今天同事问我,mysql用户加什么权限,可以导出数据,我说我也不知道,然后去查了资料后,应该加file权限
查看了权限
mysql> show grants for zabbix@'72.7.99.133';
| GRANT ALL PRIVILEGES ON `zabbix`.* TO 'zabbix'@'72.7.99.133' |
那为什么还导出不来呢,去测试了一把
mysql> select * into outfile /tmp/user.txt from users;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/tmp/user.txt from users' at line 1
mysql> show variables like 'secure_file_priv';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| secure_file_priv | NULL |
+------------------+-------+
1 row in set (0.00 sec)
修改配置可修改mysql配置文件,查看是否有
vi my.cnf 添加
secure_file_priv = ''
表示不限制目录,等号一定要有,修改完配置文件后,重启mysql生效
从库修改完参数后
mysql> show variables like 'secure_file_priv';
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| secure_file_priv | |
+------------------+-------+
1 row in set (0.01 sec)
secure_file_priv 参数设置为任意导出地址后,测试导出,刚开始看zabbix用户的权限是all privileges,那么应该包含file 权限吧。继续导出,报错
mysql> select * into outfile '/tmp/user.txt' from user;
ERROR 1045 (28000): Access denied for user 'zabbix'@'72.7.99.133' (using password: YES)
mysql> grant file on zabbix.* to zabbix@'72.7.99.133';
ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES
mysql> grant file on *.* to zabbix@'72.7.99.133';
Query OK, 0 rows affected (0.00 sec)
mysql> select * from users into outfile '/tmp/user1.txt' ;
Query OK, 34 rows affected (0.00 sec)
mysql> select user,host ,File_priv from mysql.user;
| zabbix | 72.7.99.133 | Y |
File_priv=Y的时候mysql 用户才有导出权限
问题解决。
总结:
mysql导出数据需要两个方面的权限,系统权限file,即使你是all privieges 权限,也要单独给一个file权限,否则你是导出不了数据的
1、file 权限,次权限是全局的,不能针对某个数据库
grant file on *.* to zabbix@'72.7.99.133';
2、文件系统安全
show variables like 'secure_file_priv';
secure_file_priv=NULL 没有导出权限
secure_file_priv=/data/tmpfile 只能在制定路径导出数据
secure_file_priv='' 可以在任意路径导出数据
此参数是静态参数,必须重启数据库