Backups and Recovery 13
R1Soft is that it provides what it calls near-Continuous Online Backups. It does this by perform-
ing backups very frequently (every 15 minutes or less). This provides for a very small window of
time that data can be lost. In addition, the R1Soft software also provides for complete bare-metal
restore for MySQL servers.
The homepage of R1Soft is:
www.r1soft.com.
Copying Databases to Another Machine
You can copy the .frm, .MYI,and.MYD files for MyISAM tables and the .frm and data files
(
.ibd or ibdata) for InnoDB between different hardware architectures that support the same
floating-point format (Endianness). This means that you can transfer InnoDB and MyISAM
tables from Windows to Linux without doing a logical export and import. Simply shut down the
database (or lock the tables involved) and use
scp to copy the database. Or, restore a physical
backup to a different machine.
In cases where you need to transfer databases between different architectures, you can use
mysqldump to create a file containing SQL statements. You can then transfer the dump file to
the second machine (the destination host) and feed it as input to the
mysql client.
To move a database from one machine to another, run the following from the machine currently
holding the database (the target host):
shell> mysqldump databases sakila | mysql -h destination_host
sakila
For large tables, exporting a tab-delimited file and using mysqlimport is much faster than
using
mysqldump to export INSERT statements and restoring with source or the redirection
operator (
<). The tab=/path/to/backup option to mysqldump creates a tab-delimited
ASCII data file (
.txt) and schema file (.sql) for each table, when mysqldump is run locally.

First, create the backup directory and dump the database:
shell> mkdir /path/to/backup
shell> mysqldump tab=/path/to/backup databases sakila
Then copy the files in /path/to/backup directory to the destination machine and load the
files into
mysqld there:
shell> cat /path/to/backup/*.sql | mysql sakila
shell> mysqlimport sakila /path/to/destination/copy/*.txt
The grant tables (user permissions) are stored in the mysql database. If you do not
have a mysql database, mysqld may not start up on the new machine. Make sure to
FLUSH PRIVILEGES or restart mysqld when the grant tables are imported.
467
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
Recovering from Crashes
Many administrators spend a significant amount of time on backups and then do not spend time
on their recovery strategies. However, they make a serious mistake by not planning for how they
will recover or ever testing backups and the recovery process by performing a recovery.
The recovery process is going to vary depending on your objectives. It will always begin
with the restoration of a backup. With physical backups you just copy the files to the server
where the recovery is taking place and restart the server. For a logical backup the techniques
used for recovery are going to vary — recovery may consist of loading of files with the
source
command, redirecting files with the < operator, or using mysqlimport.
Often after the backup is restored you will need to restore the server to a point-in-time after the
last backup. If this is the case you need to perform what is called a point-in-time recovery.
You can perform a point-in-time recovery with any backup process because you are using incre-
mental backups (such as the binary log files) to bring the server up to a certain point-in-time
after restoring a previous backup.
MySQL server uses a binary format for the log files to save space. This means you cannot view

it directly. MySQL supplies a utility called
mysqlbinlog to convert these logs to a text format
that you can view. For more on binary logging, see Chapter 16.
The process for performing a point-in-time restore is as follows:
■ Restore the database using the last backup
■ Determine the first binary log and starting position needed
■ Determine the last binary log needed
■ Convert the binary log(s) to text format with the mysqlbinlog utility, using options to
specify the start and stop time
■ Import the converted binary log(s)
As with any recovery process, the first step is to restore the last backup performed. This restora-
tion will vary depending on how the backup was performed. For this example assume a file sys-
tem snapshot was performed at midnight of the 16th of September and the logs were flushed at
the same time. This means you have a physical backup and the restoration should just be copy-
ing the files to the server and starting up
mysqld again.
Once the basic restoration is complete it is time to restore the data changes since the backup
was performed.
468
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Backups and Recovery 13
Here is a listing of the binary log directory:
$ ls -lh mysql-bin*
-rw-rw 1 mysql mysql 257M Sep 16 23:48 mysql-bin.010309
-rw-rw 1 mysql mysql 257M Sep 17 00:02 mysql-bin.010310
-rw-rw 1 mysql mysql 257M Sep 17 03:48 mysql-bin.010311
-rw-rw 1 mysql mysql 257M Sep 17 19:01 mysql-bin.010312
-rw-rw 1 mysql mysql 162M Sep 17 19:03 mysql-bin.010313
-rw-rw 1 mysql mysql 8.3K Sep 17 19:01 mysql-bin.index
This means that mysql-bin.010310 is the first binary log created after the backup was per-

formed. This was determined by looking at the timestamp of the log files, which shows the last
time the log file was modified. Knowing the backup was performed at midnight you can see that
mysql-bin.010309 was the last log written before midnight. Therefore the next log file is the
one with which you want to start your restoration.
For this example, you need to restore the server through the last log listed, which is
mysql-bin.010313.
If you have a large number of binary logs (such as in this case) to convert it would probably be
beneficial to script this process. The command to convert an entire binary file will look similar
to this:
$ mysqlbinlog mysql-bin.010310 > mysql-bin.010310.sql
This would convert the mysql-bin.010310 logtotextformatandstoreitinthe
mysql-bin.010310.sql file. You will have to do this for each log file needed. The final
part of the process is the import of the log files into the database server:
$ mysql user=root pasword < mysql-bin.010310.sql
This would need to be done for each converted binary log. Once again, scripting might be
helpful.
To create text files from parts of binary logs using
mysqlbinlog, specify a starting place
with either
start-datetime=’YYYY-MM-DD’ or start-position=# and ending
place with either
stop-datetime=’YYYY-MM-DD’ or stop-position=#. To determine
the exact position to start or stop you have to examine the binary log contents. The problem is
that this can be a large file. To start you have to convert the log to text format:
$ mysqlbinlog mysql-bin.010312 > mysql-bin.010312.sql
469
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
Once you convert the log file you can view the text-format log with a text editor. With a binary
log of 162 MB in size this may be tricky. If you are looking to end at a specific time you can

