenever the default database changes. If there is no default database, the variable has the same value as character_set_server.

  • character_set_filesystem

    Version Introduced5.0.19
    Command-Line Format--character-set-filesystem=name
    Config-File Formatcharacter-set-filesystem
    Option Sets VariableYes, character_set_filesystem
    Variable Namecharacter_set_filesystem
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The file system character set. This variable is used to interpret string literals that refer to file names, such as in the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. Such file names are converted from character_set_client to character_set_filesystem before the file opening attempt occurs. The default value is binary, which means that no conversion occurs. For systems on which multi-byte file names are allowed, a different value may be more appropriate. For example, if the system represents file names using UTF-8, set character_set_filesystem to 'utf8'. This variable was added in MySQL 5.0.19.

  • character_set_results

    Variable Namecharacter_set_results
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The character set used for returning query results such as result sets or error messages to the client.

  • character_set_server

    Command-Line Format--character-set-server
    Config-File Formatcharacter-set-server
    Option Sets VariableYes, character_set_server
    Variable Namecharacter_set_server
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The server's default character set.

  • character_set_system

    Variable Namecharacter_set_system
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    The character set used by the server for storing identifiers. The value is always utf8.

  • character_sets_dir

    Command-Line Format--character-sets-dir=name
    Config-File Formatcharacter-sets-dir
    Option Sets VariableYes, character_sets_dir
    Variable Namecharacter-sets-dir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The directory where character sets are installed.

  • collation_connection

    Variable Namecollation_connection
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The collation of the connection character set.

  • collation_database

    Variable Namecollation_database
    Variable ScopeBoth
    Dynamic VariableYes
    FootnoteThis option is dynamic, but only the server should set this information. You should not set the value of this variable manually.
     Permitted Values
    Typestring

    The collation used by the default database. The server sets this variable whenever the default database changes. If there is no default database, the variable has the same value as collation_server.

  • collation_server

    Command-Line Format--collation-server
    Config-File Formatcollation-server
    Option Sets VariableYes, collation_server
    Variable Namecollation_server
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The server's default collation.

  • completion_type

    Version Introduced5.0.3
    Command-Line Format--completion_type=#
    Config-File Formatcompletion_type
    Option Sets VariableYes, completion_type
    Variable Namecompetion_type
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Valid Values0, 1, 2

    The transaction completion type:

    • If the value is 0 (the default), COMMIT and ROLLBACK are unaffected.

    • If the value is 1, COMMIT and ROLLBACK are equivalent to COMMIT AND CHAIN and ROLLBACK AND CHAIN, respectively. (A new transaction starts immediately with the same isolation level as the just-terminated transaction.)

    • If the value is 2, COMMIT and ROLLBACK are equivalent to COMMIT RELEASE and ROLLBACK RELEASE, respectively. (The server disconnects after terminating the transaction.)

    This variable was added in MySQL 5.0.3

  • concurrent_insert

    Command-Line Format--concurrent_insert[=#]
    Config-File Formatconcurrent_insert
    Option Sets VariableYes, concurrent_insert
    Variable Nameconcurrent_insert
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values (<= 5.0.5)
    Typeboolean
    DefaultTRUE
     Permitted Values (>= 5.0.6)
    Typenumeric
    Default1
    Valid Values0, 1, 2

    If 1 (the default), MySQL allows INSERT and SELECT statements to run concurrently for MyISAM tables that have no free blocks in the middle of the data file. You can turn this option off by starting mysqld with --safe-mode or --skip-new.

    In MySQL 5.0.6, this variable was changed to take three integer values:

    ValueDescription
    0Off
    1(Default) Enables concurrent insert for MyISAM tables that don't have holes
    2Enables concurrent inserts for all MyISAM tables, even those that have holes. For a table with a hole, new rows are inserted at the end of the table if it is in use by another thread. Otherwise, MySQL acquires a normal write lock and inserts the row into the hole.

    See also Section 7.3.3, “Concurrent Inserts”.

  • connect_timeout

    Command-Line Format--connect_timeout=#
    Config-File Formatconnect_timeout
    Option Sets VariableYes, connect_timeout
    Variable Nameconnect_timeout
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values (<= 5.0.51)
    Typenumeric
    Default5
    Min Value2
     Permitted Values (>= 5.0.52)
    Typenumeric
    Default10

    The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake. The default value is 10 seconds as of MySQL 5.0.52 and 5 seconds before that.

    Increasing the connect_timeout value might help if clients frequently encounter errors of the form Lost connection to MySQL server at 'XXX', system error: errno.

  • datadir

    Command-Line Format--datadir=name
    Config-File Formatdatadir
    Option Sets VariableYes, datadir
    Variable Namedatadir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The MySQL data directory. This variable can be set with the --datadir option.

  • date_format

    This variable is unused.

  • datetime_format

    This variable is unused.

  • default_week_format

    Command-Line Format--default_week_format=#
    Config-File Formatdefault_week_format
    Option Sets VariableYes, default_week_format
    Variable Namedefault_week_format
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Range0-7

    The default mode value to use for the WEEK() function. See Section 11.6, “Date and Time Functions”.

  • delay_key_write

    Command-Line Format--delay-key-write[=name]
    Config-File Formatdelay-key-write
    Option Sets VariableYes, delay_key_write
    Variable Namedelay-key-write
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeenumeration
    DefaultON
    Valid ValuesON, OFF, ALL

    This option applies only to MyISAM tables. It can have one of the following values to affect handling of the DELAY_KEY_WRITE table option that can be used in CREATE TABLE statements.

    OptionDescription
    OFFDELAY_KEY_WRITE is ignored.
    ONMySQL honors any DELAY_KEY_WRITE option specified in CREATE TABLE statements. This is the default value.
    ALLAll new opened tables are treated as if they were created with the DELAY_KEY_WRITE option enabled.

    If DELAY_KEY_WRITE is enabled for a table, the key buffer is not flushed for the table on every index update, but only when the table is closed. This speeds up writes on keys a lot, but if you use this feature, you should add automatic checking of all MyISAM tables by starting the server with the --myisam-recover option (for example, --myisam-recover=BACKUP,FORCE). See Section 5.1.2, “Server Command Options”, and Section 13.1.1, “MyISAM Startup Options”.

    Warning

    If you enable external locking with --external-locking, there is no protection against index corruption for tables that use delayed key writes.

  • delayed_insert_limit

    Command-Line Format--delayed_insert_limit=#
    Config-File Formatdelayed_insert_limit
    Option Sets VariableYes, delayed_insert_limit
    Variable Namedelayed_insert_limit
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default100
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default100
    Range1-18446744073709547520

    After inserting delayed_insert_limit delayed rows, the INSERT DELAYED handler thread checks whether there are any SELECT statements pending. If so, it allows them to execute before continuing to insert delayed rows.

  • delayed_insert_timeout

    Command-Line Format--delayed_insert_timeout=#
    Config-File Formatdelayed_insert_timeout
    Option Sets VariableYes, delayed_insert_timeout
    Variable Namedelayed_insert_timeout
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default300

    How many seconds an INSERT DELAYED handler thread should wait for INSERT statements before terminating.

  • delayed_queue_size

    Command-Line Format--delayed_queue_size=#
    Config-File Formatdelayed_queue_size
    Option Sets VariableYes, delayed_queue_size
    Variable Namedelayed_queue_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default1000
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1000
    Range1-18446744073709547520

    This is a per-table limit on the number of rows to queue when handling INSERT DELAYED statements. If the queue becomes full, any client that issues an INSERT DELAYED statement waits until there is room in the queue again.

  • div_precision_increment

    Version Introduced5.0.6
    Command-Line Format--div_precision_increment=#
    Config-File Formatdiv_precision_increment
    Option Sets VariableYes, div_precision_increment
    Variable Namediv_precision_increment
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default4
    Range0-30

    This variable indicates the number of digits by which to increase the scale of the result of division operations performed with the / operator. The default value is 4. The minimum and maximum values are 0 and 30, respectively. The following example illustrates the effect of increasing the default value.

    mysql> SELECT 1/7;
    +--------+
    | 1/7    |
    +--------+
    | 0.1429 |
    +--------+
    mysql> SET div_precision_increment = 12;
    mysql> SELECT 1/7;
    +----------------+
    | 1/7            |
    +----------------+
    | 0.142857142857 |
    +----------------+
    

    This variable was added in MySQL 5.0.6.

  • engine_condition_pushdown

    Command-Line Format--engine-condition-pushdown
    Config-File Formatengine-condition-pushdown
    Option Sets VariableYes, engine_condition_pushdown
    Variable Nameengine_condition_pushdown
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values (>= 5.1.0)
    Typeboolean
    DefaultON

    When the value of this variable is 0 (OFF), a query such as SELECT * FROM t WHERE mycol = 42, where mycol is a nonindexed column, is executed as a full table scan. The storage engine sends every row to the MySQL server, which applies the WHERE condition. If engine_condition_pushdown is set to 1 (ON), the condition is “pushed down” to the storage engine, which uses the condition to perform the scan, and sends back to the MySQL server only those rows that match the condition. By default, this variable is OFF.

    In MySQL 5.0, this variable is useful only with the NDBCLUSTER storage engine. However, we intend to implement it for additional storage engines in future MySQL releases.

    Setting this variable to ON on a MySQL Server acting as a MySQL Cluster SQL node causes WHERE conditions on unindexed columns to be evaluated on the cluster's data nodes and only the rows that match to be sent back to the SQL node that issued the query. This means the amount of cluster data that must be sent over the network is greatly reduced, increasing the efficiency with which results are returned.

    For more information, see Section 7.2.7, “Condition Pushdown Optimization”.

    This variable was added in MySQL 5.0.3.

  • expire_logs_days

    Command-Line Format--expire_logs_days=#
    Config-File Formatexpire_logs_days
    Option Sets VariableYes, expire_logs_days
    Variable Nameexpire_logs_days
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Range0-99

    The number of days for automatic binary log file removal. The default is 0, which means “no automatic removal.” Possible removals happen at startup and when the binary log is flushed. Log flushing occurs as indicated in Section 5.2, “MySQL Server Logs”.

    To remove binary log files manually, use the PURGE BINARY LOGS statement. See Section 12.6.1.1, “PURGE BINARY LOGS Syntax”.

  • flush

    Command-Line Format--flush
    Config-File Formatflush
    Variable Nameflush
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultOFF

    If ON, the server flushes (synchronizes) all changes to disk after each SQL statement. Normally, MySQL does a write of all changes to disk only after each SQL statement and lets the operating system handle the synchronizing to disk. See Section B.5.4.2, “What to Do If MySQL Keeps Crashing”. This variable is set to ON if you start mysqld with the --flush option.

  • flush_time

    Command-Line Format--flush_time=#
    Config-File Formatflush_time
    Option Sets VariableYes, flush_time
    Variable Nameflush_time
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Min Value0
     Permitted Values
    Type (windows)numeric
    Default1800
    Min Value0

    If this is set to a nonzero value, all tables are closed every flush_time seconds to free up resources and synchronize unflushed data to disk. This option is best used only on Windows 9x or Me, or on systems with minimal resources.

  • ft_boolean_syntax

    Command-Line Format--ft_boolean_syntax=name
    Config-File Formatft_boolean_syntax
    Variable Nameft_boolean_syntax
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typestring
    Default+-><()~*:""&

    The list of operators supported by boolean full-text searches performed using IN BOOLEAN MODE. See Section 11.8.2, “Boolean Full-Text Searches”.

    The default variable value is '+ -><()~*:""&|'. The rules for changing the value are as follows:

    • Operator function is determined by position within the string.

    • The replacement value must be 14 characters.

    • Each character must be an ASCII nonalphanumeric character.

    • Either the first or second character must be a space.

    • No duplicates are allowed except the phrase quoting operators in positions 11 and 12. These two characters are not required to be the same, but they are the only two that may be.

    • Positions 10, 13, and 14 (which by default are set to “:”, “&”, and “|”) are reserved for future extensions.

  • ft_max_word_len

    Command-Line Format--ft_max_word_len=#
    Config-File Formatft_max_word_len
    Option Sets VariableYes, ft_max_word_len
    Variable Nameft_max_word_len
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Min Value10

    The maximum length of the word to be included in a FULLTEXT index.

    Note

    FULLTEXT indexes must be rebuilt after changing this variable. Use REPAIR TABLE tbl_name QUICK.

  • ft_min_word_len

    Command-Line Format--ft_min_word_len=#
    Config-File Formatft_min_word_len
    Option Sets VariableYes, ft_min_word_len
    Variable Nameft_min_word_len
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default4
    Min Value1

    The minimum length of the word to be included in a FULLTEXT index.

    Note

    FULLTEXT indexes must be rebuilt after changing this variable. Use REPAIR TABLE tbl_name QUICK.

  • ft_query_expansion_limit

    Command-Line Format--ft_query_expansion_limit=#
    Config-File Formatft_query_expansion_limit
    Option Sets VariableYes, ft_query_expansion_limit
    Variable Nameft_query_expansion_limit
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default20
    Range0-1000

    The number of top matches to use for full-text searches performed using WITH QUERY EXPANSION.

  • ft_stopword_file

    Command-Line Format--ft_stopword_file=name
    Config-File Formatft_stopword_file
    Option Sets VariableYes, ft_stopword_file
    Variable Nameft_stopword_file
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The file from which to read the list of stopwords for full-text searches. The server looks for the file in the data directory unless an absolute path name is given to specify a different directory. All the words from the file are used; comments are not honored. By default, a built-in list of stopwords is used (as defined in the myisam/ft_static.c file). Setting this variable to the empty string ('') disables stopword filtering.

    Note

    FULLTEXT indexes must be rebuilt after changing this variable or the contents of the stopword file. Use REPAIR TABLE tbl_name QUICK.

  • group_concat_max_len

    Command-Line Format--group_concat_max_len=#
    Config-File Formatgroup_concat_max_len
    Option Sets VariableYes, group_concat_max_len
    Variable Namegroup_concat_max_len
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default1024
    Range4-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1024
    Range4-18446744073709547520

    The maximum allowed result length in bytes for the GROUP_CONCAT() function. The default is 1024.

  • have_archive

    YES if mysqld supports ARCHIVE tables, NO if not.

  • have_bdb

    YES if mysqld supports BDB tables. DISABLED if --skip-bdb is used.

  • have_blackhole_engine

    YES if mysqld supports BLACKHOLE tables, NO if not.

  • have_compress

    YES if the zlib compression library is available to the server, NO if not. If not, the COMPRESS() and UNCOMPRESS() functions cannot be used.

  • have_crypt

    YES if the crypt() system call is available to the server, NO if not. If not, the ENCRYPT() function cannot be used.

  • have_csv

    YES if mysqld supports CSV tables, NO if not.

  • have_example_engine

    YES if mysqld supports EXAMPLE tables, NO if not.

  • have_federated_engine

    YES if mysqld supports FEDERATED tables, NO if not. This variable was added in MySQL 5.0.3.

  • have_geometry

    YES if the server supports spatial data types, NO if not.

  • have_innodb

    YES if mysqld supports InnoDB tables. DISABLED if --skip-innodb is used.

  • have_isam

    In MySQL 5.0, this variable appears only for reasons of backward compatibility. It is always NO because ISAM tables are no longer supported.

  • have_merge_engine

    YES if mysqld supports MERGE tables. DISABLED if --skip-merge is used. This variable was added in MySQL 5.0.24.

  • have_openssl

    YES if mysqld supports SSL connections, NO if not. As of MySQL 5.0.38, this variable is an alias for have_ssl.

  • have_query_cache

    YES if mysqld supports the query cache, NO if not.

  • have_raid

    In MySQL 5.0, this variable appears only for reasons of backward compatibility. It is always NO because RAID tables are no longer supported.

  • have_rtree_keys

    YES if RTREE indexes are available, NO if not. (These are used for spatial indexes in MyISAM tables.)

  • have_ssl

    YES if mysqld supports SSL connections, NO if not. This variable was added in MySQL 5.0.38. Before that, use have_openssl.

  • have_symlink

    YES if symbolic link support is enabled, NO if not. This is required on Unix for support of the DATA DIRECTORY and INDEX DIRECTORY table options, and on Windows for support of data directory symlinks.

  • hostname

    Version Introduced5.0.38
    Variable Namehostname
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    The server sets this variable to the server host name at startup. This variable was added in MySQL 5.0.38.

  • init_connect

    Command-Line Format--init-connect=name
    Config-File Formatinit_connect
    Option Sets VariableYes, init_connect
    Variable Nameinit_connect
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typestring

    A string to be executed by the server for each client that connects. The string consists of one or more SQL statements. To specify multiple statements, separate them by semicolon characters. For example, each client begins by default with autocommit mode enabled. There is no global system variable to specify that autocommit should be disabled by default, but init_connect can be used to achieve the same effect:

    SET GLOBAL init_connect='SET autocommit=0';
    

    This variable can also be set on the command line or in an option file. To set the variable as just shown using an option file, include these lines:

    [mysqld]
    init_connect='SET autocommit=0'
    

    Note that the content of init_connect is not executed for users that have the SUPER privilege. This is done so that an erroneous value for init_connect does not prevent all clients from connecting. For example, the value might contain a statement that has a syntax error, thus causing client connections to fail. Not executing init_connect for users that have the SUPER privilege enables them to open a connection and fix the init_connect value.

  • init_file

    Command-Line Format--init-file=name
    Config-File Formatinit-file
    Option Sets VariableYes, init_file
    Variable Nameinit_file
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The name of the file specified with the --init-file option when you start the server. This should be a file containing SQL statements that you want the server to execute when it starts. Each statement must be on a single line and should not include comments. No statement terminator such as ;, \g, or \G should be given at the end of each statement.

    Note that the --init-file option is unavailable if MySQL was configured with the --disable-grant-options option. See Section 2.16.2, “Typical configure Options”.

  • innodb_xxx

    InnoDB system variables are listed in Section 13.2.3, “InnoDB Startup Options and System Variables”.

  • interactive_timeout

    Command-Line Format--interactive_timeout=#
    Config-File Formatinteractive_timeout
    Option Sets VariableYes, interactive_timeout
    Variable Nameinteractive_timeout
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default28800
    Min Value1

    The number of seconds the server waits for activity on an interactive connection before closing it. An interactive client is defined as a client that uses the CLIENT_INTERACTIVE option to mysql_real_connect(). See also wait_timeout.

  • join_buffer_size

    Command-Line Format--join_buffer_size=#
    Config-File Formatjoin_buffer_size
    Option Sets VariableYes, join_buffer_size
    Variable Namejoin_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes

    The size of the buffer that is used for plain index scans, range index scans, and joins that do not use indexes and thus perform full table scans. Normally, the best way to get fast joins is to add indexes. Increase the value of join_buffer_size to get a faster full join when adding indexes is not possible. One join buffer is allocated for each full join between two tables. For a complex join between several tables for which indexes are not used, multiple join buffers might be necessary.

    The maximum allowable setting for join_buffer_size is 4GB.

  • keep_files_on_create

    Version Introduced5.0.48
    Command-Line Format--keep_files_on_create=#
    Config-File Formatkeep_files_on_create
    Option Sets VariableYes, keep_files_on_create
    Variable Namekeep_files_on_create
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultOFF

    If a MyISAM table is created with no DATA DIRECTORY option, the .MYD file is created in the database directory. By default, if MyISAM finds an existing .MYD file in this case, it overwrites it. The same applies to .MYI files for tables created with no INDEX DIRECTORY option. To suppress this behavior, set the keep_files_on_create variable to ON (1), in which case MyISAM will not overwrite existing files and returns an error instead. The default value is OFF (0).

    If a MyISAM table is created with a DATA DIRECTORY or INDEX DIRECTORY option and an existing .MYD or .MYI file is found, MyISAM always returns an error. It will not overwrite a file in the specified directory.

    This variable was added in MySQL 5.0.48.

  • key_buffer_size

    Command-Line Format--key_buffer_size=#
    Config-File Formatkey_buffer_size
    Option Sets VariableYes, key_buffer_size
    Variable Namekey_buffer_size
    Variable ScopeGlobal
    Dynamic VariableYes

    Index blocks for MyISAM tables are buffered and are shared by all threads. key_buffer_size is the size of the buffer used for index blocks. The key buffer is also known as the key cache.

    The maximum allowable setting for key_buffer_size is 4GB on 32-bit platforms. As of MySQL 5.0.52, values larger than 4GB are allowed for 64-bit platforms (except 64-bit Windows, for which large values are truncated to 4GB with a warning). The effective maximum size might be less, depending on your available physical RAM and per-process RAM limits imposed by your operating system or hardware platform. The value of this variable indicates the amount of memory requested. Internally, the server allocates as much memory as possible up to this amount, but the actual allocation might be less.

    You can increase the value to get better index handling for all reads and multiple writes; on a system whose primary function is to run MySQL using the MyISAM storage engine, 25% of the machine's total memory is an acceptable value for this variable. However, you should be aware that, if you make the value too large (for example, more than 50% of the machine's total memory), your system might start to page and become extremely slow. This is because MySQL relies on the operating system to perform file system caching for data reads, so you must leave some room for the file system cache. You should also consider the memory requirements of any other storage engines that you may be using in addition to MyISAM.

    For even more speed when writing many rows at the same time, use LOCK TABLES. See Section 7.2.19, “Speed of INSERT Statements”.

    You can check the performance of the key buffer by issuing a SHOW STATUS statement and examining the Key_read_requests, Key_reads, Key_write_requests, and Key_writes status variables. (See Section 12.5.5, “SHOW Syntax”.) The Key_reads/Key_read_requests ratio should normally be less than 0.01. The Key_writes/Key_write_requests ratio is usually near 1 if you are using mostly updates and deletes, but might be much smaller if you tend to do updates that affect many rows at the same time or if you are using the DELAY_KEY_WRITE table option.

    The fraction of the key buffer in use can be determined using key_buffer_size in conjunction with the Key_blocks_unused status variable and the buffer block size, which is available from the key_cache_block_size system variable:

    1 - ((Key_blocks_unused ? key_cache_block_size) / key_buffer_size)
    

    This value is an approximation because some space in the key buffer may be allocated internally for administrative structures.

    It is possible to create multiple MyISAM key caches. The size limit of 4GB applies to each cache individually, not as a group. See Section 7.4.5, “The MyISAM Key Cache”.

  • key_cache_age_threshold

    Command-Line Format--key_cache_age_threshold=#
    Config-File Formatkey_cache_age_threshold
    Option Sets VariableYes, key_cache_age_threshold
    Variable Namekey_cache_age_threshold
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default300
    Range100-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default300
    Range100-18446744073709547520

    This value controls the demotion of buffers from the hot sublist of a key cache to the warm sublist. Lower values cause demotion to happen more quickly. The minimum value is 100. The default value is 300. See Section 7.4.5, “The MyISAM Key Cache”.

  • key_cache_block_size

    Command-Line Format--key_cache_block_size=#
    Config-File Formatkey_cache_block_size
    Option Sets VariableYes, key_cache_block_size
    Variable Namekey_cache_block_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default1024
    Range512-16384

    The size in bytes of blocks in the key cache. The default value is 1024. See Section 7.4.5, “The MyISAM Key Cache”.

  • key_cache_division_limit

    Command-Line Format--key_cache_division_limit=#
    Config-File Formatkey_cache_division_limit
    Option Sets VariableYes, key_cache_division_limit
    Variable Namekey_cache_division_limit
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default100
    Range1-100

    The division point between the hot and warm sublists of the key cache buffer list. The value is the percentage of the buffer list to use for the warm sublist. Allowable values range from 1 to 100. The default value is 100. See Section 7.4.5, “The MyISAM Key Cache”.

  • language

    Command-Line Format--language=name
    Config-File Formatlanguage
    Option Sets VariableYes, language
    Variable Namelanguage
    Variable ScopeGlobal
    Dynamic VariableNo
    Deprecated5.5.0, by lc-messages-dir
     Permitted Values
    Typefilename
    Default/usr/local/mysql/share/mysql/english/

    The directory where error messages are located. See Section 9.3, “Setting the Error Message Language”.

  • large_files_support

    Variable Namelarge_files_support
    Variable ScopeGlobal
    Dynamic VariableNo

    Whether mysqld was compiled with options for large file support.

  • large_pages

    Version Introduced5.0.3
    Command-Line Format--large-pages
    Config-File Formatlarge-pages
    Option Sets VariableYes, large_pages
    Variable Namelarge_pages
    Variable ScopeGlobal
    Dynamic VariableNo
    Platform Specificlinux
     Permitted Values
    Type (linux)boolean
    DefaultFALSE

    Whether large page support is enabled (via the --large-pages option). See Section 7.5.9, “Enabling Large Page Support”. This variable was added in MySQL 5.0.3.

    For more information, see the entry for the --large-pages server option.

  • large_page_size

    Version Introduced5.0.3
    Variable Namelarge_page_size
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Type (linux)numeric
    Default0

    If large page support is enabled, this shows the size of memory pages. Currently, large memory pages are supported only on Linux; on other platforms, the value of this variable is always 0. This variable was added in MySQL 5.0.3.

    For more information, see the entry for the --large-pages server option.

  • lc_time_names

    Version Introduced5.0.25
    Variable Namelc_time_names
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    This variable specifies the locale that controls the language used to display day and month names and abbreviations. This variable affects the output from the DATE_FORMAT(), DAYNAME() and MONTHNAME() functions. Locale names are POSIX-style values such as 'ja_JP' or 'pt_BR'. The default value is 'en_US' regardless of your system's locale setting. For further information, see Section 9.8, “MySQL Server Locale Support”. This variable was added in MySQL 5.0.25.

  • license

    Variable Namelicense
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring
    DefaultGPL

    The type of license the server has.

  • local_infile

    Variable Namelocal_infile
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Type

    Whether LOCAL is supported for LOAD DATA INFILE statements. See Section 5.3.4, “Security Issues with LOAD DATA LOCAL.

  • locked_in_memory

    Variable Namelocked_in_memory
    Variable ScopeGlobal
    Dynamic VariableNo

    Whether mysqld was locked in memory with --memlock.

  • log

    Whether logging of all statements to the general query log is enabled. See Section 5.2.2, “The General Query Log”.

  • log_bin

    Variable Namelog_bin
    Variable ScopeGlobal
    Dynamic VariableNo

    Whether the binary log is enabled. See Section 5.2.3, “The Binary Log”.

  • log_bin_trust_function_creators

    Version Introduced5.0.16
    Command-Line Format--log-bin-trust-function-creators
    Config-File Formatlog-bin-trust-function-creators
    Option Sets VariableYes, log_bin_trust_function_creators
    Variable Namelog_bin_trust_function_creators
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    This variable applies when binary logging is enabled. It controls whether stored function creators can be trusted not to create stored functions that will cause unsafe events to be written to the binary log. If set to 0 (the default), users are not allowed to create or alter stored functions unless they have the SUPER privilege in addition to the CREATE ROUTINE or ALTER ROUTINE privilege. A setting of 0 also enforces the restriction that a function must be declared with the DETERMINISTIC characteristic, or with the READS SQL DATA or NO SQL characteristic. If the variable is set to 1, MySQL does not enforce these restrictions on stored function creation. This variable also applies to trigger creation. See Section 18.5, “Binary Logging of Stored Programs”.

    This variable was added in MySQL 5.0.16.

  • log_bin_trust_routine_creators

    This is the old name for log_bin_trust_function_creators. Before MySQL 5.0.16, it also applies to stored procedures, not just stored functions. As of 5.0.16, this variable is deprecated. It is recognized for backward compatibility but its use results in a warning.

    This variable was added in MySQL 5.0.6.

  • log_error

    Command-Line Format--log-error[=name]
    Config-File Formatlog-error
    Option Sets VariableYes, log_error
    Variable Namelog_error
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The location of the error log.

  • log_queries_not_using_indexes

    Command-Line Format--log-queries-not-using-indexes
    Config-File Formatlog-queries-not-using-indexes
    Option Sets VariableYes, log_queries_not_using_indexes
    Variable Namelog_queries_not_using_indexes
    Variable ScopeGlobal
    Dynamic VariableYes
    Deprecated5.1.29, by slow-query-log
     Permitted Values
    Typeboolean

    Whether queries that do not use indexes are logged to the slow query log. See Section 5.2.4, “The Slow Query Log”. This variable was added in MySQL 5.0.23.

  • log_slow_queries

    Command-Line Format--log-slow-queries[=name]
    Config-File Formatlog-slow-queries
    Option Sets VariableYes, log_slow_queries
    Variable Namelog_slow_queries
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typeboolean

    Whether slow queries should be logged. “Slow” is determined by the value of the long_query_time variable. See Section 5.2.4, “The Slow Query Log”.

  • log_warnings

    Command-Line Format--log-warnings[=#]
    Config-File Formatlog-warnings
    Option Sets VariableYes, log_warnings
    Variable Namelog_warnings
    Variable ScopeBoth
    Dynamic VariableYes
    Disabled byskip-log-warnings
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1
    Range0-18446744073709547520

    Whether to produce additional warning messages. It is enabled (1) by default and can be disabled by setting it to 0. Aborted connections are not logged to the error log unless the value is greater than 1.

  • long_query_time

    Command-Line Format--long_query_time=#
    Config-File Formatlong_query_time
    Option Sets VariableYes, long_query_time
    Variable Namelong_query_time
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values (<= 5.0.20)
    Typenumeric
    Default10
    Min Value1

    If a query takes longer than this many seconds, the server increments the Slow_queries status variable. If you are using the --log-slow-queries option, the query is logged to the slow query log file. This value is measured in real time, not CPU time, so a query that is under the threshold on a lightly loaded system might be above the threshold on a heavily loaded one. The minimum value is 1. The default is 10. See Section 5.2.4, “The Slow Query Log”.

  • low_priority_updates

    Command-Line Format--low-priority-updates
    Config-File Formatlow-priority-updates
    Option Sets VariableYes, low_priority_updates
    Variable Namelow_priority_updates
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    If set to 1, all INSERT, UPDATE, DELETE, and LOCK TABLE WRITE statements wait until there is no pending SELECT or LOCK TABLE READ on the affected table. This affects only storage engines that use only table-level locking (such as MyISAM, MEMORY, and MERGE). This variable previously was named sql_low_priority_updates.

  • lower_case_file_system

    Command-Line Format--lower_case_file_system[=#]
    Config-File Formatlower_case_file_system
    Option Sets VariableYes, lower_case_file_system
    Variable Namelower_case_file_system
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typeboolean

    This variable describes the case sensitivity of file names on the file system where the data directory is located. OFF means file names are case sensitive, ON means they are not case sensitive.

  • lower_case_table_names

    Command-Line Format--lower_case_table_names[=#]
    Config-File Formatlower_case_table_names
    Option Sets VariableYes, lower_case_table_names
    Variable Namelower_case_table_names
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default0
    Range0-2

    If set to 1, table names are stored in lowercase on disk and table name comparisons are not case sensitive. If set to 2 table names are stored as given but compared in lowercase. This option also applies to database names and table aliases. See Section 8.2.2, “Identifier Case Sensitivity”.

    If you are using InnoDB tables, you should set this variable to 1 on all platforms to force names to be converted to lowercase.

    You should not set this variable to 0 if you are running MySQL on a system that does not have case-sensitive file names (such as Windows or Mac OS X). If this variable is not set at startup and the file system on which the data directory is located does not have case-sensitive file names, MySQL automatically sets lower_case_table_names to 2.

  • max_allowed_packet

    Command-Line Format--max_allowed_packet=#
    Config-File Formatmax_allowed_packet
    Option Sets VariableYes, max_allowed_packet
    Variable Namemax_allowed_packet
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default1048576
    Range1024-1073741824

    The maximum size of one packet or any generated/intermediate string.

    The packet message buffer is initialized to net_buffer_length bytes, but can grow up to max_allowed_packet bytes when needed. This value by default is small, to catch large (possibly incorrect) packets.

    You must increase this value if you are using large BLOB columns or long strings. It should be as big as the largest BLOB you want to use. The protocol limit for max_allowed_packet is 1GB. The value should be a multiple of 1024; nonmultiples are rounded down to the nearest multiple.

    When you change the message buffer size by changing the value of the max_allowed_packet variable, you should also change the buffer size on the client side if your client program allows it. On the client side, max_allowed_packet has a default of 1GB. Some programs such as mysql and mysqldump enable you to change the client-side value by setting max_allowed_packet on the command line or in an option file.

    As of MySQL 5.0.84, the session value of this variable is read only. Before 5.0.84, setting the session value is allowed but has no effect.

  • max_connect_errors

    Command-Line Format--max_connect_errors=#
    Config-File Formatmax_connect_errors
    Option Sets VariableYes, max_connect_errors
    Variable Namemax_connect_errors
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default10
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default10
    Range1-18446744073709547520

    If there are more than this number of interrupted connections from a host, that host is blocked from further connections. You can unblock blocked hosts with the FLUSH HOSTS statement. If a connection is established successfully within fewer than max_connect_errors attempts after a previous connection was interrupted, the error count for the host is cleared to zero. However, once a host is blocked, the FLUSH HOSTS statement is the only way to unblock it.

  • max_connections

    Command-Line Format--max_connections=#
    Config-File Formatmax_connections
    Option Sets VariableYes, max_connections
    Variable Namemax_connections
    Variable ScopeGlobal
    Dynamic VariableYes

    The number of simultaneous client connections allowed. By default, this is 100. See Section B.5.2.7, “Too many connections, for more information.

    MySQL Enterprise For notification that the maximum number of connections is getting dangerously high and for advice on setting the optimum value for max_connections subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

    Increasing this value increases the number of file descriptors that mysqld requires. See Section 7.4.8, “How MySQL Opens and Closes Tables”, for comments on file descriptor limits.

  • max_delayed_threads

    Command-Line Format--max_delayed_threads=#
    Config-File Formatmax_delayed_threads
    Option Sets VariableYes, max_delayed_threads
    Variable Namemax_delayed_threads
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default20
    Range0-16384

    Do not start more than this number of threads to handle INSERT DELAYED statements. If you try to insert data into a new table after all INSERT DELAYED threads are in use, the row is inserted as if the DELAYED attribute wasn't specified. If you set this to 0, MySQL never creates a thread to handle DELAYED rows; in effect, this disables DELAYED entirely.

    For the SESSION value of this variable, the only valid values are 0 or the GLOBAL value.

  • max_error_count

    Command-Line Format--max_error_count=#
    Config-File Formatmax_error_count
    Option Sets VariableYes, max_error_count
    Variable Namemax_error_count
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default64
    Range0-65535

    The maximum number of error, warning, and note messages to be stored for display by the SHOW ERRORS and SHOW WARNINGS statements.

  • max_heap_table_size

    Command-Line Format--max_heap_table_size=#
    Config-File Formatmax_heap_table_size
    Option Sets VariableYes, max_heap_table_size
    Variable Namemax_heap_table_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default16777216
    Range16384-4294967295

    This variable sets the maximum size to which MEMORY tables are allowed to grow. The value of the variable is used to calculate MEMORY table MAX_ROWS values. Setting this variable has no effect on any existing MEMORY table, unless the table is re-created with a statement such as CREATE TABLE or altered with ALTER TABLE or TRUNCATE TABLE. A server restart also sets the maximum size of existing MEMORY tables to the global max_heap_table_size value.

    Note

    On 64-bit platforms, the maximum value for this variable is 1844674407370954752.

    MySQL Enterprise Subscribers to the MySQL Enterprise Monitor receive recommendations for the optimum setting for max_heap_table_size. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • max_insert_delayed_threads

    Variable Namemax_insert_delayed_threads
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric

    This variable is a synonym for max_delayed_threads.

  • max_join_size

    Command-Line Format--max_join_size=#
    Config-File Formatmax_join_size
    Option Sets VariableYes, max_join_size
    Variable Namemax_join_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default4294967295
    Range1-4294967295

    Do not allow SELECT statements that probably need to examine more than max_join_size rows (for single-table statements) or row combinations (for multiple-table statements) or that are likely to do more than max_join_size disk seeks. By setting this value, you can catch SELECT statements where keys are not used properly and that would probably take a long time. Set it if your users tend to perform joins that lack a WHERE clause, that take a long time, or that return millions of rows.

    Setting this variable to a value other than DEFAULT resets the value of sql_big_selects to 0. If you set the sql_big_selects value again, the max_join_size variable is ignored.

    If a query result is in the query cache, no result size check is performed, because the result has previously been computed and it does not burden the server to send it to the client.

    This variable previously was named sql_max_join_size.

  • max_length_for_sort_data

    Command-Line Format--max_length_for_sort_data=#
    Config-File Formatmax_length_for_sort_data
    Option Sets VariableYes, max_length_for_sort_data
    Variable Namemax_length_for_sort_data
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default1024
    Range4-8388608

    The cutoff on the size of index values that determines which filesort algorithm to use. See Section 7.2.13, “ORDER BY Optimization”.

  • max_prepared_stmt_count

    Version Introduced5.0.21
    Command-Line Format--max_prepared_stmt_count=#
    Config-File Formatmax_prepared_stmt_count
    Option Sets VariableYes, max_prepared_stmt_count
    Variable Namemax_prepared_stmt_count
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default16382
    Range0-1048576

    This variable limits the total number of prepared statements in the server. It can be used in environments where there is the potential for denial-of-service attacks based on running the server out of memory by preparing huge numbers of statements. If the value is set lower than the current number of prepared statements, existing statements are not affected and can be used, but no new statements can be prepared until the current number drops below the limit. The default value is 16,382. The allowable range of values is from 0 to 1 million. Setting the value to 0 disables prepared statements. This variable was added in MySQL 5.0.21.

  • max_relay_log_size

    Command-Line Format--max_relay_log_size=#
    Config-File Formatmax_relay_log_size
    Option Sets VariableYes, max_relay_log_size
    Variable Namemax_relay_log_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Range0-1073741824

    If a write by a replication slave to its relay log causes the current log file size to exceed the value of this variable, the slave rotates the relay logs (closes the current file and opens the next one). If max_relay_log_size is 0, the server uses max_binlog_size for both the binary log and the relay log. If max_relay_log_size is greater than 0, it constrains the size of the relay log, which enables you to have different sizes for the two logs. You must set max_relay_log_size to between 4096 bytes and 1GB (inclusive), or to 0. The default value is 0. See Section 16.4.1, “Replication Implementation Details”.

  • max_seeks_for_key

    Command-Line Format--max_seeks_for_key=#
    Config-File Formatmax_seeks_for_key
    Option Sets VariableYes, max_seeks_for_key
    Variable Namemax_seeks_for_key
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default4294967295
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default18446744073709547520
    Range1-18446744073709547520

    Limit the assumed maximum number of seeks when looking up rows based on a key. The MySQL optimizer assumes that no more than this number of key seeks are required when searching for matching rows in a table by scanning an index, regardless of the actual cardinality of the index (see Section 12.5.5.18, “SHOW INDEX Syntax”). By setting this to a low value (say, 100), you can force MySQL to prefer indexes instead of table scans.

  • max_sort_length

    Command-Line Format--max_sort_length=#
    Config-File Formatmax_sort_length
    Option Sets VariableYes, max_sort_length
    Variable Namemax_sort_length
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default1024
    Range4-8388608

    The number of bytes to use when sorting BLOB or TEXT values. Only the first max_sort_length bytes of each value are used; the rest are ignored.

  • max_sp_recursion_depth

    Version Introduced5.0.17
    Command-Line Format--max_sp_recursion_depth[=#]
    Config-File Formatmax_sp_recursion_depth
    Option Sets VariableYes, max_sp_recursion_depth
    Variable Namemax_sp_recursion_depth
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Max Value255

    The number of times that any given stored procedure may be called recursively. The default value for this option is 0, which completely disallows recursion in stored procedures. The maximum value is 255.

    Stored procedure recursion increases the demand on thread stack space. If you increase the value of max_sp_recursion_depth, it may be necessary to increase thread stack size by increasing the value of thread_stack at server startup.

