414

I am learning MySQL and tried using a LOAD DATA clause. When I used it as below:

LOAD DATA INFILE "text.txt" INTO table mytable;

I got the following error:

The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

How do I tackle this error?

I have checked another question on the same error message, but still can’t find a solution.

I am using MySQL 5.6

Community
  • 1
  • 1
m0bi5
  • 7,560
  • 7
  • 28
  • 41

22 Answers22

545

It's working as intended. Your MySQL server has been started with --secure-file-priv option which basically limits from which directories you can load files using LOAD DATA INFILE.

You may use SHOW VARIABLES LIKE "secure_file_priv"; to see the directory that has been configured.

You have two options:

  1. Move your file to the directory specified by secure-file-priv.
  2. Disable secure-file-priv. This must be removed from startup and cannot be modified dynamically. To do this check your MySQL start up parameters (depending on platform) and my.ini.
vhu
  • 11,219
  • 11
  • 35
  • 42
  • Are you running MySQL on Linux or Windows? This option is either in the startup parameters or my.ini. – vhu Sep 23 '15 at 10:54
  • I am using on windows , I cant find a my.ini but found my-default.ini – m0bi5 Sep 23 '15 at 10:55
  • 4
    By default my.ini can be found from "C:\ProgramData\MySQL\MySQL Server 5.6" when running MySQL 5.6 on W2012 server. You may also want to check the service startup parameters (e.g. --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini) as they may also list `--secure-file-priv` itself. – vhu Sep 23 '15 at 10:59
  • instead of my.ini there is a my-default.ini at that location – m0bi5 Sep 23 '15 at 11:00
  • Does the service startup parameters list `--defaults-file`? – vhu Sep 23 '15 at 11:00
  • @vhu, how can I change the service startup parameters? (since I don't seem to be able to edit the my.ini in ProgramData directory) – NurShomik Jan 16 '16 at 07:12
  • 2
    @Mohitbhasi, my-default.ini should be in the "C:\Program Files\MySQL\MySQL Server 5.6" folder. The location vhu was referring to is "C:\ProgramData\MySQL\MySQL Server 5.6". Just in case you haven't noticed. – NurShomik Jan 16 '16 at 07:20
  • To answer the question I asked in last comment, install the service with this command: `"C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe" --install MySQLXY --defaults-file="C:\Program Files\MySQL\MySQL Server 5.7\my.ini"` – NurShomik Jan 19 '16 at 20:05
  • Sadly even inside the returned directory the same error occurs :( – Douglas Gaskell Dec 21 '16 at 03:41
  • I had this issue with a script which was trying to export to file. I suspect it was introduced by an update/upgrade at some point down the line, with this setting being configured by default whereas previously it was not. Thank you for the solution. – Martin Greenaway Feb 21 '17 at 15:24
  • 84
    Value: NULL. FML. – William Entriken Mar 09 '17 at 16:20
  • For mysql 5.7.19 on Mac, I finally referenced this article for the solve: http://geodatawrangler.lazym8.com/blog/2017/02/16/secure-file-priv Do `mysql --help | more` to find where the my.cnf that mysql is referencing is. – Alison S Oct 09 '17 at 17:46
  • 12
    Note that if using "select .. into outfile" you must specify the full path and the full path must match the results of `SHOW VARIABLES LIKE "secure_file_priv";` – TheSatinKnight Feb 17 '18 at 17:49
  • 12
    "check the parameters" and "check my.ini" is not a very good answer – Roland Seuhs Mar 21 '18 at 16:09
  • 1
    for a non-root user I simply had access denied, rather than "running with the --secure-file-priv option" which showed up when I tried under root. The fix being that as TheSatinKnight says, the path prefix matching the variable "secure_file_priv" must also be in place. – simon coleman May 16 '18 at 21:13
  • 1
    [how to disable the secure-file-priv in my.ini](https://superuser.com/questions/1088512/how-to-disable-secure-file-priv-mysql-ubuntu) – François Breton Jul 05 '18 at 15:11
  • 1
    I am using a `LOAD DATA INFILE 'full_path\myfile.txt' ...` query, and it still gives the same error, even though `full_path\ ` *exactly* matches the string which is the value of `secure_file_priv`. The question remains: **"How do I tackle this error?"** The second answer below (by Staza) answers it. – Snackoverflow Nov 04 '18 at 15:24
  • 1
    I know this probably is answered somewhere but dear Lord I had to hunt down what to do with `MySql v8`. I had to manually find my `my.ini` file and add `secure-file-priv = ""`, otherwise I kept getting the same error no matter what I typed in there in the GUI. – SovietFrontier May 02 '19 at 01:17
  • @anddero It is a bit late for that but I had a similar issue - try use forward `/` slash in path instead of backslash `\ ` – suchoss Nov 05 '19 at 10:36
  • Also, note the spelling of the option to change in the config file: secure-file-priv **and not** secure_file_priv. – Alexis May 01 '20 at 01:43
  • A third option!! Set your secure-file-priv as `'C:\'` or `'path/to/your/user'`...as seen [here](https://stackoverflow.com/questions/40247853/mysql-set-secure-file-priv-to-multiple-directories) because all folders below are allowed – Poyda May 26 '20 at 00:19
269