specify a stopping time:
$ mysqlbinlog stop-datetime=’2008-09-17 18:42:48’ mysql-bin.010312
> mysql-bin.010312.sql
Once you have trimmed the file it becomes much easier to view with the tail command. Now
you will still have to potentially look through a number of entries because a busy database
server is going to be executing hundreds, if not thousands, of queries a second. Here are the last
25 lines after trimming:
$ tail -25 mysql-bin.010312.sql
use usersession/*!*/;
SET TIMESTAMP=1221702167/*!*/;
UPDATE XXXXX /*!*/;
# at 185118382
#080917 18:42:47 server id 16 end_log_pos 185118409 Xid =
9731310851
COMMIT/*!*/;
# at 185118409
#080917 18:42:47 server id 16 end_log_pos 185118473 Query
thread_id=1273437368 exec_time=1 error_code=0
SET TIMESTAMP=1221702167/*!*/;
BEGIN/*!*/;
# at 185118473
#080917 18:42:47 server id 16 end_log_pos 185118508 Rand
SET @@RAND_SEED1=700138339, @@RAND_SEED2=45664511/*!*/;
# at 185118508
#080917 18:42:47 server id 16 end_log_pos 185119173 Query
thread_id=1273437368 exec_time=1 error_code=0
use usersession/*!*/;
SET TIMESTAMP=1221702167/*!*/;
UPDATE XXXXX /*!*/;
# at 185119173

#080917 18:42:47 server id 16 end_log_pos 185119200 Xid =
9731310854
COMMIT/*!*/;
DELIMITER ;
# End of log file
ROLLBACK /* added by mysqlbinlog */;
/*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
$
In this case you want to execute the first COMMIT statement and then stop. The line after the
COMMIT statement shows the log position. The log position is 185118473. Now you can create
your final text format file with exactly the right information:
470
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Backups and Recovery 13
$ mysqlbinlog stop-position=185118473 mysql-bin.010312 >
mysql-bin.010312.sql
This file (mysql-bin.010656.sql) is what you will want to import.
$ mysql user=root password < mysql-bin.010656.sql
It would be wise to examine the resulting file to ensure it is correct before execution of the log
file.
Table 13-6 lists common options for the
mysqlbinlog program.
TABLE 13-6
mysqlbinlog Options
Option Description
start-datetime=
"date_time"
Begins reading the binary log file at a timestamp equal to or
greater than the datetime argument.
stop-datetime=

"date_time"
Ends reading the binary log file at a timestamp equal to or
greater than the datetime argument.
start-position=
start_log_position
Begins reading the binary log file beginning at the first log
position equal to or greater than start_log_position.
stop-position=stop_
log_position
Ends reading the binary log file at the first event having a
log position equal to or greater than stop_log_position.
Planning for Disasters
Database recovery is part of the disaster planning process. What to do, who does it, and how
long the recovery process takes when things break requires thought, planning, and usually coor-
dination with other people and departments. It is important that you rehearse plans and perform
drills to make sure that the proper preparations are in place.
A backup plan and corresponding periodic restores of your backups should be part of the disas-
ter preparation. An incomplete list of issues covered could include:
■ Power
■ Employee termination process
■ Data center failover plan
■ Data retention strategies
471
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
A disaster plan should be written down and approved by everyone involved, including manage-
ment. It should include checklists and processes to carry out for various scenarios.
Summary
You have multiple methods of backing up your data, and depending on your situation, some
options are going to be better than others. Do not underestimate the importance of performing

backups and testing the recovery procedure. Ensure the backups and recovery processes are
actually working and current by testing frequently, preferably at least once per quarter. Other
periodic tasks may include a test of the backups and recovery processes, such as periodically
refreshing a QA server by recovering a production backup to it.
The following topics were covered in this chapter:
■ Backup and recovery terminology
■ Why backups are necessary
■ Backup methodology
■ The recovery process
■ Disaster planning
472
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management
IN THIS CHAPTER
Learning about MySQL users
Managing user accounts
Resetting the root password
Debugging user account
problems
M
anaging the users for a MySQL server is one of the most impor-
tant tasks of a MySQL database administrator. Because of the
flexibility of the permissions system, it is not necessarily a trivial
task. There are many tips to help manage users.
Learning about MySQL Users
A user in MySQL is a combination of a username and host string.
A host string can be an IP address, hostname, fully qualified domain
name, or netmask. This means that even though they share a username,
is different from admin@’192.168.2.%’,and
both users can have different passwords and permissions. In the following