    This variable was added in MySQL 5.0.17.

  • max_tmp_tables

    Command-Line Format--max_tmp_tables=#
    Config-File Formatmax_tmp_tables
    Option Sets VariableYes, max_tmp_tables
    Variable Namemax_tmp_tables
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default32
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default32
    Range1-18446744073709547520

    The maximum number of temporary tables a client can keep open at the same time. (This variable does not yet do anything.)

  • max_user_connections

    Command-Line Format--max_user_connections=#
    Config-File Formatmax_user_connections
    Option Sets VariableYes, max_user_connections
    Variable Namemax_user_connections
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Range0-4294967295

    The maximum number of simultaneous connections allowed to any given MySQL account. A value of 0 means “no limit.

    Before MySQL 5.0.3, this variable has only global scope. Beginning with MySQL 5.0.3, it also has a read-only session scope. The session variable has the same value as the global variable unless the current account has a nonzero MAX_USER_CONNECTIONS resource limit. In that case, the session value reflects the account limit.

  • max_write_lock_count

    Command-Line Format--max_write_lock_count=#
    Config-File Formatmax_write_lock_count
    Option Sets VariableYes, max_write_lock_count
    Variable Namemax_write_lock_count
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default4294967295
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default18446744073709547520
    Range1-18446744073709547520

    After this many write locks, allow some pending read lock requests to be processed in between.

  • myisam_data_pointer_size

    Command-Line Format--myisam_data_pointer_size=#
    Config-File Formatmyisam_data_pointer_size
    Option Sets VariableYes, myisam_data_pointer_size
    Variable Namemyisam_data_pointer_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values (<= 5.0.5)
    Typenumeric
    Default4
    Range2-8
     Permitted Values (>= 5.0.6)
    Typenumeric
    Default6
    Range2-7

    The default pointer size in bytes, to be used by CREATE TABLE for MyISAM tables when no MAX_ROWS option is specified. This variable cannot be less than 2 or larger than 7. The default value is 6 (4 before MySQL 5.0.6). See Section B.5.2.12, “The table is full.

  • myisam_max_extra_sort_file_size (DEPRECATED)

    This variable is not used. It was removed in MySQL 5.0.6.

  • myisam_max_sort_file_size

    Command-Line Format--myisam_max_sort_file_size=#
    Config-File Formatmyisam_max_sort_file_size
    Option Sets VariableYes, myisam_max_sort_file_size
    Variable Namemyisam_max_sort_file_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default2147483648

    The maximum size of the temporary file that MySQL is allowed to use while re-creating a MyISAM index (during REPAIR TABLE, ALTER TABLE, or LOAD DATA INFILE). If the file size would be larger than this value, the index is created using the key cache instead, which is slower. The value is given in bytes.

    The default value is 2GB. If MyISAM index files exceed this size and disk space is available, increasing the value may help performance.

  • myisam_mmap_size

    Version Introduced5.0.90
    Command-Line Format--myisam_mmap_size=#
    Config-File Formatmyisam_mmap_size
    Option Sets VariableYes, myisam_mmap_size
    Variable Namemyisam_mmap_size
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default4294967295
    Range7-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default18446744073709547520
    Range7-18446744073709547520

    The maximum amount of memory to use for memory mapping compressed MyISAM files. If many compressed MyISAM tables are used, the value can be decreased to reduce the likelihood of memory-swapping problems. This variable was added in MySQL 5.0.90.

  • myisam_recover_options

    Variable Namemyisam_recover_options
    Variable ScopeGlobal
    Dynamic VariableNo

    The value of the --myisam-recover option. See Section 5.1.2, “Server Command Options”.

  • myisam_repair_threads

    Command-Line Format--myisam_repair_threads=#
    Config-File Formatmyisam_repair_threads
    Option Sets VariableYes, myisam_repair_threads
    Variable Namemyisam_repair_threads
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default1
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1
    Range1-18446744073709547520

    If this value is greater than 1, MyISAM table indexes are created in parallel (each index in its own thread) during the Repair by sorting process. The default value is 1.

    Note

    Multi-threaded repair is still beta-quality code.

  • myisam_sort_buffer_size

    Command-Line Format--myisam_sort_buffer_size=#
    Config-File Formatmyisam_sort_buffer_size
    Option Sets VariableYes, myisam_sort_buffer_size
    Variable Namemyisam_sort_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default8388608
    Range4-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default8388608
    Range4-18446744073709547520

    The size of the buffer that is allocated when sorting MyISAM indexes during a REPAIR TABLE or when creating indexes with CREATE INDEX or ALTER TABLE.

    The maximum allowable setting for myisam_sort_buffer_size is 4GB.

  • myisam_stats_method

    Version Introduced5.0.14
    Command-Line Format--myisam_stats_method=name
    Config-File Formatmyisam_stats_method
    Option Sets VariableYes, myisam_stats_method
    Variable Namemyisam_stats_method
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values (>= 5.0)
    Typeenumeration
    Valid Valuesnulls_equal, nulls_unequal, nulls_ignored

    How the server treats NULL values when collecting statistics about the distribution of index values for MyISAM tables. This variable has three possible values, nulls_equal, nulls_unequal, and nulls_ignored. For nulls_equal, all NULL index values are considered equal and form a single value group that has a size equal to the number of NULL values. For nulls_unequal, NULL values are considered unequal, and each NULL forms a distinct value group of size 1. For nulls_ignored, NULL values are ignored.

    The method that is used for generating table statistics influences how the optimizer chooses indexes for query execution, as described in Section 7.4.7, “MyISAM Index Statistics Collection”.

    Any unique prefix of a valid value may be used to set the value of this variable.

    This variable was added in MySQL 5.0.14. For older versions, the statistics collection method is equivalent to nulls_equal.

  • named_pipe

    Variable Namenamed_pipe
    Variable ScopeGlobal
    Dynamic VariableNo
    Platform Specificwindows

    (Windows only.) Indicates whether the server supports connections over named pipes.

  • net_buffer_length

    Command-Line Format--net_buffer_length=#
    Config-File Formatnet_buffer_length
    Option Sets VariableYes, net_buffer_length
    Variable Namenet_buffer_length
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default16384
    Range1024-1048576

    Each client thread is associated with a connection buffer and result buffer. Both begin with a size given by net_buffer_length but are dynamically enlarged up to max_allowed_packet bytes as needed. The result buffer shrinks to net_buffer_length after each SQL statement.

    This variable should not normally be changed, but if you have very little memory, you can set it to the expected length of statements sent by clients. If statements exceed this length, the connection buffer is automatically enlarged. The maximum value to which net_buffer_length can be set is 1MB.

    As of MySQL 5.0.84, the session value of this variable is read only. Before 5.0.84, setting the session value is allowed but has no effect.

  • net_read_timeout

    Command-Line Format--net_read_timeout=#
    Config-File Formatnet_read_timeout
    Option Sets VariableYes, net_read_timeout
    Variable Namenet_read_timeout
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default30
    Min Value1

    The number of seconds to wait for more data from a connection before aborting the read. This timeout applies only to TCP/IP connections, not to connections made via Unix socket files, named pipes, or shared memory. When the server is reading from the client, net_read_timeout is the timeout value controlling when to abort. When the server is writing to the client, net_write_timeout is the timeout value controlling when to abort. See also slave_net_timeout.

  • net_retry_count

    Command-Line Format--net_retry_count=#
    Config-File Formatnet_retry_count
    Option Sets VariableYes, net_retry_count
    Variable Namenet_retry_count
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default10
    Range1-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default10
    Range1-18446744073709547520

    If a read on a communication port is interrupted, retry this many times before giving up. This value should be set quite high on FreeBSD because internal interrupts are sent to all threads.

  • net_write_timeout

    Command-Line Format--net_write_timeout=#
    Config-File Formatnet_write_timeout
    Option Sets VariableYes, net_write_timeout
    Variable Namenet_write_timeout
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default60
    Min Value1

    The number of seconds to wait for a block to be written to a connection before aborting the write. This timeout applies only to TCP/IP connections, not to connections made via Unix socket files, named pipes, or shared memory. See also net_read_timeout.

  • new

    Command-Line Format--new
    Config-File Formatnew
    Option Sets VariableYes, new
    Variable Namenew
    Variable ScopeBoth
    Dynamic VariableYes
    Disabled byskip-new
     Permitted Values
    Typeboolean
    DefaultFALSE

    This variable was used in MySQL 4.0 to turn on some 4.1 behaviors, and is retained for backward compatibility. In MySQL 5.0, its value is always OFF.

  • old_passwords

    Command-Line Format--old_passwords
    Config-File Formatold-passwords
    Option Sets VariableYes, old_passwords
    Variable Nameold_passwords
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    Whether the server should use pre-4.1-style passwords for MySQL user accounts. See Section B.5.2.4, “Client does not support authentication protocol.

  • one_shot

    This is not a variable, but it can be used when setting some variables. It is described in Section 12.5.4, “SET Syntax”.

  • open_files_limit

    Command-Line Format--open-files-limit=#
    Config-File Formatopen-files-limit
    Option Sets VariableYes, open_files_limit
    Variable Nameopen_files_limit
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default0
    Range0-65535

    The number of files that the operating system allows mysqld to open. This is the real value allowed by the system and might be different from the value you gave using the --open-files-limit option to mysqld or mysqld_safe. The value is 0 on systems where MySQL can't change the number of open files.

  • optimizer_prune_level

    Version Introduced5.0.1
    Command-Line Format--optimizer_prune_level[=#]
    Config-File Formatoptimizer_prune_level
    Option Sets VariableYes, optimizer_prune_level
    Variable Nameoptimizer_prune_level
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    Default1

    Controls the heuristics applied during query optimization to prune less-promising partial plans from the optimizer search space. A value of 0 disables heuristics so that the optimizer performs an exhaustive search. A value of 1 causes the optimizer to prune plans based on the number of rows retrieved by intermediate plans. This variable was added in MySQL 5.0.1.

  • optimizer_search_depth

    Version Introduced5.0.1
    Command-Line Format--optimizer_search_depth[=#]
    Config-File Formatoptimizer_search_depth
    Option Sets VariableYes, optimizer_search_depth
    Variable Nameoptimizer_search_depth
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default62

    The maximum depth of search performed by the query optimizer. Values larger than the number of relations in a query result in better query plans, but take longer to generate an execution plan for a query. Values smaller than the number of relations in a query return an execution plan quicker, but the resulting plan may be far from being optimal. If set to 0, the system automatically picks a reasonable value. If set to 63, the optimizer switches to the algorithm used in MySQL 5.0.0 (and previous versions) for performing searches. This variable was added in MySQL 5.0.1.

  • pid_file

    Command-Line Format--pid-file=name
    Config-File Formatpid-file
    Option Sets VariableYes, pid_file
    Variable Namepid_file
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path name of the process ID (PID) file. This variable can be set with the --pid-file option.

  • plugin_dir

    Version Introduced5.0.67
    Command-Line Format--plugin_dir=name
    Config-File Formatplugin_dir
    Option Sets VariableYes, plugin_dir
    Variable Nameplugin_dir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename
    Default/usr/local/mysql/lib/mysql

    The path name of the plugin directory. This variable was added in MySQL 5.0.67. If the value is nonempty, user-defined function object files must be located in this directory. If the value is empty, the behavior that is used before 5.0.67 applies: The UDF object files must be located in a directory that is searched by your system's dynamic linker.

  • port

    Command-Line Format--port=#
    Config-File Formatport
    Option Sets VariableYes, port
    Variable Nameport
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default3306

    The number of the port on which the server listens for TCP/IP connections. This variable can be set with the --port option.

  • preload_buffer_size

    Command-Line Format--preload_buffer_size=#
    Config-File Formatpreload_buffer_size
    Option Sets VariableYes, preload_buffer_size
    Variable Namepreload_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default32768
    Range1024-1073741824

    The size of the buffer that is allocated when preloading indexes.

  • prepared_stmt_count

    Version Introduced5.0.21
    Version Removed5.0.31
    Variable Nameprepared_stmt_count
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric

    The current number of prepared statements. (The maximum number of statements is given by the max_prepared_stmt_count system variable.) This variable was added in MySQL 5.0.21. In MySQL 5.0.32, it was converted to the global Prepared_stmt_count status variable.

  • protocol_version

    Variable Nameprotocol_version
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric

    The version of the client/server protocol used by the MySQL server.

  • pseudo_thread_id

    Variable Namepseudo_thread_id
    Variable ScopeSession
    Dynamic VariableYes
     Permitted Values
    Typenumeric

    This variable is for internal server use.

  • query_alloc_block_size

    Command-Line Format--query_alloc_block_size=#
    Config-File Formatquery_alloc_block_size
    Option Sets VariableYes, query_alloc_block_size
    Variable Namequery_alloc_block_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default8192
    Range1024-4294967295
    Block Size1024
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default8192
    Range1024-18446744073709547520
    Block Size1024

    The allocation size of memory blocks that are allocated for objects created during statement parsing and execution. If you have problems with memory fragmentation, it might help to increase this parameter.

  • query_cache_limit

    Command-Line Format--query_cache_limit=#
    Config-File Formatquery_cache_limit
    Option Sets VariableYes, query_cache_limit
    Variable Namequery_cache_limit
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default1048576
    Range0-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default1048576
    Range0-18446744073709547520

    Don't cache results that are larger than this number of bytes. The default value is 1MB.

  • query_cache_min_res_unit

    Command-Line Format--query_cache_min_res_unit=#
    Config-File Formatquery_cache_min_res_unit
    Option Sets VariableYes, query_cache_min_res_unit
    Variable Namequery_cache_min_res_unit
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default4096
    Range512-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default4096
    Range512-18446744073709547520

    The minimum size (in bytes) for blocks allocated by the query cache. The default value is 4096 (4KB). Tuning information for this variable is given in Section 7.5.5.3, “Query Cache Configuration”.

  • query_cache_size

    Command-Line Format--query_cache_size=#
    Config-File Formatquery_cache_size
    Option Sets VariableYes, query_cache_size
    Variable Namequery_cache_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default0
    Range0-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default0
    Range0-18446744073709547520

    The amount of memory allocated for caching query results. The default value is 0, which disables the query cache. The allowable values are multiples of 1024; other values are rounded down to the nearest multiple. Note that query_cache_size bytes of memory are allocated even if query_cache_type is set to 0. See Section 7.5.5.3, “Query Cache Configuration”, for more information.

    The query cache needs a minimum size of about 40KB to allocate its structures. (The exact size depends on system architecture.) If you set the value of query_cache_size too small, you'll get a warning, as described in Section 7.5.5.3, “Query Cache Configuration”.

  • query_cache_type

    Command-Line Format--query_cache_type=#
    Config-File Formatquery_cache_type
    Option Sets VariableYes, query_cache_type
    Variable Namequery_cache_type
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeenumeration
    Default1
    Valid Values0, 1, 2

    Set the query cache type. Setting the GLOBAL value sets the type for all clients that connect thereafter. Individual clients can set the SESSION value to affect their own use of the query cache. Possible values are shown in the following table.

    OptionDescription
    0 or OFFDon't cache results in or retrieve results from the query cache. Note that this does not deallocate the query cache buffer. To do that, you should set query_cache_size to 0.
    1 or ONCache all cacheable query results except for those that begin with SELECT SQL_NO_CACHE.
    2 or DEMANDCache results only for cacheable queries that begin with SELECT SQL_CACHE.

    This variable defaults to ON.

    Any unique prefix of a valid value may be used to set the value of this variable.

  • query_cache_wlock_invalidate

    Command-Line Format--query_cache_wlock_invalidate
    Config-File Formatquery_cache_wlock_invalidate
    Option Sets VariableYes, query_cache_wlock_invalidate
    Variable Namequery_cache_wlock_invalidate
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    Normally, when one client acquires a WRITE lock on a MyISAM table, other clients are not blocked from issuing statements that read from the table if the query results are present in the query cache. Setting this variable to 1 causes acquisition of a WRITE lock for a table to invalidate any queries in the query cache that refer to the table. This forces other clients that attempt to access the table to wait while the lock is in effect.

  • query_prealloc_size

    Command-Line Format--query_prealloc_size=#
    Config-File Formatquery_prealloc_size
    Option Sets VariableYes, query_prealloc_size
    Variable Namequery_prealloc_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default8192
    Range8192-4294967295
    Block Size1024
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default8192
    Range8192-18446744073709547520
    Block Size1024

    The size of the persistent buffer used for statement parsing and execution. This buffer is not freed between statements. If you are running complex queries, a larger query_prealloc_size value might be helpful in improving performance, because it can reduce the need for the server to perform memory allocation during query execution operations.

  • range_alloc_block_size

    Command-Line Format--range_alloc_block_size=#
    Config-File Formatrange_alloc_block_size
    Option Sets VariableYes, range_alloc_block_size
    Variable Namerange_alloc_block_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values (>= 5.0.54)
    Platform Bit Size32
    Typenumeric
    Default4096
    Range4096-4294967295
    Block Size1024
     Permitted Values (>= 5.0.54)
    Platform Bit Size64
    Typenumeric
    Default4096
    Range4096-18446744073709547520
    Block Size1024

    The size of blocks that are allocated when doing range optimization.

  • read_buffer_size

    Command-Line Format--read_buffer_size=#
    Config-File Formatread_buffer_size
    Option Sets VariableYes, read_buffer_size
    Variable Nameread_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default131072
    Range8200-2147479552

    Each thread that does a sequential scan allocates a buffer of this size (in bytes) for each table it scans. If you do many sequential scans, you might want to increase this value, which defaults to 131072. The value of this variable should be a multiple of 4KB. If it is set to a value that is not a multiple of 4KB, its value will be rounded down to the nearest multiple of 4KB.

    The maximum allowable setting for read_buffer_size is 2GB.

    read_buffer_size and read_rnd_buffer_size are not specific to any storage engine and apply in a general manner for optimization. See Section 7.5.8, “How MySQL Uses Memory”, for example.

  • read_only

    Command-Line Format--read_only
    Config-File Formatread_only
    Option Sets VariableYes, read_only
    Variable Nameread_only
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0

    This variable is off by default. When it is enabled, the server allows no updates except from users that have the SUPER privilege or (on a slave server) from updates performed by slave threads. On a slave server, this can be useful to ensure that the slave accepts updates only from its master server and not from clients. As of MySQL 5.0.16, this variable does not apply to TEMPORARY tables.

    read_only exists only as a GLOBAL variable, so changes to its value require the SUPER privilege. Changes to read_only on a master server are not replicated to slave servers. The value can be set on a slave server independent of the setting on the master.

  • read_rnd_buffer_size

    Command-Line Format--read_rnd_buffer_size=#
    Config-File Formatread_rnd_buffer_size
    Option Sets VariableYes, read_rnd_buffer_size
    Variable Nameread_rnd_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default262144
    Range8200-4294967295

    When reading rows in sorted order following a key-sorting operation, the rows are read through this buffer to avoid disk seeks. See Section 7.2.13, “ORDER BY Optimization”. Setting the variable to a large value can improve ORDER BY performance by a lot. However, this is a buffer allocated for each client, so you should not set the global variable to a large value. Instead, change the session variable only from within those clients that need to run large queries.

    The maximum allowable setting for read_rnd_buffer_size is 2GB.

    read_buffer_size and read_rnd_buffer_size are not specific to any storage engine and apply in a general manner for optimization. See Section 7.5.8, “How MySQL Uses Memory”, for example.

  • relay_log_purge

    Command-Line Format--relay_log_purge
    Config-File Formatrelay_log_purge
    Option Sets VariableYes, relay_log_purge
    Variable Namerelay_log_purge
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultTRUE

    Disables or enables automatic purging of relay log files as soon as they are not needed any more. The default value is 1 (ON).

  • relay_log_space_limit

    Command-Line Format--relay_log_space_limit=#
    Config-File Formatrelay_log_space_limit
    Option Sets VariableYes, relay_log_space_limit
    Variable Namerelay_log_space_limit
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default0
    Range0-4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default0
    Range0-18446744073709547520

    The maximum amount of space to use for all relay logs.

  • secure_auth

    Command-Line Format--secure-auth
    Config-File Formatsecure-auth
    Option Sets VariableYes, secure_auth
    Variable Namesecure_auth
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultFALSE

    If the MySQL server has been started with the --secure-auth option, it blocks connections from all accounts that have passwords stored in the old (pre-4.1) format. In that case, the value of this variable is ON, otherwise it is OFF.

    You should enable this option if you want to prevent all use of passwords employing the old format (and hence insecure communication over the network).

    Server startup fails with an error if this option is enabled and the privilege tables are in pre-4.1 format. See Section B.5.2.4, “Client does not support authentication protocol.

  • secure_file_priv

    Version Introduced5.0.38
    Command-Line Format--secure-file-priv
    Config-File Formatsecure-file-priv
    Option Sets VariableYes, secure_file_priv
    Variable Namesecure_file_priv
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    By default, this variable is empty. If set to the name of a directory, it limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT ... INTO OUTFILE statements to work only with files in that directory.

    This variable was added in MySQL 5.0.38.

  • server_id

    Command-Line Format--server-id=#
    Config-File Formatserver-id
    Option Sets VariableYes, server_id
    Variable Nameserver_id
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Range0-4294967295

    The server ID, used in replication to give each master and slave a unique identity. This variable is set by the --server-id option. For each server participating in replication, you should pick a positive integer in the range from 1 to 232 – 1 to act as that server's ID.

  • shared_memory

    Variable Nameshared_memory
    Variable ScopeGlobal
    Dynamic VariableNo
    Platform Specificwindows

    (Windows only.) Whether the server allows shared-memory connections.

  • shared_memory_base_name

    Variable Nameshared_memory_base_name
    Variable ScopeGlobal
    Dynamic VariableNo
    Platform Specificwindows

    (Windows only.) The name of shared memory to use for shared-memory connections. This is useful when running multiple MySQL instances on a single physical machine. The default name is MYSQL. The name is case sensitive.

  • skip_external_locking

    This is OFF if mysqld uses external locking, ON if external locking is disabled.

  • skip_networking

    This is ON if the server allows only local (non-TCP/IP) connections. On Unix, local connections use a Unix socket file. On Windows, local connections use a named pipe or shared memory. On NetWare, only TCP/IP connections are supported, so do not set this variable to ON. This variable can be set to ON with the --skip-networking option.

  • skip_show_database

    This prevents people from using the SHOW DATABASES statement if they do not have the SHOW DATABASES privilege. This can improve security if you have concerns about users being able to see databases belonging to other users. Its effect depends on the SHOW DATABASES privilege: If the variable value is ON, the SHOW DATABASES statement is allowed only to users who have the SHOW DATABASES privilege, and the statement displays all database names. If the value is OFF, SHOW DATABASES is allowed to all users, but displays the names of only those databases for which the user has the SHOW DATABASES or other privilege.

  • slow_launch_time

    Command-Line Format--slow_launch_time=#
    Config-File Formatslow_launch_time
    Option Sets VariableYes, slow_launch_time
    Variable Nameslow_launch_time
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default2

    If creating a thread takes longer than this many seconds, the server increments the Slow_launch_threads status variable.

  • socket

    Command-Line Format--socket=name
    Config-File Formatsocket
    Option Sets VariableYes, socket
    Variable Namesocket
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename
    Default/tmp/mysql.sock

    On Unix platforms, this variable is the name of the socket file that is used for local client connections. The default is /tmp/mysql.sock. (For some distribution formats, the directory might be different, such as /var/lib/mysql for RPMs.)

    On Windows, this variable is the name of the named pipe that is used for local client connections. The default value is MySQL (not case sensitive).

  • sort_buffer_size

    Command-Line Format--sort_buffer_size=#
    Config-File Formatsort_buffer_size
    Option Sets VariableYes, sort_buffer_size
    Variable Namesort_buffer_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default2097144
    Max Value4294967295
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default2097144
    Max Value18446744073709547520

    Each thread that needs to do a sort allocates a buffer of this size. Increase this value for faster ORDER BY or GROUP BY operations. See Section B.5.4.4, “Where MySQL Stores Temporary Files”.

    The maximum allowable setting for sort_buffer_size is 4GB.

  • sql_mode

    Command-Line Format--sql-mode=name
    Config-File Formatsql-mode
    Option Sets VariableYes, sql_mode
    Variable Namesql_mode
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeset
    Default''
    Valid ValuesALLOW_INVALID_DATES, ANSI_QUOTES, ERROR_FOR_DIVISION_BY_ZERO, HIGH_NOT_PRECEDENCE, IGNORE_SPACE, NO_AUTO_CREATE_USER, NO_AUTO_VALUE_ON_ZERO, NO_BACKSLASH_ESCAPES, NO_DIR_IN_CREATE, NO_ENGINE_SUBSTITUTION, NO_FIELD_OPTIONS, NO_KEY_OPTIONS, NO_TABLE_OPTIONS, NO_UNSIGNED_SUBTRACTION, NO_ZERO_DATE, NO_ZERO_IN_DATE, ONLY_FULL_GROUP_BY, PAD_CHAR_TO_FULL_LENGTH, PIPES_AS_CONCAT, REAL_AS_FLOAT, STRICT_ALL_TABLES, STRICT_TRANS_TABLES

    The current server SQL mode, which can be set dynamically. See Section 5.1.7, “Server SQL Modes”.

  • sql_select_limit

    Variable Namesql_select_limit
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric

    The maximum number of rows to return from SELECT statements. The default value for a new connection is the maximum number of rows that the server allows per table, which depends on the server configuration and may be affected if the server build was configured with --with-big-tables. Typical default values are (232)–1 or (264)–1. If you have changed the limit, the default value can be restored by assigning a value of DEFAULT.

    If a SELECT has a LIMIT clause, the LIMIT takes precedence over the value of sql_select_limit.

    sql_select_limit does not apply to SELECT statements executed within stored routines. It also does not apply to SELECT statements that do not produce a result set to be returned to the client. These include SELECT statements in subqueries, CREATE TABLE ... SELECT, and INSERT INTO ... SELECT.

  • ssl_ca

    Version Introduced5.0.23
    Command-Line Format--ssl-ca=name
    Config-File Formatssl-ca
    Option Sets VariableYes, ssl_ca
    Variable Namessl_ca
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path to a file with a list of trusted SSL CAs. This variable was added in MySQL 5.0.23.

  • ssl_capath

    Version Introduced5.0.23
    Command-Line Format--ssl-capath=name
    Config-File Formatssl-capath
    Option Sets VariableYes, ssl_capath
    Variable Namessl_capath
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The path to a directory that contains trusted SSL CA certificates in PEM format. This variable was added in MySQL 5.0.23.

  • ssl_cert

    Version Introduced5.0.23
    Command-Line Format--ssl-cert=name
    Config-File Formatssl-cert
    Option Sets VariableYes, ssl_cert
    Variable Namessl_cert
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The name of the SSL certificate file to use for establishing a secure connection. This variable was added in MySQL 5.0.23.

  • ssl_cipher

    Version Introduced5.0.23
    Command-Line Format--ssl-cipher=name
    Config-File Formatssl-cipher
    Option Sets VariableYes, ssl_cipher
    Variable Namessl_cipher
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    A list of allowable ciphers to use for SSL encryption. This variable was added in MySQL 5.0.23.

  • ssl_key

    Version Introduced5.0.23
    Command-Line Format--ssl-key=name
    Config-File Formatssl-key
    Option Sets VariableYes, ssl_key
    Variable Namessl_key
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    The name of the SSL key file to use for establishing a secure connection. This variable was added in MySQL 5.0.23.

  • storage_engine

    Variable Namestorage_engine
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeenumeration

    The default storage engine (table type). To set the storage engine at server startup, use the --default-storage-engine option. See Section 5.1.2, “Server Command Options”.

  • sync_frm

    Command-Line Format--sync-frm
    Config-File Formatsync_frm
    Option Sets VariableYes, sync_frm
    Variable Namesync_frm
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultTRUE

    If this variable is set to 1, when any nontemporary table is created its .frm file is synchronized to disk (using fdatasync()). This is slower but safer in case of a crash. The default is 1.

  • system_time_zone

    Variable Namesystem_time_zone
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    The server system time zone. When the server begins executing, it inherits a time zone setting from the machine defaults, possibly modified by the environment of the account used for running the server or the startup script. The value is used to set system_time_zone. Typically the time zone is specified by the TZ environment variable. It also can be specified using the --timezone option of the mysqld_safe script.

    The system_time_zone variable differs from time_zone. Although they might have the same value, the latter variable is used to initialize the time zone for each client that connects. See Section 9.7, “MySQL Server Time Zone Support”.

  • table_cache

    Command-Line Format--table_cache=#
    Config-File Formattable_cache
    Option Sets VariableYes, table_cache
    Variable Nametable_cache
    Variable ScopeGlobal
    Dynamic VariableYes
    Deprecated5.1.3, by table_open_cache
     Permitted Values
    Typenumeric
    Default64
    Range1-524288

    The number of open tables for all threads. Increasing this value increases the number of file descriptors that mysqld requires. You can check whether you need to increase the table cache by checking the Opened_tables status variable. See Section 5.1.6, “Server Status Variables”. If the value of Opened_tables is large and you don't do FLUSH TABLES often (which just forces all tables to be closed and reopened), then you should increase the value of the table_cache variable. For more information about the table cache, see Section 7.4.8, “How MySQL Opens and Closes Tables”.

  • table_lock_wait_timeout

    Version Introduced5.0.10
    Command-Line Format--table_lock_wait_timeout=#
    Config-File Formattable_lock_wait_timeout
    Option Sets VariableYes, table_lock_wait_timeout
    Variable Nametable_lock_wait_timeout
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default50
    Range1-1073741824

    This variable currently is unused.

  • table_type

    Variable Nametable_type
    Variable ScopeBoth
    Dynamic VariableYes
    Deprecated5.2.5, by storage_engine
     Permitted Values
    Typeenumeration

    This variable is a synonym for storage_engine. In MySQL 5.0, storage_engine is the preferred name.

  • thread_cache_size

    Command-Line Format--thread_cache_size=#
    Config-File Formatthread_cache_size
    Option Sets VariableYes, thread_cache_size
    Variable Namethread_cache_size
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default0
    Range0-16384

    How many threads the server should cache for reuse. When a client disconnects, the client's threads are put in the cache if there are fewer than thread_cache_size threads there. Requests for threads are satisfied by reusing threads taken from the cache if possible, and only when the cache is empty is a new thread created. This variable can be increased to improve performance if you have a lot of new connections. (Normally, this doesn't provide a notable performance improvement if you have a good thread implementation.) By examining the difference between the Connections and Threads_created status variables, you can see how efficient the thread cache is. For details, see Section 5.1.6, “Server Status Variables”.

  • thread_concurrency

    Command-Line Format--thread_concurrency=#
    Config-File Formatthread_concurrency
    Option Sets VariableYes, thread_concurrency
    Variable Namethread_concurrency
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typenumeric
    Default10
    Range1-512

    This variable is specific to Solaris systems, for which mysqld invokes the thr_setconcurrency() with the variable value. This function enables applications to give the threads system a hint about the desired number of threads that should be run at the same time.

  • thread_stack

    Command-Line Format--thread_stack=#
    Config-File Formatthread_stack
    Option Sets VariableYes, thread_stack
    Variable Namethread_stack
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default196608
    Range131072-4294967295
    Block Size1024
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default262144
    Range131072-18446744073709547520
    Block Size1024

    The stack size for each thread. Many of the limits detected by the crash-me test are dependent on this value. See Section 7.1.3, “The MySQL Benchmark Suite”. The default of 192KB (256KB for 64-bit systems) is large enough for normal operation. If the thread stack size is too small, it limits the complexity of the SQL statements that the server can handle, the recursion depth of stored procedures, and other memory-consuming actions.

  • time_format

    This variable is unused.

  • time_zone

    Command-Line Format--default_time_zone=string
    Config-File Formatdefault_time_zone
    Variable Nametime_zone
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typestring

    The current time zone. This variable is used to initialize the time zone for each client that connects. By default, the initial value of this is 'SYSTEM' (which means, “use the value of system_time_zone”). The value can be specified explicitly at server startup with the --default-time-zone option. See Section 9.7, “MySQL Server Time Zone Support”.

  • timed_mutexes

    Version Introduced5.0.3
    Command-Line Format--timed_mutexes
    Config-File Formattimed_mutexes
    Option Sets VariableYes, timed_mutexes
    Variable Nametimed_mutexes
    Variable ScopeGlobal
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    DefaultOFF

    This variable controls whether InnoDB mutexes are timed. If this variable is set to 0 or OFF (the default), mutex timing is disabled. If the variable is set to 1 or ON, mutex timing is enabled. With timing enabled, the os_wait_times value in the output from SHOW ENGINE INNODB MUTEX indicates the amount of time (in ms) spent in operating system waits. Otherwise, the value is 0. This variable was added in MySQL 5.0.3.

  • tmp_table_size

    Command-Line Format--tmp_table_size=#
    Config-File Formattmp_table_size
    Option Sets VariableYes, tmp_table_size
    Variable Nametmp_table_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Defaultsystem dependent
    Range1024-4294967295

    The maximum size of internal in-memory temporary tables. (The actual limit is determined as the minimum of tmp_table_size and max_heap_table_size.) If an in-memory temporary table exceeds the limit, MySQL automatically converts it to an on-disk MyISAM table. Increase the value of tmp_table_size (and max_heap_table_size if necessary) if you do many advanced GROUP BY queries and you have lots of memory. This variable does not apply to user-created MEMORY tables.

    You can compare the number of internal on-disk temporary tables created to the total number of internal temporary tables created by comparing the values of the Created_tmp_disk_tables and Created_tmp_tables variables.

    See also Section 7.5.10, “How MySQL Uses Internal Temporary Tables”.

  • tmpdir

    Command-Line Format--tmpdir=name
    Config-File Formattmpdir
    Option Sets VariableYes, tmpdir
    Variable Nametmpdir
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typefilename

    The directory used for temporary files and temporary tables. This variable can be set to a list of several paths that are used in round-robin fashion. Paths should be separated by colon characters (“:”) on Unix and semicolon characters (“;”) on Windows, NetWare, and OS/2.

    The multiple-directory feature can be used to spread the load between several physical disks. If the MySQL server is acting as a replication slave, you should not set tmpdir to point to a directory on a memory-based file system or to a directory that is cleared when the server host restarts. A replication slave needs some of its temporary files to survive a machine restart so that it can replicate temporary tables or LOAD DATA INFILE operations. If files in the temporary file directory are lost when the server restarts, replication fails. You can set the slave's temporary directory using the slave_load_tmpdir variable. In that case, the slave won't use the general tmpdir value and you can set tmpdir to a nonpermanent location.

  • transaction_alloc_block_size

    Command-Line Format--transaction_alloc_block_size=#
    Config-File Formattransaction_alloc_block_size
    Option Sets VariableYes, transaction_alloc_block_size
    Variable Nametransaction_alloc_block_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default8192
    Range1024-4294967295
    Block Size1024
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default8192
    Range1024-18446744073709547520
    Block Size1024

    The amount in bytes by which to increase a per-transaction memory pool which needs memory. See the description of transaction_prealloc_size.

  • transaction_prealloc_size

    Command-Line Format--transaction_prealloc_size=#
    Config-File Formattransaction_prealloc_size
    Option Sets VariableYes, transaction_prealloc_size
    Variable Nametransaction_prealloc_size
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Platform Bit Size32
    Typenumeric
    Default4096
    Range1024-4294967295
    Block Size1024
     Permitted Values
    Platform Bit Size64
    Typenumeric
    Default4096
    Range1024-18446744073709547520
    Block Size1024

    There is a per-transaction memory pool from which various transaction-related allocations take memory. The initial size of the pool in bytes is transaction_prealloc_size. For every allocation that cannot be satisfied from the pool because it has insufficient memory available, the pool is increased by transaction_alloc_block_size bytes. When the transaction ends, the pool is truncated to transaction_prealloc_size bytes.

    By making transaction_prealloc_size sufficiently large to contain all statements within a single transaction, you can avoid many malloc() calls.

  • tx_isolation

    Variable Nametx_isolation
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeenumeration
    DefaultREPEATABLE-READ
    Valid ValuesREAD-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, SERIALIZABLE

    The default transaction isolation level. Defaults to REPEATABLE-READ.

    This variable is set by the SET TRANSACTION ISOLATION LEVEL statement. See Section 12.4.6, “SET TRANSACTION Syntax”. If you set tx_isolation directly to an isolation level name that contains a space, the name should be enclosed within quotes, with the space replaced by a dash. For example:

    SET tx_isolation = 'READ-COMMITTED';
    

    Any unique prefix of a valid value may be used to set the value of this variable.

  • updatable_views_with_limit

    Version Introduced5.0.2
    Command-Line Format--updatable_views_with_limit=#
    Config-File Formatupdatable_views_with_limit
    Option Sets VariableYes, updatable_views_with_limit
    Variable Nameupdatable_views_with_limit
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typeboolean
    Default1

    This variable controls whether updates to a view can be made when the view does not contain all columns of the primary key defined in the underlying table, if the update statement contains a LIMIT clause. (Such updates often are generated by GUI tools.) An update is an UPDATE or DELETE statement. Primary key here means a PRIMARY KEY, or a UNIQUE index in which no column can contain NULL.

    The variable can have two values:

    • 1 or YES: Issue a warning only (not an error message). This is the default value.

    • 0 or NO: Prohibit the update.

    This variable was added in MySQL 5.0.2.

  • version

    Command-Line Format--version
    Config-File Formatversion
    Variable Nameversion
    Variable ScopeGlobal
    Dynamic VariableNo

    The version number for the server.

    Command-Line Format--version
    Config-File Formatversion
    Variable Nameversion
    Variable ScopeGlobal
    Dynamic VariableNo

    Starting with MySQL 5.0.24, the version number will also indicate whether the server is a standard release (Community) or Enterprise release (for example, 5.0.28-enterprise-gpl-nt).

  • version_bdb

    The BDB storage engine version.

  • version_comment

    The configure script has a --with-comment option that allows a comment to be specified when building MySQL. This variable contains the value of that comment.

    For precompiled binaries, this variable will hold the server version and license information. Starting with MySQL 5.0.24, version_comment will include the full server type and license. For community users this will appear as MySQL Community Edition - Standard (GPL). For Enterprise users, the version might be displayed as MySQL Enterprise Server (GPL). The corresponding license for your MySQL binary is shown in parentheses. For server compiled from source, the default value will be the same as that for Community releases.

  • version_compile_machine

    The type of machine or architecture on which MySQL was built.

  • version_compile_os

    Variable Nameversion_compile_os
    Variable ScopeGlobal
    Dynamic VariableNo
     Permitted Values
    Typestring

    The type of operating system on which MySQL was built.

  • wait_timeout

    Command-Line Format--wait_timeout=#
    Config-File Formatwait_timeout
    Option Sets VariableYes, wait_timeout
    Variable Namewait_timeout
    Variable ScopeBoth
    Dynamic VariableYes
     Permitted Values
    Typenumeric
    Default28800
    Range1-31536000
     Permitted Values
    Type (windows)numeric
    Default28800
    Range1-2147483

    The number of seconds the server waits for activity on a noninteractive connection before closing it. This timeout applies only to TCP/IP and Unix socket file connections, not to connections made via named pipes, or shared memory.

    On thread startup, the session wait_timeout value is initialized from the global wait_timeout value or from the global interactive_timeout value, depending on the type of client (as defined by the CLIENT_INTERACTIVE connect option to mysql_real_connect()). See also interactive_timeout.

MySQL Enterprise Expert use of server system variables is part of the service offered by the MySQL Enterprise Monitor. To subscribe, see http://www.mysql.com/products/enterprise/advisors.html.

