w3mentor
Learning web technologies simplified!
 
Home / MYSQL / Archive by category 'MYSQL Administration'

MYSQL Administration

MySQL server security measures

Operating system security process can be improved with the following recommendations:

  • Install software as ‘root’ OS user. The file permissions of all MySQL binary and support files are to be owned by ‘root’.
  • Restrict access to the ‘root’ OS user via sudo privileges. Be diligent by only granting access in limited form.
  • Configure an OS ‘mysql’ user, but do not allow direct login access to this user. The mysqld process does not run as the ‘root’ OS user.
  • Set permissions of the MySQL data directory to OS ‘mysql’ user for example:

    chmod 700/mysql/datadir

  • Ensure the MySQL data directory only contains data, and InnoDB transactional logs only.
  • The MySQL error, slow and general logs should be in a separate directory. This allows for permissions of the ‘mysql’ group to view logs. Grant group ‘mysql’ access when necessary.
  • The MySQL socket file needs to be in a world readable directory. The pid file does not.
  • You can provide additional constraints on the MySQL port, e.g. 3306 at a fire wall level. Ideally, your database should not be world accessible. Access should be restricted to the application or monitoring servers only.

MySQL Security Precautions

Developers/Administrators can improve security for MySQL client access with the following recommendations:

  • Always set a MySQL ‘root’ user password.
  • Change the MySQL ‘root’ user id to a different name, e.g. ‘dba’.
  • Only enable SUPER privileges to dba accounts, and only ever for ‘localhost’.
  • Application user permissions should be as restrictive as possible.
  • Never use ‘%’ for a hostname.
  • Never use ALL TO *.*.
  • Ideally the application should have at least two types of users, a read/write user and a read user.

Drop MySql database

We can drop a mysql database using mysqladmin. A root user or user with special privilege to create or to delete a MySQL database can perform this operation.

Here is an example to delete a database:

[root@host]# mysqladmin -u root -p drop w3m
Enter password:******

This will give you a warning

Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.

Do you really want to drop the ‘w3m’ database [y/N] y

Output:
Database “w3m” dropped

Create MySql Database using mysqladmin

A root user or user with enough privileges can create any database using mysql mysqladmin binary.

Here is a simple example to create database called w3m:

[root@host]# mysqladmin -u root -p create w3m
Enter password:******

This will create a MySQL database w3m.

Connect to MySQL server from command prompt

Here is a simple example to connect to MySQL server from command prompt:

[root@host]# mysql -u root -p
Enter password:******

This will give you mysql> command prompt where you will be able to execute any SQL command. Following is the result of above command:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2854760 to server version: 5.0.9

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

You can disconnect from MySQL database any time using exit command at mysql> prompt.

mysql> exit

Bye

Adding MySQL User Accounts

For adding a new user to MySQL you just need to add a new entry to user table in database mysql.

Below is an example of adding new user guest with SELECT, INSERT and UPDATE privileges with the password guest123 the SQL query is :

root@host# mysql -u root -p
Enter password:*******
mysql> use mysql;
Database changed
 
mysql> INSERT INTO user 
          (host, user, password, 
           select_priv, insert_priv, update_priv) 
           VALUES ('localhost', 'guest', 
           PASSWORD('guest123'), 'Y', 'Y', 'Y');
Query OK, 1 row affected (0.20 sec)
 
mysql> FLUSH PRIVILEGES;
Query OK, 1 row affected (0.01 sec)
mysql> SELECT host, user, password FROM user WHERE user = 'guest';
+-----------+---------+------------------+
| host      | user    | password         |
+-----------+---------+------------------+
| localhost | guest | 6f8c114b58f2ce9e |
+-----------+---------+------------------+
1 row in set (0.00 sec)

When adding a new user remember to encrypt the new password using PASSWORD() function provided by MySQL. As you can see in the above example the password mypass is encrypted to 6f8c114b58f2ce9e.

Notice the FLUSH PRIVILEGES statement. This tells the server to reload the grant tables. If you don’t use it then you won’t be able to connect to mysql using the new user account at least until the server is rebooted.

You can also specify other privileges to a new user by setting the values of following columns in user table to ‘Y’ when executing the INSERT query or you can update them later using UPDATE query.