example, we set up two users with the same username and different
passwords and permissions:
shell> mysql -u root -prootpass
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 6.0.8-alpha-community MySQL Community Server (GPL)
Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer.
mysql> GRANT USAGE ON *.* TO admin@’192.168.2.10’
IDENTIFIED BY ’easytoguess’;
Query OK, 0 rows affected (0.22 sec)
mysql> GRANT ALL ON sakila.* TO admin@’192.168.2.20’
IDENTIFIED BY ’anotherpassword’;
473
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
Query OK, 0 rows affected (0.41 sec)
mysql> select user,host,password from mysql.user where user=’admin’;
+ + + +
| user | host | password |
+ + + +
| admin | 192.168.2.10 | *2F9A309FBEA7337E61AA2953EB48179BF9300B7C |
| admin | 192.168.2.20 | *4CBC947A0D5CF017233C027F4597C92A92D02F92 |
+ + + +
2 rows in set (0.05 sec)
mysql> exit
Bye
This allows for a flexible control system but can also cause confusion. How the server deter-
mines who a user is and what permissions are allowed for that user will be discussed in the next
section.
Access Control Lists

An ACL (Access Control List) is a list of permissions that is associated with an object. This list is
the basis for MySQL server’s security model and once you understand this it helps greatly when
troubleshooting problems with users not being able to connect.
MySQL keeps the ACLs (also called grant tables) cached in memory. When a user tries to
authenticate or run a command, MySQL checks the authentication information and permissions
against the ACLs, in a predetermined order. If you had two users,
admin@’192.168.2.%’
and then , the user admin@’192.168.2.%’ user comes before
in the Access Control List. When MySQL checks authentication,
the
admin@’192.168.2.%’ user is the first user whose credentials match the credentials
provided. Remember how users with the same username but different host strings can have
different passwords? The following example shows what happens in this case; the computer used
by the user has an IP address of 192.168.2.20:
shell> mysql -u admin –peasytoguess –h 192.168.1.5
ERROR 1045 (28000): Access denied for user ’admin @’192.168.2.20’
(using password: YES)
What happened was the account attempted to connect using the account
2.10
, which was configured with the password of easytoguesss. When attempting to connect
the server authenticated against the user account
, which has a password
of
anotherpassword.
If they had same passwords the connection would be allowed — but the connection may be
using an account with different privileges than expected. If you are not sure what user you are
actually logged in as you can use the
USER() and CURRENT_USER() functions to determine
how you are connected.
474

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
The USER() function shows which username and host the MySQL server sees the connection
as coming from. The
CURRENT_USER() function shows which username and host the con-
nection is actually authenticated. Note that the
SHOW GRANTS statement with no arguments
shows the privileges for the user the connection was authenticated — the privileges for the
CURRENT_USER().
Wildcards
Wildcard characters (% and _) are allowed in host strings. This is another source of confusion as
is a completely different user than admin@’192.168.2.%’. As stated
above, MySQL checks the access control list in order. However, we did not reveal how the
MySQL server orders the access control list.
MySQL orders the access control list with the least specific hosts last. This means that hostnames
and IPs without wildcards or netmasks are placed before hostnames and IPs with wildcards and
netmasks. MySQL matches the most specific user and hostname.
In the following example, after deleting the users from the previous example,

2.10
is given full read/write permissions to the sakila database, and admin@’19.168.2.%’ is
given read-only permissions to the
sakila database:
mysql> DROP USER ;
Query OK, 0 rows affected (0.01 sec)
mysql> DROP USER ;
Query OK, 0 rows affected (0.01 sec)
mysql> SELECT USER, HOST, PASSWORD FROM MYSQL.USER WHERE
USER=’admin’;
Empty set (0.01 sec)

mysql> GRANT SELECT ON sakila.* TO admin@’1921.68.2.%’
identified by ’adminpass’;
Query OK, 0 rows affected (0.39 sec)
mysql> GRANT ALL ON sakila.* TO admin@’192.168.2.10’ identified by
’adminpass’;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
shell> mysql -u admin
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 6.0.8-alpha-community MySQL Community Server (GPL)
Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer.
475
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
mysql> SHOW GRANTS\G
*************************** 1. row ***************************
Grants for : GRANT USAGE ON *.* TO ’admin’@’192.
168.2.10’ IDENTIFIED BY PASSWORD ’*2C6396ADEEF1AF865672D48735
C0E3EC8B1A9CEC’
*************************** 2. row ***************************
Grants for : GRANT ALL PRIVILEGES ON `sakila`.*
TO ’admin’@’192.168.2.10’
2 rows in set (0.00 sec)
mysql> exit
Bye
The connection was authenticated as the user because it has a
more specific host than the user
admin@’192.168.2.%’ and, therefore, appeared earlier

in MySQL’s access control list. This would only happen if the user connected from the IP
address 192.168.2.10. If they connected from 192.168.2.20, it would use the more general
host of
’192.168.2.%’. If they attempted to connect from 192.168.3.10, they would not be
authenticated.
System tables
All the user and permission information is stored in the mysql database in a set of tables known
as the grant tables. If you execute
’SHOW DATABASES’ on a typical default install of MySQL it
will look like the following:
mysql> SHOW DATABASES;
+ +
| Database |
+ +
| information_schema |
| mysql |
| test |
+ +
3 rows in set (0.02 sec)
The information_schema database really is not a database but an interface to various system
metadata (see Chapter 21 for more information about the
information_schema database).
The
test database is an empty database used for testing purposes and as mentioned the mysql
database stores the user information. In addition to the grant tables, the mysql database has
tables containing other system information. For example, a table called
event is used by the
476
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14