5.1.4. Session System Variables

Several system variables exist only as session variables. These cannot be set at server startup but can be assigned values at runtime using the SET statement (except for those that are read only). Most of them are not displayed by SHOW VARIABLES, but you can obtain their values using SELECT. This section describes the session system variables. For information about setting or displaying their values, see Section 5.1.5, “Using System Variables”. For example:

mysql> SELECT @@autocommit;
+--------------+
| @@autocommit |
+--------------+
|            1 |
+--------------+

The lettercase of these variables does not matter.

The following table lists the system variables that have only session scope:

Table 5.3. Session System Variable Summary

NameCmd-LineOption fileSystem VarDynamic
autocommit  YesYes
big-tablesYesYes  
- Variable: big_tables  YesYes
error_count  YesNo
foreign_key_checks  YesYes
identity  YesYes
insert_id  YesYes
last_insert_id  YesYes
profiling  YesYes
pseudo_thread_id  YesYes
rand_seed1  YesYes
rand_seed2  YesYes
sql_auto_is_null  YesYes
sql_big_tables  YesYes
sql_buffer_result  YesYes
sql_log_bin  YesYes
sql_log_off  YesYes
sql_log_update  YesYes
sql_notes  YesYes
sql_quote_show_create  YesYes
sql_safe_updates  YesYes
sql_warnings  YesYes
timestamp  YesYes
unique_checks  YesYes
warning_count  YesNo
  • autocommit

    The autocommit mode. If set to 1, all changes to a table take effect immediately. If set to 0, you must use COMMIT to accept a transaction or ROLLBACK to cancel it. By default, client connections begin with autocommit set to 1. If you change autocommit mode from 0 to 1, MySQL performs an automatic COMMIT of any open transaction. Another way to begin a transaction is to use a START TRANSACTION or BEGIN statement. See Section 12.4.1, “START TRANSACTION, COMMIT, and ROLLBACK Syntax”.

  • big_tables

    If set to 1, all temporary tables are stored on disk rather than in memory. This is a little slower, but the error The table tbl_name is full does not occur for SELECT operations that require a large temporary table. The default value for a new connection is 0 (use in-memory temporary tables). Normally, you should never need to set this variable, because in-memory tables are automatically converted to disk-based tables as required.

    Note

    This variable was formerly named sql_big_tables.

  • error_count

    The number of errors that resulted from the last statement that generated messages. This variable is read only. See Section 12.5.5.14, “SHOW ERRORS Syntax”.

  • foreign_key_checks

    If set to 1 (the default), foreign key constraints for InnoDB tables are checked. If set to 0, they are ignored. Disabling foreign key checking can be useful for reloading InnoDB tables in an order different from that required by their parent/child relationships. See Section 13.2.4.4, “FOREIGN KEY Constraints”.

    Setting foreign_key_checks to 0 also affects data definition statements: DROP DATABASE drops a database even if it contains tables that have foreign keys that are referred to by tables outside the database, and DROP TABLE drops tables that have foreign keys that are referred to by other tables.

    Note

    Setting foreign_key_checks to 1 does not trigger a scan of the existing table data. Therefore, rows added to the table while foreign_key_checks = 0 will not be verified for consistency.

  • identity

    This variable is a synonym for the last_insert_id variable. It exists for compatibility with other database systems. You can read its value with SELECT @@identity, and set it using SET identity.

  • insert_id

    The value to be used by the following INSERT or ALTER TABLE statement when inserting an AUTO_INCREMENT value. This is mainly used with the binary log.

  • last_insert_id

    The value to be returned from LAST_INSERT_ID(). This is stored in the binary log when you use LAST_INSERT_ID() in a statement that updates a table. Setting this variable does not update the value returned by the mysql_insert_id() C API function.

  • profiling

    If set to 0 (the default), statement profiling is disabled. If set to 1, statement profiling is enabled and the SHOW PROFILES and SHOW PROFILE statements provide access to profiling information. See Section 12.5.5.29, “SHOW PROFILES Syntax”. This variable was added in MySQL 5.0.37. Note: This option does not apply to MySQL Enterprise Server users.

  • profiling_history_size

    The number of statements for which to maintain profiling information if profiling is enabled. The default value is 15. The maximum value is 100. Setting the value to 0 effectively disables profiling. See Section 12.5.5.29, “SHOW PROFILES Syntax”. This variable was added in MySQL 5.0.37. Note: This option does not apply to MySQL Enterprise Server users.

  • rand_seed1

    The rand_seed1 and rand_seed2 variables exist as session variables only, and can be set but not read. They are not shown in the output of SHOW VARIABLES.

    The purpose of these variables is to support replication of the RAND() function. For statements that invoke RAND(), the master passes two values to the slave, where they are used to seed the random number generator. The slave uses these values to set the session variables rand_seed1 and rand_seed2 so that RAND() on the slave generates the same value as on the master.

  • rand_seed2

    See the description for rand_seed1.

  • sql_auto_is_null

    If this variable is set to 1 (the default), then after a statement that successfully inserts an automatically generated AUTO_INCREMENT value, you can find that value by issuing a statement of the following form:

    SELECT * FROM tbl_name WHERE auto_col IS NULL
    

    If the statement returns a row, the value returned is the same as if you invoked the LAST_INSERT_ID() function. For details, including the return value after a multiple-row insert, see Section 11.10.3, “Information Functions”. If no AUTO_INCREMENT value was successfully inserted, the SELECT statement returns no row.

    The behavior of retrieving an AUTO_INCREMENT value by using an IS NULL comparison is used by some ODBC programs, such as Access. See Section 20.1.7.1.1, “Obtaining Auto-Increment Values”. This behavior can be disabled by setting sql_auto_is_null to 0.

  • sql_big_selects

    If set to 0, MySQL aborts SELECT statements that are likely to take a very long time to execute (that is, statements for which the optimizer estimates that the number of examined rows exceeds the value of max_join_size). This is useful when an inadvisable WHERE statement has been issued. The default value for a new connection is 1, which allows all SELECT statements.

    If you set the max_join_size system variable to a value other than DEFAULT, sql_big_selects is set to 0.

  • sql_buffer_result

    If set to 1, sql_buffer_result forces results from SELECT statements to be put into temporary tables. This helps MySQL free the table locks early and can be beneficial in cases where it takes a long time to send results to the client. The default value is 0.

  • sql_log_bin

    If set to 0, no logging is done to the binary log for the client. The client must have the SUPER privilege to set this option. The default value is 1.

  • sql_log_off

    If set to 1, no logging is done to the general query log for this client. The client must have the SUPER privilege to set this option. The default value is 0.

  • sql_log_update

    This variable is deprecated, and is mapped to sql_log_bin.

  • sql_notes

    If set to 1 (the default), warnings of Note level are recorded. If set to 0, Note warnings are suppressed. mysqldump includes output to set this variable to 0 so that reloading the dump file does not produce warnings for events that do not affect the integrity of the reload operation. sql_notes was added in MySQL 5.0.3.

  • sql_quote_show_create

    If set to 1 (the default), the server quotes identifiers for SHOW CREATE TABLE and SHOW CREATE DATABASE statements. If set to 0, quoting is disabled. This option is enabled by default so that replication works for identifiers that require quoting. See Section 12.5.5.9, “SHOW CREATE TABLE Syntax”, and Section 12.5.5.6, “SHOW CREATE DATABASE Syntax”.

  • sql_safe_updates

    If set to 1, MySQL aborts UPDATE or DELETE statements that do not use a key in the WHERE clause or a LIMIT clause. This makes it possible to catch UPDATE or DELETE statements where keys are not used properly and that would probably change or delete a large number of rows. The default value is 0.

  • sql_warnings

    This variable controls whether single-row INSERT statements produce an information string if warnings occur. The default is 0. Set the value to 1 to produce an information string.

  • timestamp = {timestamp_value | DEFAULT}

    Set the time for this client. This is used to get the original timestamp if you use the binary log to restore rows. timestamp_value should be a Unix epoch timestamp, not a MySQL timestamp.

    SET timestamp affects the value returned by NOW() but not by SYSDATE(). This means that timestamp settings in the binary log have no effect on invocations of SYSDATE(). The server can be started with the --sysdate-is-now option to cause SYSDATE() to be an alias for NOW(), in which case SET timestamp affects both functions.

  • unique_checks

    If set to 1 (the default), uniqueness checks for secondary indexes in InnoDB tables are performed. If set to 0, storage engines are allowed to assume that duplicate keys are not present in input data. If you know for certain that your data does not contain uniqueness violations, you can set this to 0 to speed up large table imports to InnoDB.

    Note that setting this variable to 0 does not require storage engines to ignore duplicate keys. An engine is still allowed to check for them and issue duplicate-key errors if it detects them.

  • warning_count

    The number of errors, warnings, and notes that resulted from the last statement that generated messages. This variable is read only. See Section 12.5.5.37, “SHOW WARNINGS Syntax”.

5.1.5. Using System Variables

The MySQL server maintains many system variables that indicate how it is configured. Section 5.1.3, “Server System Variables”, describes the meaning of these variables. Each system variable has a default value. System variables can be set at server startup using options on the command line or in an option file. Most of them can be changed dynamically while the server is running by means of the SET statement, which enables you to modify operation of the server without having to stop and restart it. You can refer to system variable values in expressions.

The server maintains two kinds of system variables. Global variables affect the overall operation of the server. Session variables affect its operation for individual client connections. A given system variable can have both a global and a session value. Global and session system variables are related as follows:

  • When the server starts, it initializes all global variables to their default values. These defaults can be changed by options specified on the command line or in an option file. (See Section 4.2.3, “Specifying Program Options”.)

  • The server also maintains a set of session variables for each client that connects. The client's session variables are initialized at connect time using the current values of the corresponding global variables. For example, the client's SQL mode is controlled by the session sql_mode value, which is initialized when the client connects to the value of the global sql_mode value.

System variable values can be set globally at server startup by using options on the command line or in an option file. When you use a startup option to set a variable that takes a numeric value, the value can be given with a suffix of K, M, or G (either uppercase or lowercase) to indicate a multiplier of 1024, 10242 or 10243; that is, units of kilobytes, megabytes, or gigabytes, respectively. Thus, the following command starts the server with a query cache size of 16 megabytes and a maximum packet size of one gigabyte:

mysqld --query_cache_size=16M --max_allowed_packet=1G

Within an option file, those variables are set like this:

[mysqld]
query_cache_size=16M
max_allowed_packet=1G

The lettercase of suffix letters does not matter; 16M and 16m are equivalent, as are 1G and 1g.

If you want to restrict the maximum value to which a system variable can be set at runtime with the SET statement, you can specify this maximum by using an option of the form --maximum-var_name=value at server startup. For example, to prevent the value of query_cache_size from being increased to more than 32MB at runtime, use the option --maximum-query_cache_size=32M.

Many system variables are dynamic and can be changed while the server runs by using the SET statement. For a list, see Section 5.1.5.2, “Dynamic System Variables”. To change a system variable with SET, refer to it as var_name, optionally preceded by a modifier:

  • To indicate explicitly that a variable is a global variable, precede its name by GLOBAL or @@global.. The SUPER privilege is required to set global variables.

  • To indicate explicitly that a variable is a session variable, precede its name by SESSION, @@session., or @@. Setting a session variable requires no special privilege, but a client can change only its own session variables, not those of any other client.

  • LOCAL and @@local. are synonyms for SESSION and @@session..

  • If no modifier is present, SET changes the session variable.

A SET statement can contain multiple variable assignments, separated by commas. If you set several system variables, the most recent GLOBAL or SESSION modifier in the statement is used for following variables that have no modifier specified.

Examples:

SET sort_buffer_size=10000;
SET @@local.sort_buffer_size=10000;
SET GLOBAL sort_buffer_size=1000000, SESSION sort_buffer_size=1000000;
SET @@sort_buffer_size=1000000;
SET @@global.sort_buffer_size=1000000, @@local.sort_buffer_size=1000000;

The @@var_name syntax for system variables is supported for compatibility with some other database systems.

If you change a session system variable, the value remains in effect until your session ends or until you change the variable to a different value. The change is not visible to other clients.

If you change a global system variable, the value is remembered and used for new connections until the server restarts. (To make a global system variable setting permanent, you should set it in an option file.) The change is visible to any client that accesses that global variable. However, the change affects the corresponding session variable only for clients that connect after the change. The global variable change does not affect the session variable for any client that is currently connected (not even that of the client that issues the SET GLOBAL statement).

To prevent incorrect usage, MySQL produces an error if you use SET GLOBAL with a variable that can only be used with SET SESSION or if you do not specify GLOBAL (or @@global.) when setting a global variable.

To set a SESSION variable to the GLOBAL value or a GLOBAL value to the compiled-in MySQL default value, use the DEFAULT keyword. For example, the following two statements are identical in setting the session value of max_join_size to the global value:

SET max_join_size=DEFAULT;
SET @@session.max_join_size=@@global.max_join_size;

Not all system variables can be set to DEFAULT. In such cases, use of DEFAULT results in an error.

You can refer to the values of specific global or sesson system variables in expressions by using one of the @@-modifiers. For example, you can retrieve values in a SELECT statement like this:

SELECT @@global.sql_mode, @@session.sql_mode, @@sql_mode;

When you refer to a system variable in an expression as @@var_name (that is, when you do not specify @@global. or @@session.), MySQL returns the session value if it exists and the global value otherwise. (This differs from SET @@var_name = value, which always refers to the session value.)

Note

Some variables displayed by SHOW VARIABLES may not be available using SELECT @@var_name syntax; an Unknown system variable occurs. As a workaround in such cases, you can use SHOW VARIABLES LIKE 'var_name'.

Suffixes for specifying a value multiplier can be used when setting a variable at server startup, but not to set the value with SET at runtime. On the other hand, with SET you can assign a variable's value using an expression, which is not true when you set a variable at server startup. For example, the first of the following lines is legal at server startup, but the second is not:

shell> mysql --max_allowed_packet=16M
shell> mysql --max_allowed_packet=16*1024*1024

Conversely, the second of the following lines is legal at runtime, but the first is not:

mysql> SET GLOBAL max_allowed_packet=16M;
mysql> SET GLOBAL max_allowed_packet=16*1024*1024;

Note

Some system variables can be enabled with the SET statement by setting them to ON or 1, or disabled by setting them to OFF or 0. However, to set such a variable on the command line or in an option file, you must set it to 1 or 0; setting it to ON or OFF will not work. For example, on the command line, --delay_key_write=1 works but --delay_key_write=ON does not.

To display system variable names and values, use the SHOW VARIABLES statement:

mysql> SHOW VARIABLES;
+--------+--------------------------------------------------------------+
| Variable_name                   | Value                               |
+--------+--------------------------------------------------------------+
| auto_increment_increment        | 1                                   |
| auto_increment_offset           | 1                                   |
| automatic_sp_privileges         | ON                                  |
| back_log                        | 50                                  |
| basedir                         | /                                   |
| bdb_cache_size                  | 8388600                             |
| bdb_home                        | /var/lib/mysql/                     |
| bdb_log_buffer_size             | 32768                               |
| bdb_logdir                      |                                     |
| bdb_max_lock                    | 10000                               |
| bdb_shared_data                 | OFF                                 |
| bdb_tmpdir                      | /tmp/                               |
| binlog_cache_size               | 32768                               |
| bulk_insert_buffer_size         | 8388608                             |
| character_set_client            | latin1                              |
| character_set_connection        | latin1                              |
| character_set_database          | latin1                              |
| character_set_results           | latin1                              |
| character_set_server            | latin1                              |
| character_set_system            | utf8                                |
| character_sets_dir              | /usr/share/mysql/charsets/          |
| collation_connection            | latin1_swedish_ci                   |
| collation_database              | latin1_swedish_ci                   |
| collation_server                | latin1_swedish_ci                   |
...
| innodb_additional_mem_pool_size | 1048576                             |
| innodb_autoextend_increment     | 8                                   |
| innodb_buffer_pool_awe_mem_mb   | 0                                   |
| innodb_buffer_pool_size         | 8388608                             |
| innodb_checksums                | ON                                  |
| innodb_commit_concurrency       | 0                                   |
| innodb_concurrency_tickets      | 500                                 |
| innodb_data_file_path           | ibdata1:10M:autoextend              |
| innodb_data_home_dir            |                                     |
...
| version                         | 5.0.19                              |
| version_comment                 | MySQL Community Edition - (GPL)     |
| version_compile_machine         | i686                                |
| version_compile_os              | pc-linux-gnu                        |
| wait_timeout                    | 28800                               |
+--------+--------------------------------------------------------------+

With a LIKE clause, the statement displays only those variables that match the pattern. To obtain a specific variable name, use a LIKE clause as shown:

SHOW VARIABLES LIKE 'max_join_size';
SHOW SESSION VARIABLES LIKE 'max_join_size';

To get a list of variables whose name match a pattern, use the “%” wildcard character in a LIKE clause:

SHOW VARIABLES LIKE '%size%';
SHOW GLOBAL VARIABLES LIKE '%size%';

Wildcard characters can be used in any position within the pattern to be matched. Strictly speaking, because “_” is a wildcard that matches any single character, you should escape it as “\_” to match it literally. In practice, this is rarely necessary.

For SHOW VARIABLES, if you specify neither GLOBAL nor SESSION, MySQL returns SESSION values.

The reason for requiring the GLOBAL keyword when setting GLOBAL-only variables but not when retrieving them is to prevent problems in the future. If we were to remove a SESSION variable that has the same name as a GLOBAL variable, a client with the SUPER privilege might accidentally change the GLOBAL variable rather than just the SESSION variable for its own connection. If we add a SESSION variable with the same name as a GLOBAL variable, a client that intends to change the GLOBAL variable might find only its own SESSION variable changed.

5.1.5.1. Structured System Variables

A structured variable differs from a regular system variable in two respects:

  • Its value is a structure with components that specify server parameters considered to be closely related.

  • There might be several instances of a given type of structured variable. Each one has a different name and refers to a different resource maintained by the server.

MySQL 5.0 supports one structured variable type, which specifies parameters governing the operation of key caches. A key cache structured variable has these components:

This section describes the syntax for referring to structured variables. Key cache variables are used for syntax examples, but specific details about how key caches operate are found elsewhere, in Section 7.4.5, “The MyISAM Key Cache”.

To refer to a component of a structured variable instance, you can use a compound name in instance_name.component_name format. Examples:

hot_cache.key_buffer_size
hot_cache.key_cache_block_size
cold_cache.key_cache_block_size

For each structured system variable, an instance with the name of default is always predefined. If you refer to a component of a structured variable without any instance name, the default instance is used. Thus, default.key_buffer_size and key_buffer_size both refer to the same system variable.

Structured variable instances and components follow these naming rules:

  • For a given type of structured variable, each instance must have a name that is unique within variables of that type. However, instance names need not be unique across structured variable types. For example, each structured variable has an instance named default, so default is not unique across variable types.

  • The names of the components of each structured variable type must be unique across all system variable names. If this were not true (that is, if two different types of structured variables could share component member names), it would not be clear which default structured variable to use for references to member names that are not qualified by an instance name.

  • If a structured variable instance name is not legal as an unquoted identifier, refer to it as a quoted identifier using backticks. For example, hot-cache is not legal, but `hot-cache` is.

  • global, session, and local are not legal instance names. This avoids a conflict with notation such as @@global.var_name for referring to nonstructured system variables.

Currently, the first two rules have no possibility of being violated because the only structured variable type is the one for key caches. These rules will assume greater significance if some other type of structured variable is created in the future.

With one exception, you can refer to structured variable components using compound names in any context where simple variable names can occur. For example, you can assign a value to a structured variable using a command-line option:

shell> mysqld --hot_cache.key_buffer_size=64K

In an option file, use this syntax:

[mysqld]
hot_cache.key_buffer_size=64K

If you start the server with this option, it creates a key cache named hot_cache with a size of 64KB in addition to the default key cache that has a default size of 8MB.

Suppose that you start the server as follows:

shell> mysqld --key_buffer_size=256K \
         --extra_cache.key_buffer_size=128K \
         --extra_cache.key_cache_block_size=2048

In this case, the server sets the size of the default key cache to 256KB. (You could also have written --default.key_buffer_size=256K.) In addition, the server creates a second key cache named extra_cache that has a size of 128KB, with the size of block buffers for caching table index blocks set to 2048 bytes.

The following example starts the server with three different key caches having sizes in a 3:1:1 ratio:

shell> mysqld --key_buffer_size=6M \
         --hot_cache.key_buffer_size=2M \
         --cold_cache.key_buffer_size=2M

Structured variable values may be set and retrieved at runtime as well. For example, to set a key cache named hot_cache to a size of 10MB, use either of these statements:

mysql> SET GLOBAL hot_cache.key_buffer_size = 10*1024*1024;
mysql> SET @@global.hot_cache.key_buffer_size = 10*1024*1024;

To retrieve the cache size, do this:

mysql> SELECT @@global.hot_cache.key_buffer_size;

However, the following statement does not work. The variable is not interpreted as a compound name, but as a simple string for a LIKE pattern-matching operation:

mysql> SHOW GLOBAL VARIABLES LIKE 'hot_cache.key_buffer_size';

This is the exception to being able to use structured variable names anywhere a simple variable name may occur.

5.1.5.2. Dynamic System Variables

Many server system variables are dynamic and can be set at runtime using SET GLOBAL or SET SESSION. You can also obtain their values using SELECT. See Section 5.1.5, “Using System Variables”.

The following table shows the full list of all dynamic system variables. The last column indicates for each variable whether GLOBAL or SESSION (or both) apply. The table also lists session options that can be set with the SET statement. Section 5.1.4, “Session System Variables”, discusses these options.

Variables that have a type of “string” take a string value. Variables that have a type of “numeric” take a numeric value. Variables that have a type of “boolean” can be set to 0, 1, ON or OFF. (If you set them on the command line or in an option file, use the numeric values.) Variables that are marked as “enumeration” normally should be set to one of the available values for the variable, but can also be set to the number that corresponds to the desired enumeration value. For enumerated system variables, the first enumeration value corresponds to 0. This differs from ENUM columns, for which the first enumeration value corresponds to 1.

Table 5.4. Dynamic Variable Summary

Variable NameVariable TypeVariable Scope
auto_increment_incrementnumericGLOBAL | SESSION
auto_increment_offsetnumericGLOBAL | SESSION
autocommitbooleanSESSION
automatic_sp_privilegesbooleanGLOBAL
big_tablesbooleanSESSION
binlog_cache_sizenumericGLOBAL
bulk_insert_buffer_sizenumericGLOBAL | SESSION
character_set_clientstringGLOBAL | SESSION
character_set_connectionstringGLOBAL | SESSION
character_set_databasestringGLOBAL | SESSION
character_set_filesystemstringGLOBAL | SESSION
character_set_resultsstringGLOBAL | SESSION
character_set_serverstringGLOBAL | SESSION
collation_connectionstringGLOBAL | SESSION
collation_databasestringGLOBAL | SESSION
collation_serverstringGLOBAL | SESSION
completion_typenumericGLOBAL | SESSION
concurrent_insertbooleanGLOBAL
connect_timeoutnumericGLOBAL
debugstringGLOBAL | SESSION
default_week_formatnumericGLOBAL | SESSION
delay_key_writeenumerationGLOBAL
delayed_insert_limitnumericGLOBAL
delayed_insert_timeoutnumericGLOBAL
delayed_queue_sizenumericGLOBAL
div_precision_incrementnumericGLOBAL | SESSION
engine_condition_pushdownbooleanGLOBAL | SESSION
expire_logs_daysnumericGLOBAL
flushbooleanGLOBAL
flush_timenumericGLOBAL
foreign_key_checksbooleanSESSION
ft_boolean_syntaxstringGLOBAL
group_concat_max_lennumericGLOBAL | SESSION
identitynumericSESSION
init_connectstringGLOBAL
init_slavestringGLOBAL
innodb_autoextend_incrementnumericGLOBAL
innodb_commit_concurrencynumericGLOBAL
innodb_concurrency_ticketsnumericGLOBAL
innodb_fast_shutdownbooleanGLOBAL
innodb_flush_log_at_trx_commitnumericGLOBAL
innodb_max_dirty_pages_pctnumericGLOBAL
innodb_max_purge_lagnumericGLOBAL
innodb_support_xabooleanGLOBAL | SESSION
innodb_sync_spin_loopsnumericGLOBAL
innodb_table_locksbooleanGLOBAL | SESSION
innodb_thread_concurrencynumericGLOBAL
innodb_thread_sleep_delaynumericGLOBAL
innodb_use_legacy_cardinality_algorithmbooleanGLOBAL
insert_idnumericSESSION
interactive_timeoutnumericGLOBAL | SESSION
join_buffer_sizenumericGLOBAL | SESSION
keep_files_on_createbooleanGLOBAL | SESSION
key_buffer_sizenumericGLOBAL
key_cache_age_thresholdnumericGLOBAL
key_cache_block_sizenumericGLOBAL
key_cache_division_limitnumericGLOBAL
last_insert_idnumericSESSION
lc_time_namesstringGLOBAL | SESSION
local_infile GLOBAL
log_bin_trust_function_creatorsbooleanGLOBAL
log_bin_trust_routine_creatorsbooleanGLOBAL
log_queries_not_using_indexesbooleanGLOBAL
log_warningsnumericGLOBAL | SESSION
long_query_timenumericGLOBAL | SESSION
low_priority_updatesbooleanGLOBAL | SESSION
max_allowed_packetnumericGLOBAL | SESSION
max_binlog_cache_sizenumericGLOBAL
max_binlog_sizenumericGLOBAL
max_connect_errorsnumericGLOBAL
max_connectionsnumericGLOBAL
max_delayed_threadsnumericGLOBAL | SESSION
max_error_countnumericGLOBAL | SESSION
max_heap_table_sizenumericGLOBAL | SESSION
max_insert_delayed_threadsnumericGLOBAL | SESSION
max_join_sizenumericGLOBAL | SESSION
max_length_for_sort_datanumericGLOBAL | SESSION
max_prepared_stmt_countnumericGLOBAL
max_relay_log_sizenumericGLOBAL
max_seeks_for_keynumericGLOBAL | SESSION
max_sort_lengthnumericGLOBAL | SESSION
max_sp_recursion_depthnumericGLOBAL | SESSION
max_tmp_tablesnumericGLOBAL | SESSION
max_user_connectionsnumericGLOBAL | SESSION
max_write_lock_countnumericGLOBAL
multi_range_countnumericGLOBAL | SESSION
myisam_data_pointer_sizenumericGLOBAL
myisam_max_sort_file_sizenumericGLOBAL
myisam_repair_threadsnumericGLOBAL | SESSION
myisam_sort_buffer_sizenumericGLOBAL | SESSION
myisam_stats_methodenumerationGLOBAL | SESSION
ndb_autoincrement_prefetch_sznumericGLOBAL | SESSION
ndb_cache_check_timenumericGLOBAL
ndb_force_sendbooleanGLOBAL | SESSION
ndb_use_exact_countbooleanGLOBAL | SESSION
ndb_use_transactionsbooleanGLOBAL | SESSION
net_buffer_lengthnumericGLOBAL | SESSION
net_read_timeoutnumericGLOBAL | SESSION
net_retry_countnumericGLOBAL | SESSION
net_write_timeoutnumericGLOBAL | SESSION
newbooleanGLOBAL | SESSION
old_passwordsbooleanGLOBAL | SESSION
optimizer_prune_levelbooleanGLOBAL | SESSION
optimizer_search_depthnumericGLOBAL | SESSION
preload_buffer_sizenumericGLOBAL | SESSION
profilingbooleanSESSION
profiling_history_sizenumericGLOBAL | SESSION
pseudo_thread_idnumericSESSION
query_alloc_block_sizenumericGLOBAL | SESSION
query_cache_limitnumericGLOBAL
query_cache_min_res_unitnumericGLOBAL
query_cache_sizenumericGLOBAL
query_cache_typeenumerationGLOBAL | SESSION
query_cache_wlock_invalidatebooleanGLOBAL | SESSION
query_prealloc_sizenumericGLOBAL | SESSION
rand_seed1numericSESSION
rand_seed2numericSESSION
range_alloc_block_sizenumericGLOBAL | SESSION
read_buffer_sizenumericGLOBAL | SESSION
read_onlynumericGLOBAL
read_rnd_buffer_sizenumericGLOBAL | SESSION
relay_log_purgebooleanGLOBAL
rpl_recovery_ranknumericGLOBAL
safe_show_databasebooleanGLOBAL
secure_authbooleanGLOBAL
server_idnumericGLOBAL
slave_compressed_protocolbooleanGLOBAL
slave_net_timeoutnumericGLOBAL
slave_transaction_retriesnumericGLOBAL
slow_launch_timenumericGLOBAL
sort_buffer_sizenumericGLOBAL | SESSION
sql_auto_is_nullbooleanSESSION
sql_big_selectsbooleanGLOBAL | SESSION
sql_big_tablesbooleanSESSION
sql_buffer_resultbooleanSESSION
sql_log_binbooleanSESSION
sql_log_offbooleanSESSION
sql_log_updatebooleanSESSION
sql_low_priority_updatesbooleanGLOBAL | SESSION
sql_max_join_sizenumericGLOBAL | SESSION
sql_modesetGLOBAL | SESSION
sql_notesbooleanSESSION
sql_quote_show_createbooleanSESSION
sql_safe_updatesbooleanSESSION
sql_select_limitnumericGLOBAL | SESSION
sql_slave_skip_counternumericGLOBAL
sql_warningsbooleanSESSION
storage_engineenumerationGLOBAL | SESSION
sync_binlognumericGLOBAL
sync_frmbooleanGLOBAL
table_cachenumericGLOBAL
table_lock_wait_timeoutnumericGLOBAL
table_typeenumerationGLOBAL | SESSION
thread_cache_sizenumericGLOBAL
time_zonestringGLOBAL | SESSION
timed_mutexesbooleanGLOBAL
timestampnumericSESSION
tmp_table_sizenumericGLOBAL | SESSION
transaction_alloc_block_sizenumericGLOBAL | SESSION
transaction_prealloc_sizenumericGLOBAL | SESSION
tx_isolationenumerationGLOBAL | SESSION
unique_checksbooleanSESSION
updatable_views_with_limitbooleanGLOBAL | SESSION
wait_timeoutnumericGLOBAL | SESSION

MySQL Enterprise Improper configuration of system variables can adversely affect performance and security. The MySQL Enterprise Monitor continually monitors system variables and provides expert advice about appropriate settings. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

5.1.6. Server Status Variables

The server maintains many status variables that provide information about its operation. You can view these variables and their values by using the SHOW [GLOBAL | SESSION] STATUS statement (see Section 12.5.5.32, “SHOW STATUS Syntax”). The optional GLOBAL keyword aggregates the values over all connections, and SESSION shows the values for the current connection.

mysql> SHOW GLOBAL STATUS;
+-----------------------------------+------------+
| Variable_name                     | Value      |
+-----------------------------------+------------+
| Aborted_clients                   | 0          |
| Aborted_connects                  | 0          |
| Bytes_received                    | 155372598  |
| Bytes_sent                        | 1176560426 |
...
| Connections                       | 30023      |
| Created_tmp_disk_tables           | 0          |
| Created_tmp_files                 | 3          |
| Created_tmp_tables                | 2          |
...
| Threads_created                   | 217        |
| Threads_running                   | 88         |
| Uptime                            | 1389872    |
+-----------------------------------+------------+

The following table lists all available server status variables:

Table 5.5. Status Variable Summary

Variable NameVariable TypeVariable Scope
Aborted_clientsnumericGLOBAL
Aborted_connectsnumericGLOBAL
Binlog_cache_disk_usenumericGLOBAL
Binlog_cache_usenumericGLOBAL
Bytes_receivednumericGLOBAL | SESSION
Bytes_sentnumericGLOBAL | SESSION
Com_admin_commandsnumericGLOBAL | SESSION
Com_alter_dbnumericGLOBAL | SESSION
Com_alter_eventnumericGLOBAL | SESSION
Com_alter_tablenumericGLOBAL | SESSION
Com_analyzenumericGLOBAL | SESSION
Com_backup_tablenumericGLOBAL | SESSION
Com_beginnumericGLOBAL | SESSION
Com_call_procedurenumericGLOBAL | SESSION
Com_change_dbnumericGLOBAL | SESSION
Com_change_masternumericGLOBAL | SESSION
Com_checknumericGLOBAL | SESSION
Com_checksumnumericGLOBAL | SESSION
Com_commitnumericGLOBAL | SESSION
Com_create_dbnumericGLOBAL | SESSION
Com_create_eventnumericGLOBAL | SESSION
Com_create_functionnumericGLOBAL | SESSION
Com_create_indexnumericGLOBAL | SESSION
Com_create_tablenumericGLOBAL | SESSION
Com_create_usernumericGLOBAL | SESSION
Com_dealloc_sqlnumericGLOBAL | SESSION
Com_deletenumericGLOBAL | SESSION
Com_delete_multinumericGLOBAL | SESSION
Com_donumericGLOBAL | SESSION
Com_drop_dbnumericGLOBAL | SESSION
Com_drop_eventnumericGLOBAL | SESSION
Com_drop_functionnumericGLOBAL | SESSION
Com_drop_indexnumericGLOBAL | SESSION
Com_drop_tablenumericGLOBAL | SESSION
Com_drop_usernumericGLOBAL | SESSION
Com_execute_sqlnumericGLOBAL | SESSION
Com_flushnumericGLOBAL | SESSION
Com_grantnumericGLOBAL | SESSION
Com_ha_closenumericGLOBAL | SESSION
Com_ha_opennumericGLOBAL | SESSION
Com_ha_readnumericGLOBAL | SESSION
Com_helpnumericGLOBAL | SESSION
Com_insertnumericGLOBAL | SESSION
Com_insert_selectnumericGLOBAL | SESSION
Com_killnumericGLOBAL | SESSION
Com_loadnumericGLOBAL | SESSION
Com_lock_tablesnumericGLOBAL | SESSION
Com_optimizenumericGLOBAL | SESSION
Com_preload_keysnumericGLOBAL | SESSION
Com_prepare_sqlnumericGLOBAL | SESSION
Com_purgenumericGLOBAL | SESSION
Com_purge_before_datenumericGLOBAL | SESSION
Com_rename_tablenumericGLOBAL | SESSION
Com_repairnumericGLOBAL | SESSION
Com_replacenumericGLOBAL | SESSION
Com_replace_selectnumericGLOBAL | SESSION
Com_resetnumericGLOBAL | SESSION
Com_restore_tablenumericGLOBAL | SESSION
Com_revokenumericGLOBAL | SESSION
Com_revoke_allnumericGLOBAL | SESSION
Com_rollbacknumericGLOBAL | SESSION
Com_savepointnumericGLOBAL | SESSION
Com_selectnumericGLOBAL | SESSION
Com_set_optionnumericGLOBAL | SESSION
Com_show_binlog_eventsnumericGLOBAL | SESSION
Com_show_binlogsnumericGLOBAL | SESSION
Com_show_charsetsnumericGLOBAL | SESSION
Com_show_collationsnumericGLOBAL | SESSION
Com_show_column_typesnumericGLOBAL | SESSION
Com_show_create_dbnumericGLOBAL | SESSION
Com_show_create_eventnumericGLOBAL | SESSION
Com_show_create_tablenumericGLOBAL | SESSION
Com_show_databasesnumericGLOBAL | SESSION
Com_show_engine_logsnumericGLOBAL | SESSION
Com_show_engine_mutexnumericGLOBAL | SESSION
Com_show_engine_statusnumericGLOBAL | SESSION
Com_show_errorsnumericGLOBAL | SESSION
Com_show_eventsnumericGLOBAL | SESSION
Com_show_fieldsnumericGLOBAL | SESSION
Com_show_grantsnumericGLOBAL | SESSION
Com_show_innodb_statusnumericGLOBAL | SESSION
Com_show_keysnumericGLOBAL | SESSION
Com_show_logsnumericGLOBAL | SESSION
Com_show_master_statusnumericGLOBAL | SESSION
Com_show_ndb_statusnumericGLOBAL | SESSION
Com_show_new_masternumericGLOBAL | SESSION
Com_show_open_tablesnumericGLOBAL | SESSION
Com_show_pluginsnumericGLOBAL | SESSION
Com_show_privilegesnumericGLOBAL | SESSION
Com_show_processlistnumericGLOBAL | SESSION
Com_show_slave_hostsnumericGLOBAL | SESSION
Com_show_slave_statusnumericGLOBAL | SESSION
Com_show_statusnumericGLOBAL | SESSION
Com_show_storage_enginesnumericGLOBAL | SESSION
Com_show_tablesnumericGLOBAL | SESSION
Com_show_triggersnumericGLOBAL | SESSION
Com_show_variablesnumericGLOBAL | SESSION
Com_show_warningsnumericGLOBAL | SESSION
Com_slave_startnumericGLOBAL | SESSION
Com_slave_stopnumericGLOBAL | SESSION
Com_stmt_closenumericGLOBAL | SESSION
Com_stmt_executenumericGLOBAL | SESSION
Com_stmt_fetchnumericGLOBAL | SESSION
Com_stmt_preparenumericGLOBAL | SESSION
Com_stmt_resetnumericGLOBAL | SESSION
Com_stmt_send_long_datanumericGLOBAL | SESSION
Com_truncatenumericGLOBAL | SESSION
Com_unlock_tablesnumericGLOBAL | SESSION
Com_updatenumericGLOBAL | SESSION
Com_update_multinumericGLOBAL | SESSION
Com_xa_commitnumericGLOBAL | SESSION
Com_xa_endnumericGLOBAL | SESSION
Com_xa_preparenumericGLOBAL | SESSION
Com_xa_recovernumericGLOBAL | SESSION
Com_xa_rollbacknumericGLOBAL | SESSION
Com_xa_startnumericGLOBAL | SESSION
CompressionnumericSESSION
ConnectionsnumericGLOBAL
Created_tmp_disk_tablesnumericGLOBAL | SESSION
Created_tmp_filesnumericGLOBAL
Created_tmp_tablesnumericGLOBAL | SESSION
Delayed_errorsnumericGLOBAL
Delayed_insert_threadsnumericGLOBAL
Delayed_writesnumericGLOBAL
Flush_commandsnumericGLOBAL
Handler_commitnumericGLOBAL | SESSION
Handler_deletenumericGLOBAL | SESSION
Handler_discovernumericGLOBAL | SESSION
Handler_preparenumericGLOBAL | SESSION
Handler_read_firstnumericGLOBAL | SESSION
Handler_read_keynumericGLOBAL | SESSION
Handler_read_nextnumericGLOBAL | SESSION
Handler_read_prevnumericGLOBAL | SESSION
Handler_read_rndnumericGLOBAL | SESSION
Handler_read_rnd_nextnumericGLOBAL | SESSION
Handler_rollbacknumericGLOBAL | SESSION
Handler_savepointnumericGLOBAL | SESSION
Handler_savepoint_rollbacknumericGLOBAL | SESSION
Handler_updatenumericGLOBAL | SESSION
Handler_writenumericGLOBAL | SESSION
Innodb_buffer_pool_pages_datanumericGLOBAL
Innodb_buffer_pool_pages_dirtynumericGLOBAL
Innodb_buffer_pool_pages_flushednumericGLOBAL
Innodb_buffer_pool_pages_freenumericGLOBAL
Innodb_buffer_pool_pages_latchednumericGLOBAL
Innodb_buffer_pool_pages_miscnumericGLOBAL
Innodb_buffer_pool_pages_totalnumericGLOBAL
Innodb_buffer_pool_read_ahead_rndnumericGLOBAL
Innodb_buffer_pool_read_ahead_seqnumericGLOBAL
Innodb_buffer_pool_read_requestsnumericGLOBAL
Innodb_buffer_pool_readsnumericGLOBAL
Innodb_buffer_pool_wait_freenumericGLOBAL
Innodb_buffer_pool_write_requestsnumericGLOBAL
Innodb_data_fsyncsnumericGLOBAL
Innodb_data_pending_fsyncsnumericGLOBAL
Innodb_data_pending_readsnumericGLOBAL
Innodb_data_pending_writesnumericGLOBAL
Innodb_data_readnumericGLOBAL
Innodb_data_readsnumericGLOBAL
Innodb_data_writesnumericGLOBAL
Innodb_data_writtennumericGLOBAL
Innodb_dblwr_pages_writtennumericGLOBAL
Innodb_dblwr_writesnumericGLOBAL
Innodb_log_waitsnumericGLOBAL
Innodb_log_write_requestsnumericGLOBAL
Innodb_log_writesnumericGLOBAL
Innodb_os_log_fsyncsnumericGLOBAL
Innodb_os_log_pending_fsyncsnumericGLOBAL
Innodb_os_log_pending_writesnumericGLOBAL
Innodb_os_log_writtennumericGLOBAL
Innodb_page_sizenumericGLOBAL
Innodb_pages_creatednumericGLOBAL
Innodb_pages_readnumericGLOBAL
Innodb_pages_writtennumericGLOBAL
Innodb_row_lock_current_waitsnumericGLOBAL
Innodb_row_lock_timenumericGLOBAL
Innodb_row_lock_time_avgnumericGLOBAL
Innodb_row_lock_time_maxnumericGLOBAL
Innodb_row_lock_waitsnumericGLOBAL
Innodb_rows_deletednumericGLOBAL
Innodb_rows_insertednumericGLOBAL
Innodb_rows_readnumericGLOBAL
Innodb_rows_updatednumericGLOBAL
Key_blocks_not_flushednumericGLOBAL
Key_blocks_unusednumericGLOBAL
Key_blocks_usednumericGLOBAL
Key_read_requestsnumericGLOBAL
Key_readsnumericGLOBAL
Key_write_requestsnumericGLOBAL
Key_writesnumericGLOBAL
Last_query_costnumericSESSION
Max_used_connectionsnumericGLOBAL
Ndb_cluster_node_idnumericGLOBAL | SESSION
Ndb_config_from_hostnumericGLOBAL | SESSION
Ndb_config_from_portnumericGLOBAL | SESSION
ndb-nodeidnumericGLOBAL
Not_flushed_delayed_rowsnumericGLOBAL
Open_filesnumericGLOBAL
Open_streamsnumericGLOBAL
Open_tablesnumericGLOBAL | SESSION
Opened_tablesnumericGLOBAL | SESSION
Prepared_stmt_countnumericGLOBAL
Qcache_free_blocksnumericGLOBAL
Qcache_free_memorynumericGLOBAL
Qcache_hitsnumericGLOBAL
Qcache_insertsnumericGLOBAL
Qcache_lowmem_prunesnumericGLOBAL
Qcache_not_cachednumericGLOBAL
Qcache_queries_in_cachenumericGLOBAL
Qcache_total_blocksnumericGLOBAL
QueriesnumericGLOBAL | SESSION
QuestionsnumericGLOBAL | SESSION
Rpl_statusstringGLOBAL
Select_full_joinnumericGLOBAL | SESSION
Select_full_range_joinnumericGLOBAL | SESSION
Select_rangenumericGLOBAL | SESSION
Select_range_checknumericGLOBAL | SESSION
Select_scannumericGLOBAL | SESSION
Slave_open_temp_tablesnumericGLOBAL
Slave_retried_transactionsnumericGLOBAL
Slave_runningbooleanGLOBAL
Slow_launch_threadsnumericGLOBAL | SESSION
Slow_queriesnumericGLOBAL | SESSION
Sort_merge_passesnumericGLOBAL | SESSION
Sort_rangenumericGLOBAL | SESSION
Sort_rowsnumericGLOBAL | SESSION
Sort_scannumericGLOBAL | SESSION
Ssl_accept_renegotiatesnumericGLOBAL
Ssl_acceptsnumericGLOBAL
Ssl_callback_cache_hitsnumericGLOBAL
Ssl_cipherstringGLOBAL | SESSION
Ssl_cipher_liststringGLOBAL | SESSION
Ssl_client_connectsnumericGLOBAL
Ssl_connect_renegotiatesnumericGLOBAL
Ssl_ctx_verify_depthnumericGLOBAL
Ssl_ctx_verify_modenumericGLOBAL
Ssl_default_timeoutnumericGLOBAL | SESSION
Ssl_finished_acceptsnumericGLOBAL
Ssl_finished_connectsnumericGLOBAL
Ssl_session_cache_hitsnumericGLOBAL
Ssl_session_cache_missesnumericGLOBAL
Ssl_session_cache_modestringGLOBAL
Ssl_session_cache_overflowsnumericGLOBAL
Ssl_session_cache_sizenumericGLOBAL
Ssl_session_cache_timeoutsnumericGLOBAL
Ssl_sessions_reusednumericGLOBAL | SESSION
Ssl_used_session_cache_entriesnumericGLOBAL
Ssl_verify_depthnumericGLOBAL | SESSION
Ssl_verify_modenumericGLOBAL | SESSION
Ssl_versionstringGLOBAL | SESSION
Table_locks_immediatenumericGLOBAL
Table_locks_waitednumericGLOBAL
Tc_log_max_pages_usednumericGLOBAL
Tc_log_page_sizenumericGLOBAL
Tc_log_page_waitsnumericGLOBAL
Threads_cachednumericGLOBAL
Threads_connectednumericGLOBAL
Threads_creatednumericGLOBAL
Threads_runningnumericGLOBAL
UptimenumericGLOBAL
Uptime_since_flush_statusnumericGLOBAL

Note

Before MySQL 5.0.2, SHOW STATUS returned global status values. Because the default as of 5.0.2 is to return session values, this is incompatible with previous versions. To issue a SHOW STATUS statement that will retrieve global status values for all versions of MySQL, write it like this:

SHOW /*!50002 GLOBAL */ STATUS;

Many status variables are reset to 0 by the FLUSH STATUS statement.

