As part of security hardening, I am trying to disable local_infile and Prevent someone accessing local files of Operating System. As per the documentation I can disable it by either setting the variable local-infile=0 in my.cnf or start mysqld service with option --local-infile=0. But with any of the option I am able to load the local files.
I tried first adding in /etc/my.cnf
[mysqld]
local-infile=0
After that I confirmed the changes got reflected.
mysql> SHOW GLOBAL VARIABLES LIKE 'local_infile';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| local_infile | OFF |
+---------------+-------+
1 row in set (0.00 sec)
Then from mysql client I loaded the local file using load_file
mysql> SELECT load_file("/etc/passwd");
The above command shows the content of /etc/passwd file, even though local_infile is disabled.Can someone tell what is going wrong here?
I repeated the same steps from passing mysqld --local-infile=0 but no change. I have also tried starting mysql client with --local-infile=0 option but no difference.
Use this query in your mysql database
STEP:1
SHOW GLOBAL VARIABLES LIKE 'local_infile';
STEP:2
SET GLOBAL local_infile = 'ON';
STEP:3
SHOW GLOBAL VARIABLES LIKE 'local_infile';
Related
I'm using laravel homestead, and for purposes I need to have quick access to mysql general_log_file in my windows shared folder. I started with this:
mysql> SET GLOBAL general_log_file = '/home/vagrant/code/mysql.log';
I also removed secure_file_priv from mysql setting, now I get:
mysql> SHOW VARIABLES LIKE "secure_file_priv";
+------------------+-------+
| Variable_name | Value |
+------------------+-------+
| secure_file_priv | |
+------------------+-------+
I even gave Give Root Privileges to mysql via this method, but I still get this error:
Can't create/write to file '/home/vagrant/code/mysql.log' (OS errno 13 - Permission denied)
while trying:
mysql> SET GLOBAL general_log = 'ON';
any idea how can I solve this irritating problem?
I know of two things to check that are likely causes. I've experienced both of these in a vagrant environment.
The directory is not writeable by the Linux uid of the mysqld process.
The Linux kernel is restricting the paths accessible to mysqld through Apparmor (Ubuntu or Debian) or SELinux (CentOS or RHEL). The error reported is a permission error, even if the file permissions appear to allow the mysql user to write to that location. You must either disable the apparmor/selinux or else configure it to allow the alternative location.
Since you're only using a VM, I'd just disable it, unless you would like to learn how to configure it in case you need to do that in a non-VM environment.
PS:
secure_file_priv is totally irrelevant to this issue. That option affects only LOAD DATA INFILE and SELECT ... INTO OUTFILE.
I've edited my.cnf file to enable binary logging. Configuration I used is as follows:
[ mysqld ]
log-bin= /var/lib/mysql/localhost-mysql-bin.log
binlog-format = mixed
than I logged in as root to my server (on my computer, localhost that is) and used following command to check whether my bin_log is actually on:
SHOW VARIABLES LIKE 'log_bin';
and I got this:
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_bin | OFF |
+---------------+-------+
From what I gather is that I didn't suceed. Or does it mean that I haven't got any logs yet?
OK, so there was nothing wrong with my configuration. Simple restart did the job and mysql picked up on changes. Problem solved.
I just installed MySQL 5.7 on Windows 10. I am intending to run bugzilla on this computer, so I'd like the settings from this bugzilla mysql settings page, which are
max_allowed_packet=16M
ft_min_word_len=2
When I run mysql --help from cmd, I get a line that says
Default options are read from the following files in the given order:
C:\WINDOWS\my.ini C:\WINDOWS\my.cnf C:\my.ini C:\my.cnf C:\Program Files\MySQL\MySQL Server 5.7\my.ini C:\Program Files\MySQL\MySQL Server 5.7\my.cnf
None of those files exist until C:\Program Files\MySQL\MySQL Server 5.7\my.ini, which is where I added the settings from above. HOWEVER, if I open mysql -u username -p from the same window, I get
mysql> SHOW VARIABLES LIKE 'max_allowed_packet';
+--------------------+---------+
| Variable_name | Value |
+--------------------+---------+
| max_allowed_packet | 4194304 |
+--------------------+---------+
1 row in set (0.00 sec)
mysql> SHOW VARIABLES LIKE 'ft_min_word_len';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| ft_min_word_len | 4 |
+-----------------+-------+
1 row in set (0.00 sec)
And if I do mysql --help again, I get a line that says
max-allowed-packet 16777216
So I'm really confused. Am I logging into different mysql installs or something? Current full mysql --help here.