event scheduler (see Chapter 7 for more information about events). Because of new additions
such as this, the tables in the
mysql database vary from version to version. Here are the tables
in a server running
mysqld 6.0.8-alpha:
mysql> SHOW TABLES;
+ +
| Tables_in_mysql |
+ +
| backup_history |
| backup_progress |
| columns_priv |
|db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |

| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+ +
25 rows in set (0.18 sec)
The tables that are of interest when it comes user management are columns_priv, db, host,
procs_priv, tables_priv,anduser. It is possible to directly manipulate these tables using
SQL to add, delete, or update user information. In fact, that used to be the only way privileges
were managed. These days, however, it is much easier and less error prone to use the
GRANT,
REVOKE, CREATE USER, DROP USER,andRENAME USER commands designed for user manage-
ment. We will cover the commands used to manipulate users in the next section.
477
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
One of the more common problems of a database administrator is seeing what users are already
exist and what privileges they have. If you are logged in to the server with appropriate privi-
leges, the following will show all usernames, hosts, and password hashes on the system:
mysql> SELECT user,host,password FROM mysql.user;
+ + + +
| user | host | password |
+ + + +
| root | % | *ACC4836009D0D7911EFE143E154D3E7C |
| | | 32AB8EEB |
| root | localhost | *ACC4836009D0D7911EFE143E154D3E7C |
| | | 32AB8EEB |
| developer | localhost | *50C0E8BEE396F2367258EC80901409C4 |
| | | BE300238 |
| production_ | slave. | *891A44E50A5E8286F04BC1EFB0292BE3 |

| slave | company.com | AFE74D5E |
| production_ | 192.168.2.191| *891A44E50A5E8286F04BC1EFB0292BE3 |
| slave | | AFE74D5E |
| ops | localhost | *99FFA08BDD2C5D80552F52F441AA632D |
| | | FA1DE9E3 |
| cto | 192.% | *B81134DE91B9BE86259180DC8446A254 |
| | | 008A1D9E |
+ + + +
7 rows in set (0.00 sec)
If a user has a blank password, the password field will be empty.
Managing User Accounts
MySQL server provides a number of commands used for managing users. To create a user, you
can use the
CREATE USER command. To drop a user, you should use the DROP USER command.
In the following example, we create a user and give them privileges and finally drop the user.
mysql> CREATE USER ’ops’@’192.168.%’ IDENTIFIED BY ’password’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON test.* TO ’ops’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
mysql> DROP USER ’ops’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
478
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
mysql> select User,Host,Password from user;
+ + + +
| User | Host | Password |
+ + + +
| root | localhost | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
| root | % | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |

+ + + +
2 rows in set (0.00 sec)
The CREATE USER and GRANT USER commands (covered in the next section) can
both be used to create users without passwords. This is very insecure and should be
avoided! Always use the IDENTIFIED BY clause when using these commands.
Dropping the user removes all their privileges. Even if you recreate the exact same username
and host the new user does not retain the privileges of the previous user. You are starting from
scratch. Here is an example showing this:
mysql> CREATE USER ’ops’@’192.168.%’ IDENTIFIED BY ’password’;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON test.* TO ’ops’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
mysql> DROP USER ’ops’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT user,host,password FROM mysql.user;
+ + + +
| user | host | password |
+ + + +
| root | localhost | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
| root | % | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
+ + + +
2 rows in set (0.00 sec)
mysql> CREATE USER ’ops’@’192.168.%’ IDENTIFIED BY ’password’;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR ’ops’@’192.168.%’;
+ +
| Grants for % |
+ +
| GRANT USAGE ON *.* TO ’ops’@’192.168.%’ |
+ +

1 row in set (0.00 sec)
479
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
The RENAME USER command renames an existing account. The RENAME COMMAND will return an
error if the new user already exists.
mysql> CREATE USER ’ops’@’192.168.%’ IDENTIFIED BY ’password’;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT user,host,password FROM mysql.user;
+ + + +
| user | host | password |
+ + + +
| root | localhost | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
| ops | 192.168.% | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root | % | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
+ + + +
3 rows in set (0.00 sec)
mysql> CREATE USER ’support’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT user,host,password FROM mysql.user;
+ + + +
| user | host | password |
+ + + +
| root | localhost | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
| ops | 192.168.% | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root | % | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C53366A1 |
| support | 192.168.% | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+ + + +
4 rows in set (0.00 sec)
mysql> RENAME USER ’ops’@’192.168.%’ TO ’support’@’192.168.%’;

ERROR 1396 (HY000): Operation RENAME USER failed for ’ops’@
’192.168.%’
mysql> RENAME USER ’ops’@’192.168.%’ TO ’over_lords’@’192.168.%’;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT user,host,password FROM mysql.user;
+ + + +
| user | host | password |
+ + + +
| root | localhost | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C |
| | | 53366A1 |
| over_lords | 192.168.% | *2470C0C06DEE42FD1618BB99005ADCA2 |
| | | EC9D1E19 |
| root | % | *0AFF2E05C6A513A4FF86D9EBE1D7F8C4C |
| | | 53366A1 |
| support | 192.168.% | *2470C0C06DEE42FD1618BB99005ADCA2 |
| | | EC9D1E19 |
+ + + +
4 rows in set (0.00 sec)
480
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
When a user is renamed, the password is retained by the new user. The user privileges are not
migrated. Also
RENAME USER does not change any database object properties (tables, views,
stored routines, and triggers) that the user created.
GRANT and REVOKE commands
There are two commands that are used to control a user’s privileges. The GRANT command is
used to give an existing user privileges, and
REVOKE is used to remove privileges. If a user does
not exist,

