Mysql – Run a SQL statement in MySQL on each connection

MySQL

I must be going nuts here, but I could swear I read about a configuration option in MySQL that will run the defined SQL statement on every successful connection to the database, with the cavet that it would not run for root or those with a certain privilege to prevent shutting the server down with a bad sql statement here.

Was I imagining things or do folks know of such a parameter?

I have dug though the MySQL documents and so far I'm not turning up with any success.

Note, this is NOT for the client supplied sql statements, but instead for a statement that the server itself runs regardless of who connects and for what task, and great for tracking who connects with what account if general_log was not enabled for some reason or special handling is required.

Best Answer

Found it.

The parameter is named init_connect and will run the defined sql for each connection, except for those with the super privilege. No result sets are produced by this though so selects are not recommended for this.

The big cavet I see here though is that access to the objects is based on the connecting user's permissions, which make sense.. though it does make an 'autorun' style stored procedure harder to implement as that procedure needs to be accessible to everyone, which could cause problems if it's written with the expectation to be executed only once per connection.

Linux's Viewpoint

You should run this Linux command

history | grep mysqladmin

This will let you see if anyone ran a shutdown from within the server. Note that this will not let you see remote mysqladmin shutdowns. Perhaps running tcpdump and locating the word mysqladmin or shutdown might help.

MySQL's Viewpoint

Shutdown commands do not exist from command line utilities. Therefore, binary logs will not have shutdowns recorded. You are on the right track when you said;

One possibility I'm thinking is someone (who has SUPER privilege) turned off the binary log then run SHUTDOWN and turned it on again.

Look over the users with that privilege. Run this query:

SELECT user,host FROM mysql.user WHERE shutdown_priv='Y';

You may see something like this:

mysql> select user,host from mysql.user where shutdown_priv='Y';
+-------+--------------+
| user  | host         |
+-------+--------------+
| root  | localhost    |
| root  | 127.0.0.1    |
| root  | ::1          |
| root  | 10.240.163.% |
| root  | 10.48.19.%   |
| user1 | %            |
+-------+--------------+
6 rows in set (0.00 sec)

mysql>

You will see all the users that have shutdown privilege. SUPER privilege does not have the shutdown privilege. There is a separate privilege called SHUTDOWN.

You can quickly revoke that privilege. For example, note the user user1@'%'. It has remote shutdown privileges. You can yank it with

REVOKE SHUTDOWN ON *.* FROM user1.'%';

UPDATE mysql.user SET shutdown_priv='N'
WHERE user='user1' AND host='%';
FLUSH PRIVILEGES;

That takes care of the remote shutdown privileges.

You should also address securing user connections by removing SHUTDOWN privilege from every user that does not need to have it. Perhaps you can do this:

UPDATE mysql.user SET shutdown_priv='N'
WHERE CONCAT(user,'@',host) NOT IN
('root@localhost','root@127.0.0.1');
FLUSH PRIVILEGES;

That way, only root@localhost and root@127.0.0.1 can do mysqladmin shutdown within the localhost. I would definitely have the root@127.0.0.1 on hand because there are times when mysqld loses connection to the mysql.sock file and prevents root@localhost from connecting to issue a shutdown. With the root@127.0.0.1, you can issue this:

mysqladmin -uroot -p -h127.0.0.1 --protocol=tcp

to issue a mysqladmin shutdown without needed the socket file.

Give it a Try !!!

Best Answer

Related Solutions

Mysql – Can not add list partitions

Mysql – /usr/libexec/thesqld: Normal shutdown, but the team doesn’t do that

Linux's Viewpoint

MySQL's Viewpoint

Related Question