MySQL Enterprise For expert advice on using status variables, subscribe to the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

The status variables have the following meanings. Variables with no version indicated were already present prior to MySQL 5.0. For information regarding their implementation history, see MySQL 3.23, 4.0, 4.1 Reference Manual.

For meanings of status variables specific to MySQL Cluster, see Section 17.3.4.4, “MySQL Cluster Status Variables”.

  • Aborted_clients

    The number of connections that were aborted because the client died without closing the connection properly. See Section B.5.2.11, “Communication Errors and Aborted Connections”.

  • Aborted_connects

    The number of failed attempts to connect to the MySQL server. See Section B.5.2.11, “Communication Errors and Aborted Connections”.

  • Binlog_cache_disk_use

    The number of transactions that used the temporary binary log cache but that exceeded the value of binlog_cache_size and used a temporary file to store statements from the transaction.

  • Binlog_cache_use

    The number of transactions that used the temporary binary log cache.

  • Bytes_received

    The number of bytes received from all clients.

  • Bytes_sent

    The number of bytes sent to all clients.

  • Com_xxx

    The Com_xxx statement counter variables indicate the number of times each xxx statement has been executed. There is one status variable for each type of statement. For example, Com_delete and Com_insert count DELETE and INSERT statements, respectively. However, if a query result is returned from query cache, the server increments the Qcache_hits status variable, not Com_select. See Section 7.5.5.4, “Query Cache Status and Maintenance”.

    All of the Com_stmt_xxx variables are increased even if a prepared statement argument is unknown or an error occurred during execution. In other words, their values correspond to the number of requests issued, not to the number of requests successfully completed.

    The Com_stmt_xxx status variables were added in 5.0.8:

    • Com_stmt_prepare

    • Com_stmt_execute

    • Com_stmt_fetch

    • Com_stmt_send_long_data

    • Com_stmt_reset

    • Com_stmt_close

    Those variables stand for prepared statement commands. Their names refer to the COM_xxx command set used in the network layer. In other words, their values increase whenever prepared statement API calls such as mysql_stmt_prepare(), mysql_stmt_execute(), and so forth are executed. However, Com_stmt_prepare, Com_stmt_execute and Com_stmt_close also increase for PREPARE, EXECUTE, or DEALLOCATE PREPARE, respectively. Additionally, the values of the older statement counter variables Com_prepare_sql, Com_execute_sql, and Com_dealloc_sql increase for the PREPARE, EXECUTE, and DEALLOCATE PREPARE statements. Com_stmt_fetch stands for the total number of network round-trips issued when fetching from cursors.

  • Compression

    Whether the client connection uses compression in the client/server protocol. Added in MySQL 5.0.16.

  • Connections

    The number of connection attempts (successful or not) to the MySQL server.

  • Created_tmp_disk_tables

    The number of internal on-disk temporary tables created by the server while executing statements.

    If an internal temporary table is created initially as an in-memory table but becomes too large, MySQL automatically converts it to an on-disk table. The maximum size for in-memory temporary tables is the minimum of the tmp_table_size and max_heap_table_size values. If Created_tmp_disk_tables is large, you may want to increase the tmp_table_size or max_heap_table_size values. value to lessen the likelihood that internal temporary tables in memory will be converted to on-disk tables.

    You can compare the number of internal on-disk temporary tables created to the total number of internal temporary tables created by comparing the values of the Created_tmp_disk_tables and Created_tmp_tables variables.

    See also Section 7.5.10, “How MySQL Uses Internal Temporary Tables”.

  • Created_tmp_files

    How many temporary files mysqld has created.

  • Created_tmp_tables

    The number of internal temporary tables created by the server while executing statements.

    You can compare the number of internal on-disk temporary tables created to the total number of internal temporary tables created by comparing the values of the Created_tmp_disk_tables and Created_tmp_tables variables.

    See also Section 7.5.10, “How MySQL Uses Internal Temporary Tables”.

  • Delayed_errors

    The number of rows written with INSERT DELAYED for which some error occurred (probably duplicate key).

  • Delayed_insert_threads

    The number of INSERT DELAYED handler threads in use.

  • Delayed_writes

    The number of INSERT DELAYED rows written.

  • Flush_commands

    The number of executed FLUSH statements.

  • Handler_commit

    The number of internal COMMIT statements.

  • Handler_delete

    The number of times that rows have been deleted from tables.

  • Handler_prepare

    A counter for the prepare phase of two-phase commit operations. Added in MySQL 5.0.3.

  • Handler_read_first

    The number of times the first entry in an index was read. If this value is high, it suggests that the server is doing a lot of full index scans; for example, SELECT col1 FROM foo, assuming that col1 is indexed.

  • Handler_read_key

    The number of requests to read a row based on a key. If this value is high, it is a good indication that your tables are properly indexed for your queries.

  • Handler_read_next

    The number of requests to read the next row in key order. This value is incremented if you are querying an index column with a range constraint or if you are doing an index scan.

  • Handler_read_prev

    The number of requests to read the previous row in key order. This read method is mainly used to optimize ORDER BY ... DESC.

  • Handler_read_rnd

    The number of requests to read a row based on a fixed position. This value is high if you are doing a lot of queries that require sorting of the result. You probably have a lot of queries that require MySQL to scan entire tables or you have joins that don't use keys properly.

  • Handler_read_rnd_next

    The number of requests to read the next row in the data file. This value is high if you are doing a lot of table scans. Generally this suggests that your tables are not properly indexed or that your queries are not written to take advantage of the indexes you have.

  • Handler_rollback

    The number of requests for a storage engine to perform a rollback operation.

  • Handler_savepoint

    The number of requests for a storage engine to place a savepoint. Added in MySQL 5.0.3.

  • Handler_savepoint_rollback

    The number of requests for a storage engine to roll back to a savepoint. Added in MySQL 5.0.3.

  • Handler_update

    The number of requests to update a row in a table.

  • Handler_write

    The number of requests to insert a row in a table.

  • Innodb_buffer_pool_pages_data

    The number of pages containing data (dirty or clean). Added in MySQL 5.0.2.

  • Innodb_buffer_pool_pages_dirty

    The number of pages currently dirty. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_pages_flushed

    The number of buffer pool page-flush requests. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_pages_free

    The number of free pages. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_pages_latched

    The number of latched pages in InnoDB buffer pool. These are pages currently being read or written or that cannot be flushed or removed for some other reason. Added in MySQL 5.0.2. Calculation of this variable is expensive, so as of MySQL 5.0.68, it is available only when the UNIV_DEBUG system is defined at server build time.

  • Innodb_buffer_pool_pages_misc

    The number of pages that are busy because they have been allocated for administrative overhead such as row locks or the adaptive hash index. This value can also be calculated as Innodb_buffer_pool_pages_totalInnodb_buffer_pool_pages_freeInnodb_buffer_pool_pages_data. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_pages_total

    The total size of buffer pool, in pages. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_read_ahead_rnd

    The number of “random” read-aheads initiated by InnoDB. This happens when a query scans a large portion of a table but in random order. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_read_ahead_seq

    The number of sequential read-aheads initiated by InnoDB. This happens when InnoDB does a sequential full table scan. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_read_requests

    The number of logical read requests InnoDB has done. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_reads

    The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from the disk.

  • Innodb_buffer_pool_wait_free

    Normally, writes to the InnoDB buffer pool happen in the background. However, if it is necessary to read or create a page and no clean pages are available, it is also necessary to wait for pages to be flushed first. This counter counts instances of these waits. If the buffer pool size has been set properly, this value should be small. Added in MySQL 5.0.2.

  • Innodb_buffer_pool_write_requests

    The number writes done to the InnoDB buffer pool. Added in MySQL 5.0.2.

  • Innodb_data_fsyncs

    The number of fsync() operations so far. Added in MySQL 5.0.2.

  • Innodb_data_pending_fsyncs

    The current number of pending fsync() operations. Added in MySQL 5.0.2.

  • Innodb_data_pending_reads

    The current number of pending reads. Added in MySQL 5.0.2.

  • Innodb_data_pending_writes

    The current number of pending writes. Added in MySQL 5.0.2.

  • Innodb_data_read

    The amount of data read since the server was started. Added in MySQL 5.0.2.

  • Innodb_data_reads

    The total number of data reads. Added in MySQL 5.0.2.

  • Innodb_data_writes

    The total number of data writes. Added in MySQL 5.0.2.

  • Innodb_data_written

    The amount of data written so far, in bytes. Added in MySQL 5.0.2.

  • Innodb_dblwr_pages_written

    The number of pages that have been written for doublewrite operations. Added in MySQL 5.0.2. See Section 13.2.11.1, “InnoDB Disk I/O”.

  • Innodb_dblwr_writes

    The number of doublewrite operations that have been performed. Added in MySQL 5.0.2. See Section 13.2.11.1, “InnoDB Disk I/O”.

  • Innodb_log_waits

    The number of times that the log buffer was too small and a wait was required for it to be flushed before continuing. Added in MySQL 5.0.2.

  • Innodb_log_write_requests

    The number of log write requests. Added in MySQL 5.0.2.

  • Innodb_log_writes

    The number of physical writes to the log file. Added in MySQL 5.0.2.

  • Innodb_os_log_fsyncs

    The number of fsync() writes done to the log file. Added in MySQL 5.0.2.

  • Innodb_os_log_pending_fsyncs

    The number of pending log file fsync() operations. Added in MySQL 5.0.2.

  • Innodb_os_log_pending_writes

    The number of pending log file writes. Added in MySQL 5.0.2.

  • Innodb_os_log_written

    The number of bytes written to the log file. Added in MySQL 5.0.2.

  • Innodb_page_size

    The compiled-in InnoDB page size (default 16KB). Many values are counted in pages; the page size allows them to be easily converted to bytes. Added in MySQL 5.0.2.

  • Innodb_pages_created

    The number of pages created. Added in MySQL 5.0.2.

  • Innodb_pages_read

    The number of pages read. Added in MySQL 5.0.2.

  • Innodb_pages_written

    The number of pages written. Added in MySQL 5.0.2.

  • Innodb_row_lock_current_waits

    The number of row locks currently being waited for. Added in MySQL 5.0.3.

  • Innodb_row_lock_time

    The total time spent in acquiring row locks, in milliseconds. Added in MySQL 5.0.3.

  • Innodb_row_lock_time_avg

    The average time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.

  • Innodb_row_lock_time_max

    The maximum time to acquire a row lock, in milliseconds. Added in MySQL 5.0.3.

  • Innodb_row_lock_waits

    The number of times a row lock had to be waited for. Added in MySQL 5.0.3.

  • Innodb_rows_deleted

    The number of rows deleted from InnoDB tables. Added in MySQL 5.0.2.

  • Innodb_rows_inserted

    The number of rows inserted into InnoDB tables. Added in MySQL 5.0.2.

  • Innodb_rows_read

    The number of rows read from InnoDB tables. Added in MySQL 5.0.2.

  • Innodb_rows_updated

    The number of rows updated in InnoDB tables. Added in MySQL 5.0.2.

  • Key_blocks_not_flushed

    The number of key blocks in the key cache that have changed but have not yet been flushed to disk.

  • Key_blocks_unused

    The number of unused blocks in the key cache. You can use this value to determine how much of the key cache is in use; see the discussion of key_buffer_size in Section 5.1.3, “Server System Variables”.

  • Key_blocks_used

    The number of used blocks in the key cache. This value is a high-water mark that indicates the maximum number of blocks that have ever been in use at one time.

  • Key_read_requests

    The number of requests to read a key block from the cache.

  • Key_reads

    The number of physical reads of a key block from disk. If Key_reads is large, then your key_buffer_size value is probably too small. The cache miss rate can be calculated as Key_reads/Key_read_requests.

  • Key_write_requests

    The number of requests to write a key block to the cache.

  • Key_writes

    The number of physical writes of a key block to disk.

  • Last_query_cost

    The total cost of the last compiled query as computed by the query optimizer. This is useful for comparing the cost of different query plans for the same query. The default value of 0 means that no query has been compiled yet. This variable was added in MySQL 5.0.1, with a default value of -1. In MySQL 5.0.7, the default was changed to 0; also in version 5.0.7, the scope of Last_query_cost was changed to session rather than global.

    The Last_query_cost value can be computed accurately only for simple “flat” queries, not complex queries such as those with subqueries or UNION. For the latter, the value is set to 0.

    Prior to MySQL 5.0.16, this variable was not updated for queries served from the query cache.

  • Max_used_connections

    The maximum number of connections that have been in use simultaneously since the server started.

  • Not_flushed_delayed_rows

    The number of rows waiting to be written in INSERT DELAY queues.

  • Open_files

    The number of files that are open. This count includes regular files opened by the server. It does not include other types of files such as sockets or pipes. Also, the count does not include files that storage engines open using their own internal functions rather than asking the server level to do so.

  • Open_streams

    The number of streams that are open (used mainly for logging).

  • Open_tables

    The number of tables that are open.

  • Opened_tables

    The number of tables that have been opened. If Opened_tables is big, your table_cache value is probably too small.

  • Prepared_stmt_count

    The current number of prepared statements. (The maximum number of statements is given by the max_prepared_stmt_count system variable.) This variable was added in MySQL 5.0.32.

  • Qcache_free_blocks

    The number of free memory blocks in the query cache.

  • Qcache_free_memory

    The amount of free memory for the query cache.

  • Qcache_hits

    The number of query cache hits.

  • Qcache_inserts

    The number of queries added to the query cache.

  • Qcache_lowmem_prunes

    The number of queries that were deleted from the query cache because of low memory.

  • Qcache_not_cached

    The number of noncached queries (not cacheable, or not cached due to the query_cache_type setting).

  • Qcache_queries_in_cache

    The number of queries registered in the query cache.

  • Qcache_total_blocks

    The total number of blocks in the query cache.

  • Queries

    The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. This variable was added in MySQL 5.0.76.

  • Questions

    The number of statements executed by the server. As of MySQL 5.0.72, this includes only statements sent to the server by clients and no longer includes statements executed within stored programs, unlike the Queries variable.

  • Rpl_status

    The status of fail-safe replication (not yet implemented).

  • Select_full_join

    The number of joins that perform table scans because they do not use indexes. If this value is not 0, you should carefully check the indexes of your tables.

  • Select_full_range_join

    The number of joins that used a range search on a reference table.

  • Select_range

    The number of joins that used ranges on the first table. This is normally not a critical issue even if the value is quite large.

  • Select_range_check

    The number of joins without keys that check for key usage after each row. If this is not 0, you should carefully check the indexes of your tables.

  • Select_scan

    The number of joins that did a full scan of the first table.

  • Slave_open_temp_tables

    The number of temporary tables that the slave SQL thread currently has open.

  • Slave_retried_transactions

    The total number of times since startup that the replication slave SQL thread has retried transactions. This variable was added in version 5.0.4.

  • Slave_running

    This is ON if this server is a replication slave that is connected to a replication master, and both the I/O and SQL threads are running; otherwise, it is OFF.

  • Slow_launch_threads

    The number of threads that have taken more than slow_launch_time seconds to create.

  • Slow_queries

    The number of queries that have taken more than long_query_time seconds. See Section 5.2.4, “The Slow Query Log”.

  • Sort_merge_passes

    The number of merge passes that the sort algorithm has had to do. If this value is large, you should consider increasing the value of the sort_buffer_size system variable.

  • Sort_range

    The number of sorts that were done using ranges.

  • Sort_rows

    The number of sorted rows.

  • Sort_scan

    The number of sorts that were done by scanning the table.

  • Ssl_accept_renegotiates

    The number of negotiates needed to establish the connection.

  • Ssl_accepts

    The number of accepted SSL connections.

  • Ssl_callback_cache_hits

    The number of callback cache hits.

  • Ssl_cipher

    The current SSL cipher (empty for non-SSL connections).

  • Ssl_cipher_list

    The list of possible SSL ciphers.

  • Ssl_client_connects

    The number of SSL connection attempts to an SSL-enabled master.

  • Ssl_connect_renegotiates

    The number of negotiates needed to establish the connection to an SSL-enabled master.

  • Ssl_ctx_verify_depth

    The SSL context verification depth (how many certificates in the chain are tested).

  • Ssl_ctx_verify_mode

    The SSL context verification mode.

  • Ssl_default_timeout

    The default SSL timeout.

  • Ssl_finished_accepts

    The number of successful SSL connections to the server.

  • Ssl_finished_connects

    The number of successful slave connections to an SSL-enabled master.

  • Ssl_session_cache_hits

    The number of SSL session cache hits.

  • Ssl_session_cache_misses

    The number of SSL session cache misses.

  • Ssl_session_cache_mode

    The SSL session cache mode.

  • Ssl_session_cache_overflows

    The number of SSL session cache overflows.

  • Ssl_session_cache_size

    The SSL session cache size.

  • Ssl_session_cache_timeouts

    The number of SSL session cache timeouts.

  • Ssl_sessions_reused

    How many SSL connections were reused from the cache.

  • Ssl_used_session_cache_entries

    How many SSL session cache entries were used.

  • Ssl_verify_depth

    The verification depth for replication SSL connections.

  • Ssl_verify_mode

    The verification mode for replication SSL connections.

  • Ssl_version

    The SSL version number.

  • Table_locks_immediate

    The number of times that a request for a table lock could be granted immediately.

  • Table_locks_waited

    The number of times that a request for a table lock could not be granted immediately and a wait was needed. If this is high and you have performance problems, you should first optimize your queries, and then either split your table or tables or use replication.

  • Tc_log_max_pages_used

    For the memory-mapped implementation of the log that is used by mysqld when it acts as the transaction coordinator for recovery of internal XA transactions, this variable indicates the largest number of pages used for the log since the server started. If the product of Tc_log_max_pages_used and Tc_log_page_size is always significantly less than the log size, the size is larger than necessary and can be reduced. (The size is set by the --log-tc-size option. Currently, this variable is unused: It is unneeded for binary log-based recovery, and the memory-mapped recovery log method is not used unless the number of storage engines capable of two-phase commit is greater than one. (InnoDB is the only applicable engine.) Added in MySQL 5.0.3.

  • Tc_log_page_size

    The page size used for the memory-mapped implementation of the XA recovery log. The default value is determined using getpagesize(). Currently, this variable is unused for the same reasons as described for Tc_log_max_pages_used. Added in MySQL 5.0.3.

  • Tc_log_page_waits

    For the memory-mapped implementation of the recovery log, this variable increments each time the server was not able to commit a transaction and had to wait for a free page in the log. If this value is large, you might want to increase the log size (with the --log-tc-size option). For binary log-based recovery, this variable increments each time the binary log cannot be closed because there are two-phase commits in progress. (The close operation waits until all such transactions are finished.) Added in MySQL 5.0.3.

  • Threads_cached

    The number of threads in the thread cache.

  • Threads_connected

    The number of currently open connections.

  • Threads_created

    The number of threads created to handle connections. If Threads_created is big, you may want to increase the thread_cache_size value. The cache miss rate can be calculated as Threads_created/Connections.

  • Threads_running

    The number of threads that are not sleeping.

  • Uptime

    The number of seconds that the server has been up.

  • Uptime_since_flush_status

    The number of seconds since the most recent FLUSH STATUS statement. This variable was added in 5.0.35. (MySQL Community only)

5.1.7. Server SQL Modes

The MySQL server can operate in different SQL modes, and can apply these modes differently for different clients. This capability enables each application to tailor the server's operating mode to its own requirements.

For answers to some questions that are often asked about server SQL modes in MySQL, see Section A.3, “MySQL 5.0 FAQ — Server SQL Mode”.

Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform. This makes it easier to use MySQL in different environments and to use MySQL together with other database servers.

You can set the default SQL mode by starting mysqld with the --sql-mode="modes" option, or by using sql-mode="modes" in my.cnf (Unix operating systems) or my.ini (Windows). modes is a list of different modes separated by comma (“,”) characters. The default value is empty (no modes set). The modes value also can be empty (--sql-mode="" on the command line, or sql-mode="" in my.cnf on Unix systems or in my.ini on Windows) if you want to clear it explicitly.

You can change the SQL mode at runtime by using a SET [GLOBAL|SESSION] sql_mode='modes' statement to set the sql_mode system value. Setting the GLOBAL variable requires the SUPER privilege and affects the operation of all clients that connect from that time on. Setting the SESSION variable affects only the current client. Any client can change its own session sql_mode value at any time.

You can retrieve the current global or session sql_mode value with the following statements:

SELECT @@GLOBAL.sql_mode;
SELECT @@SESSION.sql_mode;

The most important sql_mode values are probably these:

  • ANSI

    This mode changes syntax and behavior to conform more closely to standard SQL.

  • STRICT_TRANS_TABLES

    If a value could not be inserted as given into a transactional table, abort the statement. For a nontransactional table, abort the statement if the value occurs in a single-row statement or the first row of a multiple-row statement. More detail is given later in this section. (Implemented in MySQL 5.0.2)

  • TRADITIONAL

    Make MySQL behave like a “traditional” SQL database system. A simple description of this mode is “give an error instead of a warning” when inserting an incorrect value into a column.

    Note

    The INSERT/UPDATE aborts as soon as the error is noticed. This may not be what you want if you are using a nontransactional storage engine, because data changes made prior to the error may not be rolled back, resulting in a “partially done” update. (Added in MySQL 5.0.2)

When this manual refers to “strict mode,” it means a mode where at least one of STRICT_TRANS_TABLES or STRICT_ALL_TABLES is enabled.

The following list describes all supported modes:

  • ALLOW_INVALID_DATES

    Don't do full checking of dates. Check only that the month is in the range from 1 to 12 and the day is in the range from 1 to 31. This is very convenient for Web applications where you obtain year, month, and day in three different fields and you want to store exactly what the user inserted (without date validation). This mode applies to DATE and DATETIME columns. It does not apply TIMESTAMP columns, which always require a valid date.

    This mode is implemented in MySQL 5.0.2. Before 5.0.2, this was the default MySQL date-handling mode. As of 5.0.2, the server requires that month and day values be legal, and not merely in the range 1 to 12 and 1 to 31, respectively. With strict mode disabled, invalid dates such as '2004-04-31' are converted to '0000-00-00' and a warning is generated. With strict mode enabled, invalid dates generate an error. To allow such dates, enable ALLOW_INVALID_DATES.

  • ANSI_QUOTES

    Treat “"” as an identifier quote character (like the “`” quote character) and not as a string quote character. You can still use “`” to quote identifiers with this mode enabled. With ANSI_QUOTES enabled, you cannot use double quotes to quote literal strings, because it is interpreted as an identifier.

  • ERROR_FOR_DIVISION_BY_ZERO

    Produce an error in strict mode (otherwise a warning) when a division by zero (or MOD(X,0)) occurs during an INSERT or UPDATE. If this mode is not enabled, MySQL instead returns NULL for divisions by zero. For INSERT IGNORE or UPDATE IGNORE, MySQL generates a warning for divisions by zero, but the result of the operation is NULL. (Implemented in MySQL 5.0.2)

  • HIGH_NOT_PRECEDENCE

    From MySQL 5.0.2 on, the precedence of the NOT operator is such that expressions such as NOT a BETWEEN b AND c are parsed as NOT (a BETWEEN b AND c). Before MySQL 5.0.2, the expression is parsed as (NOT a) BETWEEN b AND c. The old higher-precedence behavior can be obtained by enabling the HIGH_NOT_PRECEDENCE SQL mode. (Added in MySQL 5.0.2)

    mysql> SET sql_mode = '';
    mysql> SELECT NOT 1 BETWEEN -5 AND 5;
            -> 0
    mysql> SET sql_mode = 'HIGH_NOT_PRECEDENCE';
    mysql> SELECT NOT 1 BETWEEN -5 AND 5;
            -> 1
    
  • IGNORE_SPACE

    Allow spaces between a function name and the “(” character. This causes built-in function names to be treated as reserved words. As a result, identifiers that are the same as function names must be quoted as described in Section 8.2, “Schema Object Names”. For example, because there is a COUNT() function, the use of count as a table name in the following statement causes an error:

    mysql> CREATE TABLE count (i INT);
    ERROR 1064 (42000): You have an error in your SQL syntax
    

    The table name should be quoted:

    mysql> CREATE TABLE `count` (i INT);
    Query OK, 0 rows affected (0.00 sec)
    

    The IGNORE_SPACE SQL mode applies to built-in functions, not to user-defined functions or stored functions. It is always allowable to have spaces after a UDF or stored function name, regardless of whether IGNORE_SPACE is enabled.

    For further discussion of IGNORE_SPACE, see Section 8.2.3, “Function Name Parsing and Resolution”.

  • NO_AUTO_CREATE_USER

    Prevent the GRANT statement from automatically creating new users if it would otherwise do so, unless a nonempty password also is specified. (Added in MySQL 5.0.2)

  • NO_AUTO_VALUE_ON_ZERO

    NO_AUTO_VALUE_ON_ZERO affects handling of AUTO_INCREMENT columns. Normally, you generate the next sequence number for the column by inserting either NULL or 0 into it. NO_AUTO_VALUE_ON_ZERO suppresses this behavior for 0 so that only NULL generates the next sequence number.

    This mode can be useful if 0 has been stored in a table's AUTO_INCREMENT column. (Storing 0 is not a recommended practice, by the way.) For example, if you dump the table with mysqldump and then reload it, MySQL normally generates new sequence numbers when it encounters the 0 values, resulting in a table with contents different from the one that was dumped. Enabling NO_AUTO_VALUE_ON_ZERO before reloading the dump file solves this problem. mysqldump now automatically includes in its output a statement that enables NO_AUTO_VALUE_ON_ZERO, to avoid this problem.

  • NO_BACKSLASH_ESCAPES

    Disable the use of the backslash character (“\”) as an escape character within strings. With this mode enabled, backslash becomes an ordinary character like any other. (Implemented in MySQL 5.0.1)

  • NO_DIR_IN_CREATE

    When creating a table, ignore all INDEX DIRECTORY and DATA DIRECTORY directives. This option is useful on slave replication servers.

  • NO_ENGINE_SUBSTITUTION

    Control automatic substitution of the default storage engine when a statement such as CREATE TABLE or ALTER TABLE specifies a storage engine that is disabled or not compiled in. (Implemented in MySQL 5.0.8)

    With NO_ENGINE_SUBSTITUTION disabled, the default engine is used and a warning occurs if the desired engine is known but disabled or not compiled in. If the desired engine is invalid (not a known engine name), an error occurs and the table is not created or altered.

    With NO_ENGINE_SUBSTITUTION enabled, an error occurs and the table is not created or altered if the desired engine is unavailable for any reason (whether disabled or invalid).

  • NO_FIELD_OPTIONS

    Do not print MySQL-specific column options in the output of SHOW CREATE TABLE. This mode is used by mysqldump in portability mode.

  • NO_KEY_OPTIONS

    Do not print MySQL-specific index options in the output of SHOW CREATE TABLE. This mode is used by mysqldump in portability mode.

  • NO_TABLE_OPTIONS

    Do not print MySQL-specific table options (such as ENGINE) in the output of SHOW CREATE TABLE. This mode is used by mysqldump in portability mode.

  • NO_UNSIGNED_SUBTRACTION

    In integer subtraction operations, do not mark the result as UNSIGNED if one of the operands is unsigned. In other words, the result of a subtraction is always signed whenever this mode is in effect, even if one of the operands is unsigned. For example, compare the type of column c2 in table t1 with that of column c2 in table t2:

    mysql> SET SQL_MODE='';
    mysql> CREATE TABLE test (c1 BIGINT UNSIGNED NOT NULL);
    mysql> CREATE TABLE t1 SELECT c1 - 1 AS c2 FROM test;
    mysql> DESCRIBE t1;
    +-------+---------------------+------+-----+---------+-------+
    | Field | Type                | Null | Key | Default | Extra |
    +-------+---------------------+------+-----+---------+-------+
    | c2    | bigint(21) unsigned |      |     | 0       |       |
    +-------+---------------------+------+-----+---------+-------+
    
    mysql> SET SQL_MODE='NO_UNSIGNED_SUBTRACTION';
    mysql> CREATE TABLE t2 SELECT c1 - 1 AS c2 FROM test;
    mysql> DESCRIBE t2;
    +-------+------------+------+-----+---------+-------+
    | Field | Type       | Null | Key | Default | Extra |
    +-------+------------+------+-----+---------+-------+
    | c2    | bigint(21) |      |     | 0       |       |
    +-------+------------+------+-----+---------+-------+
    

    Note that this means that BIGINT UNSIGNED is not 100% usable in all contexts. See Section 11.9, “Cast Functions and Operators”.

    mysql> SET SQL_MODE = '';
    mysql> SELECT CAST(0 AS UNSIGNED) - 1;
    +-------------------------+
    | CAST(0 AS UNSIGNED) - 1 |
    +-------------------------+
    |    18446744073709551615 |
    +-------------------------+
    
    mysql> SET SQL_MODE = 'NO_UNSIGNED_SUBTRACTION';
    mysql> SELECT CAST(0 AS UNSIGNED) - 1;
    +-------------------------+
    | CAST(0 AS UNSIGNED) - 1 |
    +-------------------------+
    |                      -1 |
    +-------------------------+
    
  • NO_ZERO_DATE

    In strict mode, don't allow '0000-00-00' as a valid date. You can still insert zero dates with the IGNORE option. When not in strict mode, the date is accepted but a warning is generated. (Added in MySQL 5.0.2)

  • NO_ZERO_IN_DATE

    In strict mode, do not accept dates where the year part is nonzero but the month or day part is 0 (for example, '0000-00-00' is legal but '2010-00-01' and '2010-01-00' are not). If used with the IGNORE option, MySQL inserts a '0000-00-00' date for any such date. When not in strict mode, the date is accepted but a warning is generated. (Added in MySQL 5.0.2)

  • ONLY_FULL_GROUP_BY

    Do not allow queries for which the SELECT list refers to nonaggregated columns that are not named in the GROUP BY clause. The following query is invalid with this mode enabled because address is not named in the GROUP BY clause:

    SELECT name, address, MAX(age) FROM t GROUP BY name;
    

    As of MySQL 5.0.23, this mode also restricts references to nonaggregated columns in the HAVING clause that are not named in the GROUP BY clause.

  • PIPES_AS_CONCAT

    Treat || as a string concatenation operator (same as CONCAT()) rather than as a synonym for OR.

  • REAL_AS_FLOAT

    Treat REAL as a synonym for FLOAT. By default, MySQL treats REAL as a synonym for DOUBLE.

  • STRICT_ALL_TABLES

    Enable strict mode for all storage engines. Invalid data values are rejected. Additional detail follows. (Added in MySQL 5.0.2)

  • STRICT_TRANS_TABLES

    Enable strict mode for transactional storage engines, and when possible for nontransactional storage engines. Additional details follow. (Implemented in MySQL 5.0.2)

Strict mode controls how MySQL handles input values that are invalid or missing. A value can be invalid for several reasons. For example, it might have the wrong data type for the column, or it might be out of range. A value is missing when a new row to be inserted does not contain a value for a non-NULL column that has no explicit DEFAULT clause in its definition. (For a NULL column, NULL is inserted if the value is missing.)

For transactional tables, an error occurs for invalid or missing values in a statement when either of the STRICT_ALL_TABLES or STRICT_TRANS_TABLES modes are enabled. The statement is aborted and rolled back.

For nontransactional tables, the behavior is the same for either mode, if the bad value occurs in the first row to be inserted or updated. The statement is aborted and the table remains unchanged. If the statement inserts or modifies multiple rows and the bad value occurs in the second or later row, the result depends on which strict option is enabled:

  • For STRICT_ALL_TABLES, MySQL returns an error and ignores the rest of the rows. However, in this case, the earlier rows still have been inserted or updated. This means that you might get a partial update, which might not be what you want. To avoid this, it is best to use single-row statements because these can be aborted without changing the table.

  • For STRICT_TRANS_TABLES, MySQL converts an invalid value to the closest valid value for the column and insert the adjusted value. If a value is missing, MySQL inserts the implicit default value for the column data type. In either case, MySQL generates a warning rather than an error and continues processing the statement. Implicit defaults are described in Section 10.1.4, “Data Type Default Values”.

Strict mode disallows invalid date values such as '2004-04-31'. It does not disallow dates with zero month or day parts such as '2004-04-00' or “zero” dates. To disallow these as well, enable the NO_ZERO_IN_DATE and NO_ZERO_DATE SQL modes in addition to strict mode.

If you are not using strict mode (that is, neither STRICT_TRANS_TABLES nor STRICT_ALL_TABLES is enabled), MySQL inserts adjusted values for invalid or missing values and produces warnings. In strict mode, you can produce this behavior by using INSERT IGNORE or UPDATE IGNORE. See Section 12.5.5.37, “SHOW WARNINGS Syntax”.

Strict mode does not affect whether foreign key constraints are checked. foreign_key_checks can be used for that. (See Section 5.1.4, “Session System Variables”.)

The following special modes are provided as shorthand for combinations of mode values from the preceding list. All are available in MySQL 5.0 beginning with version 5.0.0, except for TRADITIONAL, which was implemented in MySQL 5.0.2.

The descriptions include all mode values that are available in the most recent version of MySQL. For older versions, a combination mode does not include individual mode values that are not available except in newer versions.

5.1.8. Server-Side Help

MySQL Server supports a HELP statement that returns online information from the MySQL Reference manual (see Section 12.3.3, “HELP Syntax”). The proper operation of this statement requires that the help tables in the mysql database be initialized with help topic information, which is done by processing the contents of the fill_help_tables.sql script.

For a MySQL binary distribution on Unix, help table setup occurs when you run mysql_install_db. For an RPM distribution on Linux or binary distribution on Windows, help table setup occurs as part of the MySQL installation process.

For a MySQL source distribution, you can find the fill_help_tables.sql file in the scripts directory. To load the file manually, make sure that you have initialized the mysql database by running mysql_install_db, and then process the file with the mysql client as follows:

shell> mysql -u root mysql < fill_help_tables.sql

If you are working with Bazaar and a MySQL development source tree, the tree doesn't contain fill_help_tables.sql. You can download the proper file for your version of MySQL from http://dev.mysql.com/doc/. After downloading and uncompressing the file, process it with mysql as just described.

5.1.9. Server Response to Signals

On Unix, signals can be sent to processes. mysqld responds to signals sent to it as follows:

  • SIGTERM causes the server to shut down.

