How can I get around MySQL Errcode 13 with SELECT INTO OUTFILE?

Asked 6/5, 2010 at 18:0 Answered 25/11, 2015 at 6:55

116

I am trying to dump the contents of a table to a csv file using a MySQL SELECT INTO OUTFILE statement. If I do:

SELECT column1, column2
INTO OUTFILE 'outfile.csv'
FIELDS TERMINATED BY ','
FROM table_name;

outfile.csv will be created on the server in the same directory this database's files are stored in.

However, when I change my query to:

SELECT column1, column2
INTO OUTFILE '/data/outfile.csv'
FIELDS TERMINATED BY ','
FROM table_name;

I get:

ERROR 1 (HY000): Can't create/write to file '/data/outfile.csv' (Errcode: 13)

Errcode 13 is a permissions error, but I get it even if I change ownership of /data to mysql:mysql and give it 777 permissions. MySQL is running as user "mysql".

Strangely I can create the file in /tmp, just not in any other directory I've tried, even with permissions set such that user mysql should be able to write to the directory.

This is MySQL 5.0.75 running on Ubuntu.

Encrust answered 6/5, 2010 at 18:0 Comment(2)

Seeing as the 13 is a system error, this is probably not it, but there is a mySQL setting limiting INTO OUTFILE to a directory: dev.mysql.com/doc/refman/5.0/en/… maybe worth a quick look whether it's set to /tmp. – Bronwen 6/5, 2010 at 18:4

That variable is blank on my installation, which according to that document means my output directories should not be limited. – Encrust 6/5, 2010 at 18:6

195

Which particular version of Ubuntu is this and is this Ubuntu Server Edition?

Recent Ubuntu Server Editions (such as 10.04) ship with AppArmor and MySQL's profile might be in enforcing mode by default. You can check this by executing sudo aa-status like so:

# sudo aa-status
5 profiles are loaded.
5 profiles are in enforce mode.
   /usr/lib/connman/scripts/dhclient-script
   /sbin/dhclient3
   /usr/sbin/tcpdump
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/sbin/mysqld
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode :
   /usr/sbin/mysqld (1089)
0 processes are in complain mode.

If mysqld is included in enforce mode, then it is the one probably denying the write. Entries would also be written in /var/log/messages when AppArmor blocks the writes/accesses. What you can do is edit /etc/apparmor.d/usr.sbin.mysqld and add /data/ and /data/* near the bottom like so:

...  
/usr/sbin/mysqld  {  
    ...  
    /var/log/mysql/ r,  
    /var/log/mysql/* rw,  
    /var/run/mysqld/mysqld.pid w,  
    /var/run/mysqld/mysqld.sock w,  
    **/data/ r,  
    /data/* rw,**  
}

And then make AppArmor reload the profiles.

# sudo /etc/init.d/apparmor reload

WARNING: the change above will allow MySQL to read and write to the /data directory. We hope you've already considered the security implications of this.

Platas answered 7/6, 2010 at 2:23 Comment(9)

This was Ubuntu 9.04, but AppArmor was denying the write. Thanks so much, this solved this for me. – Encrust 7/6, 2010 at 13:47

I hate to point this out, but there is a reason App Armor doesn't allow this. MySQL now has the ability to modify and read anything in the /data folder. Just don't get hacked now. – Zeeland 1/11, 2011 at 3:1

@Serdar, The AppArmor MySQL ruleset distributed with the distro does not allow it by default. This makes sense as it is a good baseline of rules for a fresh install. I believe we should be and are allowed to modify the rulesets to fit our needs post-install. It was the original asker's intention to allow MySQL to write to the specific directories. But if it is not readily explicit above, a note to furhter people stumbling on this solution: WARNING: the change above will allow MySQL to read and write to the /data directory. We hope you've already considered the security implications of this. – Platas 3/1, 2012 at 1:51

Thanks! For Ubuntu 12.04, writing to /dev/shm, I added /dev/shm/ r, /dev/shm/* rw, /run/shm/ r, /run/shm/* rw, – Ananna 23/5, 2012 at 16:22

GREAT ANSWER!!! It solved my problem, I was also trying to write in any other directory. Now, I have to research what all this was about! :) Learning about this, I recommend other people to read about apparmor (and hence, the command aa-status): en.wikipedia.org/wiki/AppArmor – Berkly 26/9, 2014 at 16:6

That worked for me on ubuntu 14.04 but REMEMBER to chmod the output file with read write to the MySQL user. I made it 0777 as I'm the only one using the machine. – Prevailing 22/2, 2015 at 20:14

In my case this helped: /your/abs/folder/ r, /your/abs/folder/** rwk, } don't forget to include the comma at the end! – Conciliator 24/10, 2016 at 9:40

it works to write in /tmp. Use windows instead. – Ingleside 7/5, 2018 at 12:17

This did not work for me, nor did chown nor did running as root. Only creating /tmp/mysql-dump/ then chown -R 777 /tmp/mysql-dump/ and running mysqldump into that folder. – Loiret 4/9, 2018 at 18:19

Ubuntu uses AppArmor and that is whats preventing you from accessing /data/. Fedora uses selinux and that would prevent this on a RHEL/Fedora/CentOS machine.

