MySQL从库read-only配置详解

发表评论
7,158

A+

所属分类：Database

为了防止用户对从库进行插入，采用read-only参数：
配置：

[root@Slave-Mysql data]# grep read-only /etc/my.cnf
read-only

0 1	[root@Slave-Mysql data]# grep read-only /etc/my.cnf read-only

试验过程：

主库授权ALL

mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';

0	mysql> grant all on . to 'imbyrd'@'localhost' identified by 'admin';

从库测试：

[root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'
mysql> use hitest;
mysql> insert into test(id,name) values(14,'fo');
Query OK, 1 row affected (0.14 sec)

[root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'

mysql> use hitest;

mysql> insert into test(id,name) values(14,'fo');

Query OK, 1 row affected (0.14 sec)

主库授权select,insert,update,delete

mysql> REVOKE all ON *.* FROM 'imbyrd'@'localhost';
mysql> grant select,insert,update,delete on  *.* to 'imbyrd'@'localhost' identified by 'admin';
mysql> show grants for imbyrd@'localhost';
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for imbyrd@localhost                                                                                                            |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> REVOKE all ON *.* FROM 'imbyrd'@'localhost';

mysql> grant select,insert,update,delete on *.* to 'imbyrd'@'localhost' identified by 'admin';

mysql> show grants for imbyrd@'localhost';

+----------------------------------------------------------------------------------------------------------------------------------------+

| Grants for imbyrd@localhost |

+----------------------------------------------------------------------------------------------------------------------------------------+

| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441' |

+----------------------------------------------------------------------------------------------------------------------------------------+

1 row in set (0.00 sec)

从库测试：

mysql> use hitest;
mysql> insert into test(id,name) values(16,'dddd');
ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

mysql> use hitest;

mysql> insert into test(id,name) values(16,'dddd');

ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

主库配置：

mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';
mysql> show grants for imbyrd@'localhost'\G
*************************** 1. row ***************************
Grants for imbyrd@localhost: GRANT ALL PRIVILEGES ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
1 row in set (0.00 sec)
mysql> REVOKE SUPER ON *.* FROM 'imbyrd'@'localhost'; 
mysql> show grants for imbyrd@'localhost'\G
*************************** 1. row ***************************
Grants for imbyrd@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'
1 row in set (0.00 sec)

mysql> grant all on *.* to 'imbyrd'@'localhost' identified by 'admin';

mysql> show grants for imbyrd@'localhost'\G

*************************** 1. row ***************************

Grants for imbyrd@localhost: GRANT ALL PRIVILEGES ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'

1 row in set (0.00 sec)

mysql> REVOKE SUPER ON *.* FROM 'imbyrd'@'localhost';

mysql> show grants for imbyrd@'localhost'\G

*************************** 1. row ***************************

Grants for imbyrd@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'imbyrd'@'localhost' IDENTIFIED BY PASSWORD '*4ACFE3202A5FF5CF467898FC58AAB1D615029441'

1 row in set (0.00 sec)

从库测试：

[root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'
mysql> use hitest;
mysql> insert into test(id,name) values(23,'fddf');
ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

[root@Slave-Mysql data]# /usr/local/mysql/bin/mysql -uimbyrd -p'admin'

mysql> use hitest;

mysql> insert into test(id,name) values(23,'fddf');

ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement

结论：当用户权限中没有SUPER权限(ALL权限是包括SUPER的)时，从库的read-only生效！

申明：本文由BYRD原创(基于Mysql5.6.16)，未经许可禁止转载！

发表评论取消回复