GRANT will create a new user at the same time you are giving them privileges.
It is not recommended that you use GRANT to create a user, because it is too easy to
forget to specify a password when using the GRANT syntax. Users should be created
with CREATE USER first, then given permissions with GRANT.
There are five levels that privileges can be granted.
Global
Global privileges apply to all databases on a MySQL server. These privileges are stored
in the
mysql.user table. You use the GRANT privilege_list ON *.* and REVOKE
privilege_list ON *.*
statements to grant and revoke only global level privileges.
The following example will grant all privileges (except the
GRANT PRIVILEGES privilege) to the
’ops’@’192.168.%’ user. These privileges apply for all databases on the server:
GRANT RELOAD,SHUTDOWN ON *.* TO ’ops’@’192.168.%’;
The next example will grant only SELECT, INSERT, UPDATE,andDELETE privileges to the user
’ops’@’192.168.%’ on all databases on the server:
GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO ’ops’@’192.168.%’;
The users with username of root created by default is only special because of the
permissions it has. The root username has no significance and can be deleted from
a fresh installation with no issues (servers currently in use may be depending on the root user for
backups or some other important task). To create a new user with all privileges:
CREATE USER superuser@localhost IDENTIFIED BY ’superpass’;
GRANT ALL ON *.* TO superuser@localhost;
Database
Database privileges apply to all objects of a specified database. These privileges are stored in
the
mysql.db and mysql.host tables. The GRANT ALL ON db_name.* and REVOKE ALL ON
db_name.*
commands grant and revoke only database level privileges.

The following example will grant all privileges (except the
GRANT PRIVILEGES privilege) to the
’ops’@’192.168.%’ user. These privileges apply only to the database user_db:
GRANT ALL ON user_db.* TO ’ops’@’192.168.%’;
481
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
The next example will grant only SELECT, INSERT, UPDATE,andDELETE privileges to the user
’ops’@’192.168.%’ on the database user_db:
GRANT SELECT, INSERT, UPDATE, DELETE ON user_db.* TO ’ops’
@’192.168.%’;
Table
Table privileges apply to all columns in a given table. These privileges are stored in the
mysql.tables_priv table. The GRANT ALL ON db_name.table_name and REVOKE ALL ON
db_name.table_name
commands grant and revoke only table level privileges.
The following example will grant all privileges (except the
GRANT PRIVILEGES privilege) to
the
’ops’@’192.168.%’ user. These privileges apply only to the table table_name of the
database
user_db:
GRANT ALL ON user_db.table_name TO ’ops’@’192.168.%’;
The next example will grant only SELECT, INSERT, UPDATE,andDELETE privileges to the user
’ops’@’192.168.%’ on to the table table_name of the database user_db:
GRANT SELECT, INSERT, UPDATE, DELETE ON user_db.table_name TO
’ops’@’192.168.%’;
If you had only specified table_name rather than db_name.table_name,theGRANT or
REVOKE statement applies to the table table_name in the default database. To keep from hav-
ing unexpected results, we would recommend you use the

"full" database_name.table_name
format instead.
Column
Column level privileges apply to one or more columns in a given table. These privileges are
stored in the
mysql.columns_priv table. When using the REVOKE command to remove
column level privileges, you must specify the same columns that were granted. The column or
columns for which the privileges are to be granted are enclosed within parentheses.
The following example will grant
SELECT, INSERT,andUPDATE privileges to the user
’ops’@’192.168.%’ on the columns col1 and col2 of the table table_name located in the
database
user_db:
GRANT SELECT (col1,col2), INSERT (col1,col2), UPDATE (col1,col2)
ON user_db.table_name TO ’ops’@’192.168.%’;
482
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
Routine
The CREATE ROUTINE, ALTER ROUTINE, EXECUTE,andGRANT privileges apply to stored rou-
tines (functions and procedures). They can be granted at the global and database levels. Also,
except for
CREATE ROUTINE, these privileges can be granted at the routine level for individual
routines. The privileges are stored in the
mysql.procs_priv table.
GRANT CREATE ROUTINE ON database.* TO ’ops’@’192.168.2.%’;
GRANT EXECUTE ON PROCEDURE database.backup_proc TO ’backup’@
’192.168.2.%’;
Table 14-1 lists all of the privilege options available.
TABLE 14-1

MySQL User Privileges
Privilege Description
ALL Grants all privileges to specified user except the GRANT OPTION.
ALTER Allows user to ALTER TABLE.
ALTER ROUTINE Allows user to alter or drop stored routines.
CREATE Allows user to execute the CREATE TABLE command.
CREATE ROUTINE Allows user to create stored routines.
CREATE TEMPORARY
TABLES
Allows user to execute the CREATE TEMPORARY TABLE command.
CREATE USER Allows user to execute CREATE USER, DROP USER, RENAME USER
and REVOKE ALL PRIVILEGES statements for user creation.
CREATE VIEW Allows user to execute the CREATE VIEW command to create views.
DELETE Allows user to execute the DELETE command.
DROP Allows user to execute the DROP command.
EXECUTE Allows user to run stored routines.
FILE Allows user to execute both SELECT INTO OUTFILE and LOAD
DATA INFILE.
GRANT OPTION Allows user to grant other users privileges.
INDEX Allows user to execute CREATE INDEX and DROP INDEX.
continued
483
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
TABLE 14-1
(continued)
Privilege Description
INSERT Allows user to execute the INSERT command.
LOCK TABLES Allows user to execute LOCK TABLES (user must also have SELECT
privileges on the table).