  • SIGHUP causes the server to reload the grant tables and flush the logs (like FLUSH PRIVILEGES and FLUSH LOGS). It also writes a status report to the error log that has this format:

    Status information:
    
    Current dir: /var/mysql/data/
    Running threads: 0  Stack size: 196608
    Current locks:
    
    Key caches:
    default
    Buffer_size:       8388600
    Block_size:           1024
    Division_limit:        100
    Age_limit:             300
    blocks used:             0
    not flushed:             0
    w_requests:              0
    writes:                  0
    r_requests:              0
    reads:                   0
    
    handler status:
    read_key:            0
    read_next:           0
    read_rnd             0
    read_first:          1
    write:               0
    delete               0
    update:              0
    
    Table status:
    Opened tables:          5
    Open tables:            0
    Open files:             7
    Open streams:           0
    
    Alarm status:
    Active alarms:   1
    Max used alarms: 2
    Next alarm time: 67
    

On some Mac OS X 10.3 versions, mysqld ignores SIGHUP and SIGQUIT.

5.1.10. The Shutdown Process

The server shutdown process takes place as follows:

  1. The shutdown process is initiated.

    Server shutdown can be initiated several ways. For example, a user with the SHUTDOWN privilege can execute a mysqladmin shutdown command. mysqladmin can be used on any platform supported by MySQL. Other operating system-specific shutdown initiation methods are possible as well: The server shuts down on Unix when it receives a SIGTERM signal. A server running as a service on Windows shuts down when the services manager tells it to.

  2. The server creates a shutdown thread if necessary.

    Depending on how shutdown was initiated, the server might create a thread to handle the shutdown process. If shutdown was requested by a client, a shutdown thread is created. If shutdown is the result of receiving a SIGTERM signal, the signal thread might handle shutdown itself, or it might create a separate thread to do so. If the server tries to create a shutdown thread and cannot (for example, if memory is exhausted), it issues a diagnostic message that appears in the error log:

    Error: Can't create thread to kill server
    
  3. The server stops accepting new connections.

    To prevent new activity from being initiated during shutdown, the server stops accepting new client connections. It does this by closing the network connections to which it normally listens for connections: the TCP/IP port, the Unix socket file, the Windows named pipe, and shared memory on Windows.

  4. The server terminates current activity.

    For each thread that is associated with a client connection, the connection to the client is broken and the thread is marked as killed. Threads die when they notice that they are so marked. Threads for idle connections die quickly. Threads that currently are processing statements check their state periodically and take longer to die. For additional information about thread termination, see Section 12.5.6.3, “KILL Syntax”, in particular for the instructions about killed REPAIR TABLE or OPTIMIZE TABLE operations on MyISAM tables.

    For threads that have an open transaction, the transaction is rolled back. Note that if a thread is updating a nontransactional table, an operation such as a multiple-row UPDATE or INSERT may leave the table partially updated, because the operation can terminate before completion.

    If the server is a master replication server, threads associated with currently connected slaves are treated like other client threads. That is, each one is marked as killed and exits when it next checks its state.

    If the server is a slave replication server, the I/O and SQL threads, if active, are stopped before client threads are marked as killed. The SQL thread is allowed to finish its current statement (to avoid causing replication problems), and then stops. If the SQL thread was in the middle of a transaction at this point, the transaction is rolled back.

  5. Storage engines are shut down or closed.

    At this stage, the table cache is flushed and all open tables are closed.

    Each storage engine performs any actions necessary for tables that it manages. For example, MyISAM flushes any pending index writes for a table. InnoDB flushes its buffer pool to disk (starting from 5.0.5: unless innodb_fast_shutdown is 2), writes the current LSN to the tablespace, and terminates its own internal threads.

  6. The server exits.

5.2. MySQL Server Logs

MySQL has several different logs that can help you find out what is going on inside mysqld.

Log TypeInformation Written to Log
The error logProblems encountered starting, running, or stopping mysqld
The general query logEstablished client connections and statements received from clients
The binary logAll statements that change data (also used for replication)
The slow query logAll queries that took more than long_query_time seconds to execute or didn't use indexes

By default, all log files are created in the mysqld data directory. You can force mysqld to close and reopen the log files (or in some cases switch to a new log) by flushing the logs. Log flushing occurs when you issue a FLUSH LOGS statement or execute a mysqladmin flush-logs, mysqladmin refresh, mysqldump --flush-logs, or mysqldump --master-data command. See Section 12.5.6.2, “FLUSH Syntax”, Section 4.5.2, “mysqladmin — Client for Administering a MySQL Server”, and Section 4.5.4, “mysqldump — A Database Backup Program”. In addition, the binary log is flushed when its size reaches the value of the max_binlog_size system variable.

If you are using MySQL replication capabilities, slave replication servers maintain additional log files called relay logs. Chapter 16, Replication, discusses relay log contents and configuration.

See Section 5.5.6.1, “Administrator Guidelines for Password Security”, for information about keeping logs secure.

MySQL Enterprise The MySQL Enterprise Monitor provides a number of advisors specifically related to the various log files. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

5.2.1. The Error Log

The error log contains information indicating when mysqld was started and stopped and also any critical errors that occur while the server is running. If mysqld notices a table that needs to be automatically checked or repaired, it writes a message to the error log.

On some operating systems, the error log contains a stack trace if mysqld dies. The trace can be used to determine where mysqld died. See MySQL Internals: Porting.

You can specify where mysqld writes the error log with the --log-error[=file_name] option. If no file_name value is given, mysqld uses the name host_name.err by default. The server creates the file in the data directory unless an absolute path name is given to specify a different directory. If you execute FLUSH LOGS, the error log is renamed with the suffix -old and mysqld creates a new empty log file. (No renaming occurs if the --log-error option was not given to mysqld.)

If you do not specify --log-error, or (on Windows) if you use the --console option, errors are written to stderr, the standard error output. Usually this is your terminal.

On Windows, error output is always written to the .err file if --console is not given.

In addition, on Windows, events and error messages are written to the Windows Event Log within the Application log. Entries marked as Warning and Note are written to the Event Log, but informational messages (such as information statements from individual storage engines) are not copied to the Event Log. The log entries will have a source of MySQL. You cannot disable writing information to the Windows Event Log.

The --log-warnings option or log_warnings system variable can be used to control warning logging to the error log. The default value is enabled (1). Warning logging can be disabled using a value of 0. If the value is greater than 1, aborted connections are written to the error log. See Section B.5.2.11, “Communication Errors and Aborted Connections”.

If you use mysqld_safe to start mysqld, mysqld_safe arranges for mysqld to write error messages to a log file. If you specify a file name via --log-error to mysqld_safe or mysqld, that file name is used. Otherwise, mysqld_safe uses the default error log file.

If mysqld_safe is used to start mysqld and mysqld dies unexpectedly, mysqld_safe notices that it needs to restart mysqld and writes a restarted mysqld message to the error log.

5.2.2. The General Query Log

The general query log is a general record of what mysqld is doing. The server writes information to this log when clients connect or disconnect, and it logs each SQL statement received from clients. The general query log can be very useful when you suspect an error in a client and want to know exactly what the client sent to mysqld.

mysqld writes statements to the query log in the order that it receives them, which might differ from the order in which they are executed. This logging order contrasts to the binary log, for which statements are written after they are executed but before any locks are released. (Also, the query log contains all statements, whereas the binary log does not contain statements that only select data.)

To enable the general query log, start mysqld with the --log[=file_name] or -l [file_name] option.

If no file_name value is given for --log or -l, the default name is host_name.log. The server creates the file in the data directory unless an absolute path name is given to specify a different directory.

Server restarts and log flushing do not cause a new general query log file to be generated (although flushing closes and reopens it). On Unix, you can rename the file and create a new one by using the following commands:

shell> mv host_name.log host_name-old.log
shell> mysqladmin flush-logs
shell> cp host_name-old.log backup-directory
shell> rm host_name-old.log

Before 5.0.17, you cannot rename a log file on Windows while the server has it open. You must stop the server and rename the file, and then restart the server to create a new log file. As of 5.0.17, this applies only to the error log. However, a stop and restart can be avoided by using FLUSH LOGS, which causes the server to rename the error log with an -old suffix and open a new error log.

The general query log should be protected because logged statements might contain passwords. See Section 5.5.6.1, “Administrator Guidelines for Password Security”.

5.2.3. The Binary Log

The binary log contains all statements that update data or potentially could have updated it (for example, a DELETE which matched no rows). Statements are stored in the form of “events” that describe the modifications. The binary log also contains information about how long each statement took that updated data. The binary log has two important purposes:

  • For replication, the binary log is used on master replication servers as a record of the statements to be sent to slave servers. The master server sends the events contained in its binary log to its slaves, which execute those events to make the same data changes that were made on the master. See Section 16.4, “Replication Implementation”.

  • Certain data recovery operations require use of the binary log. After a backup file has been restored, the events in the binary log that were recorded after the backup was made are re-executed. These events bring databases up to date from the point of the backup. See Section 6.4, “Point-in-Time (Incremental) Recovery Using the Binary Log”.

Note

The binary log has replaced the old update log, which is no longer available as of MySQL 5.0. The binary log contains all information that is available in the update log in a more efficient format and in a manner that is transaction-safe. If you are using transactions, you must use the MySQL binary log for backups instead of the old update log.

Running the server with the binary log enabled makes performance about 1% slower. However, the benefits of the binary log in allowing you to set up replication and for restore operations generally outweigh this minor performance decrement.

For information about server options and variables affecting the operation of binary logging, see Section 16.1.2.4, “Binary Log Options and Variables”.

The binary log is not used for statements such as SELECT or SHOW that do not modify data. If you want to log all statements (for example, to identify a problem query), use the general query log. See Section 5.2.2, “The General Query Log”.

The binary log should be protected because logged statements might contain passwords. See Section 5.5.6.1, “Administrator Guidelines for Password Security”.

MySQL Enterprise The binary log can also be used to track significant DDL events. Analyzing the binary log in this way is an integral part of the MySQL Enterprise Monitor. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

To enable the binary log, start the server with the --log-bin[=base_name] option. mysqld writes a log file containing all SQL statements that update data (both DDL and DML statements). If no base_name value is given, the default name is the value of the pid-file option (which by default is the name of host machine) followed by -bin. If the basename is given, the server writes the file in the data directory unless the basename is given with a leading absolute path name to specify a different directory. It is recommended that you specify a basename; see Additional Known Issues, for the reason.

Note

From MySQL 5.0.41 through 5.0.52, “mysql” was used when no base_name was specified. Also in these versions, a path given as part of the --log-bin options was treated as absolute rather than relative. The previous behaviors were restored in MySQL 5.0.54. (See Bug#28603 and Bug#28597.)

If you supply an extension in the log name (for example, --log-bin=base_name.extension), the extension is silently removed and ignored.

mysqld appends a numeric extension to the binary log basename to generate binary log file names. The number increases each time the server creates a new log file, thus creating an ordered series of files. The server creates a new file in the series each time it starts or flushes the logs. The server also creates a new binary log file automatically after the current log's size reaches max_binlog_size. A binary log file may become larger than max_binlog_size if you are using large transactions because a transaction is written to the file in one piece, never split between files.

To keep track of which binary log files have been used, mysqld also creates a binary log index file that contains the names of all used binary log files. By default, this has the same basename as the binary log file, with the extension '.index'. You can change the name of the binary log index file with the --log-bin-index[=file_name] option. You should not manually edit this file while mysqld is running; doing so would confuse mysqld.

The server evaluates the --binlog-do-db and --binlog-ignore-db options in the same way as it does the --replicate-do-db and --replicate-ignore-db options. For information about how this is done, see Section 16.4.3.1, “Evaluation of Database-Level Replication and Binary Logging Options”.

A replication slave server by default does not write to its own binary log any data modifications that are received from the replication master. To log these modifications, start the slave with the --log-slave-updates option (see Section 16.1.2.3, “Replication Slave Options and Variables”).

You can delete all binary log files with the RESET MASTER statement, or a subset of them with PURGE BINARY LOGS. See Section 12.5.6.5, “RESET Syntax”, and Section 12.6.1.1, “PURGE BINARY LOGS Syntax”.

If you are using replication, you should not delete old binary log files on the master until you are sure that no slave still needs to use them. For example, if your slaves never run more than three days behind, once a day you can execute mysqladmin flush-logs on the master and then remove any logs that are more than three days old. You can remove the files manually, but it is preferable to use PURGE BINARY LOGS, which also safely updates the binary log index file for you (and which can take a date argument). See Section 12.6.1.1, “PURGE BINARY LOGS Syntax”.

A client that has the SUPER privilege can disable binary logging of its own statements by using a SET sql_log_bin=0 statement. See Section 5.1.4, “Session System Variables”.

You can display the contents of binary log files with the mysqlbinlog utility. This can be useful when you want to reprocess statements in the log for a recovery operation. For example, you can update a MySQL server from the binary log as follows:

shell> mysqlbinlog log_file | mysql -h server_name

mysqlbinlog also can be used to display relay log file contents because they are written using the same format as binary log files. For more information on the mysqlbinlog utility and how to use it, see Section 4.6.7, “mysqlbinlog — Utility for Processing Binary Log Files”. For more information about the binary log and recovery operations, see Section 6.4, “Point-in-Time (Incremental) Recovery Using the Binary Log”.

Binary logging is done immediately after a statement completes but before any locks are released or any commit is done. This ensures that the log is logged in execution order.

Updates to nontransactional tables are stored in the binary log immediately after execution. In MySQL 5.0.53 and earlier versions of MySQL 5.0, an UPDATE statement using a stored function that modified a nontransactional table was not logged if it failed, and an INSERT ... ON DUPLICATE KEY UPDATE statement that encountered a duplicate key constraint — but did not actually change any data — was not logged. Beginning with MySQL 5.0.54, both of these statements are written to the binary log. (Bug#23333)

Within an uncommitted transaction, all updates (UPDATE, DELETE, or INSERT) that change transactional tables such as BDB or InnoDB tables are cached until a COMMIT statement is received by the server. At that point, mysqld writes the entire transaction to the binary log before the COMMIT is executed. When the thread that handles the transaction starts, it allocates a buffer of binlog_cache_size to buffer statements. If a statement is bigger than this, the thread opens a temporary file to store the transaction. The temporary file is deleted when the thread ends.

The Binlog_cache_use status variable shows the number of transactions that used this buffer (and possibly a temporary file) for storing statements. The Binlog_cache_disk_use status variable shows how many of those transactions actually had to use a temporary file. These two variables can be used for tuning binlog_cache_size to a large enough value that avoids the use of temporary files.

The max_binlog_cache_size system variable (default 4GB, which is also the maximum) can be used to restrict the total size used to cache a multiple-statement transaction. If a transaction is larger than this many bytes, it fails and rolls back. The minimum value is 4096.

Modifications to nontransactional tables cannot be rolled back. If a transaction that is rolled back includes modifications to nontransactional tables, the entire transaction is logged with a ROLLBACK statement at the end to ensure that the modifications to those tables are replicated.

If you are using the binary log and row based logging, concurrent inserts are converted to normal inserts for CREATE ... SELECT or INSERT ... SELECT statement. This is done to ensure that you can re-create an exact copy of your tables by applying the log during a backup operation. If you are using statement-based logging, the original statement is written to the log.

The binary log format has some known limitations that can affect recovery from backups. See Section 16.3.1, “Replication Features and Issues”.

Binary logging for stored programs is done as described in Section 18.5, “Binary Logging of Stored Programs”.

Note that the binary log format differs in MySQL 5.0 from previous versions of MySQL, due to enhancements in replication. See Section 16.3.2, “Replication Compatibility Between MySQL Versions”.

Writes to the binary log file and binary log index file are handled in the same way as writes to MyISAM tables. See Section B.5.4.3, “How MySQL Handles a Full Disk”.

By default, the binary log is not synchronized to disk at each write. So if the operating system or machine (not only the MySQL server) crashes, there is a chance that the last statements of the binary log are lost. To prevent this, you can make the binary log be synchronized to disk after every N writes to the binary log, with the sync_binlog system variable. See Section 5.1.3, “Server System Variables”. 1 is the safest value for sync_binlog, but also the slowest. Even with sync_binlog set to 1, there is still the chance of an inconsistency between the table content and binary log content in case of a crash. For example, if you are using InnoDB tables and the MySQL server processes a COMMIT statement, it writes the whole transaction to the binary log and then commits this transaction into InnoDB. If the server crashes between those two operations, the transaction is rolled back by InnoDB at restart but still exists in the binary log. This problem can be solved with the --innodb_safe_binlog option, which adds consistency between the content of InnoDB tables and the binary log. (Note: --innodb_safe_binlog is unneeded as of MySQL 5.0; it was made obsolete by the introduction of XA transaction support.)

For this option to provide a greater degree of safety, the MySQL server should also be configured to synchronize the binary log and the InnoDB logs to disk at every transaction. The InnoDB logs are synchronized by default, and sync_binlog=1 can be used to synchronize the binary log. The effect of this option is that at restart after a crash, after doing a rollback of transactions, the MySQL server cuts rolled back InnoDB transactions from the binary log. This ensures that the binary log reflects the exact data of InnoDB tables, and so, that the slave remains in synchrony with the master (not receiving a statement which has been rolled back).

Note that --innodb_safe_binlog can be used even if the MySQL server updates other storage engines than InnoDB. Only statements and transactions that affect InnoDB tables are subject to removal from the binary log at InnoDB's crash recovery. If the MySQL server discovers at crash recovery that the binary log is shorter than it should have been, it lacks at least one successfully committed InnoDB transaction. This should not happen if sync_binlog=1 and the disk/file system do an actual sync when they are requested to (some don't), so the server prints an error message The binary log <name> is shorter than its expected size. In this case, this binary log is not correct and replication should be restarted from a fresh snapshot of the master's data.

For MySQL 5.0.46, the session values of the following system variables are written to the binary log and honored by the replication slave when parsing the binary log:

5.2.4. The Slow Query Log

The slow query log consists of all SQL statements that took more than long_query_time seconds to execute. The time to acquire the initial table locks is not counted as execution time. mysqld writes a statement to the slow query log after it has been executed and after all locks have been released, so log order might be different from execution order. The minimum and default values of long_query_time are 1 and 10, respectively.

To enable the slow query log, start mysqld with the --log-slow-queries[=file_name] option.

If no file_name value is given for --log-slow-queries, the default name is host_name-slow.log. The server creates the file in the data directory unless an absolute path name is given to specify a different directory.

The slow query log can be used to find queries that take a long time to execute and are therefore candidates for optimization. However, examining a long slow query log can become a difficult task. To make this easier, you can process a slow query log file using the mysqldumpslow command to summarize the queries that appear in the log. See Section 4.6.8, “mysqldumpslow — Summarize Slow Query Log Files”.

In MySQL 5.0, queries that do not use indexes are logged in the slow query log if the --log-queries-not-using-indexes option is specified. See Section 5.1.2, “Server Command Options”.

MySQL Enterprise Excessive table scans are indicative of missing or poorly optimized indexes. Using an advisor specifically designed for the task, the MySQL Enterprise Monitor can identify such problems and offer advice on resolution. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

In MySQL 5.0, the --log-slow-admin-statements server option enables you to request logging of slow administrative statements such as OPTIMIZE TABLE, ANALYZE TABLE, and ALTER TABLE to the slow query log.

Queries handled by the query cache are not added to the slow query log, nor are queries that would not benefit from the presence of an index because the table has zero rows or one row.

Replication slaves do not write replicated queries to the slow query log, even if the same queries were written to the slow query log on the master. This is a known issue which we intend to fix in a future version of MySQL. (Bug#23300)

The slow query log should be protected because logged statements might contain passwords. See Section 5.5.6.1, “Administrator Guidelines for Password Security”.

5.2.5. Server Log Maintenance

MySQL Server can create a number of different log files that make it easy to see what is going on. See Section 5.2, “MySQL Server Logs”. However, you must clean up these files regularly to ensure that the logs do not take up too much disk space.

When using MySQL with logging enabled, you may want to back up and remove old log files from time to time and tell MySQL to start logging to new files. See Section 6.2, “Database Backup Methods”.

On a Linux (Red Hat) installation, you can use the mysql-log-rotate script for this. If you installed MySQL from an RPM distribution, this script should have been installed automatically. You should be careful with this script if you are using the binary log for replication. You should not remove binary logs until you are certain that their contents have been processed by all slaves.

On other systems, you must install a short script yourself that you start from cron (or its equivalent) for handling log files.

For the binary log, you can set the expire_logs_days system variable to expire binary log files automatically after a given number of days (see Section 5.1.3, “Server System Variables”). If you are using replication, you should set the variable no lower than the maximum number of days your slaves might lag behind the master.

You can force MySQL to start using new log files by flushing the logs. Log flushing occurs when you issue a FLUSH LOGS statement or execute a mysqladmin flush-logs, mysqladmin refresh, mysqldump --flush-logs, or mysqldump --master-data command. See Section 12.5.6.2, “FLUSH Syntax”, Section 4.5.2, “mysqladmin — Client for Administering a MySQL Server”, and Section 4.5.4, “mysqldump — A Database Backup Program”. In addition, the binary log is flushed when its size reaches the value of the max_binlog_size system variable.

A log flushing operation does the following:

  • If general query logging (--log) or slow query logging (--log-slow-queries) to a log file is enabled, the server closes and reopens the general query log file or slow query log file.

  • If binary logging (--log-bin) is used, the server closes the current log file and opens a new log file with the next sequence number.

  • If the server was given an error log file name with the --log-error option, it renames the error log with the suffix -old and creates a new empty error log file.

The server creates a new binary log file when you flush the logs. However, it just closes and reopens the general and slow query log files. To cause new files to be created on Unix, rename the current logs before flushing them. At flush time, the server will open new logs with the original names. For example, if the general and slow query logs are named mysql.log and mysql-slow.log, you can use a series of commands like this:

shell> cd mysql-data-directory
shell> mv mysql.log mysql.old
shell> mv mysql-slow.log mysql-slow.old
shell> mysqladmin flush-logs

At this point, you can make a backup of mysql.old and mysql-slow.log and then remove them from disk.

Before 5.0.17, you cannot rename a log file on Windows while the server has it open. You must stop the server and rename the file, and then restart the server to create a new log file. As of 5.0.17, this applies only to the error log. However, a stop and restart can be avoided by using FLUSH LOGS, which causes the server to rename the error log with an -old suffix and open a new error log.

The session sql_log_off variable can be set to ON or OFF to disable or enable general query logging for the current connection.

5.3. General Security Issues

This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Section 5.4, “The MySQL Access Privilege System”.

For answers to some questions that are often asked about MySQL Server security issues, see Section A.9, “MySQL 5.0 FAQ — Security”.

5.3.1. General Security Guidelines

Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.

In discussing security, we emphasize the necessity of fully protecting the entire server host (not just the MySQL server) against all types of applicable attacks: eavesdropping, altering, playback, and denial of service. We do not cover all aspects of availability and fault tolerance here.

MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform. There is also support for SSL-encrypted connections between MySQL clients and servers. Many of the concepts discussed here are not specific to MySQL at all; the same general ideas apply to almost all applications.

When running MySQL, follow these guidelines whenever possible:

  • Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database! This is critical.

  • Learn the MySQL access privilege system. The GRANT and REVOKE statements are used for controlling access to MySQL. Do not grant more privileges than necessary. Never grant privileges to all hosts.

    Checklist:

    • Try mysql -u root. If you are able to connect successfully to the server without being asked for a password, anyone can connect to your MySQL server as the MySQL root user with full privileges! Review the MySQL installation instructions, paying particular attention to the information about setting a root password. See Section 2.17.3, “Securing the Initial MySQL Accounts”.

    • Use the SHOW GRANTS statement to check which accounts have access to what. Then use the REVOKE statement to remove those privileges that are not necessary.

  • Do not store any plain-text passwords in your database. If your computer becomes compromised, the intruder can take the full list of passwords and use them. Instead, use MD5(), SHA1(), or some other one-way hashing function and store the hash value.

  • Do not choose passwords from dictionaries. Special programs exist to break passwords. Even passwords like “xfish98” are very bad. Much better is “duag98” which contains the same word “fish” but typed one key to the left on a standard QWERTY keyboard. Another method is to use a password that is taken from the first characters of each word in a sentence (for example, “Mary had a little lamb” results in a password of “Mhall”). The password is easy to remember and type, but difficult to guess for someone who does not know the sentence.

    MySQL Enterprise MySQL Enterprise subscribers can find an example of a function that checks password security in the Knowledge Base article, Checking Password Complexity. To subscribe to MySQL Enterprise see http://www.mysql.com/products/enterprise/advisors.html.

  • Invest in a firewall. This protects you from at least 50% of all types of exploits in any software. Put MySQL behind the firewall or in a demilitarized zone (DMZ).

    Checklist:

    • Try to scan your ports from the Internet using a tool such as nmap. MySQL uses port 3306 by default. This port should not be accessible from untrusted hosts. Another simple way to check whether or not your MySQL port is open is to try the following command from some remote machine, where server_host is the host name or IP number of the host on which your MySQL server runs:

      shell> telnet server_host 3306
      

      If you get a connection and some garbage characters, the port is open, and should be closed on your firewall or router, unless you really have a good reason to keep it open. If telnet hangs or the connection is refused, the port is blocked, which is how you want it to be.

  • Do not trust any data entered by users of your applications. They can try to trick your code by entering special or escaped character sequences in Web forms, URLs, or whatever application you have built. Be sure that your application remains secure if a user enters something like “; DROP DATABASE mysql;”. This is an extreme example, but large security leaks and data loss might occur as a result of hackers using similar techniques, if you do not prepare for them.

    A common mistake is to protect only string data values. Remember to check numeric data as well. If an application generates a query such as SELECT * FROM table WHERE ID=234 when a user enters the value 234, the user can enter the value 234 OR 1=1 to cause the application to generate the query SELECT * FROM table WHERE ID=234 OR 1=1. As a result, the server retrieves every row in the table. This exposes every row and causes excessive server load. The simplest way to protect from this type of attack is to use single quotes around the numeric constants: SELECT * FROM table WHERE ID='234'. If the user enters extra information, it all becomes part of the string. In a numeric context, MySQL automatically converts this string to a number and strips any trailing nonnumeric characters from it.

    Sometimes people think that if a database contains only publicly available data, it need not be protected. This is incorrect. Even if it is allowable to display any row in the database, you should still protect against denial of service attacks (for example, those that are based on the technique in the preceding paragraph that causes the server to waste resources). Otherwise, your server becomes unresponsive to legitimate users.

    Checklist:

    • Try to enter single and double quote marks (“'” and “"”) in all of your Web forms. If you get any kind of MySQL error, investigate the problem right away.

    • Try to modify dynamic URLs by adding %22 (“"”), %23 (“#”), and %27 (“'”) to them.

    • Try to modify data types in dynamic URLs from numeric to character types using the characters shown in the previous examples. Your application should be safe against these and similar attacks.

    • Try to enter characters, spaces, and special symbols rather than numbers in numeric fields. Your application should remove them before passing them to MySQL or else generate an error. Passing unchecked values to MySQL is very dangerous!

    • Check the size of data before passing it to MySQL.

    • Have your application connect to the database using a user name different from the one you use for administrative purposes. Do not give your applications any access privileges they do not need.

  • Many application programming interfaces provide a means of escaping special characters in data values. Properly used, this prevents application users from entering values that cause the application to generate statements that have a different effect than you intend:

    • MySQL C API: Use the mysql_real_escape_string() API call.

    • MySQL++: Use the escape and quote modifiers for query streams.

    • PHP: Use the mysql_real_escape_string() function (available as of PHP 4.3.0, prior to that PHP version use mysql_escape_string(), and prior to PHP 4.0.3, use addslashes() ). Note that only mysql_real_escape_string() is character set-aware; the other functions can be “bypassed” when using (invalid) multi-byte character sets. In PHP 5, you can use the mysqli extension, which supports the improved MySQL authentication protocol and passwords, as well as prepared statements with placeholders.

    • Perl DBI: Use placeholders or the quote() method.

    • Ruby DBI: Use placeholders or the quote() method.

    • Java JDBC: Use a PreparedStatement object and placeholders.

    Other programming interfaces might have similar capabilities.

  • Do not transmit plain (unencrypted) data over the Internet. This information is accessible to everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an encrypted protocol such as SSL or SSH. MySQL supports internal SSL connections as of version 4.0. Another technique is to use SSH port-forwarding to create an encrypted (and compressed) tunnel for the communication.

  • Learn to use the tcpdump and strings utilities. In most cases, you can check whether MySQL data streams are unencrypted by issuing a command like the following:

    shell> tcpdump -l -i eth0 -w - src or dst port 3306 | strings
    

    This works under Linux and should work with small modifications under other systems.

    Warning

    If you do not see plaintext data, this does not always mean that the information actually is encrypted. If you need high security, you should consult with a security expert.

5.3.2. Making MySQL Secure Against Attackers

When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure. If you are still using pre-4.1.1-style passwords, the encryption algorithm is not as strong as the newer algorithm. With some effort, a clever attacker who can sniff the traffic between the client and the server can crack the password. (See Section 5.5.6.3, “Password Hashing in MySQL”, for a discussion of the different password handling methods.)

MySQL Enterprise The MySQL Enterprise Monitor enforces best practices for maximizing the security of your servers. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

All other information is transferred as text, and can be read by anyone who is able to watch the connection. If the connection between the client and the server goes through an untrusted network, and you are concerned about this, you can use the compressed protocol to make traffic much more difficult to decipher. You can also use MySQL's internal SSL support to make the connection even more secure. See Section 5.5.7, “Using SSL for Secure Connections”. Alternatively, use SSH to get an encrypted TCP/IP connection between a MySQL server and a MySQL client. You can find an Open Source SSH client at http://www.openssh.org/, and a commercial SSH client at http://www.ssh.com/.

To make a MySQL system secure, you should strongly consider the following suggestions:

  • Require all MySQL accounts to have a password. A client program does not necessarily know the identity of the person running it. It is common for client/server applications that the user can specify any user name to the client program. For example, anyone can use the mysql program to connect as any other person simply by invoking it as mysql -u other_user db_name if other_user has no password. If all accounts have a password, connecting using another user's account becomes much more difficult.

    For a discussion of methods for setting passwords, see Section 5.5.5, “Assigning Account Passwords”.

  • Never run the MySQL server as the Unix root user. This is extremely dangerous, because any user with the FILE privilege is able to cause the server to create files as root (for example, ~root/.bashrc). To prevent this, mysqld refuses to run as root unless that is specified explicitly using the --user=root option.

    mysqld can (and should) be run as an ordinary, unprivileged user instead. You can create a separate Unix account named mysql to make everything even more secure. Use this account only for administering MySQL. To start mysqld as a different Unix user, add a user option that specifies the user name in the [mysqld] group of the my.cnf option file where you specify server options. For example:

    [mysqld]
    user=mysql
    

    This causes the server to start as the designated user whether you start it manually or by using mysqld_safe or mysql.server. For more details, see Section 5.3.5, “How to Run MySQL as a Normal User”.

    Running mysqld as a Unix user other than root does not mean that you need to change the root user name in the user table. User names for MySQL accounts have nothing to do with user names for Unix accounts.

  • Do not allow the use of symlinks to tables. (This capability can be disabled with the --skip-symbolic-links option.) This is especially important if you run mysqld as root, because anyone that has write access to the server's data directory then could delete any file in the system! See Section 7.6.1.2, “Using Symbolic Links for Tables on Unix”.

  • Make sure that the only Unix user account with read or write privileges in the database directories is the account that is used for running mysqld.

  • Do not grant the PROCESS or SUPER privilege to nonadministrative users. The output of mysqladmin processlist and SHOW PROCESSLIST shows the text of any statements currently being executed, so any user who is allowed to see the server process list might be able to see statements issued by other users such as UPDATE user SET password=PASSWORD('not_secure').

    mysqld reserves an extra connection for users who have the SUPER privilege, so that a MySQL root user can log in and check server activity even if all normal connections are in use.

    The SUPER privilege can be used to terminate client connections, change server operation by changing the value of system variables, and control replication servers.

  • Do not grant the FILE privilege to nonadministrative users. Any user that has this privilege can write a file anywhere in the file system with the privileges of the mysqld daemon. To make this a bit safer, files generated with SELECT ... INTO OUTFILE do not overwrite existing files and are writable by everyone.

    The FILE privilege may also be used to read any file that is world-readable or accessible to the Unix user that the server runs as. With this privilege, you can read any file into a database table. This could be abused, for example, by using LOAD DATA to load /etc/passwd into a table, which then can be displayed with SELECT.

  • If you do not trust your DNS, you should use IP numbers rather than host names in the grant tables. In any case, you should be very careful about creating grant table entries using host name values that contain wildcards.

  • If you want to restrict the number of connections allowed to a single account, you can do so by setting the max_user_connections variable in mysqld. The GRANT statement also supports resource control options for limiting the extent of server use allowed to an account. See Section 12.5.1.3, “GRANT Syntax”.

  • --ssl*

    Options that begin with --ssl specify whether to allow clients to connect via SSL and indicate where to find SSL keys and certificates. See Section 5.5.7.3, “SSL Command Options”.

5.3.3. Security-Related mysqld Options

The following mysqld options affect security:

Table 5.6. Security Option/Variable Summary

NameCmd-LineOption fileSystem VarStatus VarVar ScopeDynamic
allow-suspicious-udfsYesYes    
automatic_sp_privileges  Yes GlobalYes
chrootYesYes    
des-key-fileYesYes    
local_infile  Yes GlobalYes
local-infileYesYes    
- Variable: local_infile      
old-passwordsYesYes  BothYes
- Variable: old_passwords  Yes BothYes
safe-show-databaseYesYesYes GlobalYes
safe-user-createYesYes    
secure-authYesYes  GlobalYes
- Variable: secure_auth  Yes GlobalYes
secure-file-privYesYes  GlobalNo
- Variable: secure_file_priv  Yes GlobalNo
skip-grant-tablesYesYes    
skip-name-resolveYesYes    
skip-networkingYesYes  GlobalNo
- Variable: skip_networking  Yes GlobalNo
skip-show-databaseYesYes  GlobalNo
- Variable: skip_show_database  Yes GlobalNo
  • --allow-suspicious-udfs

    This option controls whether user-defined functions that have only an xxx symbol for the main function can be loaded. By default, the option is off and only UDFs that have at least one auxiliary symbol can be loaded; this prevents attempts at loading functions from shared object files other than those containing legitimate UDFs. For MySQL 5.0, this option was added in MySQL 5.0.3. See Section 21.2.2.6, “User-Defined Function Security Precautions”.

  • --local-infile[={0|1}]

    If you start the server with --local-infile=0, clients cannot use LOCAL in LOAD DATA statements. See Section 5.3.4, “Security Issues with LOAD DATA LOCAL.

  • --old-passwords

    Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. See Section 5.5.6.3, “Password Hashing in MySQL”.

    MySQL Enterprise The MySQL Enterprise Monitor offers advice on the security implications of using this option. For subscription information, see http://www.mysql.com/products/enterprise/advisors.html.

  • --safe-show-database (OBSOLETE)

    In previous versions of MySQL, this option caused the SHOW DATABASES statement to display the names of only those databases for which the user had some kind of privilege. In MySQL 5.0, this option is no longer available as this is now the default behavior, and there is a SHOW DATABASES privilege that can be used to control access to database names on a per-account basis. See Section 12.5.1.3, “GRANT Syntax”.

  • --safe-user-create

    If this option is enabled, a user cannot create new MySQL users by using the GRANT statement unless the user has the INSERT privilege for the mysql.user table or any column in the table. If you want a user to have the ability to create new users that have those privileges that the user has the right to grant, you should grant the user the following privilege:

    GRANT INSERT(user) ON mysql.user TO 'user_name'@'host_name';
    

    This ensures that the user cannot change any privilege columns directly, but has to use the GRANT statement to give privileges to other users.

  • --secure-auth

    Disallow authentication for accounts that have old (pre-4.1) passwords.

    The mysql client also has a --secure-auth option, which prevents connections to a server if the server requires a password in old format for the client account.

  • --secure-file-priv=path

    This option limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT ... INTO OUTFILE statements to work only with files in the specified directory.

    This option was added in MySQL 5.0.38.

  • --skip-grant-tables

    This option causes the server not to use the privilege system at all. This gives anyone with access to the server unrestricted access to all databases. You can cause a running server to start using the grant tables again by executing mysqladmin flush-privileges or mysqladmin reload command from a system shell, or by issuing a MySQL FLUSH PRIVILEGES statement. This option also suppresses loading of user-defined functions (UDFs).

  • --skip-name-resolve

    Host names are not resolved. All Host column values in the grant tables must be IP numbers or localhost.

  • --skip-networking

    Do not allow TCP/IP connections over the network. All connections to mysqld must be made via Unix socket files.

  • --skip-show-database

    With this option, the SHOW DATABASES statement is allowed only to users who have the SHOW DATABASES privilege, and the statement displays all database names. Without this option, SHOW DATABASES is allowed to all users, but displays each database name only if the user has the SHOW DATABASES privilege or some privilege for the database. Note that any global privilege is a privilege for the database.

5.3.4. Security Issues with LOAD DATA LOCAL

The LOAD DATA statement can load a file that is located on the server host, or it can load a file that is located on the client host when the LOCAL keyword is specified.

There are two potential security issues with supporting the LOCAL version of LOAD DATA statements:

  • The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server's choosing rather than the file named by the client in the LOAD DATA statement. Such a server could access any file on the client host to which the client user has read access.

  • In a Web environment where the clients are connecting from a Web server, a user could use LOAD DATA LOCAL to read any files that the Web server process has read access to (assuming that a user could run any command against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not the remote program being run by the user who connects to the Web server.

To deal with these problems, we changed how LOAD DATA LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2 (4.0.13 on Windows):

  • By default, all MySQL clients and libraries in binary distributions are compiled with the --enable-local-infile option, to be compatible with MySQL 3.23.48 and before.

  • If you build MySQL from source but do not invoke configure with the --enable-local-infile option, LOAD DATA LOCAL cannot be used by any client unless it is written explicitly to invoke mysql_options(... MYSQL_OPT_LOCAL_INFILE, 0). See Section 20.8.3.49, “mysql_options().

  • You can disable all LOAD DATA LOCAL commands from the server side by starting mysqld with the --local-infile=0 option.

  • For the mysql command-line client, enable LOAD DATA LOCAL by specifying the --local-infile[=1] option, or disable it with the --local-infile=0 option. For mysqlimport, local data file loading is off by default; enable it with the --local or -L option. In any case, successful use of a local load operation requires that the server is enabled to allow it.

  • If you use LOAD DATA LOCAL in Perl scripts or other programs that read the [client] group from option files, you can add the local-infile=1 option to that group. However, to keep this from causing problems for programs that do not understand local-infile, specify it using the loose- prefix:

    [client]
    loose-local-infile=1
    
  • If LOAD DATA LOCAL is disabled, either in the server or the client, a client that attempts to issue such a statement receives the following error message:

    ERROR 1148: The used command is not allowed with this MySQL version
    

MySQL Enterprise Security advisors notify subscribers to the MySQL Enterprise Monitor whenever a server is started with the --local-infile option enabled. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

5.3.5. How to Run MySQL as a Normal User

On Windows, you can run the server as a Windows service using a normal user account.

On Unix, the MySQL server mysqld can be started and run by any user. However, you should avoid running the server as the Unix root user for security reasons. To change mysqld to run as a normal unprivileged Unix user user_name, you must do the following:

  1. Stop the server if it is running (use mysqladmin shutdown).

  2. Change the database directories and files so that user_name has privileges to read and write files in them (you might need to do this as the Unix root user):

    shell> chown -R user_name /path/to/mysql/datadir
    

    If you do not do this, the server will not be able to access databases or tables when it runs as user_name.