I solved it using the LOCAL option in the command:

LOAD DATA LOCAL INFILE "text.txt" INTO TABLE mytable;

You can find more info here.

If LOCAL is specified, the file is read by the client program on the client host and sent to the server. The file can be given as a full path name to specify its exact location. If given as a relative path name, the name is interpreted relative to the directory in which the client program was started.

galoget
  • 529
  • 6
  • 11
Staza
  • 2,827
  • 1
  • 9
  • 11
  • 2
    This worked for me and none other. I tried: 1. to upload my txt file in `C:\ProgramData\MySQL\MySQL Server 5.7\Uploads`, 2. disabling `secure_file_priv` in `my.ini` and restarting mysql 3. This one! Thanks :) – Kamal Nayan Nov 23 '16 at 14:58
  • This worked for me too. I was going to move the files to the secure-fle-priv directory but I didn't have to because this worked perfectly. – adg Mar 04 '17 at 09:17
  • 10
    I got this error message for MariaDB: "ERROR 1148 (42000): The used command is not allowed with this MariaDB version". The exact version: "mysql Ver 15.1 Distrib 10.1.22-MariaDB, for Linux (x86_64) using readline 5.2" – jciloa Jul 18 '17 at 11:56
  • 11
    I got "The used command is not allowed with this MySQL version" for mysql version 5.7.19. – Alison S Oct 05 '17 at 21:14
  • Worked beautifully on MySQL 5.7.17 running on Windows. Thank you! – Ian Nov 05 '17 at 16:04
  • Actually this answer is the correct one and deserves to be the accepted answer! – Steffi Keran Rani J Nov 09 '17 at 13:19
  • Worked for me as well (after I changed backslashes to forward slashes in the connection string). Thank you! – ImkeF Mar 31 '18 at 20:04
  • 2
    @AlisonS Try adding the `--local-infile` flag when running `mysql`. https://stackoverflow.com/questions/10762239/mysql-enable-load-data-local-infile – Illya Moskvin May 30 '18 at 14:36
  • What a life-saver you are :) – Helen Neely Nov 06 '18 at 15:07
  • Worked like a charm. Thanks a lot. This should have been the accepted answer. – Shishir Anshuman Jan 09 '19 at 12:08
  • 3
    `The used command is not allowed with this MySQL version` from MySQL 8.0 – bytefish Mar 03 '19 at 08:02
  • Worked for me. Unsure why adding the local-keyword changed security measures. – Herbert Oct 15 '19 at 17:38
  • @bitfishxyz, you probably already solved this, but I just had the same issue and found this https://dev.mysql.com/doc/refman/8.0/en/mysqlimport.html `sudo mysqlimport --local db_name import_file` – CptMisery Oct 21 '19 at 20:52
  • Note there are some serious security issues if you're too loose with using LOAD DATA LOCAL INFILE: https://dev.mysql.com/doc/refman/8.0/en/load-data-local.html (mustafa's answer is probably safer) – juacala Nov 21 '19 at 13:35
  • This should be the accepted answer. A user may want to import data but may not have privs to access /var/lib/mysql-files. – Juan Jimenez Oct 28 '20 at 15:39
134