PROCESS Allows user to see all processes when executing SHOW
PROCESSLIST.
REFERENCES This privilege is not currently implemented.
RELOAD Allows user to execute FLUSH.
REPLICATION
CLIENT
Allows user to execute both SHOW MASTER STATUS and SHOW
SLAVE STATUS commands.
REPLICATION
SLAVE
Needed by the replication slave to read binary logs from the master.
SELECT Allows users to execute SELECT statement.
SHOW DATABASES When user executes SHOW DATABASES command will return a list of
all databases.
SHOW VIEW Allows user to execute the SHOW CREATE VIEW command.
SHUTDOWN Allows user to execute ’mysqladmin shutdown’.
SUPER Allows user to execute CHANGE MASTER, KILL, PURGE MASTER
LOGS,andSET GLOBAL commands. Also will allow user to always
connect even if max_connections has been reached.
UPDATE Allows user to execute UPDATE command
USAGE Allows user to connect.
As you can see there are quite a few allowable privileges. This, in combination with the five
privilege levels (global, database, table, column, and routine), allow for any level of granularity
needed by a database administrator. This granularity creates complexity, but the end result is a
more controllable and secure system.
Privileges are checked until either access is allowed or the end of the ACL is reached.
If you want to query the table production.employee, then MySQL server first
checks to see if you have global access privileges. If so, the query is executed. If you do not have
global access then MySQL server checks for privileges at the database level (production). If you do
not have privileges at the database level, then the table level (employee) privileges are checked.

If this fails the column level privileges are checked and if this fails the user is denied access. If a
check returns positive at any level mysqld stops checking privileges.
484
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
REVOKE
The REVOKE statement is used to remove privileges from a user account. Just as with the GRANT
statement there are five levels that you can revoke privileges from: global, database, table, col-
umn, and routine.
The following example would revoke all privileges for the user
’ops’@’localhost’:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM ’ops’@’localhost’;
Even if you revoke all privileges, the user is not dropped (they are still visible in
the
mysql.user system table). At this point, the user has the USAGE privilege, which
means they can still connect to the server and execute a few commands such as
SHOW VARIABLES
and SELECT NOW(). To drop a user, you must use the DROP USER. It is a best practice to always
drop users after revoking all their privileges.
What if the ’ops’@’localhost’ had global SELECT, INSERT, UPDATE, DELETE,and
DROP privileges but you wanted to only remove the DROP privilege? The following would
accomplish this:
mysql> REVOKE DROP ON *.* FROM ’ops’@’localhost’;
If the user ’ops’localhost’ had SELECT, INSERT, UPDATE,andDELETE privileges on the
table
user_accounts of the database production, you could revoke the DELETE privileges on
this one table like this:
mysql> REVOKE DELETE ON production.user_accounts FROM
’ops’@’localhost’;
As you have probably noticed the REVOKE command very similar of the GRANT command.

SHOW GRANTS and mk-show-grants
The SHOW GRANTS command is used to show a user’s privileges. This is done by displaying a list
of all the GRANT statement(s) that could then be used to duplicate the privileges of a user. If
the user has the
GRANT PRIVILEGES privilege, then the user can also view the grants of other
users.
Here is a simple example which shows the grants for the current user:
mysql> SHOW GRANTS\G
*************************** 1. row ***************************
Grants for root@localhost: GRANT ALL PRIVILEGES ON *.* TO ’root’@
’localhost’ IDENTIFIED BY PASSWORD ’*3800D13EE735ED411CBC3F23B2
A2E19C63CE0BEC’ WITH GRANT OPTION
1 row in set (0.00 sec)
485
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
This was done with the root user who has all privileges, including the GRANT OPTION. Because
this user has the
GRANT OPTION, it can grant privileges to other users, and use the SHOW
GRANTS
command to display grants for other users.
Remember, if you need to see a list of users on the server SELECT user,host FROM
mysql.user will return all users.
Now to take a look at the privileges for ’over_lords’@’%’:
mysql> SHOW GRANTS FOR ’over_lords’@’%’\G
*************************** 1. row ***************************
Grants for over_lords@’%’: GRANT USAGE ON *.* TO ’over_lords’@’%’
IDENTIFIED BY PASSWORD ’*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19’
This user has no privileges. If you are running Unix-based servers the Maatkit toolkit
(

