mysql用户资源限制

来源：互联网发布：sql导入excel数据编辑：程序博客网时间：2024/05/17 02:41

mysql数据库对用户有限制，比如密码更新多少次，该用户最大连接数等

sql/structs.h源码定义了结构体

typedef struct user_conn {

/*
Pointer to user+host key (pair separated by '\0') defining the entity
for which resources are counted (By default it is user account thus
priv_user/priv_host pair is used. If --old-style-user-limits option
is enabled, resources are counted for each user+host separately).
*/
char *user;
/* Pointer to host part of the key. */
char *host;
/**
The moment of time when per hour counters were reset last time
(i.e. start of "hour" for conn_per_hour, updates, questions counters).
*/
ulonglong reset_utime;
/* Total length of the key. */
uint len;
/* Current amount of concurrent connections for this account. */
uint connections;
/*
Current number of connections per hour, number of updating statements
per hour and total number of statements per hour for this account.
*/
uint conn_per_hour, updates, questions;
/* Maximum amount of resources which account is allowed to consume. */
USER_RESOURCES user_resources;

} USER_CONN;

可以看到，其中保存了用户名、客户端host信息，还有本用户的更新数、连接数等。与之配套的，是一个hash结构hash_user_connections，hash_key中包含user和host。因此相同user &host的连接共享同一个USER_CONN.

2、数据源
conn_per_hour, updates, questions是当前连接对应的用户的实时统计信息。user_resources为元数据，来源于表mysql.user.
如：在localhost用root账户登录，update mysql.user set max_updates =2 where user=’root’; flush privileges; （必须flush后才生效）。则此账号最多只能执行2个更新操作（不局限于update）。

3、相关问题
hash_user_connections为内存结构，因此统计信息重启后并不保存；
如果达到某个统计值达到上限，比如更新数，如何清空？
实际上并没有提供单独清空某个统计值的接口。但在执行 flush privileges和flush user_resources时，会将所有的统计值清空。对应被调用的函数为 reset_mqh (sql/sql_connect.cc)

void reset_mqh(LEX_USER *lu, bool get_them= 0)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
mysql_mutex_lock(&LOCK_user_conn);
if (lu) // for GRANT
{
USER_CONN *uc;
uint temp_len=lu->user.length+lu->host.length+2;
char temp_user[USER_HOST_BUFF_SIZE];

memcpy(temp_user,lu->user.str,lu->user.length);
memcpy(temp_user+lu->user.length+1,lu->host.str,lu->host.length);
temp_user[lu->user.length]='\0'; temp_user[temp_len-1]=0;
if ((uc = (struct user_conn *) my_hash_search(&hash_user_connections,
(uchar*) temp_user,
temp_len)))
{
uc->questions=0;
get_mqh(temp_user,&temp_user[lu->user.length+1],uc);
uc->updates=0;
uc->conn_per_hour=0;
}
}
else
{
/* for FLUSH PRIVILEGES and FLUSH USER_RESOURCES */
for (uint idx=0;idx < hash_user_connections.records; idx++)
{
USER_CONN *uc=(struct user_conn *)
my_hash_element(&hash_user_connections, idx);
if (get_them)
get_mqh(uc->user,uc->host,uc);
uc->questions=0;
uc->updates=0;
uc->conn_per_hour=0;
}
}
mysql_mutex_unlock(&LOCK_user_conn);
#endif /* NO_EMBEDDED_ACCESS_CHECKS */
}

4、是否所有的连接都会设置user_connect？

实际上，由于mysql.user里面的最后四个字段往往是被设置为默认的0。是否设置user_connect就取决于配置参数max_user_connections。若为0，则该server的所有连接，都不设置user_connect.。估计是MySQL考虑到所有这些值都为0，不需要记录统计信息。实现策略的代码为：

vim sql/sql_acl.cc

if ((acl_user->user_resource.questions || acl_user->user_resource.updates ||
acl_user->user_resource.conn_per_hour ||
acl_user->user_resource.user_conn ||
global_system_variables.max_user_connections) &&
get_or_create_user_conn(thd,
(opt_old_style_user_limits ? sctx->user : sctx->priv_user),
(opt_old_style_user_limits ? sctx->host_or_ip : sctx->priv_host),
&acl_user->user_resource))
DBUG_RETURN(1); // The error is set by get_or_create_user_conn()

sctx->password_expired= acl_user->password_expired;
#endif
}
else
sctx->skip_grants();

const USER_CONN *uc;
if ((uc= thd->get_user_connect()) &&
(uc->user_resources.conn_per_hour || uc->user_resources.user_conn ||
global_system_variables.max_user_connections) &&
check_for_max_user_connections(thd, uc))
{
DBUG_RETURN(1); // The error is set in check_for_max_user_connections()
}

DBUG_PRINT("info",
("Capabilities: %lu packet_length: %ld Host: '%s' "
"Login user: '%s' Priv_user: '%s' Using password: %s "
"Access: %lu db: '%s'",
thd->client_capabilities, thd->max_client_packet_length,
sctx->host_or_ip, sctx->user, sctx->priv_user,
thd->password ? "yes": "no",
sctx->master_access, mpvio.db.str));

0 0