    If directories or files within the MySQL data directory are symbolic links, chown -R might not follow symbolic links for you. If it does not, you will also need to follow those links and change the directories and files they point to.

  3. Start the server as user user_name. Another alternative is to start mysqld as the Unix root user and use the --user=user_name option. mysqld starts up, then switches to run as the Unix user user_name before accepting any connections.

  4. To start the server as the given user automatically at system startup time, specify the user name by adding a user option to the [mysqld] group of the /etc/my.cnf option file or the my.cnf option file in the server's data directory. For example:

    [mysqld]
    user=user_name
    

If your Unix machine itself isn't secured, you should assign passwords to the MySQL root accounts in the grant tables. Otherwise, any user with a login account on that machine can run the mysql client with a --user=root option and perform any operation. (It is a good idea to assign passwords to MySQL accounts in any case, but especially so when other login accounts exist on the server host.) See Section 2.17, “Post-Installation Setup and Testing”.

5.4. The MySQL Access Privilege System

The primary function of the MySQL privilege system is to authenticate a user who connects from a given host and to associate that user with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE. Additional functionality includes the ability to have anonymous users and to grant privileges for MySQL-specific functions such as LOAD DATA INFILE and administrative operations.

There are some things that you cannot do with the MySQL privilege system:

  • You cannot explicitly specify that a given user should be denied access. That is, you cannot explicitly match a user and then refuse the connection.

  • You cannot specify that a user has privileges to create or drop tables in a database but not to create or drop the database itself.

  • A password applies globally to an account. You cannot associate a password with a specific object such as a database, table, or routine.

The user interface to the MySQL privilege system consists of SQL statements such as CREATE USER, GRANT, and REVOKE. See Section 12.5.1, “Account Management Statements”.

Internally, the server stores privilege information in the grant tables of the mysql database (that is, in the database named mysql). The MySQL server reads the contents of these tables into memory when it starts and bases access-control decisions on the in-memory copies of the grant tables.

The MySQL privilege system ensures that all users may perform only the operations allowed to them. As a user, when you connect to a MySQL server, your identity is determined by the host from which you connect and the user name you specify. When you issue requests after connecting, the system grants privileges according to your identity and what you want to do.

MySQL considers both your host name and user name in identifying you because there is no reason to assume that a given user name belongs to the same person on all hosts. For example, the user joe who connects from office.example.com need not be the same person as the user joe who connects from home.example.com. MySQL handles this by allowing you to distinguish users on different hosts that happen to have the same name: You can grant one set of privileges for connections by joe from office.example.com, and a different set of privileges for connections by joe from home.example.com. To see what privileges a given account has, use the SHOW GRANTS statement. For example:

SHOW GRANTS FOR 'joe'@'office.example.com';
SHOW GRANTS FOR 'joe'@'home.example.com';

MySQL access control involves two stages when you run a client program that connects to the server:

Stage 1: The server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password.

Stage 2: Assuming that you can connect, the server checks each statement you issue to determine whether you have sufficient privileges to perform it. For example, if you try to select rows from a table in a database or drop a table from the database, the server verifies that you have the SELECT privilege for the table or the DROP privilege for the database.

For a more detailed description of what happens during each stage, see Section 5.4.4, “Access Control, Stage 1: Connection Verification”, and Section 5.4.5, “Access Control, Stage 2: Request Verification”.

If your privileges are changed (either by yourself or someone else) while you are connected, those changes do not necessarily take effect immediately for the next statement that you issue. For details about the conditions under which the server reloads the grant tables, see Section 5.4.6, “When Privilege Changes Take Effect”.

For general security-related advice, see Section 5.3, “General Security Issues”. For help in diagnosing privilege-related problems, see Section 5.4.7, “Causes of Access-Denied Errors”.

5.4.1. Privileges Provided by MySQL

MySQL provides privileges that apply in different contexts and at different levels of operation:

  • Administrative privileges enable users to manage operation of the MySQL server. These privileges are global because they are not specific to a particular database.

  • Database privileges apply to a database and to all objects within it. These privileges can be granted for specific databases, or globally so that they apply to all databases.

  • Privileges for database objects such as tables, indexes, views, and stored routines can be granted for specific objects within a database, for all objects of a given type within a database (for example, all tables in a database), or globally for all objects of a given type in all databases).

Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables in the mysql database (see Section 5.4.2, “Privilege System Grant Tables”). The MySQL server reads the contents of these tables into memory when it starts and reloads them under the circumstances indicated in Section 5.4.6, “When Privilege Changes Take Effect”. Access-control decisions are based on the in-memory copies of the grant tables.

Some releases of MySQL introduce changes to the structure of the grant tables to add new access privileges or features. Whenever you update to a new version of MySQL, you should update your grant tables to make sure that they have the current structure so that you can take advantage of any new capabilities. See Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.

The following table shows the privilege names used at the SQL level in the GRANT and REVOKE statements, along with the column name associated with each privilege in the grant tables and the context in which the privilege applies.

PrivilegeColumnContext
CREATECreate_privdatabases, tables, or indexes
DROPDrop_privdatabases or tables
GRANT OPTIONGrant_privdatabases, tables, or stored routines
REFERENCESReferences_privdatabases or tables
ALTERAlter_privtables
DELETEDelete_privtables
INDEXIndex_privtables
INSERTInsert_privtables
SELECTSelect_privtables
UPDATEUpdate_privtables
CREATE TEMPORARY TABLESCreate_tmp_table_privtables
LOCK TABLESLock_tables_privtables
CREATE VIEWCreate_view_privviews
SHOW VIEWShow_view_privviews
ALTER ROUTINEAlter_routine_privstored routines
CREATE ROUTINECreate_routine_privstored routines
EXECUTEExecute_privstored routines
FILEFile_privfile access on server host
CREATE USERCreate_user_privserver administration
PROCESSProcess_privserver administration
RELOADReload_privserver administration
REPLICATION CLIENTRepl_client_privserver administration
REPLICATION SLAVERepl_slave_privserver administration
SHOW DATABASESShow_db_privserver administration
SHUTDOWNShutdown_privserver administration
SUPERSuper_privserver administration
ALL [PRIVILEGES] server administration
USAGE server administration

The following list provides a general description of each privilege available in MySQL. Particular SQL statements might have more specific privilege requirements than indicated here. If so, the description for the statement in question provides the details.

  • The ALL or ALL PRIVILEGES privilege specifier is shorthand. It stands for “all privileges available at a given privilege level” (except GRANT OPTION). For example, granting ALL at the global or table level grants all global privileges or all table-level privileges.

  • The ALTER privilege enables use of ALTER TABLE to change the structure of or rename tables. (ALTER TABLE also requires the INSERT and CREATE privileges.)

    MySQL Enterprise In some circumstances, the ALTER privilege is entirely unnecessary — on slaves where there are no nonreplicated tables, for instance. The MySQL Enterprise Monitor notifies subscribers when accounts have inappropriate privileges. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • The ALTER ROUTINE privilege is needed to alter or drop stored routines (procedures and functions). This privilege was added in MySQL 5.0.3.

  • The CREATE privilege enables creation of new databases and tables.

  • The CREATE ROUTINE privilege is needed to create stored routines (procedures and functions). This privilege was added in MySQL 5.0.3.

  • The CREATE TEMPORARY TABLES privilege enables the use of the keyword TEMPORARY in CREATE TABLE statements.

  • The CREATE USER privilege enables use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES. This privilege was added in MySQL 5.0.3.

  • The CREATE VIEW privilege enables use of CREATE VIEW. This privilege was added in MySQL 5.0.1.

  • The DELETE privilege enables rows to be deleted from tables in a database.

  • The DROP privilege enables you to drop (remove) existing databases and tables. If you grant the DROP privilege for the mysql database to a user, that user can drop the database in which the MySQL access privileges are stored.

  • The EXECUTE privilege is required to execute stored routines (procedures and functions). This privilege was added in MySQL 5.0.0 but did not become operational until MySQL 5.0.3.

  • The FILE privilege gives you permission to read and write files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. (This implies the user can read any file in any database directory, because the server can access any of those files.) The FILE privilege also enables the user to create new files in any directory where the MySQL server has write access. As a security measure, the server will not overwrite existing files.

  • The GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.

  • The INDEX privilege enables you to create or drop (remove) indexes. INDEX applies to existing tables. If you have the CREATE privilege for a table, you can include index definitions in the CREATE TABLE statement.

  • The INSERT privilege enables rows to be inserted into tables in a database. INSERT is also required for the ANALYZE TABLE, OPTIMIZE TABLE, and REPAIR TABLE table-maintenance statements.

  • The LOCK TABLES privilege enables the use of explicit LOCK TABLES statements to lock tables for which you have the SELECT privilege. This includes the use of write locks, which prevents other sessions from reading the locked table.

  • The PROCESS privilege pertains to display of information about the threads executing within the server (that is, information about the statements being executed by sessions). The privilege enables use of SHOW PROCESSLIST or mysqladmin processlist to see threads belonging to other accounts; you can always see your own threads.

  • The REFERENCES privilege currently is unused.

  • The RELOAD privilege enables use of the FLUSH statement. It also enables mysqladmin commands that are equivalent to FLUSH operations: flush-hosts, flush-logs, flush-privileges, flush-status, flush-tables, flush-threads, refresh, and reload.

    The reload command tells the server to reload the grant tables into memory. flush-privileges is a synonym for reload. The refresh command closes and reopens the log files and flushes all tables. The other flush-xxx commands perform functions similar to refresh, but are more specific and may be preferable in some instances. For example, if you want to flush just the log files, flush-logs is a better choice than refresh.

  • The REPLICATION CLIENT privilege enables the use of SHOW MASTER STATUS and SHOW SLAVE STATUS.

  • The REPLICATION SLAVE privilege should be granted to accounts that are used by slave servers to connect to the current server as their master. Without this privilege, the slave cannot request updates that have been made to databases on the master server.

  • The SELECT privilege enables you to select rows from tables in a database. SELECT statements require the SELECT privilege only if they actually retrieve rows from a table. Some SELECT statements do not access tables and can be executed without permission for any database. For example, you can use SELECT as a simple calculator to evaluate expressions that make no reference to tables:

    SELECT 1+1;
    SELECT PI()*2;
    

    The SELECT privilege is also needed for other statements that read column values. For example, SELECT is needed for columns referenced on the right hand side of col_name=expr assignment in UPDATE statements or for columns named in the WHERE clause of DELETE or UPDATE statements.

  • The SHOW DATABASES privilege enables the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option. Note that any global privilege is a privilege for the database.

    MySQL Enterprise The SHOW DATABASES privilege should be granted only to users who need to see all the databases on a MySQL server. Subscribers to the MySQL Enterprise Monitor are alerted when servers are started without the --skip-show-database option. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • The SHOW VIEW privilege enables use of SHOW CREATE VIEW. This privilege was added in MySQL 5.0.1.

  • The SHUTDOWN privilege enables use of the mysqladmin shutdown command. There is no corresponding SQL statement.

  • The SUPER privilege enables an account to use CHANGE MASTER TO, KILL or mysqladmin kill to kill threads belonging to other accounts (you can always kill your own threads), PURGE BINARY LOGS, configuration changes via SET GLOBAL to modify global system variables, the mysqladmin debug command, enabling or disabling logging, performing updates even if the read_only system variable is enabled, starting and stopping replication on slave servers, and allows you to connect (once) even if the connection limit controlled by the max_connections system variable is reached.

    To create or alter stored routines if binary logging is enabled, you may also need the SUPER privilege, as described in Section 18.5, “Binary Logging of Stored Programs”.

  • The UPDATE privilege enables rows to be updated in tables in a database.

  • The USAGE privilege specifier stands for “no privileges.” It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.

It is a good idea to grant to an account only those privileges that it needs. You should exercise particular caution in granting the FILE and administrative privileges:

  • The FILE privilege can be abused to read into a database table any files that the MySQL server can read on the server host. This includes all world-readable files and files in the server's data directory. The table can then be accessed using SELECT to transfer its contents to the client host.

  • The GRANT OPTION privilege enables users to give their privileges to other users. Two users that have different privileges and with the GRANT OPTION privilege are able to combine privileges.

  • The ALTER privilege may be used to subvert the privilege system by renaming tables.

  • The SHUTDOWN privilege can be abused to deny service to other users entirely by terminating the server.

  • The PROCESS privilege can be used to view the plain text of currently executing statements, including statements that set or change passwords.

  • The SUPER privilege can be used to terminate other sessions or change how the server operates.

  • Privileges granted for the mysql database itself can be used to change passwords and other access privilege information. Passwords are stored encrypted, so a malicious user cannot simply read them to know the plain text password. However, a user with write access to the user table Password column can change an account's password, and then connect to the MySQL server using that account.

    MySQL Enterprise Accounts with unnecessary global privileges constitute a security risk. Subscribers to the MySQL Enterprise Monitor are automatically alerted to the existence of such accounts. For detailed information, see http://www.mysql.com/products/enterprise/advisors.html.

5.4.2. Privilege System Grant Tables

Normally, you manipulate the contents of the grant tables indirectly by using statements such as GRANT and REVOKE to set up accounts and control the privileges available to each one. See Section 12.5.1, “Account Management Statements”. The discussion here describes the underlying structure of the grant tables and how the server uses their contents when interacting with clients.

Each grant table contains scope columns and privilege columns:

  • Scope columns determine the scope of each row (entry) in the tables; that is, the context in which the row applies. For example, a user table row with Host and User values of 'thomas.loc.gov' and 'bob' would be used for authenticating connections made to the server from the host thomas.loc.gov by a client that specifies a user name of bob. Similarly, a db table row with Host, User, and Db column values of 'thomas.loc.gov', 'bob' and 'reports' would be used when bob connects from the host thomas.loc.gov to access the reports database. The tables_priv and columns_priv tables contain scope columns indicating tables or table/column combinations to which each row applies. The procs_priv scope columns indicate the stored routine to which each row applies.

  • Privilege columns indicate which privileges are granted by a table row; that is, what operations can be performed. The server combines the information in the various grant tables to form a complete description of a user's privileges. Section 5.4.5, “Access Control, Stage 2: Request Verification”, describes the rules that are used to do this.

The server uses the grant tables in the following manner:

  • The user table scope columns determine whether to reject or allow incoming connections. For allowed connections, any privileges granted in the user table indicate the user's global (superuser) privileges. Any privilege granted in this table applies to all databases on the server.

    Note

    Because any global privilege is considered a privilege for all databases, any global privilege enables a user to see all database names with SHOW DATABASES or by examining the SCHEMATA table of INFORMATION_SCHEMA.

  • The db table scope columns determine which users can access which databases from which hosts. The privilege columns determine which operations are allowed. A privilege granted at the database level applies to the database and to all objects in the database, such as tables and stored programs.

  • The host table is used in conjunction with the db table when you want a given db table row to apply to several hosts. For example, if you want a user to be able to use a database from several hosts in your network, leave the Host value empty in the user's db table row, then populate the host table with a row for each of those hosts. This mechanism is described more detail in Section 5.4.5, “Access Control, Stage 2: Request Verification”.

    Note

    The host table must be modified directly with statements such as INSERT, UPDATE, and DELETE. It is not affected by statements such as GRANT and REVOKE that modify the grant tables indirectly. Most MySQL installations need not use this table at all.

  • The tables_priv and columns_priv tables are similar to the db table, but are more fine-grained: They apply at the table and column levels rather than at the database level. A privilege granted at the table level applies to the table and to all its columns. A privilege granted at the column level applies only to a specific column.

  • The procs_priv table applies to stored routines. A privilege granted at the routine level applies only to a single routine.

The server uses the user, db, and host tables in the mysql database at both the first and second stages of access control (see Section 5.4, “The MySQL Access Privilege System”). The columns in the user and db tables are shown here. The host table is similar to the db table but has a specialized use as described in Section 5.4.5, “Access Control, Stage 2: Request Verification”.

Table Nameuserdb
Scope columnsHostHost
 UserDb
 PasswordUser
Privilege columnsSelect_privSelect_priv
 Insert_privInsert_priv
 Update_privUpdate_priv
 Delete_privDelete_priv
 Index_privIndex_priv
 Alter_privAlter_priv
 Create_privCreate_priv
 Drop_privDrop_priv
 Grant_privGrant_priv
 Create_view_privCreate_view_priv
 Show_view_privShow_view_priv
 Create_routine_privCreate_routine_priv
 Alter_routine_privAlter_routine_priv
 Execute_privExecute_priv
 Create_tmp_table_privCreate_tmp_table_priv
 Lock_tables_privLock_tables_priv
 References_privReferences_priv
 Reload_priv 
 Shutdown_priv 
 Process_priv 
 File_priv 
 Show_db_priv 
 Super_priv 
 Repl_slave_priv 
 Repl_client_priv 
 Create_user_priv 
Security columnsssl_type 
 ssl_cipher 
 x509_issuer 
 x509_subject 
Resource control columnsmax_questions 
 max_updates 
 max_connections 
 max_user_connections 

Execute_priv was present in MySQL 5.0.0, but did not become operational until MySQL 5.0.3.

The Create_view_priv and Show_view_priv columns were added in MySQL 5.0.1.

The Create_routine_priv, Alter_routine_priv, and max_user_connections columns were added in MySQL 5.0.3.

During the second stage of access control, the server performs request verification to make sure that each client has sufficient privileges for each request that it issues. In addition to the user, db, and host grant tables, the server may also consult the tables_priv and columns_priv tables for requests that involve tables. The latter tables provide finer privilege control at the table and column levels. They have the columns shown in the following table.

Table Nametables_privcolumns_priv
Scope columnsHostHost
 DbDb
 UserUser
 Table_nameTable_name
  Column_name
Privilege columnsTable_privColumn_priv
 Column_priv 
Other columnsTimestampTimestamp
 Grantor 

The Timestamp and Grantor columns currently are unused and are discussed no further here.

For verification of requests that involve stored routines, the server may consult the procs_priv table, which has the columns shown in the following table.

Table Nameprocs_priv
Scope columnsHost
 Db
 User
 Routine_name
 Routine_type
Privilege columnsProc_priv
Other columnsTimestamp
 Grantor

The procs_priv table exists as of MySQL 5.0.3. The Routine_type column was added in MySQL 5.0.6. It is an ENUM column with values of 'FUNCTION' or 'PROCEDURE' to indicate the type of routine the row refers to. This column enables privileges to be granted separately for a function and a procedure with the same name.

The Timestamp and Grantor columns currently are unused and are discussed no further here.

Scope columns in the grant tables contain strings. They are declared as shown here; the default value for each is the empty string.

Column NameType
HostCHAR(60)
UserCHAR(16)
PasswordCHAR(41)
DbCHAR(64)
Table_nameCHAR(64)
Column_nameCHAR(64)
Routine_nameCHAR(64)

For access-checking purposes, comparisons of User, Password, Db, and Table_name values are case sensitive. Comparisons of Host, Column_name, and Routine_name values are not case sensitive.

In the user, db, and host tables, each privilege is listed in a separate column that is declared as ENUM('N','Y') DEFAULT 'N'. In other words, each privilege can be disabled or enabled, with the default being disabled.

In the tables_priv, columns_priv, and procs_priv tables, the privilege columns are declared as SET columns. Values in these columns can contain any combination of the privileges controlled by the table. Only those privileges listed in the column value are enabled.

Table NameColumn NamePossible Set Elements
tables_privTable_priv'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Grant', 'References', 'Index', 'Alter', 'Create View', 'Show view'
tables_privColumn_priv'Select', 'Insert', 'Update', 'References'
columns_privColumn_priv'Select', 'Insert', 'Update', 'References'
procs_privProc_priv'Execute', 'Alter Routine', 'Grant'

Administrative privileges (such as RELOAD or SHUTDOWN) are specified only in the user table. Administrative operations are operations on the server itself and are not database-specific, so there is no reason to list these privileges in the other grant tables. Consequently, to determine whether you can perform an administrative operation, the server need consult only the user table.

The FILE privilege also is specified only in the user table. It is not an administrative privilege as such, but your ability to read or write files on the server host is independent of the database you are accessing.

The mysqld server reads the contents of the grant tables into memory when it starts. You can tell it to reload the tables by issuing a FLUSH PRIVILEGES statement or executing a mysqladmin flush-privileges or mysqladmin reload command. Changes to the grant tables take effect as indicated in Section 5.4.6, “When Privilege Changes Take Effect”.

When you modify an account's privileges, it is a good idea to verify that the changes set up privileges the way you want. To check the privileges for a given account, use the SHOW GRANTS statement (see Section 12.5.5.17, “SHOW GRANTS Syntax”). For example, to determine the privileges that are granted to an account with user name and host name values of bob and pc84.example.com, use this statement:

SHOW GRANTS FOR 'bob'@'pc84.example.com';

5.4.3. Specifying Account Names

MySQL account names consist of a user name and a host name. This enables creation of accounts for users with the same name who can connect from different hosts. This section describes how to write account names, including special values and wildcard rules.

Within SQL statements such as CREATE USER, GRANT, and SET PASSWORD, account names are written using the following rules:

  • Syntax for account names is 'user_name'@'host_name'.

  • An account name consisting only of a user name is equivalent to 'user_name'@'%'. For example, 'me' is equivalent to 'me'@'%'.

  • The user name and host name need not be quoted if they are legal as unquoted identifiers. Quotes are necessary to specify a user_name string containing special characters (such as “-”), or a host_name string containing special characters or wildcard characters (such as “%”); for example, 'test-user'@'%.com'.

  • Quote user names and host names as identifiers or as strings, using either backticks (“`”), single quotes (“'”), or double quotes (“"”).

  • The user name and host name parts, if quoted, must be quoted separately. That is, write 'me'@'localhost', not 'me@localhost'; the latter is interpreted as 'me@localhost'@'%'.

Account names are stored in grant tables using separate columns for the user name and host name parts:

  • The user table contains one row for each account. The User and Host columns store the user name and host name. Another column, Password, stores the account password. This table also indicates which global privileges the account has.

  • Other grant tables indicate privileges an account has for databases and objects within databases. These tables have User and Host columns to store the account name. Each row in these tables associates with the account in the user table that has the same User and Host values.

For additional detail about grant table structure, see Section 5.4.2, “Privilege System Grant Tables”.

User names and host names have certain special values or wildcard conventions, as described following.

A user name is either a nonblank value that literally matches the user name for incoming connection attempts, or a blank value (empty string) that matches any user name. An account with a blank user name is an anonymous user. To specify an anonymous user in SQL statements, use a quoted empty user name part, such as ''@'localhost'.

The host part of an account name can take many forms, and wildcards are allowed:

  • A host value can be a host name or an IP number. 'localhost' indicates the local host. '127.0.0.1' indicates the loopback interface.

  • You can use the wildcard characters “%” and “_” in host values. These have the same meaning as for pattern-matching operations performed with the LIKE operator. For example, a host value of '%' matches any host name, whereas a value of '%.mysql.com' matches any host in the mysql.com domain. '192.168.1.%' matches any host in the 192.168.1 class C network.

    Because you can use IP wildcard values in host values (for example, '192.168.1.%' to match every host on a subnet), someone could try to exploit this capability by naming a host 192.168.1.somewhere.com. To foil such attempts, MySQL disallows matching on host names that start with digits and a dot. Thus, if you have a host named something like 1.2.example.com, its name never matches the host part of account names. An IP wildcard value can match only IP numbers, not host names.

    MySQL Enterprise An overly broad host specifier such as “%” constitutes a security risk. The MySQL Enterprise Monitor provides safeguards against this kind of vulnerability. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • For host values specified as IP numbers, you can specify a netmask indicating how many address bits to use for the network number. The syntax is host_ip/netmask. For example:

    CREATE USER 'david'@'192.58.197.0/255.255.255.0';
    

    This enables david to connect from any client host having an IP number client_ip for which the following condition is true:

    client_ip & netmask = host_ip
    

    That is, for the CREATE USER statement just shown:

    client_ip & 255.255.255.0 = 192.58.197.0
    

    IP numbers that satisfy this condition and can connect to the MySQL server are those in the range from 192.58.197.0 to 192.58.197.255.

    The netmask can only be used to tell the server to use 8, 16, 24, or 32 bits of the address. Examples:

    • 192.0.0.0/255.0.0.0: anything on the 192 class A network

    • 192.168.0.0/255.255.0.0: anything on the 192.168 class B network

    • 192.168.1.0/255.255.255.0: anything on the 192.168.1 class C network

    • 192.168.1.1: only this specific IP

    The following netmask (28 bits) will not work:

    192.168.0.1/255.255.255.240
    

5.4.4. Access Control, Stage 1: Connection Verification

When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password. If not, the server denies access to you completely. Otherwise, the server accepts the connection, and then enters Stage 2 and waits for requests.

Your identity is based on two pieces of information:

  • The client host from which you connect

  • Your MySQL user name

Identity checking is performed using the three user table scope columns (Host, User, and Password). The server accepts the connection only if the Host and User columns in some user table row match the client host name and user name and the client supplies the password specified in that row. The rules for allowable Host and User values are given in Section 5.4.3, “Specifying Account Names”.

If the User column value is nonblank, the user name in an incoming connection must match exactly. If the User value is blank, it matches any user name. If the user table row that matches an incoming connection has a blank user name, the user is considered to be an anonymous user with no name, not a user with the name that the client actually specified. This means that a blank user name is used for all further access checking for the duration of the connection (that is, during Stage 2).

The Password column can be blank. This is not a wildcard and does not mean that any password matches. It means that the user must connect without specifying a password.

Nonblank Password values in the user table represent encrypted passwords. MySQL does not store passwords in plaintext form for anyone to see. Rather, the password supplied by a user who is attempting to connect is encrypted (using the PASSWORD() function). The encrypted password then is used during the connection process when checking whether the password is correct. (This is done without the encrypted password ever traveling over the connection.) See Section 5.5.1, “User Names and Passwords”.

From MySQL's point of view, the encrypted password is the real password, so you should never give anyone access to it. In particular, do not give nonadministrative users read access to tables in the mysql database.

The following table shows how various combinations of Host and User values in the user table apply to incoming connections.

Host ValueUser ValueAllowable Connections
'thomas.loc.gov''fred'fred, connecting from thomas.loc.gov
'thomas.loc.gov'''Any user, connecting from thomas.loc.gov
'%''fred'fred, connecting from any host
'%'''Any user, connecting from any host
'%.loc.gov''fred'fred, connecting from any host in the loc.gov domain
'x.y.%''fred'fred, connecting from x.y.net, x.y.com, x.y.edu, and so on; this is probably not useful
'144.155.166.177''fred'fred, connecting from the host with IP address 144.155.166.177
'144.155.166.%''fred'fred, connecting from any host in the 144.155.166 class C subnet
'144.155.166.0/255.255.255.0''fred'Same as previous example

It is possible for the client host name and user name of an incoming connection to match more than one row in the user table. The preceding set of examples demonstrates this: Several of the entries shown match a connection from thomas.loc.gov by fred.

When multiple matches are possible, the server must determine which of them to use. It resolves this issue as follows:

  • Whenever the server reads the user table into memory, it sorts the rows.

  • When a client attempts to connect, the server looks through the rows in sorted order.

  • The server uses the first row that matches the client host name and user name.

To see how this works, suppose that the user table looks like this:

+-----------+----------+-
| Host      | User     | ...
+-----------+----------+-
| %         | root     | ...
| %         | jeffrey  | ...
| localhost | root     | ...
| localhost |          | ...
+-----------+----------+-

When the server reads the table into memory, it orders the rows with the most-specific Host values first. Literal host names and IP numbers are the most specific. (The specificity if a literal IP number is not affected by whether it has a netmask, so 192.168.1.13 and 192.168.1.0/255.255.255.0 are considered equally specific.) The pattern '%' means “any host” and is least specific. Rows with the same Host value are ordered with the most-specific User values first (a blank User value means “any user” and is least specific). For the user table just shown, the result after sorting looks like this:

+-----------+----------+-
| Host      | User     | ...
+-----------+----------+-
| localhost | root     | ...
| localhost |          | ...
| %         | jeffrey  | ...
| %         | root     | ...
+-----------+----------+-

When a client attempts to connect, the server looks through the sorted rows and uses the first match found. For a connection from localhost by jeffrey, two of the rows from the table match: the one with Host and User values of 'localhost' and '', and the one with values of '%' and 'jeffrey'. The 'localhost' row appears first in sorted order, so that is the one the server uses.

Here is another example. Suppose that the user table looks like this:

+----------------+----------+-
| Host           | User     | ...
+----------------+----------+-
| %              | jeffrey  | ...
| thomas.loc.gov |          | ...
+----------------+----------+-

The sorted table looks like this:

+----------------+----------+-
| Host           | User     | ...
+----------------+----------+-
| thomas.loc.gov |          | ...
| %              | jeffrey  | ...
+----------------+----------+-

A connection by jeffrey from thomas.loc.gov is matched by the first row, whereas a connection by jeffrey from any host is matched by the second.

Note

It is a common misconception to think that, for a given user name, all rows that explicitly name that user are used first when the server attempts to find a match for the connection. This is not true. The preceding example illustrates this, where a connection from thomas.loc.gov by jeffrey is first matched not by the row containing 'jeffrey' as the User column value, but by the row with no user name. As a result, jeffrey is authenticated as an anonymous user, even though he specified a user name when connecting.

If you are able to connect to the server, but your privileges are not what you expect, you probably are being authenticated as some other account. To find out what account the server used to authenticate you, use the CURRENT_USER() function. (See Section 11.10.3, “Information Functions”.) It returns a value in user_name@host_name format that indicates the User and Host values from the matching user table row. Suppose that jeffrey connects and issues the following query:

mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| @localhost     |
+----------------+

The result shown here indicates that the matching user table row had a blank User column value. In other words, the server is treating jeffrey as an anonymous user.

Another way to diagnose authentication problems is to print out the user table and sort it by hand to see where the first match is being made.

5.4.5. Access Control, Stage 2: Request Verification

After you establish a connection, the server enters Stage 2 of access control. For each request that you issue via that connection, the server determines what operation you want to perform, then checks whether you have sufficient privileges to do so. This is where the privilege columns in the grant tables come into play. These privileges can come from any of the user, db, host, tables_priv, columns_priv, or procs_priv tables. (You may find it helpful to refer to Section 5.4.2, “Privilege System Grant Tables”, which lists the columns present in each of the grant tables.)

The user table grants privileges that are assigned to you on a global basis and that apply no matter what the default database is. For example, if the user table grants you the DELETE privilege, you can delete rows from any table in any database on the server host! In other words, user table privileges are superuser privileges. It is wise to grant privileges in the user table only to superusers such as database administrators. For other users, you should leave all privileges in the user table set to 'N' and grant privileges at more specific levels only. You can grant privileges for particular databases, tables, columns, or routines.

The db and host tables grant database-specific privileges. Values in the scope columns of these tables can take the following forms:

  • A blank User value in the db table matches the anonymous user. A nonblank value matches literally; there are no wildcards in user names.

  • The wildcard characters “%” and “_” can be used in the Host and Db columns of either table. These have the same meaning as for pattern-matching operations performed with the LIKE operator. If you want to use either character literally when granting privileges, you must escape it with a backslash. For example, to include the underscore character (“_”) as part of a database name, specify it as “\_” in the GRANT statement.

  • A '%' Host value in the db table means “any host.” A blank Host value in the db table means “consult the host table for further information” (a process that is described later in this section).

  • A '%' or blank Host value in the host table means “any host.

  • A '%' or blank Db value in either table means “any database.

The server reads the db and host tables into memory and sorts them at the same time that it reads the user table. The server sorts the db table based on the Host, Db, and User scope columns, and sorts the host table based on the Host and Db scope columns. As with the user table, sorting puts the most-specific values first and least-specific values last, and when the server looks for matching entries, it uses the first match that it finds.

The tables_priv, columns_priv, and procs_priv tables grant table-specific, column-specific, and routine-specific privileges. Values in the scope columns of these tables can take the following forms:

  • The wildcard characters “%” and “_” can be used in the Host column. These have the same meaning as for pattern-matching operations performed with the LIKE operator.

  • A '%' or blank Host value means “any host.

  • The Db, Table_name, Column_name, and Routine_name columns cannot contain wildcards or be blank.

The server sorts the tables_priv, columns_priv, and procs_priv tables based on the Host, Db, and User columns. This is similar to db table sorting, but simpler because only the Host column can contain wildcards.

The server uses the sorted tables to verify each request that it receives. For requests that require administrative privileges such as SHUTDOWN or RELOAD, the server checks only the user table row because that is the only table that specifies administrative privileges. The server grants access if the row allows the requested operation and denies access otherwise. For example, if you want to execute mysqladmin shutdown but your user table row doesn't grant the SHUTDOWN privilege to you, the server denies access without even checking the db or host tables. (They contain no Shutdown_priv column, so there is no need to do so.)

For database-related requests (INSERT, UPDATE, and so on), the server first checks the user's global (superuser) privileges by looking in the user table row. If the row allows the requested operation, access is granted. If the global privileges in the user table are insufficient, the server determines the user's database-specific privileges by checking the db and host tables:

  1. The server looks in the db table for a match on the Host, Db, and User columns. The Host and User columns are matched to the connecting user's host name and MySQL user name. The Db column is matched to the database that the user wants to access. If there is no row for the Host and User, access is denied.

  2. If there is a matching db table row and its Host column is not blank, that row defines the user's database-specific privileges.

  3. If the matching db table row's Host column is blank, it signifies that the host table enumerates which hosts should be allowed access to the database. In this case, a further lookup is done in the host table to find a match on the Host and Db columns. If no host table row matches, access is denied. If there is a match, the user's database-specific privileges are computed as the intersection (not the union!) of the privileges in the db and host table entries; that is, the privileges that are 'Y' in both entries. (This way you can grant general privileges in the db table row and then selectively restrict them on a host-by-host basis using the host table entries.)

After determining the database-specific privileges granted by the db and host table entries, the server adds them to the global privileges granted by the user table. If the result allows the requested operation, access is granted. Otherwise, the server successively checks the user's table and column privileges in the tables_priv and columns_priv tables, adds those to the user's privileges, and allows or denies access based on the result. For stored-routine operations, the server uses the procs_priv table rather than tables_priv and columns_priv.

Expressed in boolean terms, the preceding description of how a user's privileges are calculated may be summarized like this:

global privileges
OR (database privileges AND host privileges)
OR table privileges
OR column privileges
OR routine privileges

It may not be apparent why, if the global user row privileges are initially found to be insufficient for the requested operation, the server adds those privileges to the database, table, and column privileges later. The reason is that a request might require more than one type of privilege. For example, if you execute an INSERT INTO ... SELECT statement, you need both the INSERT and the SELECT privileges. Your privileges might be such that the user table row grants one privilege and the db table row grants the other. In this case, you have the necessary privileges to perform the request, but the server cannot tell that from either table by itself; the privileges granted by the entries in both tables must be combined.

The host table is not affected by the GRANT or REVOKE statements, so it is unused in most MySQL installations. If you modify it directly, you can use it for some specialized purposes, such as to maintain a list of secure servers on the local network that are granted all privileges.

You can also use the host table to indicate hosts that are not secure. Suppose that you have a machine public.your.domain that is located in a public area that you do not consider secure. You can enable access to all hosts on your network except that machine by using host table entries like this:

+--------------------+----+-
| Host               | Db | ...
+--------------------+----+-
| public.your.domain | %  | ... (all privileges set to 'N')
| %.your.domain      | %  | ... (all privileges set to 'Y')
+--------------------+----+-

5.4.6. When Privilege Changes Take Effect

When mysqld starts, it reads all grant table contents into memory. The in-memory tables become effective for access control at that point.

If you modify the grant tables indirectly using account-management statements such as GRANT, REVOKE, or SET PASSWORD, the server notices these changes and loads the grant tables into memory again immediately.

If you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE, your changes have no effect on privilege checking until you either restart the server or tell it to reload the tables. If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!

To tell the sever to reload the grant tables, perform a flush-privileges operation. This can be done by issuing a FLUSH PRIVILEGES statement or by executing a mysqladmin flush-privileges or mysqladmin reload command.

When the server reloads the grant tables, privileges for each existing client connection are affected as follows:

  • Table and column privilege changes take effect with the client's next request.

  • Database privilege changes take effect the next time the client executes a USE db_name statement.

    Note

    Client applications may cache the database name; thus, this effect may not be visible to them without actually changing to a different database or flushing the privileges.

  • Global privileges and passwords are unaffected for a connected client. These changes take effect only for subsequent connections.

If the server is started with the --skip-grant-tables option, it does not read the grant tables or implement any access control. Anyone can connect and do anything. To cause a server thus started to read the tables and enable access checking, flush the privileges.

5.4.7. Causes of Access-Denied Errors

If you encounter problems when you try to connect to the MySQL server, the following items describe some courses of action you can take to correct the problem.

  • Make sure that the server is running. If it is not, clients cannot connect to it. For example, if an attempt to connect to the server fails with a message such as one of those following, one cause might be that the server is not running:

    shell> mysql
    ERROR 2003: Can't connect to MySQL server on 'host_name' (111)
    shell> mysql
    ERROR 2002: Can't connect to local MySQL server through socket
    '/tmp/mysql.sock' (111)
    
  • It might be that the server is running, but you are trying to connect using a TCP/IP port, named pipe, or Unix socket file different from the one on which the server is listening. To correct this when you invoke a client program, specify a --port option to indicate the proper port number, or a --socket option to indicate the proper named pipe or Unix socket file. To find out where the socket file is, you can use this command:

    shell> netstat -ln | grep mysql
    
  • Make sure that the server has not been configured to ignore network connections or (if you are attempting to connect remotely) that it has not been configured to listen only locally on its network interfaces. If the server was started with --skip-networking, it will not accept TCP/IP connections at all. If the server was started with --bind-address=127.0.0.1, it will listen for TCP/IP connections only locally on the loopback interface and will not accept remote connections.

  • Check to make sure that there is no firewall blocking access to MySQL. Your firewall may be configured on the basis of the application being executed, or the port number used by MySQL for communication (3306 by default). Under Linux or Unix, check your IP tables (or similar) configuration to ensure that the port has not been blocked. Under Windows, applications such as ZoneAlarm or the Windows XP personal firewall may need to be configured not to block the MySQL port.

  • The grant tables must be properly set up so that the server can use them for access control. For some distribution types (such as binary distributions on Windows, or RPM distributions on Linux), the installation process initializes the mysql database containing the grant tables. For distributions that do not do this, you must initialize the grant tables manually by running the mysql_install_db script. For details, see Section 2.17.2, “Unix Post-Installation Procedures”.

    To determine whether you need to initialize the grant tables, look for a mysql directory under the data directory. (The data directory normally is named data or var and is located under your MySQL installation directory.) Make sure that you have a file named user.MYD in the mysql database directory. If not, execute the mysql_install_db script. After running this script and starting the server, test the initial privileges by executing this command:

    shell> mysql -u root test
    

    The server should let you connect without error.

  • After a fresh installation, you should connect to the server and set up your users and their access permissions:

    shell> mysql -u root mysql
    

    The server should let you connect because the MySQL root user has no password initially. That is also a security risk, so setting the password for the root accounts is something you should do while you're setting up your other MySQL accounts. For instructions on setting the initial passwords, see Section 2.17.3, “Securing the Initial MySQL Accounts”.

    MySQL Enterprise The MySQL Enterprise Monitor enforces security-related best practices. For example, subscribers are alerted whenever there is any account without a password. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

  • If you have updated an existing MySQL installation to a newer version, did you run the mysql_upgrade script? If not, do so. The structure of the grant tables changes occasionally when new capabilities are added, so after an upgrade you should always make sure that your tables have the current structure. For instructions, see Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.

  • If a client program receives the following error message when it tries to connect, it means that the server expects passwords in a newer format than the client is capable of generating:

    shell> mysql
    Client does not support authentication protocol requested
    by server; consider upgrading MySQL client
    

    For information on how to deal with this, see Section 5.5.6.3, “Password Hashing in MySQL”, and Section B.5.2.4, “Client does not support authentication protocol.