) has a very useful command for systems that have more than
a few users. The
mk-show-grants command allows you display a list of all the users on the
system. In addition, it is very easy to pipe the output to a file and then store the file in a version
control system or use just simply copy it to another server and use the file to set up the same
permissions on another server.
Hereisasampleofthe
mk-show-grants command on a system with more users. Password
hashes have been removed:
shell> ./mk-show-grants -u root -ppassword
Grants dumped by mk-show-grants @VERSION@
Dumped from server Localhost via UNIX socket, MySQL 6.0.8-alpha at
2009-01-06 01:48:50
Grants for ’monitoring’@’10.%’
GRANT REPLICATION SLAVE ON *.* TO ’monitoring’@’10.%’ IDENTI-
FIED BY PASSWORD ’PASSWORD_HASH’;
Grants for ’monitoring’@’localhost’
GRANT ALL PRIVILEGES ON *.* TO ’monitoring’@’localhost’ IDENTI-
FIED BY PASSWORD ’PASSWORD_HASH’;
GRANT USAGE ON *.* TO ’company’@’%.company.com’ IDENTIFIED BY
PASSWORD ’PASSWORD_HASH’;
GRANT ALL PRIVILEGES ON `company_production`.* TO ’company’@’%.
company.com’ WITH GRANT OPTION;
Grants for ’webuser’@’10.%’
GRANT USAGE ON *.* TO ’webuser’@’10.%’ IDENTIFIED BY PASSWORD
’PASSWORD_HASH’;
GRANT ALL PRIVILEGES ON `company_production`.* TO ’webuser’@’10.%’
WITH GRANT OPTION;
Grants for ’webuser’@’localhost’
GRANT USAGE ON *.* TO ’webuser’@’localhost’ IDENTIFIED BY

PASSWORD ’PASSWORD_HASH’;
GRANT ALL PRIVILEGES ON `webuser_load_test`.* TO ’webuser’@
486
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
’localhost’;
GRANT ALL PRIVILEGES ON `webuser_production`.* TO ’webuser’@
’localhost’ WITH GRANT OPTION;
Grants for ’production_slave’@’8.%’
GRANT REPLICATION CLIENT, REPLICATION SLAVE ON *.* TO
’production_slave’@’8.%’ IDENTIFIED BY PASSWORD ’PASSWORD_HASH’;
Grants for ’production_slave’@’192.168.1.191’
GRANT REPLICATION SLAVE ON *.* TO ’production_slave’@’192.168.1.191’
IDENTIFIED BY PASSWORD ’PASSWORD_HASH’;
Grants for ’production_slave’@’preview.company.com’
GRANT REPLICATION SLAVE ON *.* TO ’production_slave’@
’preview.company.com’ IDENTIFIED BY PASSWORD ’PASSWORD_HASH’;
Grants for ’root’@’localhost’
GRANT ALL PRIVILEGES ON *.* TO ’root’@’localhost’ IDENTIFIED BY
PASSWORD ’PASSWORD_HASH’ WITH GRANT OPTION;
Grants for ’tempuser’@’%’
GRANT ALL PRIVILEGES ON *.* TO ’tempuser’@’%’ IDENTIFIED BY
PASSWORD ’PASSWORD_HASH’;
ahell>
To send this output to a file:
shell> ./mk-show-grants -u root -ppassword > grants.sql
Resetting the Root Password
There are times when the password for the root user is lost. It is not a trivial matter to reset the
password and requires a server restart. However, there are times when this proves necessary.
There are two methods for recovering the password. Both have their benefits and drawbacks.

A simple recovery method that works on any server platform uses the
’skip-grants-table’
option in your configuration file. When the server is restarted with this option it starts
‘‘wide open’’ with anyone able to log in with all privileges without even specifying a user-
name. This is a huge security risk and must be carefully considered on production system.
We would recommend that when you add
’skip-grants-table’ that you also add the
’bind-address=127.0.0.1’ option, which does not allow remote network connections to
the MySQL server. This minimizes the risk somewhat.
Here is the procedure:
1. Edit the configuration file and add the
skip-grant-tables and (optionally) the
bind-address option to the mysqld section.
2. Restart the MySQL server
487
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
3. Connect to the mysqld server using the mysql client. No password or user needs to be
specified. If you also used the
skip-networking option, you must run the mysql client
from the server itself.
shell> mysql
4. Issue the following statements, replacing New_Password with the password that you
want to update the root users to have.
mysql> UPDATE mysql.user SET Password=PASSWORD(’New_Password’)
WHERE User=’root’;
mysql> FLUSH PRIVILEGES;
What happens here is that the UPDATE statement resets the password for all existing root
accounts and the
FLUSH PRIVILEGES statement tells the server to reload the grant tables

into memory.
5. Exit the
mysql client and test your new password. If everything works correctly, remove
skip-grants-table and skip-networking from the configuration file, and restart
the MySQL server.
This is a straightforward procedure and in an emergency might be the only method you have
time to perform. However, as pointed out, it is not inherently secure.
The second method of resetting the root password is more secure. The basis for this recovery
method is using an initialization file at server startup to execute the same
UPDATE and FLUSH
PRIVILEGES
commands we used in the previous example. It varies somewhat from Windows
servers to Unix-based servers, so approaches for both will be outlined.
Windows server
1. Log on to your system as a user with Administrator privileges.
2. Stop the MySQL server if it is currently running.
If MySQL is running as a Windows service, click on Start Menu
 Settings  Control
Panel
 Administrative Tools  Services. Then find the MySQL service in the list, right
click on it, and then left-click on Stop.
If your MySQL server is not running as a service, you may need to use the Task Manager
to force it to stop.
3. With your favorite text editor, create a text file, and place the following statements in it:
UPDATE mysql.user SET Password=PASSWORD(’New_Password’) WHERE
User=’root’;
FLUSH PRIVILEGES;
488
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14