Find the spot where your my.ini is first picked up. A typical spot will be in the basedir visible with
select ##basedir;
Do the same for ##datadir and write those values down in case you make changes and want to undo what you have done. Such as messing it up and your data is not pointed to upon startup. You log file will tell you if it is broken.
Note too my comments above about specifying the port number with command line tools with a -P (uppercase).
For the my.ini you will need to Open as Administrator to make changes there anyway. Then perform a server restart. (mysqladmin).
Depending on your actual mysql version, attempt to modify, say, the verbosity level. And continue until you isolate where the file you want is picked up for your variables you wish to load on startup. Note in my below it suggests I have two servers running. Which I do on ports 3306 and 3307 for 5.6 and 5.7.13, respectively.
[mysqld]
basedir=C:\\Program Files\\MySQL\\MySQL Server 5.7\\
datadir=C:\\ProgramData\\MySQL\\MySQL Server 5.7\\Data\\
port=3307
log_error_verbosity=2
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER
When you first setup the server on Windows, it is highly likely that you don't even have a my.ini that is active. There is a default stub not Live. And the values are merely baked in. It took me a while to realize there was truly no file loading anything until I found the spot.
I want MySQL to create a new general log file and log everything to it.
When I type this into MySQL:
set global general_log_file='~/path/to/new/file';
and the file is one that I want MySQL to create upon handling some transactions after I've set the global variable (i.e. it doesn't exist yet), it gives me an error:
Variable 'general_log_file' can't be set to the value of '~/path/to/new/file'
However, if I do it with a filepath that looks like:
set global general_log_file='new/file';
it doesn't complain and assigns the variable accordingly, even though this new file doesn't exist yet either.
What's going on here?
change my cnf.ini
general_log_file = /var/log/mysql/new_file.log
general_log = 1
Then restart the mysql process
Server restarts and log flushing do not cause a new general query log
file to be generated (although flushing closes and reopens it)
shell> mysqladmin flush-logs
SET GLOBAL general_log = 'ON';
SET GLOBAL general_log_file='/var/log/general_log/general.log';
If error occurs MySQL: Variable 'general_log_file' can't be set to the value of '/var/log/general_log/general.log'
Just simple change file owner to mysql
Example chown -p mysql:mysql /var/log/general_log
Then change file permission
Format: chown 777 <log_output_file_name>
Ex: chmod 777 general.log
After that execute,
SET GLOBAL general_log_file='/var/log/general_log/general.log';
Verify the result: show global variables like '%general_log_file%';
Output:
MariaDB [(none)]> show global variables like '%general_log_file%';
+------------------+----------------------------------+
| Variable_name | Value |
+------------------+----------------------------------+
| general_log_file | /var/log/general_log/general.log |
+------------------+----------------------------------+
1 row in set (0.00 sec)
I use PHP to access MySQL in XAMPP. My question is where I can find the MySQL log file if there is a DB error.
Also, can I change the default location/name of that log file?
Thank you
///// Based on the coments //////
mysql> show variables like '%log_file%';
+---------------------------+------------------------------------+
| Variable_name | Value |
+---------------------------+------------------------------------+
| general_log_file | C:/xampp/mysql/data/mysql.log |
| innodb_log_file_size | 5242880 |
| innodb_log_files_in_group | 2 |
| slow_query_log_file | C:/xampp/mysql/data/mysql-slow.log |
+---------------------------+------------------------------------+
4 rows in set (0.00 sec)
If you do
SHOW VARIABLES LIKE '%log_file%';
it will show exactly where they're being written.
The accepted answer is a bit old, for MySQL 5.1+
you may use the queries:
SET GLOBAL general_log = 'ON';
SET GLOBAL general_log_file = 'my_log.log';
First will enable loging (which may be off by default)
and the second select updates the preferred file (by default under C:/xampp/mysql/data/).
NOTE: On windows 8 you may have to run your SQL IDE as ADMINISTRATOR for this commands to get saved.
NOTE2: you can also set this in the config, go to path_to_xampp/mysql/ and edit my.ini
(copy from my-default.ini if it does not exists) and add the settings there:
[mysqld]
general_log = 'ON';
general_log_file = 'my_log.log';
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
It's a *.err file.
You will find it here : C:\xampp\mysql\data
To trace you error correctly, open it with Notepad++ for example and Start Mysql. You Should see the error at the end of the file.
You can also try looking at localhost/phpmyadmin/ and click on the Variables tab.
On mac, it's likely to be at:
/Applications/XAMPP/xamppfiles/var/mysql
If there are a lot of error files there, do ls -la to see which one is most recent and most likely.