  • Remember that client programs use connection parameters specified in option files or environment variables. If a client program seems to be sending incorrect default connection parameters when you have not specified them on the command line, check any applicable option files and your environment. For example, if you get Access denied when you run a client without any options, make sure that you have not specified an old password in any of your option files!

    You can suppress the use of option files by a client program by invoking it with the --no-defaults option. For example:

    shell> mysqladmin --no-defaults -u root version
    

    The option files that clients use are listed in Section 4.2.3.3, “Using Option Files”. Environment variables are listed in Section 2.20, “Environment Variables”.

  • If you get the following error, it means that you are using an incorrect root password:

    shell> mysqladmin -u root -pxxxx ver
    Access denied for user 'root'@'localhost' (using password: YES)
    

    If the preceding error occurs even when you have not specified a password, it means that you have an incorrect password listed in some option file. Try the --no-defaults option as described in the previous item.

    For information on changing passwords, see Section 5.5.5, “Assigning Account Passwords”.

    If you have lost or forgotten the root password, see Section B.5.4.1, “How to Reset the Root Password”.

  • If you change a password by using SET PASSWORD, INSERT, or UPDATE, you must encrypt the password using the PASSWORD() function. If you do not use PASSWORD() for these statements, the password will not work. For example, the following statement assigns a password, but fails to encrypt it, so the user is not able to connect afterward:

    SET PASSWORD FOR 'abe'@'host_name' = 'eagle';
    

    Instead, set the password like this:

    SET PASSWORD FOR 'abe'@'host_name' = PASSWORD('eagle');
    

    The PASSWORD() function is unnecessary when you specify a password using the GRANT or (beginning with MySQL 5.0.2) CREATE USER statements, or the mysqladmin password command. Each of those automatically uses PASSWORD() to encrypt the password. See Section 5.5.5, “Assigning Account Passwords”, and Section 12.5.1.1, “CREATE USER Syntax”.

  • localhost is a synonym for your local host name, and is also the default host to which clients try to connect if you specify no host explicitly.

    To avoid this problem on such systems, you can use a --host=127.0.0.1 option to name the server host explicitly. This will make a TCP/IP connection to the local mysqld server. You can also use TCP/IP by specifying a --host option that uses the actual host name of the local host. In this case, the host name must be specified in a user table row on the server host, even though you are running the client program on the same host as the server.

  • The Access denied error message tells you who you are trying to log in as, the client host from which you are trying to connect, and whether you were using a password. Normally, you should have one row in the user table that exactly matches the host name and user name that were given in the error message. For example, if you get an error message that contains using password: NO, it means that you tried to log in without a password.

  • If you get an Access denied error when trying to connect to the database with mysql -u user_name, you may have a problem with the user table. Check this by executing mysql -u root mysql and issuing this SQL statement:

    SELECT * FROM user;
    

    The result should include a row with the Host and User columns matching your client's host name and your MySQL user name.

  • If the following error occurs when you try to connect from a host other than the one on which the MySQL server is running, it means that there is no row in the user table with a Host value that matches the client host:

    Host ... is not allowed to connect to this MySQL server
    

    You can fix this by setting up an account for the combination of client host name and user name that you are using when trying to connect.

    If you do not know the IP number or host name of the machine from which you are connecting, you should put a row with '%' as the Host column value in the user table. After trying to connect from the client machine, use a SELECT USER() query to see how you really did connect. Then change the '%' in the user table row to the actual host name that shows up in the log. Otherwise, your system is left insecure because it allows connections from any host for the given user name.

    On Linux, another reason that this error might occur is that you are using a binary MySQL version that is compiled with a different version of the glibc library than the one you are using. In this case, you should either upgrade your operating system or glibc, or download a source distribution of MySQL version and compile it yourself. A source RPM is normally trivial to compile and install, so this is not a big problem.

  • If you specify a host name when trying to connect, but get an error message where the host name is not shown or is an IP number, it means that the MySQL server got an error when trying to resolve the IP number of the client host to a name:

    shell> mysqladmin -u root -pxxxx -h some_hostname ver
    Access denied for user 'root'@'' (using password: YES)
    

    If you try to connect as root and get the following error, it means that you do not have a row in the user table with a User column value of 'root' and that mysqld cannot resolve the host name for your client:

    Access denied for user ''@'unknown'
    

    These errors indicate a DNS problem. To fix it, execute mysqladmin flush-hosts to reset the internal DNS host name cache. See Section 7.5.11, “How MySQL Uses DNS”.

    Some permanent solutions are:

    • Determine what is wrong with your DNS server and fix it.

    • Specify IP numbers rather than host names in the MySQL grant tables.

    • Put an entry for the client machine name in /etc/hosts on Unix or \windows\hosts on Windows.

    • Start mysqld with the --skip-name-resolve option.

    • Start mysqld with the --skip-host-cache option.

    • On Unix, if you are running the server and the client on the same machine, connect to localhost. Unix connections to localhost use a Unix socket file rather than TCP/IP.

    • On Windows, if you are running the server and the client on the same machine and the server supports named pipe connections, connect to the host name . (period). Connections to . use a named pipe rather than TCP/IP.

  • If mysql -u root test works but mysql -h your_hostname -u root test results in Access denied (where your_hostname is the actual host name of the local host), you may not have the correct name for your host in the user table. A common problem here is that the Host value in the user table row specifies an unqualified host name, but your system's name resolution routines return a fully qualified domain name (or vice versa). For example, if you have an entry with host 'pluto' in the user table, but your DNS tells MySQL that your host name is 'pluto.example.com', the entry does not work. Try adding an entry to the user table that contains the IP number of your host as the Host column value. (Alternatively, you could add an entry to the user table with a Host value that contains a wildcard; for example, 'pluto.%'. However, use of Host values ending with “%” is insecure and is not recommended!)

  • If mysql -u user_name test works but mysql -u user_name other_db does not, you have not granted access to the given user for the database named other_db.

  • If mysql -u user_name works when executed on the server host, but mysql -h host_name -u user_name does not work when executed on a remote client host, you have not enabled access to the server for the given user name from the remote host.

  • If you cannot figure out why you get Access denied, remove from the user table all entries that have Host values containing wildcards (entries that contain '%' or '_' characters). A very common error is to insert a new entry with Host='%' and User='some_user', thinking that this allows you to specify localhost to connect from the same machine. The reason that this does not work is that the default privileges include an entry with Host='localhost' and User=''. Because that entry has a Host value 'localhost' that is more specific than '%', it is used in preference to the new entry when connecting from localhost! The correct procedure is to insert a second entry with Host='localhost' and User='some_user', or to delete the entry with Host='localhost' and User=''. After deleting the entry, remember to issue a FLUSH PRIVILEGES statement to reload the grant tables. See also Section 5.4.4, “Access Control, Stage 1: Connection Verification”.

  • If you are able to connect to the MySQL server, but get an Access denied message whenever you issue a SELECT ... INTO OUTFILE or LOAD DATA INFILE statement, your entry in the user table does not have the FILE privilege enabled.

  • If you change the grant tables directly (for example, by using INSERT, UPDATE, or DELETE statements) and your changes seem to be ignored, remember that you must execute a FLUSH PRIVILEGES statement or a mysqladmin flush-privileges command to cause the server to reload the privilege tables. Otherwise, your changes have no effect until the next time the server is restarted. Remember that after you change the root password with an UPDATE command, you will not need to specify the new password until after you flush the privileges, because the server will not know you've changed the password yet!

  • If your privileges seem to have changed in the middle of a session, it may be that a MySQL administrator has changed them. Reloading the grant tables affects new client connections, but it also affects existing connections as indicated in Section 5.4.6, “When Privilege Changes Take Effect”.

  • If you have access problems with a Perl, PHP, Python, or ODBC program, try to connect to the server with mysql -u user_name db_name or mysql -u user_name -pyour_pass db_name. If you are able to connect using the mysql client, the problem lies with your program, not with the access privileges. (There is no space between -p and the password; you can also use the --password=your_pass syntax to specify the password. If you use the -p or --password option with no password value, MySQL prompts you for the password.)

  • For testing purposes, start the mysqld server with the --skip-grant-tables option. Then you can change the MySQL grant tables and use the mysqlaccess script to check whether your modifications have the desired effect. When you are satisfied with your changes, execute mysqladmin flush-privileges to tell the mysqld server to reload the privileges. This enables you to begin using the new grant table contents without stopping and restarting the server.

  • If you get the following error, you may have a problem with the db or host table:

    Access to database denied
    

    If the entry selected from the db table has an empty value in the Host column, make sure that there are one or more corresponding entries in the host table specifying which hosts the db table entry applies to. This problem occurs infrequently because the host table is rarely used.

  • If everything else fails, start the mysqld server with a debugging option (for example, --debug=d,general,query). This prints host and user information about attempted connections, as well as information about each command issued. See MySQL Internals: Porting.

  • If you have any other problems with the MySQL grant tables and feel you must post the problem to the mailing list, always provide a dump of the MySQL grant tables. You can dump the tables with the mysqldump mysql command. To file a bug report, see the instructions at Section 1.7, “How to Report Bugs or Problems”. In some cases, you may need to restart mysqld with --skip-grant-tables to run mysqldump.

5.5. MySQL User Account Management

This section describes how to set up accounts for clients of your MySQL server. It discusses the following topics:

  • The meaning of account names and passwords as used in MySQL and how that compares to names and passwords used by your operating system

  • How to set up new accounts and remove existing accounts

  • How to change passwords

  • Guidelines for using passwords securely

  • How to use secure connections with SSL

See also Section 12.5.1, “Account Management Statements”, which describes the syntax and use for all user-management SQL statements.

5.5.1. User Names and Passwords

A MySQL account is defined in terms of a user name and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system:

  • User names, as used by MySQL for authentication purposes, have nothing to do with user names (login names) as used by Windows or Unix. On Unix, most MySQL clients by default try to log in using the current Unix user name as the MySQL user name, but that is for convenience only. The default can be overridden easily, because client programs allow any user name to be specified with a -u or --user option. Because this means that anyone can attempt to connect to the server using any user name, you cannot make a database secure in any way unless all MySQL accounts have passwords. Anyone who specifies a user name for an account that has no password is able to connect successfully to the server.

  • MySQL user names can be up to 16 characters long. Operating system user names, because they are completely unrelated to MySQL user names, may be of a different maximum length. For example, Unix user names typically are limited to eight characters.

    Warning

    The limit on MySQL user name length is hard-coded in the MySQL servers and clients, and trying to circumvent it by modifying the definitions of the tables in the mysql database does not work.

    You should never alter any of the tables in the mysql database in any manner whatsoever except by means of the procedure that is described in Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”. Attempting to redefine MySQL's system tables in any other fashion results in undefined (and unsupported!) behavior.

  • MySQL passwords have nothing to do with passwords for logging in to your operating system. There is no necessary connection between the password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.

  • MySQL encrypts passwords using its own algorithm. This encryption is the same as that implemented by the PASSWORD() SQL function but differs from that used during the Unix login process. Unix password encryption is the same as that implemented by the ENCRYPT() SQL function. See the descriptions of the PASSWORD() and ENCRYPT() functions in Section 11.10.2, “Encryption and Compression Functions”.

    From version 4.1 on, MySQL employs a stronger authentication method that has better password protection during the connection process than in earlier versions. It is secure even if TCP/IP packets are sniffed or the mysql database is captured. (In earlier versions, even though passwords are stored in encrypted form in the user table, knowledge of the encrypted password value could be used to connect to the MySQL server.) Section 5.5.6.3, “Password Hashing in MySQL”, discusses password encryption further.

When you install MySQL, the grant tables are populated with an initial set of accounts. These accounts have names and access privileges that are described in Section 2.17.3, “Securing the Initial MySQL Accounts”, which also discusses how to assign passwords to them. Thereafter, you normally set up, modify, and remove MySQL accounts using statements such as GRANT and REVOKE. See Section 12.5.1, “Account Management Statements”.

When you connect to a MySQL server with a command-line client, you should specify the user name and password for the account that you want to use:

shell> mysql --user=monty --password=guess db_name

If you prefer short options, the command looks like this:

shell> mysql -u monty -pguess db_name

There must be no space between the -p option and the following password value. For additional information about specifying user names, passwords, and other connection parameters, see Section 4.2.2, “Connecting to the MySQL Server”.

5.5.2. Adding User Accounts

You can create MySQL accounts in two ways:

  • By using statements intended for creating accounts, such as CREATE USER or GRANT. These statements cause the server to make appropriate modifications to the grant tables.

  • By manipulating the MySQL grant tables directly with statements such as INSERT, UPDATE, or DELETE.

The preferred method is to use account-creation statements because they are more concise and less error-prone than manipulating the grant tables directly. CREATE USER and GRANT are described in Section 12.5.1, “Account Management Statements”.

Another option for creating accounts is to use one of several available third-party programs that offer capabilities for MySQL account administration. phpMyAdmin is one such program.

The following examples show how to use the mysql client program to set up new accounts. These examples assume that privileges have been set up according to the defaults described in Section 2.17.3, “Securing the Initial MySQL Accounts”. This means that to make changes, you must connect to the MySQL server as the MySQL root user, and the root account must have the INSERT privilege for the mysql database and the RELOAD administrative privilege.

As noted in the examples where appropriate, some of the statements will fail if the server's SQL mode has been set to enable certain restrictions. In particular, strict mode (STRICT_TRANS_TABLES, STRICT_ALL_TABLES) and NO_AUTO_CREATE_USER will prevent the server from accepting some of the statements. Workarounds are indicated for these cases. For more information about SQL modes and their effect on grant table manipulation, see Section 5.1.7, “Server SQL Modes”, and Section 12.5.1.3, “GRANT Syntax”.

First, use the mysql program to connect to the server as the MySQL root user:

shell> mysql --user=root mysql

If you have assigned a password to the root account, you'll also need to supply a --password or -p option, both for this mysql command and for those later in this section.

After connecting to the server as root, you can add new accounts. The following statements use GRANT to set up four new accounts:

mysql> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
    ->     WITH GRANT OPTION;
mysql> CREATE USER 'monty'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
    ->     WITH GRANT OPTION;
mysql> CREATE USER 'admin'@'localhost';
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';
mysql> CREATE USER 'dummy'@'localhost';

The accounts created by these statements have the following properties:

  • Two of the accounts have a user name of monty and a password of some_pass. Both accounts are superuser accounts with full privileges to do anything. The 'monty'@'localhost' account can be used only when connecting from the local host. The 'monty'@'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.

    It is necessary to have both accounts for monty to be able to connect from anywhere as monty. Without the localhost account, the anonymous-user account for localhost that is created by mysql_install_db would take precedence when monty connects from the local host. As a result, monty would be treated as an anonymous user. The reason for this is that the anonymous-user account has a more specific Host column value than the 'monty'@'%' account and thus comes earlier in the user table sort order. (user table sorting is discussed in Section 5.4.4, “Access Control, Stage 1: Connection Verification”.)

  • The 'admin'@'localhost' account has no password. This account can be used only by admin to connect from the local host. It is granted the RELOAD and PROCESS administrative privileges. These privileges allow the admin user to execute the mysqladmin reload, mysqladmin refresh, and mysqladmin flush-xxx commands, as well as mysqladmin processlist . No privileges are granted for accessing any databases. You could add such privileges later by issuing additional GRANT statements.

  • The 'dummy'@'localhost' account has no password. This account can be used only to connect from the local host. No privileges are granted. It is assumed that you will grant specific privileges to the account later.

The statements that create accounts with no password will fail if the NO_AUTO_CREATE_USER SQL mode is enabled. To deal with this, use an IDENTIFIED BY clause that specifies a nonempty password.

To check the privileges for an account, use SHOW GRANTS:

mysql> SHOW GRANTS FOR 'admin'@'localhost';
+-----------------------------------------------------+
| Grants for admin@localhost                          |
+-----------------------------------------------------+
| GRANT RELOAD, PROCESS ON *.* TO 'admin'@'localhost' |
+-----------------------------------------------------+

As an alternative to CREATE USER and GRANT, you can create the same accounts directly by issuing INSERT statements and then telling the server to reload the grant tables using FLUSH PRIVILEGES:

shell> mysql --user=root mysql
mysql> INSERT INTO user
    ->     VALUES('localhost','monty',PASSWORD('some_pass'),
    ->     'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO user
    ->     VALUES('%','monty',PASSWORD('some_pass'),
    ->     'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
    ->     'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
    ->     '','','','',0,0,0,0);
mysql> INSERT INTO user SET Host='localhost',User='admin',
    ->     Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
    ->     VALUES('localhost','dummy','');
mysql> FLUSH PRIVILEGES;

When you create accounts with INSERT, it is necessary to use FLUSH PRIVILEGES to tell the server to reload the grant tables. Otherwise, the changes go unnoticed until you restart the server. With CREATE USER, FLUSH PRIVILEGES is unnecessary.

The reason for using the PASSWORD() function with INSERT is to encrypt the password. The CREATE USER statement encrypts the password for you, so PASSWORD() is unnecessary.

The 'Y' values enable privileges for the accounts. Depending on your MySQL version, you may have to use a different number of 'Y' values in the first two INSERT statements. The INSERT statement for the admin account employs the more readable extended INSERT syntax using SET.

In the INSERT statement for the dummy account, only the Host, User, and Password columns in the user table row are assigned values. None of the privilege columns are set explicitly, so MySQL assigns them all the default value of 'N'. This is equivalent to what CREATE USER does.

If strict SQL mode is enabled, all columns that have no default value must have a value specified. In this case, INSERT statements must explicitly specify values for the ssl_cipher, x509_issuer, and x509_subject columns.

To set up a superuser account, it is necessary only to create a user table entry with the privilege columns set to 'Y'. The user table privileges are global, so no entries in any of the other grant tables are needed.

The next examples create three accounts and give them access to specific databases. Each of them has a user name of custom and password of obscure.

To create the accounts with CREATE USER and GRANT, use the following statements:

shell> mysql --user=root mysql
mysql> CREATE USER 'custom'@'localhost' IDENTIFIED BY 'obscure';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
    ->     ON bankaccount.*
    ->     TO 'custom'@'localhost';
mysql> CREATE USER 'custom'@'host47.example.com' IDENTIFIED BY 'obscure';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
    ->     ON expenses.*
    ->     TO 'custom'@'host47.example.com';
mysql> CREATE USER 'custom'@'server.domain' IDENTIFIED BY 'obscure';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
    ->     ON customer.*
    ->     TO 'custom'@'server.domain';

The three accounts can be used as follows:

  • The first account can access the bankaccount database, but only from the local host.

  • The second account can access the expenses database, but only from the host host47.example.com.

  • The third account can access the customer database, but only from the host server.domain.

To set up the custom accounts without GRANT, use INSERT statements as follows to modify the grant tables directly:

shell> mysql --user=root mysql
mysql> INSERT INTO user (Host,User,Password)
    ->     VALUES('localhost','custom',PASSWORD('obscure'));
mysql> INSERT INTO user (Host,User,Password)
    ->     VALUES('host47.example.com','custom',PASSWORD('obscure'));
mysql> INSERT INTO user (Host,User,Password)
    ->     VALUES('server.domain','custom',PASSWORD('obscure'));
mysql> INSERT INTO db
    ->     (Host,Db,User,Select_priv,Insert_priv,
    ->     Update_priv,Delete_priv,Create_priv,Drop_priv)
    ->     VALUES('localhost','bankaccount','custom',
    ->     'Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO db
    ->     (Host,Db,User,Select_priv,Insert_priv,
    ->     Update_priv,Delete_priv,Create_priv,Drop_priv)
    ->     VALUES('host47.example.com','expenses','custom',
    ->     'Y','Y','Y','Y','Y','Y');
mysql> INSERT INTO db
    ->     (Host,Db,User,Select_priv,Insert_priv,
    ->     Update_priv,Delete_priv,Create_priv,Drop_priv)
    ->     VALUES('server.domain','customer','custom',
    ->     'Y','Y','Y','Y','Y','Y');
mysql> FLUSH PRIVILEGES;

The first three INSERT statements add user table entries that allow the user custom to connect from the various hosts with the given password, but grant no global privileges (all privileges are set to the default value of 'N'). The next three INSERT statements add db table entries that grant privileges to custom for the bankaccount, expenses, and customer databases, but only when accessed from the proper hosts. As usual when you modify the grant tables directly, you must tell the server to reload them with FLUSH PRIVILEGES so that the privilege changes take effect.

To create a user who has access from all machines in a given domain (for example, mydomain.com), you can use the “%” wildcard character in the host part of the account name:

mysql> CREATE USER 'myname'@'%.mydomain.com' IDENTIFIED BY 'mypass';

To do the same thing by modifying the grant tables directly, do this:

mysql> INSERT INTO user (Host,User,Password,...)
    ->     VALUES('%.mydomain.com','myname',PASSWORD('mypass'),...);
mysql> FLUSH PRIVILEGES;

5.5.3. Removing User Accounts

To remove an account, use the DROP USER statement, which is described in Section 12.5.1.2, “DROP USER Syntax”.

5.5.4. Limiting Account Resources

One means of limiting use of MySQL server resources is to set the max_user_connections system variable to a nonzero value. However, this limits only the number of simultaneous connections made using a single account, and not what a client can do once connected. In addition, this method is strictly global, and does not allow for management of individual accounts. Both types of control are of interest to many MySQL administrators, particularly those working for Internet Service Providers.

In MySQL 5.0, you can limit the following server resources for individual accounts:

  • The number of queries that an account can issue per hour

  • The number of updates that an account can issue per hour

  • The number of times an account can connect to the server per hour

  • The number of simultaneous connections to the server an account can have (as of MySQL 5.0.3)

Any statement that a client can issue counts against the query limit. Only statements that modify databases or tables count against the update limit.

Before MySQL 5.0.3, an “account” in this context is assessed against the actual host from which a user connects. Suppose that there is a row in the user table that has User and Host values of usera and %.example.com, to allow usera to connect from any host in the example.com domain. If usera connects simultaneously from host1.example.com and host2.example.com, the server applies the account resource limits separately to each connection. If usera connects again from host1.example.com, the server applies the limits for that connection together with the existing connection from that host.

As of MySQL 5.0.3, an “account” corresponds to a single row in the user table. That is, connections are assessed against the User and Host value in the user table row that applies to the connection. In this case, the server applies resource limits collectively to all connections by usera from any host in the example.com domain because all such connections use the same account. The pre-5.0.3 method of accounting may be selected by starting the server with the --old-style-user-limits option.

The server limits account resources based on the resource-related columns of the user table in the mysql database: max_questions, max_updates, max_connections, and max_user_connections. If your user table does not have these columns, it must be upgraded; see Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.

To set resource limits, use the GRANT statement and provide a WITH clause that names each resource to be limited. For example, to create a new account that can access the customer database, but only in a limited fashion, issue these statements:

mysql> CREATE USER 'francis'@'localhost' IDENTIFIED BY 'frank';
mysql> GRANT ALL ON customer.* TO 'francis'@'localhost'
    ->     WITH MAX_QUERIES_PER_HOUR 20
    ->          MAX_UPDATES_PER_HOUR 10
    ->          MAX_CONNECTIONS_PER_HOUR 5
    ->          MAX_USER_CONNECTIONS 2;

The limit types need not all be named in the WITH clause, but those named can be present in any order. The value for each per-hour limit should be an integer representing a count per hour. If the GRANT statement has no WITH clause, the limits are each set to the default value of zero (that is, no limit). For MAX_USER_CONNECTIONS, the limit is an integer representing the maximum number of simultaneous connections the account can make at any one time. If the limit is set to the default value of zero, the max_user_connections system variable determines the number of simultaneous connections for the account.

To modify limits for an existing account, use a GRANT USAGE statement at the global level (ON *.*). The following statement changes the query limit for francis to 100:

mysql> GRANT USAGE ON *.* TO 'francis'@'localhost'
    ->     WITH MAX_QUERIES_PER_HOUR 100;

This statement leaves the account's existing privileges unchanged and modifies only the limit values specified.

To remove an existing limit, set its value to zero. For example, to remove the limit on how many times per hour francis can connect, use this statement:

mysql> GRANT USAGE ON *.* TO 'francis'@'localhost'
    ->     WITH MAX_CONNECTIONS_PER_HOUR 0;

Resource-use counting takes place when any account has a nonzero limit placed on its use of any of the resources.

As the server runs, it counts the number of times each account uses resources. If an account reaches its limit on number of connections within the last hour, further connections for the account are rejected until that hour is up. Similarly, if the account reaches its limit on the number of queries or updates, further queries or updates are rejected until the hour is up. In all such cases, an appropriate error message is issued.

Resource counting is done per account, not per client. For example, if your account has a query limit of 50, you cannot increase your limit to 100 by making two simultaneous client connections to the server. Queries issued on both connections are counted together.

Queries for which results are served from the query cache do not count against the MAX_QUERIES_PER_HOUR limit.

The current per-hour resource-use counts can be reset globally for all accounts, or individually for a given account:

  • To reset the current counts to zero for all accounts, issue a FLUSH USER_RESOURCES statement. The counts also can be reset by reloading the grant tables (for example, with a FLUSH PRIVILEGES statement or a mysqladmin reload command).

  • The counts for an individual account can be set to zero by re-granting it any of its limits. To do this, use GRANT USAGE as described earlier and specify a limit value equal to the value that the account currently has.

Counter resets do not affect the MAX_USER_CONNECTIONS limit.

All counts begin at zero when the server starts; counts are not carried over through a restart.

For the MAX_USER_CONNECTIONS limit, an edge case can occur if the account currently has open the maximum number of connections allowed to it: A disconnect followed quickly by a connect can result in an error (ER_TOO_MANY_USER_CONNECTIONS or ER_USER_LIMIT_REACHED) if the server has not fully processed the disconnect by the time the connect occurs. When the server finishes disconnect processing, another connection will once more be allowed.

5.5.5. Assigning Account Passwords

To assign a password when you create a new account with CREATE USER, include an IDENTIFIED BY clause:

mysql> CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'biscuit';

To assign or change a password for an existing account, one way is to issue a SET PASSWORD statement:

mysql> SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('biscuit');

Only users such as root that have update access to the mysql database can change the password for other users. If you are not connected as an anonymous user, you can change your own password by omitting the FOR clause:

mysql> SET PASSWORD = PASSWORD('biscuit');

You can also use a GRANT USAGE statement at the global level (ON *.*) to assign a password to an account without affecting the account's current privileges:

mysql> GRANT USAGE ON *.* TO 'jeffrey'@'localhost' IDENTIFIED BY 'biscuit';

Passwords can be assigned from the command line by using the mysqladmin command:

shell> mysqladmin -u user_name -h host_name password "newpwd"

The account for which this command resets the password is the one with a user table row that matches user_name in the User column and the client host from which you connect in the Host column.

Although it is generally preferable to assign passwords using one of the preceding methods, you can also do so by modifying the user table directly:

  • To establish a password when creating a new account, provide a value for the Password column:

    shell> mysql -u root mysql
    mysql> INSERT INTO user (Host,User,Password)
        -> VALUES('localhost','jeffrey',PASSWORD('biscuit'));
    mysql> FLUSH PRIVILEGES;
    
  • To change the password for an existing account, use UPDATE to set the Password column value:

    shell> mysql -u root mysql
    mysql> UPDATE user SET Password = PASSWORD('bagel')
        -> WHERE Host = 'localhost' AND User = 'francis';
    mysql> FLUSH PRIVILEGES;
    

When you assign passwords using CREATE USER or GRANT with an IDENTIFIED BY clause or with the mysqladmin password command, they take care of encrypting the password for you.

When you assign an account a nonempty password using SET PASSWORD, INSERT, or UPDATE, you must use the PASSWORD() function to encrypt the password. PASSWORD() is necessary because the user table stores passwords in encrypted form, not as plaintext. If you forget that fact, you are likely to set passwords like this:

shell> mysql -u root mysql
mysql> INSERT INTO user (Host,User,Password)
    -> VALUES('localhost','jeffrey','biscuit');
mysql> FLUSH PRIVILEGES;

The result is that the literal value 'biscuit' is stored as the password in the user table, not the encrypted value. When jeffrey attempts to connect to the server using this password, the value is encrypted and compared to the value stored in the user table. However, the stored value is the literal string 'biscuit', so the comparison fails and the server rejects the connection:

shell> mysql -u jeffrey -pbiscuit test
Access denied

Note

PASSWORD() encryption differs from Unix password encryption. See Section 5.5.1, “User Names and Passwords”.

5.5.6. Password Security in MySQL

Passwords occur in several contexts within MySQL. The following sections provide guidelines that enable administrators and end users to keep these passwords secure and avoid exposing them. There is also a discussion of how MySQL uses password hashing internally.

5.5.6.1. Administrator Guidelines for Password Security

Database administrators should use the following guidelines to keep passwords secure.

MySQL stores passwords for user accounts in the mysql.user table. Access to this table should never be granted to any nonadministrative accounts.

Passwords can appear as plain text in SQL statements such as CREATE USER, GRANT, and SET PASSWORD. If these statements are logged by the MySQL server, the passwords become available to anyone with access to the logs. This applies to the general query log, the slow query log, and the binary log (see Section 5.2, “MySQL Server Logs”). To guard against unwarranted exposure to log files, they should be located in a directory that restricts access to only the server and the database administrator.

Replication slaves store the password for the replication master in the master.info file. Access to this file should be restricted to the database adminstrator.

Database backups that include tables or log files containing passwords should be protected using a restricted access mode.

5.5.6.2. End-User Guidelines for Password Security

MySQL users should use the following guidelines to keep passwords secure.

When you run a client program to connect to the MySQL server, it is inadvisable to specify your password in a way that exposes it to discovery by other users. The methods you can use to specify your password when you run client programs are listed here, along with an assessment of the risks of each method. In short, the safest methods are to have the client program prompt for the password or to specify the password in a properly protected option file.

  • Use a -pyour_pass or --password=your_pass option on the command line. For example:

    shell> mysql -u francis -pfrank db_name
    

    This is convenient but insecure, because your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrite the command-line password argument with zeros during their initialization sequence. However, there is still a brief interval during which the value is visible. Also, on some systems this overwriting strategy is ineffective and the password remains visible to ps. (SystemV Unix systems and perhaps others are subject to this problem.)

    If your operating environment is set up to display your current command in the title bar of your terminal window, the password remains visible as long as the command is running, even if the command has scrolled out of view in the window content area.

  • Use the -p or --password option on the command line with no password value specified. In this case, the client program solicits the password interactively:

    shell> mysql -u francis -p db_name
    Enter password: ********
    

    The “*” characters indicate where you enter your password. The password is not displayed as you enter it.

    It is more secure to enter your password this way than to specify it on the command line because it is not visible to other users. However, this method of entering a password is suitable only for programs that you run interactively. If you want to invoke a client from a script that runs noninteractively, there is no opportunity to enter the password from the keyboard. On some systems, you may even find that the first line of your script is read and interpreted (incorrectly) as your password.

  • Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

    [client]
    password=your_pass
    

    To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

    shell> chmod 600 .my.cnf
    

    Section 4.2.3.3, “Using Option Files”, discusses option files in more detail.

  • Store your password in the MYSQL_PWD environment variable. See Section 2.20, “Environment Variables”.

    This method of specifying your MySQL password must be considered extremely insecure and should not be used. Some versions of ps include an option to display the environment of running processes. If you set MYSQL_PWD, your password is exposed to any other user who runs ps. Even on systems without such a version of ps, it is unwise to assume that there are no other methods by which users can examine process environments.

On Unix, the mysql client writes a record of executed statements to a history file (see Section 4.5.1, “mysql — The MySQL Command-Line Tool”). By default, this file is named .mysql_history and is created in your home directory. Passwords can appear as plain text in SQL statements such as CREATE USER, GRANT, and SET PASSWORD, so if you use these statements, they are logged in the history file. To keep this file safe, use a restrictive access mode, the same way as described earlier for the .my.cnf file.

If your command interpreter is configured to maintain a history, any file in which the commands are saved will contain MySQL passwords entered on the command line. For example, bash uses ~/.bash_history. Any such file should had a restrictive access mode.

5.5.6.3. Password Hashing in MySQL

MySQL user accounts are listed in the user table of the mysql database. Each MySQL account is assigned a password, although what is stored in the Password column of the user table is not the plaintext version of the password, but a hash value computed from it. Password hash values are computed by the PASSWORD() function.

MySQL uses passwords in two phases of client/server communication:

  • When a client attempts to connect to the server, there is an initial authentication step in which the client must present a password that has a hash value matching the hash value stored in the user table for the account that the client wants to use.

  • After the client connects, it can (if it has sufficient privileges) set or change the password hashes for accounts listed in the user table. The client can do this by using the PASSWORD() function to generate a password hash, or by using the GRANT or SET PASSWORD statements.

In other words, the server uses hash values during authentication when a client first attempts to connect. The server generates hash values if a connected client invokes the PASSWORD() function or uses a GRANT or SET PASSWORD statement to set or change a password.

The password hashing mechanism was updated in MySQL 4.1 to provide better security and to reduce the risk of passwords being intercepted. However, this new mechanism is understood only by MySQL 4.1 (and newer) servers and clients, which can result in some compatibility problems. A 4.1 or newer client can connect to a pre-4.1 server, because the client understands both the old and new password hashing mechanisms. However, a pre-4.1 client that attempts to connect to a 4.1 or newer server may run into difficulties. For example, a 3.23 mysql client that attempts to connect to a 5.0 server may fail with the following error message:

shell> mysql -h localhost -u root
Client does not support authentication protocol requested
by server; consider upgrading MySQL client

Another common example of this phenomenon occurs for attempts to use the older PHP mysql extension after upgrading to MySQL 4.1 or newer. (See Section 20.9.6, “Common Problems with MySQL and PHP”.)

The following discussion describes the differences between the old and new password mechanisms, and what you should do if you upgrade your server but need to maintain backward compatibility with pre-4.1 clients. Additional information can be found in Section B.5.2.4, “Client does not support authentication protocol. This information is of particular importance to PHP programmers migrating MySQL databases from version 4.0 or lower to version 4.1 or higher.

Note

This discussion contrasts 4.1 behavior with pre-4.1 behavior, but the 4.1 behavior described here actually begins with 4.1.1. MySQL 4.1.0 is an “odd” release because it has a slightly different mechanism than that implemented in 4.1.1 and up. Differences between 4.1.0 and more recent versions are described further in MySQL 3.23, 4.0, 4.1 Reference Manual.

Prior to MySQL 4.1, password hashes computed by the PASSWORD() function are 16 bytes long. Such hashes look like this:

mysql> SELECT PASSWORD('mypass');
+--------------------+
| PASSWORD('mypass') |
+--------------------+
| 6f8c114b58f2ce9e   |
+--------------------+

The Password column of the user table (in which these hashes are stored) also is 16 bytes long before MySQL 4.1.

As of MySQL 4.1, the PASSWORD() function has been modified to produce a longer 41-byte hash value:

mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass')                        |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+

Accordingly, the Password column in the user table also must be 41 bytes long to store these values:

  • If you perform a new installation of MySQL 5.0, the Password column is made 41 bytes long automatically.

  • Upgrading from MySQL 4.1 (4.1.1 or later in the 4.1 series) to MySQL 5.0 should not give rise to any issues in this regard because both versions use the same password hashing mechanism. If you wish to upgrade an older release of MySQL to version 5.0, you should upgrade to version 4.1 first, then upgrade the 4.1 installation to 5.0.

A widened Password column can store password hashes in both the old and new formats. The format of any given password hash value can be determined two ways:

  • The obvious difference is the length (16 bytes versus 41 bytes).

  • A second difference is that password hashes in the new format always begin with a “*” character, whereas passwords in the old format never do.

The longer password hash format has better cryptographic properties, and client authentication based on long hashes is more secure than that based on the older short hashes.

The differences between short and long password hashes are relevant both for how the server uses passwords during authentication and for how it generates password hashes for connected clients that perform password-changing operations.

The way in which the server uses password hashes during authentication is affected by the width of the Password column:

  • If the column is short, only short-hash authentication is used.

  • If the column is long, it can hold either short or long hashes, and the server can use either format:

    • Pre-4.1 clients can connect, although because they know only about the old hashing mechanism, they can authenticate only using accounts that have short hashes.

    • 4.1 and later clients can authenticate using accounts that have short or long hashes.

Even for short-hash accounts, the authentication process is actually a bit more secure for 4.1 and later clients than for older clients. In terms of security, the gradient from least to most secure is:

  • Pre-4.1 client authenticating with short password hash

  • 4.1 or later client authenticating with short password hash

  • 4.1 or later client authenticating with long password hash

The way in which the server generates password hashes for connected clients is affected by the width of the Password column and by the --old-passwords option. A 4.1 or later server generates long hashes only if certain conditions are met: The Password column must be wide enough to hold long values and the --old-passwords option must not be given. These conditions apply as follows:

  • The Password column must be wide enough to hold long hashes (41 bytes). If the column has not been updated and still has the pre-4.1 width of 16 bytes, the server notices that long hashes cannot fit into it and generates only short hashes when a client performs password-changing operations using PASSWORD(), GRANT, or SET PASSWORD. This is the behavior that occurs if you have upgraded to 4.1 but have not yet run the mysql_upgrade program to widen the Password column.

  • If the Password column is wide, it can store either short or long password hashes. In this case, PASSWORD(), GRANT, and SET PASSWORD generate long hashes unless the server was started with the --old-passwords option. That option forces the server to generate short password hashes instead.

The purpose of the --old-passwords option is to enable you to maintain backward compatibility with pre-4.1 clients under circumstances where the server would otherwise generate long password hashes. The option doesn't affect authentication (4.1 and later clients can still use accounts that have long password hashes), but it does prevent creation of a long password hash in the user table as the result of a password-changing operation. Were that to occur, the account no longer could be used by pre-4.1 clients. Without the --old-passwords option, the following undesirable scenario is possible:

  • An old client connects to an account that has a short password hash.

  • The client changes its own password. Without --old-passwords, this results in the account having a long password hash.

  • The next time the old client attempts to connect to the account, it cannot, because the account has a long password hash that requires the new hashing mechanism during authentication. (Once an account has a long password hash in the user table, only 4.1 and later clients can authenticate for it, because pre-4.1 clients do not understand long hashes.)

This scenario illustrates that, if you must support older pre-4.1 clients, it is dangerous to run a 4.1 or newer server without using the --old-passwords option. By running the server with --old-passwords, password-changing operations do not generate long password hashes and thus do not cause accounts to become inaccessible to older clients. (Those clients cannot inadvertently lock themselves out by changing their password and ending up with a long password hash.)

The downside of the --old-passwords option is that any passwords you create or change use short hashes, even for 4.1 clients. Thus, you lose the additional security provided by long password hashes. If you want to create an account that has a long hash (for example, for use by 4.1 clients), you must do so while running the server without --old-passwords.

MySQL Enterprise Subscribers to the MySQL Enterprise Monitor are automatically alerted whenever a server is running with the --old-passwords option. For more information, see http://www.mysql.com/products/enterprise/advisors.html.

The following scenarios are possible for running a 4.1 or later server:

Scenario 1: Short Password column in user table:

  • Only short hashes can be stored in the Password column.

  • The server uses only short hashes during client authentication.

  • For connected clients, password hash-generating operations involving PASSWORD(), GRANT, or SET PASSWORD use short hashes exclusively. Any change to an account's password results in that account having a short password hash.

  • The --old-passwords option can be used but is superfluous because with a short Password column, the server generates only short password hashes anyway.

Scenario 2: Long Password column; server not started with --old-passwords option:

  • Short or long hashes can be stored in the Password column.

  • 4.1 and later clients can authenticate using accounts that have short or long hashes.

  • Pre-4.1 clients can authenticate only using accounts that have short hashes.