Replace New_Password with the password that you want to use (but leave the quotation
marks). Each of the statements must be written on a single line.
4. Save the file. For this example, the filename will be
C:\reset_pass.txt.
5. Open a console window to get to the command prompt. Click on Start Menu
 Run and
then type
cmd.
6. Start the MySQL server with the
init-file option. It might look something like this:
C:\> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld console
init-file=C:\reset_pass.txt
If you installed MySQL to another location adjust the directory accordingly.
The server executes the contents of the file named by the
init-file option at startup
while displaying any output to the console.
If you installed MySQL using the MySQL Installation Wizard, you also may need to specify
a
defaults-file option. The appropriate defaults-file setting can be found
using the Services Manager:
Click Start Menu
 Control Panel  Administrative Tools  Services
Find the MySQL service in the list, right-click on it, and choose the Properties option. The
Path to executable field contains the
defaults-file setting.
If you can not get the MySQL server to start from the command line, you can edit the
server configuration file and add the
init-file option in your mysqld section and then
restart the server using the Services manager.
7. After the server has started successfully and you have confirmed the new password work,

delete the initialization file
C:\reset_pass.txt,andremovetheinit-file option
from your configuration file if necessary and restart it in the normal manner.
Unix-based server
You can use the following procedure for resetting the password for any MySQL root accounts on
a Unix-based sever:
1. Create a text file and place the following statements in it. Replace the password with the
password that you want to use.
UPDATE mysql.user SET Password=PASSWORD(’MyNewPass’) WHERE
User=’root’;
FLUSH PRIVILEGES;
The UPDATE and FLUSH statements each must be written on a single line. The UPDATE
statement resets the password for all existing root accounts, and the FLUSH statement tells
the server to reload the grant tables into memory.
2. Save the file. For this example, the file will be named
/home/kmurphy/mysql-init.
The file contains the root user password. Be certain that it cannot be read by
other users.
489
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Part III Core MySQL Administration
Edit your /etc/my.cnf file. Under [myqld] add init-file=/home/kmurphy/
mysql-init
.
3. Shut down the MySQL server in your normal manner.
4. Start the MySQL server in your normal manner.
The server executes the contents of the file named by the
init-file option at startup,
changing each root account password to the new password specified.
5. After the server has started successfully and you have verified the new password works,

delete the initialization file and edit
my.cnf filetoremovetheinit-file line.
Debugging User Account Problems
There are times when users will come to the database administrator with complaints that a
newly created account isn’t working. When this happens, there are some common issues you
can look for to help when troubleshooting.
Bad password
A common problem is that the account does not work because of an improperly keyed pass-
word or a miscommunication in what the password should be. Here is the
GRANT statement for
auser:
mysql> SHOW GRANTS FOR ’ops’@’localhost’;
+ +
| Grants for ops@localhost |
+ +
| GRANT ALL PRIVILEGES ON *.* TO ’ops’@’localhost’ IDENTIFIED BY |
| PASSWORD ’password_hash’ |
+ +
1 row in set (0.00 sec)
The user comes to you and says their new account is not working. You check the error they are
seeing:
shell> mysql -u ops -p
Enter password:
ERROR 1045 (28000): Access denied for user ’ops’@’localhost’ (using
password: YES)
shell>
This means that the privileges do not match the grants tables. The user is either typing in an
incorrect password or the account has no password and the user is trying to specify a password.
It could also be that the host they are coming from is not specified in a
user@host string, or

that they spelled the username wrong.
490
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
User Management 14
In this case, if there was not a miscommunication about what the password should be and
you need to reset the password, then log in as a user who has
GRANT privileges and do the
following:
mysql> SET PASSWORD FOR ops@’192.168.%’ = PASSWORD(’New_Password’);
Query OK, 0 rows affected (0.00 sec)
And now the user can log in with the new password:
shell> mysql -u ops -p
Enter password: ************
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 6.0.8-alpha MySQL Community Server (GPL)
Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer.
mysql>
Access issues
A more subtle issue is that of access. The user has the right username and password, but
the host is either set incorrectly or there are multiple hosts listed with the same username
and the ‘‘wrong’’ host is being used in authentication. You saw this issue earlier with the
and admin@localhost users.
If a user does not have the expected permissions, check
SHOW GRANTS with no argu-
ments to see what user and permissions the server is using. Also both
SELECT USER(),
CURRENT_USER(),andSELECT user, host, password FROM mysql.user WHERE
user=’<username>’;
are useful to help troubleshoot issues where the permissions are not as

they are expected.
Client does not support authentication protocol
Back in mysqld version 4.1 a new authentication protocol was used by default. This protocol is
more secure and should be used if possible. The problem is that some clients only support the
older protocol. For example, older Perl libraries can only support the older protocol, and at the
time of this book’s writing, PHP did not support the new protocol.
To fix the problem, run
mysql and log in as user with the SUPER privilege. Then use following
command which will change the password of the user to the old format:
mysql> SET PASSWORD FOR ops@’192.168.%’ = OLD_PASSWORD(’
My_Password’);
491
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.