On Ubuntu 14 and Mysql 5.5.53 this setting seems to be enabled by default. To disable it you need to add secure-file-priv = "" to your my.cnf file under the mysqld config group. eg:-

[mysqld]
secure-file-priv = ""
Mustafa
  • 4,080
  • 3
  • 20
  • 36
  • 1
    This worked for me as well. Same version of Ubuntu and MySQL – Rodney Nov 13 '16 at 14:24
  • 1
    +1 Worked for me. If you are using Ubuntu, don't forget restart mysql service: sudo service mysql restart – Emiliano Sangoi Jul 20 '17 at 04:07
  • 1
    This is what works if you need it to point to a location that you select per statement where applicable. This works with MySQL 5.7 on Windows Server just as you explained. If you simply comment out the line like `# secure-file-priv = ~` then it still has the error since the value shows as `NULL` doing it this way resolves the problem when you want to pick which directories you can export to on the server, etc. – Bitcoin Murderous Maniac Mar 05 '18 at 19:06
  • 1
    Worked for me with MySQL 5.7 on Windows, whereas the other solutions did not. – CGritton Dec 03 '18 at 21:47
  • 1
    NB: if doing this in Docker you must restart the Docker container. – user1717828 Feb 15 '19 at 14:13
  • Ok for MySQL 5.5 on Windows too. – Arvy Oct 23 '19 at 18:43
42

I'm working on MySQL5.7.11 on Debian, the command that worked for me to see the directory is:

mysql> SELECT @@global.secure_file_priv;
dwlz
  • 9,793
  • 6
  • 46
  • 76
Carlos Med
  • 522
  • 4
  • 8
  • With `SHOW VARIABLES LIKE "secure_file_priv";` I get `ERROR 1146 (42S02): Table 'performance_schema.session_variables' doesn't exist` which is also thrown in other circumstances and I will have to eventually deal with. The `SELECT @@global.secure_file_priv;` command though produced the expected result. – Majid Fouladpour Jun 04 '17 at 16:28
  • 1
    This worked for me -- Ubuntu Mysql 5.7.21: changed the output file to directory /var/lib/mysql-files/output.txt – Shanemeister Apr 26 '18 at 17:42
  • 3
    How you edit it then? I tried to edit it in /etc/mysql/my.cnf and it seems to have no effect - it stays NULL – Slavik Mar 14 '19 at 07:32
30

Here is what worked for me in Windows 7 to disable secure-file-priv (Option #2 from vhu's answer):

  1. Stop the MySQL server service by going into services.msc.
  2. Go to C:\ProgramData\MySQL\MySQL Server 5.6 (ProgramData was a hidden folder in my case).
  3. Open the my.ini file in Notepad.
  4. Search for 'secure-file-priv'.
  5. Comment the line out by adding '#' at the start of the line. For MySQL Server 5.7.16 and above, commenting won't work. You have to set it to an empty string like this one - secure-file-priv=""
  6. Save the file.
  7. Start the MySQL server service by going into services.msc.
Janaaaa
  • 1,156
  • 1
  • 12
  • 28
  • 19
    As of MySQL Server 5.7.16, commenting out the line will not work, because then it will revert to the default, which disables import and export operations. You now need to set it to an empty string if you want to allow these operations from any directory. – dbc Oct 25 '16 at 14:24
  • 1
    Ramnath, please, edit your answer with @dbc detail for 5.7.x version. Thanks. – Rafael Gomes Francisco Sep 20 '17 at 20:25
  • 1
    Adding an empty string works for me; please change the answer to add an empty string like secure-file-priv="" – Rajesh Goel Jun 26 '18 at 23:35
  • 1
    For Windows make sure to use forward slashes – Oliver Oliver Mar 31 '19 at 23:16
27

