HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

MySql - Read only on slave

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
slavemysqlonlyread

Problem

I want to make my MySql slave read only, i've been looking and found the read_only option, but its says that users with super privalges can still write (if i understand the text correctly), here is the grants for my app:

GRANT RELOAD, PROCESS ON *.* TO 'my_app'@'%' IDENTIFIED BY PASSWORD '*'
GRANT ALL PRIVILEGES ON `my_app`.* TO 'my_app'@'%'


will the app be able to write to the slave?

Solution

Here are the grants you just mentioned

GRANT RELOAD, PROCESS ON *.* TO 'my_app'@'%' IDENTIFIED BY PASSWORD '*'
GRANT ALL PRIVILEGES ON `my_app`.* TO 'my_app'@'%'


Based on this, you should not be able to write to the Slave because SUPER is a system level privilege (SUPER only appears in mysql.user as Super_priv) and not a DB level privilege (SUPER does not appear in mysql.db). The first GRANT lacks SUPER privilege. The second GRANT does not have a SUPER privilege context at all.

Having SUPER privilege has a lot of firepower because you can run the following

  • CHANGE MASTER TO



  • KILL



  • SET GLOBAL



  • PURGE BINARY LOGS



Not every user needs this. Giving the SUPER privilege to just anyone can actually hamper a DBA from logging into mysql if max_connections is reached.

Code Snippets

GRANT RELOAD, PROCESS ON *.* TO 'my_app'@'%' IDENTIFIED BY PASSWORD '*'
GRANT ALL PRIVILEGES ON `my_app`.* TO 'my_app'@'%'

Context

StackExchange Database Administrators Q#14455, answer score: 4

Revisions (0)

No revisions yet.