  • For connected clients, password hash-generating operations involving PASSWORD(), GRANT, or SET PASSWORD use long hashes exclusively. A change to an account's password results in that account having a long password hash.

As indicated earlier, a danger in this scenario is that it is possible for accounts that have a short password hash to become inaccessible to pre-4.1 clients. A change to such an account's password made via GRANT, PASSWORD(), or SET PASSWORD results in the account being given a long password hash. From that point on, no pre-4.1 client can authenticate to that account until the client upgrades to 4.1.

To deal with this problem, you can change a password in a special way. For example, normally you use SET PASSWORD as follows to change an account password:

SET PASSWORD FOR 'some_user'@'some_host' = PASSWORD('mypass');

To change the password but create a short hash, use the OLD_PASSWORD() function instead:

SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('mypass');

OLD_PASSWORD() is useful for situations in which you explicitly want to generate a short hash.

Scenario 3: Long Password column; 4.1 or newer server started with --old-passwords option:

  • Short or long hashes can be stored in the Password column.

  • 4.1 and later clients can authenticate for accounts that have short or long hashes (but note that it is possible to create long hashes only when the server is started without --old-passwords).

  • Pre-4.1 clients can authenticate only for accounts that have short hashes.

  • For connected clients, password hash-generating operations involving PASSWORD(), GRANT, or SET PASSWORD use short hashes exclusively. Any change to an account's password results in that account having a short password hash.

In this scenario, you cannot create accounts that have long password hashes, because the --old-passwords option prevents generation of long hashes. Also, if you create an account with a long hash before using the --old-passwords option, changing the account's password while --old-passwords is in effect results in the account being given a short password, causing it to lose the security benefits of a longer hash.

The disadvantages for these scenarios may be summarized as follows:

In scenario 1, you cannot take advantage of longer hashes that provide more secure authentication.

In scenario 2, accounts with short hashes become inaccessible to pre-4.1 clients if you change their passwords without explicitly using OLD_PASSWORD().

In scenario 3, --old-passwords prevents accounts with short hashes from becoming inaccessible, but password-changing operations cause accounts with long hashes to revert to short hashes, and you cannot change them back to long hashes while --old-passwords is in effect.

5.5.6.4. Implications of Password Hashing Changes in MySQL 4.1 for Application Programs

An upgrade to MySQL version 4.1 or later can cause compatibility issues for applications that use PASSWORD() to generate passwords for their own purposes. Applications really should not do this, because PASSWORD() should be used only to manage passwords for MySQL accounts. But some applications use PASSWORD() for their own purposes anyway.

If you upgrade to 4.1 or later from a pre-4.1 version of MySQL and run the server under conditions where it generates long password hashes, an application using PASSWORD() for its own passwords breaks. The recommended course of action in such cases is to modify the application to use another function, such as SHA1() or MD5(), to produce hashed values. If that is not possible, you can use the OLD_PASSWORD() function, which is provided for generate short hashes in the old format. However, you should note that OLD_PASSWORD() may one day no longer be supported.

If the server is running under circumstances where it generates short hashes, OLD_PASSWORD() is available but is equivalent to PASSWORD().

PHP programmers migrating their MySQL databases from version 4.0 or lower to version 4.1 or higher should see Section 20.9, “MySQL PHP API”.

5.5.7. Using SSL for Secure Connections

MySQL supports secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. This section discusses how to use SSL connections. For information on how to require users to use SSL connections, see the discussion of the REQUIRE clause of the GRANT statement in Section 12.5.1.3, “GRANT Syntax”.

The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a CPU-intensive operation that requires the computer to do additional work and can delay other MySQL tasks. For applications that require the security provided by encrypted connections, the extra computation is warranted.

MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal unencrypted connection or a secure encrypted SSL connection according the requirements of individual applications.

Secure connections are based on the OpenSSL API and are available through the MySQL C API. Replication uses the C API, so secure connections can be used between master and slave servers.

Another way to connect securely is from within an SSH connection to the MySQL server host. For an example, see Section 5.5.8, “Connecting to MySQL Remotely from Windows with SSH”.

5.5.7.1. Basic SSL Concepts

To understand how MySQL uses SSL, it is necessary to explain some basic SSL and X509 concepts. People who are familiar with these can skip this part of the discussion.

By default, MySQL uses unencrypted connections between the client and the server. This means that someone with access to the network could watch all your traffic and look at the data being sent or received. They could even change the data while it is in transit between client and server. To improve security a little, you can compress client/server traffic by using the --compress option when invoking client programs. However, this does not foil a determined attacker.

When you need to move information over a network in a secure fashion, an unencrypted connection is unacceptable. Encryption is the way to make any kind of data unreadable. In fact, today's practice requires many additional security elements from encryption algorithms. They should resist many kind of known attacks such as changing the order of encrypted messages or replaying data twice.

SSL is a protocol that uses different encryption algorithms to ensure that data received over a public network can be trusted. It has mechanisms to detect any data change, loss, or replay. SSL also incorporates algorithms that provide identity verification using the X509 standard.

X509 makes it possible to identify someone on the Internet. It is most commonly used in e-commerce applications. In basic terms, there should be some company called a “Certificate Authority” (or CA) that assigns electronic certificates to anyone who needs them. Certificates rely on asymmetric encryption algorithms that have two encryption keys (a public key and a secret key). A certificate owner can show the certificate to another party as proof of identity. A certificate consists of its owner's public key. Any data encrypted with this public key can be decrypted only using the corresponding secret key, which is held by the owner of the certificate.

If you need more information about SSL, X509, or encryption, use your favorite Internet search engine to search for the keywords in which you are interested.

5.5.7.2. Using SSL Connections

To use SSL connections between the MySQL server and client programs, your system must support either OpenSSL or yaSSL and your version of MySQL must be built with SSL support.

To make it easier to use secure connections, MySQL is bundled with yaSSL as of MySQL 5.0.10. (MySQL and yaSSL employ the same licensing model, whereas OpenSSL uses an Apache-style license.) yaSSL support initially was available only for a few platforms, but now it is available on all platforms supported by Sun Microsystems, Inc.

To get secure connections to work with MySQL and SSL, you must do the following:

  1. If you are not using a binary (precompiled) version of MySQL that has been built with SSL support, and you are going to use OpenSSL rather than the bundled yaSSL library, install OpenSSL if it has not already been installed. We have tested MySQL with OpenSSL 0.9.6. To obtain OpenSSL, visit http://www.openssl.org.

    Building MySQL using OpenSSL requires a shared OpenSSL library, otherwise linker errors occur. Alternatively, build MySQL using yaSSL.

  2. If you are not using a binary (precompiled) version of MySQL that has been built with SSL support, configure a MySQL source distribution to use SSL. When you configure MySQL, invoke the configure script with the appropriate option to select the SSL library that you want to use.

    For yaSSL:

    shell> ./configure --with-yassl
    

    For OpenSSL:

    shell> ./configure --with-openssl
    

    Before MySQL 5.0, it was also neccessary to use --with-vio, but that option is no longer required.

    Note that yaSSL support on Unix platforms requires that either /dev/urandom or /dev/random be available to retrieve true random numbers. For additional information (especially regarding yaSSL on Solaris versions prior to 2.8 and HP-UX), see Bug#13164.

  3. Make sure that the user in the mysql database includes the SSL-related columns (beginning with ssl_ and x509_). If your user table does not have these columns, it must be upgraded; see Section 4.4.9, “mysql_upgrade — Check Tables for MySQL Upgrade”.

  4. To check whether a server binary is compiled with SSL support, invoke it with the --ssl option. An error will occur if the server does not support SSL:

    shell> mysqld --ssl --help
    060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
    

    To check whether a running mysqld server supports SSL, examine the value of the have_ssl system variable (if you have no have_ssl variable, check for have_openssl):

    mysql> SHOW VARIABLES LIKE 'have_ssl';
    +---------------+-------+
    | Variable_name | Value |
    +---------------+-------+
    | have_ssl      | YES   |
    +---------------+-------+
    

    If the value is YES, the server supports SSL connections. If the value is DISABLED, the server supports SSL connections but was not started with the appropriate --ssl-xxx options (described later in this section).

To enable SSL connections, the proper SSL-related options must be used (see Section 5.5.7.3, “SSL Command Options”).

To start the MySQL server so that it allows clients to connect via SSL, use the options that identify the key and certificate files the server needs when establishing a secure connection:

shell> mysqld --ssl-ca=cacert.pem \
       --ssl-cert=server-cert.pem \
       --ssl-key=server-key.pem
  • --ssl-ca identifies the Certificate Authority (CA) certificate.

  • --ssl-cert identifies the server public key. This can be sent to the client and authenticated against the CA certificate that it has.

  • --ssl-key identifies the server private key.

To establish a secure connection to a MySQL server with SSL support, the options that a client must specify depend on the SSL requirements of the user account that the client uses. (See the discussion of the REQUIRE clause in Section 12.5.1.3, “GRANT Syntax”.)

If the account has no special SSL requirements or was created using a GRANT statement that includes the REQUIRE SSL option, a client can connect securely by using just the --ssl-ca option:

shell> mysql --ssl-ca=cacert.pem

To require that a client certificate also be specified, create the account using the REQUIRE X509 option. Then the client must also specify the proper client key and certificate files or the server will reject the connection:

shell> mysql --ssl-ca=cacert.pem \
       --ssl-cert=client-cert.pem \
       --ssl-key=client-key.pem

In other words, the options are similar to those used for the server. Note that the Certificate Authority certificate has to be the same.

A client can determine whether the current connection with the server uses SSL by checking the value of the Ssl_cipher status variable. The value of Ssl_cipher is nonempty if SSL is used, and empty otherwise. For example:

mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

For the mysql client, you can use the STATUS or \s command and check the SSL line:

mysql> \s
...
SSL:                    Not in use
...

Or:

mysql> \s
...
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
...

To establish a secure connection from within an application program, use the mysql_ssl_set() C API function to set the appropriate certificate options before calling mysql_real_connect(). See Section 20.8.3.67, “mysql_ssl_set(). After the connection is established, you can use mysql_get_ssl_cipher() to determine whether SSL is in use. A non-NULL return value indicates a secure connection and names the SSL cipher used for encryption. A NULL return value indicates that SSL is not being used. See Section 20.8.3.33, “mysql_get_ssl_cipher().

5.5.7.3. SSL Command Options

The following list describes options that are used for specifying the use of SSL, certificate files, and key files. They can be given on the command line or in an option file. These options are not available unless MySQL has been built with SSL support. See Section 5.5.7.2, “Using SSL Connections”. (There are also --master-ssl* options that can be used for setting up a secure connection from a slave replication server to a master server; see Section 16.1.2, “Replication and Binary Logging Options and Variables”.)

Table 5.7. SSL Option/Variable Summary

NameCmd-LineOption fileSystem VarStatus VarVar ScopeDynamic
have_openssl  Yes GlobalNo
have_ssl  Yes GlobalNo
skip-sslYesYes    
sslYesYes    
ssl-caYesYes  GlobalNo
- Variable: ssl_ca  Yes GlobalNo
ssl-capathYesYes  GlobalNo
- Variable: ssl_capath  Yes GlobalNo
ssl-certYesYes  GlobalNo
- Variable: ssl_cert  Yes GlobalNo
ssl-cipherYesYes  GlobalNo
- Variable: ssl_cipher  Yes GlobalNo
ssl-keyYesYes  GlobalNo
- Variable: ssl_key  Yes GlobalNo
  • --ssl

    For the server, this option specifies that the server allows SSL connections. For a client program, it allows the client to connect to the server using SSL. This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca option, and possibly the --ssl-cert and --ssl-key options.

    This option is more often used in its opposite form to override any other SSL options and indicate that SSL should not be used. To do this, specify the option as --skip-ssl or --ssl=0.

    Note that use of --ssl does not require an SSL connection. For example, if the server or client is compiled without SSL support, a normal unencrypted connection is used.

    The secure way to require use of an SSL connection is to create an account on the server that includes a REQUIRE SSL clause in the GRANT statement. Then use that account to connect to the server, where both the server and the client have SSL support enabled.

    The REQUIRE clause allows other SSL-related restrictions as well. The description of REQUIRE in Section 12.5.1.3, “GRANT Syntax”, provides additional detail about which SSL command options may or must be specified by clients that connect using accounts that are created using the various REQUIRE options.

  • --ssl-ca=file_name

    The path to a file that contains a list of trusted SSL CAs.

  • --ssl-capath=directory_name

    The path to a directory that contains trusted SSL CA certificates in PEM format.

  • --ssl-cert=file_name

    The name of the SSL certificate file to use for establishing a secure connection.

  • --ssl-cipher=cipher_list

    A list of allowable ciphers to use for SSL encryption. For greatest portability, cipher_list should be a list of one or more cipher names, separated by colons. Examples:

    --ssl-cipher=AES128-SHA
    --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA
    

    This format is understood both by OpenSSL and yaSSL. OpenSSL supports a more flexible syntax for specifying ciphers, as described in the OpenSSL documentation at http://www.openssl.org/docs/apps/ciphers.html. However, this extended syntax will fail if used with a MySQL installation compiled against yaSSL.

    If no cipher in the list is supported, SSL connections will not work.

  • --ssl-key=file_name

    The name of the SSL key file to use for establishing a secure connection.

  • --ssl-verify-server-cert

    This option is available for client programs only, not the server. It causes the server's Common Name value in the certificate that the server sends to the client to be verified against the host name that the client uses for connecting to the server, and the connection is rejected if there is a mismatch. This feature can be used to prevent man-in-the-middle attacks. Verification is disabled by default. This option was added in MySQL 5.0.23.

As of MySQL 5.0.40, if you use SSL when establishing a client connection, you can tell the client not to authenticate the server certificate by specifying neither --ssl-ca nor --ssl-capath. The server still verifies the client according to any applicable requirements established via GRANT statements for the client, and it still uses any --ssl-ca/--ssl-capath values that were passed to server at startup time.

5.5.7.4. Setting Up SSL Certificates for MySQL

This section demonstrates how to set up SSL certificate and key files for use by MySQL servers and clients. The first example shows a simplified procedure such as you might use from the command line. The second shows a script that contains more detail. The first two examples are intended for use on Unix and both use the openssl command that is part of OpenSSL. The third example describes how to set up SSL files on Windows.

Following the third example, instructions are given for using the files to test SSL connections. You can also use the files as described in Section 5.5.7.2, “Using SSL Connections”.

Example 1: Creating SSL files from the command line on Unix

The following example shows a set of commands to create MySQL server and client certificate and key files. You will need to respond to several prompts by the openssl commands. For testing, you can press Enter to all prompts. For production use, you should provide nonempty responses.

# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
         -key ca-key.pem > ca-cert.pem

# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
         -nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Example 2: Creating SSL files using a script on Unix

Here is an example script that shows how to set up SSL certificates for MySQL:

DIR=`pwd`/openssl
PRIV=$DIR/private

mkdir $DIR $PRIV $DIR/newcerts
cp /usr/share/ssl/openssl.cnf $DIR
replace ./demoCA $DIR -- $DIR/openssl.cnf

# Create necessary files: $database, $serial and $new_certs_dir
# directory (optional)

touch $DIR/index.txt
echo "01" > $DIR/serial

#
# Generation of Certificate Authority(CA)
#

openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \
    -days 3600 -config $DIR/openssl.cnf

# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ................++++++
# .........++++++
# writing new private key to '/home/monty/openssl/private/cakey.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL admin
# Email Address []:

#
# Create server request and key
#
openssl req -new -keyout $DIR/server-key.pem -out \
    $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf

# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ..++++++
# ..........++++++
# writing new private key to '/home/monty/openssl/server-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL server
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:

#
# Remove the passphrase from the key
#
openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem

#
# Sign server cert
#
openssl ca  -policy policy_anything -out $DIR/server-cert.pem \
    -config $DIR/openssl.cnf -infiles $DIR/server-req.pem

# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName           :PRINTABLE:'FI'
# organizationName      :PRINTABLE:'MySQL AB'
# commonName            :PRINTABLE:'MySQL admin'
# Certificate is to be certified until Sep 13 14:22:46 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated

#
# Create client request and key
#
openssl req -new -keyout $DIR/client-key.pem -out \
    $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf

# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Generating a 1024 bit RSA private key
# .....................................++++++
# .............................................++++++
# writing new private key to '/home/monty/openssl/client-key.pem'
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:FI
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:MySQL user
# Email Address []:
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:

#
# Remove the passphrase from the key
#
openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem

#
# Sign client cert
#

openssl ca  -policy policy_anything -out $DIR/client-cert.pem \
    -config $DIR/openssl.cnf -infiles $DIR/client-req.pem

# Sample output:
# Using configuration from /home/monty/openssl/openssl.cnf
# Enter PEM pass phrase:
# Check that the request matches the signature
# Signature ok
# The Subjects Distinguished Name is as follows
# countryName           :PRINTABLE:'FI'
# organizationName      :PRINTABLE:'MySQL AB'
# commonName            :PRINTABLE:'MySQL user'
# Certificate is to be certified until Sep 13 16:45:17 2003 GMT
# (365 days)
# Sign the certificate? [y/n]:y
#
#
# 1 out of 1 certificate requests certified, commit? [y/n]y
# Write out database with 1 new entries
# Data Base Updated

#
# Create a my.cnf file that you can use to test the certificates
#

cnf=""
cnf="$cnf [client]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/client-cert.pem"
cnf="$cnf ssl-key=$DIR/client-key.pem"
cnf="$cnf [mysqld]"
cnf="$cnf ssl-ca=$DIR/cacert.pem"
cnf="$cnf ssl-cert=$DIR/server-cert.pem"
cnf="$cnf ssl-key=$DIR/server-key.pem"
echo $cnf | replace " " '
' > $DIR/my.cnf

Example 3: Creating SSL files on Windows

Download OpenSSL for Windows. An overview of available packages can be seen here: http://www.slproweb.com/products/Win32OpenSSL.html

Choose of the following packages, depending on your architecture (32-bit or 64-bit):

if a message occurs during setup indicating '...critical component is missing: Microsoft Visual C++ 2008 Redistributables', cancel the setup and download one of the following packages as well, again depending on your architecture (32-bit or 64-bit):

After installing the additional package, restart the OpenSSL setup.

During installation, leave the default C:\OpenSSL as the install path, and also leave the default option 'Copy OpenSSL DLL files to the Windows system directory' selected.

When the installation has finished, add C:\OpenSSL\bin to the Windows System Path variable of your server:

  1. On the Windows desktop, right-click on the My Computer icon, and select Properties.

  2. Next select the Advanced tab from the System Properties menu that appears, and click the Environment Variables button.

  3. Under System Variables, select Path, and then click the Edit button. The Edit System Variable dialogue should appear.

  4. Add ';C:\OpenSSL\bin' to the end (notice the semicolon).

  5. Press OK 3 times.

  6. Check that OpenSSL was correctly integrated into the Path variable by opening a new command console (Start>Run>cmd.exe) and verifying that OpenSSL is available:

    Microsoft Windows [Version ...]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.
    
    C:\Windows\system32>cd \
    
    C:\>openssl
    OpenSSL> exit <<< If you see the OpenSSL prompt, installation was successful.
    
    C:\>
    

Depending on your version of Windows, the preceding instructions might be slightly different.

After OpenSSL has been installed, use the instructions from Example 1 (shown earlier in this section), with the following changes:

  • Change the follow Unix commands:

    # Create clean environment
    shell> rm -rf newcerts
    shell> mkdir newcerts && cd newcerts
    

    On Windows, use these commands instead:

    # Create clean environment
    shell> md c:\newcerts
    shell> cd c:\newcerts
    
  • When a '\' character is shown at the end of a command line, this '\' character must be removed and the command lines entered all on a single line.

  • For references to my.cnf option files, substitute my.ini instead.

Testing SSL connections

To test SSL connections, start the server as follows, where $DIR is the path name to the directory where the sample my.cnf option file is located:

shell> mysqld --defaults-file=$DIR/my.cnf &

Then invoke a client program using the same option file:

shell> mysql --defaults-file=$DIR/my.cnf

If you have a MySQL source distribution, you can also test your setup by modifying the preceding my.cnf file to refer to the demonstration certificate and key files in the SSL directory of the distribution.

5.5.8. Connecting to MySQL Remotely from Windows with SSH

This section describes how to get a secure connection to a remote MySQL server with SSH. The information was provided by David Carlson .

  1. Install an SSH client on your Windows machine. As a user, the best nonfree one I have found is from SecureCRT from http://www.vandyke.com/. Another option is f-secure from http://www.f-secure.com/. You can also find some free ones on Google at http://directory.google.com/Top/Computers/Internet/Protocols/SSH/Clients/Windows/.

  2. Start your Windows SSH client. Set Host_Name = yourmysqlserver_URL_or_IP. Set userid=your_userid to log in to your server. This userid value might not be the same as the user name of your MySQL account.

  3. Set up port forwarding. Either do a remote forward (Set local_port: 3306, remote_host: yourmysqlservername_or_ip, remote_port: 3306 ) or a local forward (Set port: 3306, host: localhost, remote port: 3306).

  4. Save everything, otherwise you will have to redo it the next time.

  5. Log in to your server with the SSH session you just created.

  6. On your Windows machine, start some ODBC application (such as Access).

  7. Create a new file in Windows and link to MySQL using the ODBC driver the same way you normally do, except type in localhost for the MySQL host server, not yourmysqlservername.

At this point, you should have an ODBC connection to MySQL, encrypted using SSH.

5.5.9. Auditing MySQL Account Activity

Applications can use the following guidelines to perform auditing that ties database activity to MySQL accounts.

MySQL accounts correspond to rows in the mysql.user table. When a client connects successfully, the server authenticates the client to a particular row in this table. The User and Host column values in this row uniquely identify the account and correspond to the 'user_name'@'host_name' format in which account names are written in SQL statements.

The account used to authenticate a client determines which privileges the client has. Normally, the CURRENT_USER() function can be invoked to determine which account this is for the client user. Its value is constructed from the User and Host columns of the user table row for the account.

However, there are circumstances under which the CURRENT_USER() value corresponds not to the client user but to a different account. This occurs in contexts when privilege checking is not based the client's account:

  • Stored routines (procedures and functions) defined with the SQL SECURITY DEFINER characteristic.

  • Views defined with the SQL SECURITY DEFINER characteristic (as of MySQL 5.0.24).

  • Triggers (as of MySQL 5.0.17).

In those contexts, privilege checking is done against the DEFINER account and CURRENT_USER() refers to that account, not to the account for the client who invoked the stored routine or view or who caused the trigger to activate. To determine the invoking user, you can call the USER() function, which returns a value indicating the actual user name provided by the client and the host from which the client connected. However, this value does not necessarily correspond directly to an account in the user table, because the USER() value never contains wildcards, whereas account values (as returned by CURRENT_USER()) may contain user name and host name wildcards.

For example, a blank user name matches any user, so an account of ''@'localhost' enables clients to connect as an anonymous user from the local host with any user name. If this case, if a client connects as user1 from the local host, USER() and CURRENT_USER() return different values:

mysql> SELECT USER(), CURRENT_USER();
+-----------------+----------------+
| USER()          | CURRENT_USER() |
+-----------------+----------------+
| user1@localhost | @localhost     |
+-----------------+----------------+

The host name part of an account can contain wildcards, too. If the host name contains a '%' or '_' pattern character or uses netmask notation, the account can be used for clients connecting from multiple hosts and the CURRENT_USER() value will not indicate which one. For example, the account 'user2'@'%.example.com' can be used by user2 to connect from any host in the example.com domain. If user2 connects from remote.example.com, USER() and CURRENT_USER() return different values:

mysql> SELECT USER(), CURRENT_USER();
+--------------------------+---------------------+
| USER()                   | CURRENT_USER()      |
+--------------------------+---------------------+
| user2@remote.example.com | user2@%.example.com |
+--------------------------+---------------------+

If an application must invoke USER() for user auditing (for example, if it does auditing from within triggers) but must also be able to associate the USER() value with an account in the user table, it is necessary to avoid accounts that contain wildcards in the User or Host column. Specifically, do not allow User to be empty (which creates an anonymous-user account), and do not allow pattern characters or netmask notation in Host values. All accounts must have a nonempty User value and literal Host value.

With respect to the previous examples, the ''@'localhost' and 'user2'@'%.example.com' accounts should be changed not to use wildcards:

RENAME USER ''@'localhost' TO 'user1'@'localhost';
RENAME USER 'user2'@'%.example.com' TO 'user2'@'remote.example.com';

If user2 must be able to connect from several hosts in the example.com domain, there should be a separate account for each host.

To extract the user name or host name part from a CURRENT_USER() or USER() value, use the SUBSTRING() function:

mysql> SELECT SUBSTRING_INDEX(CURRENT_USER(),'@',1);
+---------------------------------------+
| SUBSTRING_INDEX(CURRENT_USER(),'@',1) |
+---------------------------------------+
| user1                                 |
+---------------------------------------+

mysql> SELECT SUBSTRING_INDEX(CURRENT_USER(),'@',-1);
+----------------------------------------+
| SUBSTRING_INDEX(CURRENT_USER(),'@',-1) |
+----------------------------------------+
| localhost                              |
+----------------------------------------+

5.6. Running Multiple MySQL Servers on the Same Machine

In some cases, you might want to run multiple mysqld servers on the same machine. You might want to test a new MySQL release while leaving your existing production setup undisturbed. Or you might want to give different users access to different mysqld servers that they manage themselves. (For example, you might be an Internet Service Provider that wants to provide independent MySQL installations for different customers.)

To run multiple servers on a single machine, each server must have unique values for several operating parameters. These can be set on the command line or in option files. See Section 4.2.3, “Specifying Program Options”.

At least the following options must be different for each server:

  • --port=port_num

    --port controls the port number for TCP/IP connections. (Alternatively, if the host has multiple network addresses, you can use --bind-address to cause different servers to listen to different interfaces.)

  • --socket=path

    --socket controls the Unix socket file path on Unix and the name of the named pipe on Windows. On Windows, it is necessary to specify distinct pipe names only for those servers that support named-pipe connections.

  • --shared-memory-base-name=name

    This option currently is used only on Windows. It designates the shared-memory name used by a Windows server to allow clients to connect via shared memory. It is necessary to specify distinct shared-memory names only for those servers that support shared-memory connections.

  • --pid-file=file_name

    This option is used only on Unix. It indicates the path name of the file in which the server writes its process ID.

If you use the following log file options, they must be different for each server:

Section 5.2.5, “Server Log Maintenance”, discusses the log file options further.

For better performance, you can specify the following options differently for each server, to spread the load between several physical disks:

Having different temporary directories also makes it easier to determine which MySQL server created any given temporary file.

With very limited exceptions, each server should use a different data directory, which is specified using the --datadir=path option.

Warning

Normally, you should never have two servers that update data in the same databases. This may lead to unpleasant surprises if your operating system does not support fault-free system locking. If (despite this warning) you run multiple servers using the same data directory and they have logging enabled, you must use the appropriate options to specify log file names that are unique to each server. Otherwise, the servers try to log to the same files. Please note that this kind of setup only works with MyISAM and MERGE tables, and not with any of the other storage engines.

The warning against sharing a data directory among servers also applies in an NFS environment. Allowing multiple MySQL servers to access a common data directory over NFS is a very bad idea.

  • The primary problem is that NFS is the speed bottleneck. It is not meant for such use.

  • Another risk with NFS is that you must devise a way to ensure that two or more servers do not interfere with each other. Usually NFS file locking is handled by the lockd daemon, but at the moment there is no platform that performs locking 100% reliably in every situation.

Make it easy for yourself: Forget about sharing a data directory among servers over NFS. A better solution is to have one computer that contains several CPUs and use an operating system that handles threads efficiently.

If you have multiple MySQL installations in different locations, you can specify the base installation directory for each server with the --basedir=path option to cause each server to use a different data directory, log files, and PID file. (The defaults for all these values are determined relative to the base directory). In that case, the only other options you need to specify are the --socket and --port options. Suppose that you install different versions of MySQL using tar file binary distributions. These install in different locations, so you can start the server for each installation using the command bin/mysqld_safe under its corresponding base directory. mysqld_safe determines the proper --basedir option to pass to mysqld, and you need specify only the --socket and --port options to mysqld_safe.

As discussed in the following sections, it is possible to start additional servers by setting environment variables or by specifying appropriate command-line options. However, if you need to run multiple servers on a more permanent basis, it is more convenient to use option files to specify for each server those option values that must be unique to it. The --defaults-file option is useful for this purpose.

5.6.1. Running Multiple Servers on Windows

You can run multiple servers on Windows by starting them manually from the command line, each with appropriate operating parameters. You also have the option of installing several servers as Windows services and running them that way. General instructions for running MySQL servers from the command line or as services are given in Section 2.9, “Installing MySQL on Windows”. This section describes how to make sure that you start each server with different values for those startup options that must be unique per server, such as the data directory. These options are described in Section 5.6, “Running Multiple MySQL Servers on the Same Machine”.

5.6.1.1. Starting Multiple Windows Servers at the Command Line

To start multiple servers manually from the command line, you can specify the appropriate options on the command line or in an option file. It is more convenient to place the options in an option file, but it is necessary to make sure that each server gets its own set of options. To do this, create an option file for each server and tell the server the file name with a --defaults-file option when you run it.

Suppose that you want to run mysqld on port 3307 with a data directory of C:\mydata1, and mysqld-debug on port 3308 with a data directory of C:\mydata2. (To do this, make sure that before you start the servers, each data directory exists and has its own copy of the mysql database that contains the grant tables.) Then create two option files. For example, create one file named C:\my-opts1.cnf that looks like this:

[mysqld]
datadir = C:/mydata1
port = 3307

Create a second file named C:\my-opts2.cnf that looks like this:

[mysqld]
datadir = C:/mydata2
port = 3308

Then start each server with its own option file:

C:\> C:\mysql\bin\mysqld --defaults-file=C:\my-opts1.cnf
C:\> C:\mysql\bin\mysqld-debug --defaults-file=C:\my-opts2.cnf

Each server starts in the foreground (no new prompt appears until the server exits later), so you will need to issue those two commands in separate console windows.

To shut down the servers, you must connect to each using the appropriate port number:

C:\> C:\mysql\bin\mysqladmin --port=3307 shutdown
C:\> C:\mysql\bin\mysqladmin --port=3308 shutdown

Servers configured as just described allow clients to connect over TCP/IP. If your version of Windows supports named pipes and you also want to allow named-pipe connections, use the mysqld-nt or mysqld-debug server and specify options that enable the named pipe and specify its name. Each server that supports named-pipe connections must use a unique pipe name. For example, the C:\my-opts1.cnf file might be written like this:

[mysqld]
datadir = C:/mydata1
port = 3307
enable-named-pipe
socket = mypipe1

Then start the server this way:

C:\> C:\mysql\bin\mysqld-nt --defaults-file=C:\my-opts1.cnf

Modify C:\my-opts2.cnf similarly for use by the second server.

A similar procedure applies for servers that you want to support shared-memory connections. Enable such connections with the --shared-memory option and specify a unique shared-memory name for each server with the --shared-memory-base-name option.

5.6.1.2. Starting Multiple Windows Servers as Services

A MySQL server can run as a Windows service. The procedures for installing, controlling, and removing a single MySQL service are described in Section 2.9.11, “Starting MySQL as a Windows Service”.

You can also install multiple MySQL servers as services. In this case, you must make sure that each server uses a different service name in addition to all the other parameters that must be unique for each server.

For the following instructions, assume that you want to run the mysqld-nt server from two different versions of MySQL that are installed at C:\mysql-4.1.8 and C:\mysql-5.0.91, respectively. (This might be the case if you're running 4.1.8 as your production server, but also want to conduct tests using 5.0.91.)

The following principles apply when installing a MySQL service with the --install or --install-manual option:

  • If you specify no service name, the server uses the default service name of MySQL and the server reads options from the [mysqld] group in the standard option files.

  • If you specify a service name after the --install option, the server ignores the [mysqld] option group and instead reads options from the group that has the same name as the service. The server reads options from the standard option files.

  • If you specify a --defaults-file option after the service name, the server ignores the standard option files and reads options only from the [mysqld] group of the named file.

Note

In MySQL 5.0, all servers read the [mysqld] group if they read the standard option files, whether installed using the default service name (MySQL) or another service name. This allows you to use the [mysqld] group for options that should be used by all MySQL services, and an option group named after each service for use by the server installed with that service name.

Based on the preceding information, you have several ways to set up multiple services. The following instructions describe some examples. Before trying any of them, be sure that you shut down and remove any existing MySQL services first.

  • Approach 1: Specify the options for all services in one of the standard option files. To do this, use a different service name for each server. Suppose that you want to run the 4.1.8 mysqld-nt using the service name of mysqld1 and the 5.0.91 mysqld-nt using the service name mysqld2. In this case, you can use the [mysqld1] group for 4.1.8 and the [mysqld2] group for 5.0.91. For example, you can set up C:\my.cnf like this:

    # options for mysqld1 service
    [mysqld1]
    basedir = C:/mysql-4.1.8
    port = 3307
    enable-named-pipe
    socket = mypipe1
    
    # options for mysqld2 service
    [mysqld2]
    basedir = C:/mysql-5.0.91
    port = 3308
    enable-named-pipe
    socket = mypipe2
    

    Install the services as follows, using the full server path names to ensure that Windows registers the correct executable program for each service:

    C:\> C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1
    C:\> C:\mysql-5.0.91\bin\mysqld-nt --install mysqld2
    

    To start the services, use the services manager, or use NET START with the appropriate service names:

    C:\> NET START mysqld1
    C:\> NET START mysqld2
    

    To stop the services, use the services manager, or use NET STOP with the appropriate service names:

    C:\> NET STOP mysqld1
    C:\> NET STOP mysqld2
    
  • Approach 2: Specify options for each server in separate files and use --defaults-file when you install the services to tell each server what file to use. In this case, each file should list options using a [mysqld] group.

    With this approach, to specify options for the 4.1.8 mysqld-nt, create a file C:\my-opts1.cnf that looks like this:

    [mysqld]
    basedir = C:/mysql-4.1.8
    port = 3307
    enable-named-pipe
    socket = mypipe1
    

    For the 5.0.91 mysqld-nt, create a file C:\my-opts2.cnf that looks like this:

    [mysqld]
    basedir = C:/mysql-5.0.91
    port = 3308
    enable-named-pipe
    socket = mypipe2
    

    Install the services as follows (enter each command on a single line):

    C:\> C:\mysql-4.1.8\bin\mysqld-nt --install mysqld1
               --defaults-file=C:\my-opts1.cnf
    C:\> C:\mysql-5.0.91\bin\mysqld-nt --install mysqld2
               --defaults-file=C:\my-opts2.cnf
    

    To use a --defaults-file option when you install a MySQL server as a service, you must precede the option with the service name.

    After installing the services, start and stop them the same way as in the preceding example.

To remove multiple services, use mysqld --remove for each one, specifying a service name following the --remove option. If the service name is the default (MySQL), you can omit it.

5.6.2. Running Multiple Servers on Unix

The easiest way is to run multiple servers on Unix is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.

Assume that an existing 4.1.8 server is configured for the default TCP/IP port number (3306) and Unix socket file (/tmp/mysql.sock). To configure a new 5.0.91 server to have different operating parameters, use a configure command something like this:

shell> ./configure --with-tcp-port=port_number \
             --with-unix-socket-path=file_name \
             --prefix=/usr/local/mysql-5.0.91

Here, port_number and file_name must be different from the default TCP/IP port number and Unix socket file path name, and the --prefix value should specify an installation directory different from the one under which the existing MySQL installation is located.

If you have a MySQL server listening on a given port number, you can use the following command to find out what operating parameters it is using for several important configurable variables, including the base directory and Unix socket file name:

shell> mysqladmin --host=host_name --port=port_number variables

With the information displayed by that command, you can tell what option values not to use when configuring an additional server.

Note that if you specify localhost as a host name, mysqladmin defaults to using a Unix socket file connection rather than TCP/IP. You can explicitly specify the connection protocol to use by using the --protocol={TCP|SOCKET|PIPE|MEMORY} option.

You don't have to compile a new MySQL server just to start with a different Unix socket file and TCP/IP port number. It is also possible to use the same server binary and start each invocation of it with different parameter values at runtime. One way to do so is by using command-line options:

shell> mysqld_safe --socket=file_name --port=port_number

To start a second server, provide different --socket and --port option values, and pass a --datadir=path option to mysqld_safe so that the server uses a different data directory.

Another way to achieve a similar effect is to use environment variables to set the Unix socket file name and TCP/IP port number:

shell> MYSQL_UNIX_PORT=/tmp/mysqld-new.sock
shell> MYSQL_TCP_PORT=3307
shell> export MYSQL_UNIX_PORT MYSQL_TCP_PORT
shell> mysql_install_db --user=mysql
shell> mysqld_safe --datadir=/path/to/datadir &

This is a quick way of starting a second server to use for testing. The nice thing about this method is that the environment variable settings apply to any client programs that you invoke from the same shell. Thus, connections for those clients are automatically directed to the second server.

Section 2.20, “Environment Variables”, includes a list of other environment variables you can use to affect mysqld.

For automatic server execution, the startup script that is executed at boot time should execute the following command once for each server with an appropriate option file path for each command:

shell> mysqld_safe --defaults-file=file_name

Each option file should contain option values specific to a given server.

On Unix, the mysqld_multi script is another way to start multiple servers. See Section 4.3.4, “mysqld_multi — Manage Multiple MySQL Servers”.

5.6.3. Using Client Programs in a Multiple-Server Environment

To connect with a client program to a MySQL server that is listening to different network interfaces from those compiled into your client, you can use one of the following methods:

  • Start the client with --host=host_name --port=port_number to connect via TCP/IP to a remote server, with --host=127.0.0.1 --port=port_number to connect via TCP/IP to a local server, or with --host=localhost --socket=file_name to connect to a local server via a Unix socket file or a Windows named pipe.

  • Start the client with --protocol=TCP to connect via TCP/IP, --protocol=SOCKET to connect via a Unix socket file, --protocol=PIPE to connect via a named pipe, or --protocol=MEMORY to connect via shared memory. For TCP/IP connections, you may also need to specify --host and --port options. For the other types of connections, you may need to specify a --socket option to specify a Unix socket file or Windows named-pipe name, or a --shared-memory-base-name option to specify the shared-memory name. Shared-memory connections are supported only on Windows.

  • On Unix, set the MYSQL_UNIX_PORT and MYSQL_TCP_PORT environment variables to point to the Unix socket file and TCP/IP port number before you start your clients. If you normally use a specific socket file or port number, you can place commands to set these environment variables in your .login file so that they apply each time you log in. See Section 2.20, “Environment Variables”.

  • Specify the default Unix socket file and TCP/IP port number in the [client] group of an option file. For example, you can use C:\my.cnf on Windows, or the .my.cnf file in your home directory on Unix. See Section 4.2.3.3, “Using Option Files”.

  • In a C program, you can specify the socket file or port number arguments in the mysql_real_connect() call. You can also have the program read option files by calling mysql_options(). See Section 20.8.3, “C API Function Descriptions”.

  • If you are using the Perl DBD::mysql module, you can read options from MySQL option files. For example:

    $dsn = "DBI:mysql:test;mysql_read_default_group=client;"
            . "mysql_read_default_file=/usr/local/mysql/data/my.cnf";
    $dbh = DBI->connect($dsn, $user, $password);
    

    See Section 20.10, “MySQL Perl API”.

    Other programming interfaces may provide similar capabilities for reading option files.

MySQL Enterprise Subscribers to MySQL Enterprise will find additional information on running multiple MySQL servers on one machine in the MySQL Enterprise Knowledge Base article found at https://kb.mysql.com/view.php?id=4926.




ÐÅÊËÀÌÀ ÍÀ ÑÀÉÒÅ
  Ñîçäàíèå ñàéòîâ | |