@vhu I did the SHOW VARIABLES LIKE "secure_file_priv"; and it returned C:\ProgramData\MySQL\MySQL Server 8.0\Uploads\ so when I plugged that in, it still didn't work.

When I went to the my.ini file directly I discovered that the path is formatted a bit differently:

C:/ProgramData/MySQL/MySQL Server 8.0/Uploads

Then when I ran it with that, it worked. The only difference was the direction of the slashes.

galoget
  • 529
  • 6
  • 11
wolfsshield
  • 395
  • 3
  • 13
26

If the file is local to your machine use the LOCAL in your command

LOAD DATA LOCAL INFILE "text.txt" INTO table mytable;
garyrgilbert
  • 432
  • 5
  • 8
17

This thread has been viewed 570k times at the time of this post. Honestly when did MySQL become our over protective unreasonable mom? What a time consuming attempt at security - which really only serves to shackle us!

After many searches and many attempts everything failed. My solution:

What worked for me was:

  1. Import the .csv file via PhpMyAdmin import on older box (if large do at cmd line)
  2. Generate a .sql file.
  3. Download .sql file.
  4. Import .sql file via MySQL Workbench.
Nelles
  • 3,565
  • 6
  • 26
  • 39
13

The thing that worked for me:

  1. Put your file inside of the folder specified in secure-file-priv.

    To find that type:

    mysql> show variables like "secure_file_priv";

  2. Check if you have local_infile = 1.

    Do that typing:

    mysql> show variables like "local_infile";

    If you get:

    +---------------+-------+
| Variable_name | Value |
+---------------+-------+
| local_infile  | OFF   |
+---------------+-------+

    Then set it to one typing:

    mysql> set global local_infile = 1;

  3. Specify the full path for your file. In my case:

    mysql> load data infile "C:/ProgramData/MySQL/MySQL Server 8.0/Uploads/file.txt" into table test;
galoget
  • 529
  • 6
  • 11
Vinícius A. L. Souza
  • 367
  • 3
  • 14
9

I had the same problem with 'secure-file-priv'. Commenting in the .ini file didn't work and neither did moving file in directory specified by 'secure-file-priv'.

Finally, as dbc suggested, making 'secure-file-priv' equal to an empty string worked. So if anyone is stuck after trying answers above, hopefully doing this will help.

Rsc Rsc
  • 149
  • 1
  • 6
7

For mysql 8.0 version you can do this:

mysql.server stop
mysql.server start --secure-file-priv=''

It worked for me on Mac High Sierra.

galoget
  • 529
  • 6
  • 11
Ruslan Krupenko
  • 111
  • 1
  • 7
4

If you're running on Ubuntu, you may also need to configure Apparmor to allow MySQL to write to your folder, e.g. here's my configuration:

Add this line to file /etc/apparmor.d/usr.sbin.mysqld :

/var/lib/mysql-files/* rw

Then add these 2 config lines to /etc/mysql/my.cnf sections:

[client]
loose-local-infile = 1

[mysqld]
secure-file-priv = ""

Here's my SQL:

select id from blahs into outfile '/var/lib/mysql-files/blahs';

It worked for me. Good luck!

Kevin Hutchinson
  • 2,317
  • 2
  • 13
  • 10
4

I created a NodeJS import script if you are running nodeJS and you data is in the following form (double quote + comma and \n new line) 

INSERT INTO <your_table> VALUEs( **CSV LINE **)

This one is configured to run on http://localhost:5000/import.

