天天看點
傳回

mysql 從庫 read-only_Mysql從庫read-only配置詳解

為了防止使用者對從庫進行插入,采用read-only參數:

配置:

[[email protected] data]# grep read-only /etc/my.cnf

read-only

試驗過程:

主庫授權ALL

mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';

從庫測試:

[[email protected] data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'

mysql> use hitest;

mysql> insert into test(id,name) values(14,'fo');

Query OK, 1 row affected (0.14 sec)

主庫授權select,insert,update,delete

mysql> REVOKE all ON *.* FROM 'imbyrd'@'localhost';

mysql> grant select,insert,update,delete on  *.* to 'imbyrd'@'localhost' identified by 'admin';

mysql> show grants for [email protected]'localhost';

+----------------------------------------------------------------------------------------------------------------------------------------+

| Grants for [email protected]                                                                                                            |

+----------------------------------------------------------------------------------------------------------------------------------------+

| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' |

+----------------------------------------------------------------------------------------------------------------------------------------+

1 row in set (0.00 sec)

從庫測試:

mysql> use hitest;

mysql> insert into test(id,name) values(16,'dddd');

ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

主庫配置:

mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';

mysql> show grants for [email protected]'localhost'\G

*************************** 1. row ***************************

Grants for [email protected]: GRANT ALL PRIVILEGES ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'

1 row in set (0.00 sec)

mysql> REVOKE SUPER ON *.* FROM 'imbyrd'@'localhost';

mysql> show grants for [email protected]'localhost'\G

*************************** 1. row ***************************

Grants for [email protected]: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'

1 row in set (0.00 sec)

從庫測試:

[[email protected] data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'

mysql> use hitest;

mysql> insert into test(id,name) values(23,'fddf');

ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

結論:當使用者權限中沒有SUPER權限(ALL權限是包括SUPER的)時,從庫的read-only生效!

mysql 從庫 read-only
上一篇: 震驚, c++ addons 比 nodejs直接寫還慢?why?
下一篇: DB出現大量select @@session.tx_read_only 語句