Select_priv
Insert_priv
Update_priv
Delete_priv
Create_priv
Drop_priv
Reload_priv
Shutdown_priv
Process_priv
File_priv
Grant_priv
References_priv
Index_priv
Alter_priv

Another way of adding user account is by using GRANT SQL command; Following example will ada user “item” with password item123 for a particular database called w3m.

root@host# mysql -u root -p password;
Enter password:*******
mysql> use mysql;
Database changed
 
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
    -> ON w3m.*
    -> TO 'item'@'localhost'
    -> IDENTIFIED BY 'item123';

This will also create an entry in mysql database table called user.

NOTE: MySQL does not terminate a command until you give a semi colon (;) at the end of SQL command.

Run and shut down MySQL Server

Check if your MySQL server is running or not. You can use following command to check this:

 ps -ef | grep mysqld

If your MySql is running then you will see mysqld process listed out in your result. If server is not running then you can start it by using following command:

root@w3m# cd /usr/bin
./safe_mysqld &

To shutdown an already running MySQL server use the following command:

root@w3m# cd /usr/bin
./mysqladmin -u root -p shutdown
Enter password: ******

Check mysql server status using mysqladmin utility

Use mysqladmin binary to check server version. This binary would be available in /usr/bin on linux and in C:\mysql\bin on windows.

[root@host]# mysqladmin --version

It will produce following result on Linux. It may vary depending on your installation:

mysqladmin  Ver 8.23 Distrib 5.0.9-0, for redhat-linux-gnu on i386

If you do not get such message then there may be some problem in your installation and you would need some help to fix it.

Installing MySQL on Windows

MySQL now comes neatly packaged with an installer. Simply download the installer package, unzip it anywhere, and run setup.exe.

Default installer setup.exe will walk you through the trivial process and by default will install everything under C:\mysql.

Test the server by firing it up from the command prompt the first time. Go to the location of the mysqld server, which is probably C:\mysql\bin, and type:

mysqld.exe --console

NOTE: If you are on NT then you will have to use mysqld-nt.exe instead of mysqld.exe

If all went well, you will see some messages about startup and InnoDB. If not, you may have a permissions issue. Make sure that the directory that holds your data is accessible to whatever user (probably mysql) the database processes run under.

MySQL will not add itself to the start menu, and there is no particularly nice GUI way to stop the server either. Therefore, if you tend to start the server by double clicking the mysqld executable, you should remember to halt the process by hand by using mysqladmin, Task List, Task Manager, or other Windows-specific means.

Load data files into tables with mysqlimport in MySql

It is possible to load a data file directly into a table in MySql. The prerequisite is to prepare the data file as one line per data row, and use tab character as the column delimiter. The data file name should match the target table name.

Example:

>cd \mysql\bin
>type \temp\links.tab
dev.w3mentor.com
www.mysql.com
 
>mysqlimport -u root test \temp\links.tab
test.links: Records: 2  Deleted: 0  Skipped: 0  Warnings: 0
 
>mysql -u root -e "SELECT * FROM links" test
+-------------------+
| name              |
+-------------------+
| dba.w3mentor.com |
| dev.w3mentor.com |
| www.mysql.com     |
+-------------------+

mysqlimport and commands in MySql

mysqlimport is a command-line interface for administrators or end users to load data files into tables program tool to load data into tables. The following are the mysqlimport commands

  • “mysqlimport databaseName fileName” – Imports the data from the specified file to the specified database. The data will be loaded into the table who’s name matches the specified file name.

Dump a table to file with mysqldump

we can dump all rows in a table from the server to a file using mysqldump with the “-f fileName” option. The following example illustrates how to dump a table to file with mysqldump.

>cd \mysql\bin
>mysqldump -u root -r \temp\w3.txt test links
>type \temp\w3.txt
 
>type \temp\w3.txt | more
-- MySQL dump 10.10
--
-- Host: localhost    Database: test
-- ------------------------------------------------------
-- Server version       5.0.24-community
...