I goes line by line and creates query string

"city","city_ascii","lat","lng","country","iso2","iso3","id"
"Tokyo","Tokyo","35.6850","139.7514","Japan","JP","JPN","1392685764",
...

server.js

const express = require('express'),
   cors = require('cors'),
   bodyParser = require('body-parser'),
   cookieParser = require('cookie-parser'),
   session = require('express-session'),
   app = express(),
   port = process.env.PORT || 5000,
   pj = require('./config/config.json'),
   path = require('path');

app.use(bodyParser.json());
app.use(cookieParser());
app.use(cors());


app.use(
   bodyParser.urlencoded({
      extended: false,
   })
);

var Import = require('./routes/ImportRoutes.js');

app.use('/import', Import);
if (process.env.NODE_ENV === 'production') {
   // set static folder
   app.use(express.static('client/build'));

   app.get('*', (req, res) => {
      res.sendFile(path.resolve(__dirname, 'client', 'build', 'index.html'));
   });
}

app.listen(port, function () {
   console.log('Server is running on port: ' + port);
});

ImportRoutes.js

const express = require('express'),
   cors = require('cors'),
   fs = require('fs-extra'),
   byline = require('byline'),
   db = require('../database/db'),
   importcsv = express.Router();

importcsv.use(cors());

importcsv.get('/csv', (req, res) => {

   function processFile() {
      return new Promise((resolve) => {
         let first = true;
         var sql, sqls;
         var stream = byline(
            fs.createReadStream('../PATH/TO/YOUR!!!csv', {
               encoding: 'utf8',
            })
         );

         stream
            .on('data', function (line, err) {
               if (line !== undefined) {
                  sql = 'INSERT INTO <your_table> VALUES (' + line.toString() + ');';
                  if (first) console.log(sql);
                  first = false;
                  db.sequelize.query(sql);
               }
            })
            .on('finish', () => {
               resolve(sqls);
            });
      });
   }

   async function startStream() {
      console.log('started stream');
      const sqls = await processFile();
      res.end();
      console.log('ALL DONE');
   }

   startStream();
});

module.exports = importcsv;

db.js is the config file 

const Sequelize = require('sequelize');
const db = {};
const sequelize = new Sequelize(
   config.global.db,
   config.global.user,
   config.global.password,
   {
      host: config.global.host,
      dialect: 'mysql',
      logging: console.log,
      freezeTableName: true,

      pool: {
         max: 5,
         min: 0,
         acquire: 30000,
         idle: 10000,
      },
   }
);

db.sequelize = sequelize;
db.Sequelize = Sequelize;

module.exports = db;

Disclaimer: This is not a perfect solution - I am only posting it for devs who are under a timeline and have lots of data to import and are encountering this ridiculous issue. I lost a lot of time on this and I hope to spare another dev the same lost time.

Nelles
  • 3,565
  • 6
  • 26
  • 39
3

I had all sorts of problems with this. I was changing my.cnf and all sorts of crazy things that other versions of this problem tried to show.

What worked for me:

The error I was getting

The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

I was able to fix it by opening /usr/local/mysql/support-files/mysql.server and changing the following line:

$bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" -- $other_args >/dev/null &
  wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$?

to

$bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --secure-file-priv="" $other_args >/dev/null &
  wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$?
notthehoff
  • 1,034
  • 1
  • 10
  • 24
3

This worked for me (had the additional problem of not being able to use LOCAL with my current MySQL version in the statement LOAD DATE INFILE ... )

sudo /usr/local/mysql/support-files/mysql.server start --secure-file-priv='' --local-infile

The above works for that given path on my machine; you may have to adjust your path.

Then use:

mysql -u root -p

One important point is that you should have the CSV in the MySQL data folder. In my machine it is located at: /usr/local/mysql-8.0.18-macos10.14-x86_64/data

You can change the folder permission if needed to drop a CSV in the data folder.

Setup:
macOS Catalina version 10.15.5
MySQL version 8.0.18

Swan Toma
  • 116
  • 5
2

MySQL use this system variable to control where you can import you files

mysql> SHOW VARIABLES LIKE "secure_file_priv";
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| secure_file_priv | NULL  |
+------------------+-------+

So problem is how to change system variables such as secure_file_priv.

  1. shutdown mysqld
  2. sudo mysqld_safe --secure_file_priv=""

now you may see like this:

mysql> SHOW VARIABLES LIKE "secure_file_priv";
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| secure_file_priv |       |
+------------------+-------+
bytefish
  • 1,550
  • 2
  • 12
  • 27
2

At macOS Catalina, I followed this steps to set secure_file_priv

1.Stop MySQL service

 sudo /usr/local/mysql/support-files/mysql.server stop

2.Restart MYSQL assigning --secure_file_priv system variables 

sudo /usr/local/mysql/support-files/mysql.server start --secure-file-priv=YOUR_FILE_DIRECTORY

Note: Adding empty value fix the issue for me, and MYSQL will export data to directory /usr/local/mysql/data/YOUR_DB_TABLE/EXPORT_FILE 

sudo /usr/local/mysql/support-files/mysql.server start --secure-file-priv=

Thanks

Sushil Adhikari
  • 560
  • 4
  • 11
1

I had this problem on windows 10. "--secure-file-priv in MySQL" To solve this I did the following.

  1. In windows search (bottom left) I typed "powershell".
  2. Right clicked on powershell and ran as admin.
  3. Navigated to the server bin file. (C:\Program Files\MySQL\MySQL Server 5.6\bin);
  4. Typed ./mysqld
  5. Hit "enter"

The server started up as expected.

Jason Allshorn
  • 1,525
  • 1
  • 14
  • 24
1

Without changing any of the configuration files..

  1. look for the value of secure_file_priv using the command posted by @vhu: SHOW VARIABLES LIKE "secure_file_priv".
  2. define the full path for your query such as: select * from table into outfile 'secure_file_priv_PATH/OUTPUT-FILE' ... rest of your query

this worked for my in mysql-shell on ubuntu 18.04 LTS mysql 5.7.29

user2804070
  • 345
  • 7
  • 15
0

in Linux you have to edit my.cnf file in

/etc/mysql/my.cnf

and change 26 line number param like this :

secure-file-priv= <your data path directory like /home/user/data>

then restart your MySQL and try again.

in docker you have to mount your my.cnf file with my.cnf file in your container with this command in docker-compose or add manually :

volumes:
  - ./persistent:/var/lib/mysql
  - ./conf/my.cnf:/etc/mysql/my.cnf

next change /conf/my.cnf in your host and config secure-file-priv param like the upper approach, in addition, you have to mount your data in mysql container and set that path for secure-file-priv param and restart your services and finally, you can load your data.

you can check your config with this command :

SHOW VARIABLES LIKE "secure_file_priv";
hassanzadeh.sd
  • 1,651
  • 1
  • 11
  • 19
0

For MacOS Mojave running MySQL 5.6.23 I had this problem with writing files, but not loading them. (Not seen with previous versions of Mac OS). As most of the answers to this question have been for other systems, I thought I would post the my.cnf file that cured this (and a socket problems too) in case it is of help to other Mac users. This is /etc/my.cnf

[client]
default-character-set=utf8

[mysqld]
character-set-server=utf8
secure-file-priv = ""
skip-external-locking

(The internationalization is irrelevant to the question.)

Nothing else required. Just turn the MySQL server off and then on again in Preferences (we are talking Mac) for this to take.

David
  • 861
  • 12
  • 19
0

I added the LOCAL to the command, but it made another problem:

Loading local data is disabled - this must be enabled on both the client and server sides

For solving this I simply followed three steps in here

saleh sereshki
  • 2,041
  • 3
  • 14
  • 18