The dump file contains SQL statements that you can use to restore the table and its data content.

mysqldump commands

mysqldump is a command-line interface for administrators or end users to export data from mysql server to files.
commands supported by mysqldump:

  • “mysqldump databaseName tableName” – Dumps the specified table in the specified database.
  • “mysqldump databaseName” – Dumps all the tables in the specified database.

Show table names with mysqlshow in MySql

We need to specify a database name if we want to show table names with mysqlshow. The followings tutorial exercise illustrates how to get all table names that match a pattern:

 >cd \mysql\bin
>mysqlshow --verbose mysql time%
Database: mysql  Wildcard: time%
+---------------------------+----------+
|          Tables           | Columns  |
+---------------------------+----------+
| time_zone                 |        2 |
| time_zone_leap_second     |        2 |
| time_zone_name            |        2 |
| time_zone_transition      |        3 |
| time_zone_transition_type |        5 |
+---------------------------+----------+
5 rows in set.

mysqlshow in MySql

mysqlshow is a command-line interface for end users to see information on tables and columns. The following commands are supported by mysqlshow:

  • “mysqlshow” – Shows all the databases.
  • “mysqlshow databaseName” – Shows all the tables in the specified database.
  • “mysqlshow databaseName tableName” – Shows all the columns in the specified table.
  • “mysqlshow –verbose” – Shows all the databases with extra information.
  • “mysqlshow –verbose my%” – Shows all the databases who’s names match the pattern “my%” with extra information.
  • “mysqlshow –verbose mysql time%” – Shows all the tables who’s names match the pattern “time%” in “mysql” database with extra information.

Using mysqlcheck in MySql

mysqlcheck is a command-line interface for administrators to check and repair tables. Here are some commands supported by “mysqlcheck”:

  • “mysqlcheck databaseName tableName” – Checks the specified table in the specified database.
  • “mysqlcheck databaseName” – Checks all tables in the specified database.
  • “mysqlcheck –all-databases” – Checks all tables in all databases.
  • “mysqlcheck –analyze databaseName tableName” – Analyzes the specified table in the specified database.
  • “mysqlcheck –repair databaseName tableName” – Repairs the specified table in the specified database.

show all tables with mysql commandline interface

Running the non-SQL command “SHOW TABLES” at the “mysql” prompt will allow us to all the tables in a database.

 
>cd \mysql\bin
>mysql -u root test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 14 to server version: 5.0.24
 
mysql> SHOW TABLES;
+----------------+
| Tables_in_w3mdb|
+----------------+
| links                 |
+----------------+
 
1 row in set (0.01 sec)

The output shows you that there is only one table in the “w3mdb” database.

Executing commands on MySql commandline interface

We need to start “mysql” and enter the SQL statement at the “mysql” prompt.

 
>cd \mysql\bin
>mysql -u root test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 5.0.24
 
mysql> CREATE TABLE links (name VARCHAR(80));
Query OK, 0 rows affected (0.10 sec)
 
mysql> INSERT INTO links VALUES ('dba.w3mentor.com');
Query OK, 1 row affected (0.02 sec)
 
mysql> quit;
Bye

MySql commandline interface

mysql is a command-line interface for end users to manage user data objects. You can use “mysql” to run any standard SQL statements against the server.

  • “CREATE TABLE items (name VARCHAR(80));” – Creates a table called “items” with one column.
  • “INSERT INTO items VALUES (‘mysql.w3mentor.com’);” – Inserts a table row into “items” table.
  • “SELECT * FROM items;” – Selects all rows from “items” table and displays them on the screen.
  • “DELETE FROM items;” – Deletes all rows from “items” table.

“mysql” also allows you to run many non-SQL commands to gather information on your data objects.

  • “SHOW DATABASES;” – Displays all databases in your MySQL server.
  • “USE databaseName;” – Uses the specified database as the current database.
  • “SHOW TABLES;” – Displays all table in the current database.
  • “DESCRIBE items;” – Displays column information of the specified table.

Shut down MySql server with mysqladmin

mysqladmin can be used to shut down the server. The command is “mysqladmin shutdown” as shown below.

>cd \mysql\bin
>mysqladmin -u root shutdown

If this command returns no messages, the MySQL server should be terminated successfully.

Latest Tutorials & Code Snippets

Reference Guides