To modify AppArmor to allow MySQL to access /data/ do the follow:

sudo gedit /etc/apparmor.d/usr.sbin.mysqld

add this line anywhere in the list of directories:

/data/ rw,

then do a :

sudo /etc/init.d/apparmor restart

Another option is to disable AppArmor for mysql altogether, this is NOT RECOMMENDED:

sudo mv /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/

Don't forget to restart apparmor:

sudo /etc/init.d/apparmor restart

Chasse answered 7/6, 2010 at 2:41 Comment(1)

To actually disable apparmor for mysql I needed to do: cyberciti.biz/faq/ubuntu-linux-howto-disable-apparmor-commands – Bounds 27/6, 2017 at 9:36

I know you said that you tried already setting permissions to 777, but as I have an evidence that for me it was a permission issue I'm posting what I exactly run hoping it can help. Here is my experience:

tmp $ pwd
/Users/username/tmp
tmp $ mkdir bkptest
tmp $ mysqldump -u root -T bkptest bkptest
mysqldump: Got error: 1: Can't create/write to file '/Users/username/tmp/bkptest/people.txt' (Errcode: 13) when executing 'SELECT INTO OUTFILE'
tmp $ chmod a+rwx bkptest/
tmp $ mysqldump -u root -T bkptest bkptest
tmp $ ls bkptest/
people.sql  people.txt
tmp $

Prochora answered 6/5, 2010 at 20:16 Comment(4)

me@server:/data$ pwd /data me@server:/data$ ls -al total 60 ... drwxrwxrwx 2 mysql mysql 4096 2010-05-06 16:27 dumptest me@server:/data$ mysqldump -u dbuser -p -T dumptest -B db_name --tables test Enter password: mysqldump: Got error: 1: Can't create/write to file '/data/dumptest/test.txt' (Errcode: 13) when executing 'SELECT INTO OUTFILE' me@server:/data$ sudo chmod a+rwx dumptest/ me@server:/data$ mysqldump -u dbuser -p -T dumptest -B db_name --tables test Enter password: mysqldump: Got error: 1: (same error) – Encrust 6/5, 2010 at 20:35

Oy, well, didn't realize comments wouldn't format, but double checked a few different ways. First with the target directory owned by mysql:mysql, then with the target directory owned by the user I was running the dump command as, both ways still give me the same permissions error. – Encrust 6/5, 2010 at 20:36

For the record, this worked for me despite having changed the apparmor permissions – Definiens 2/11, 2012 at 19:17

I tried making modification to apparmor, it didn't worked. Changing permission 'chmod 777' worked for me! – Moderate 22/6, 2015 at 11:34

This problem has been bothering me for a long time. I noticed that this discussion does not point out the solution on RHEL/Fecora. I am using RHEL and I do not find the configuration files corresponding to AppArmer on Ubuntu, but I solved my problem by making EVERY directory in the directory PATH readable and accessible by mysql. For example, if you create a directory /tmp, the following two commands make SELECT INTO OUTFILE able to output the .sql AND .sql file

chown mysql:mysql /tmp
chmod a+rx /tmp

If you create a directory in your home directory /home/tom, you must do this for both /home and /home/tom.

Coriolanus answered 21/2, 2012 at 1:17 Comment(2)

Using /tmp as an example is not a good idea, and you really do not want to change the ownership of the /tmp directory (in most cases). – Sherbrooke 13/4, 2015 at 10:59

Changing the ownership of /tmp is bad, but creating a temp folder inside /tmp and chown mysql:mysql solved my problem – Cyclist 31/7, 2020 at 12:52

MySQL is getting stupid here. It tries to create files under /tmp/data/.... So what you can do is the following:

mkdir /tmp/data
mount --bind /data /tmp/data

Then try your query. This worked for me after hours of debugging the issue.

Hervey answered 18/6, 2012 at 22:0 Comment(1)

I like this answer best. It is easy, it works, and it doesn't require you futzing with apparmor. The other way of doing it using pipes does not work well for large exports because of all the buffering that is done. – Chubby 4/11, 2014 at 15:19

You can do this :

mysql -u USERNAME --password=PASSWORD --database=DATABASE --execute='SELECT `FIELD`, `FIELD` FROM `TABLE` LIMIT 0, 10000 ' -X > file.xml

Pemba answered 19/3, 2014 at 9:2 Comment(1)

Thanks! Is it possible to control the output as CSV? – Counteroffensive 15/5, 2020 at 20:20

Some things to try:

is the secure_file_priv system variable set? If it is, all files must be written to that directory.
ensure that the file does not exist - MySQL will only create new files, not overwrite existing ones.

Pontoon answered 4/6, 2010 at 5:4 Comment(4)

I would also go for secure_file_priv. If the file already exists, the error message is different (not errcode 13). – Episcopalian 4/6, 2010 at 5:18

secure_file_priv is not currently set, so as I understand it that means that I should not be limited as to where I can write files. Am I misunderstanding that and do I need to explicitly set it to something like '/' if I want to be able to write anywhere on the file system? – Encrust 4/6, 2010 at 13:37

Also, I am checking that the file does not exist before running the query. – Encrust 4/6, 2010 at 13:37

Thanks for the feedback. Based on your findings, I don't think either of these suggestions causes your problem. – Pontoon 4/6, 2010 at 13:40

I have same problem and I fixed this issue by following steps:

Operating system : ubuntu 12.04
lamp installed
suppose your directory to save output file is : /var/www/csv/

Execute following command on terminal and edit this file using gedit editor to add your directory to output file.

sudo gedit /etc/apparmor.d/usr.sbin.mysqld

now file would be opened in editor please add your directory there

/var/www/csv/* rw,
likewise I have added in my file, as following given image :

Execute next command to restart services :

sudo /etc/init.d/apparmor restart

For example I execute following query into phpmyadmin query builder to output data in csv file

SELECT colName1, colName2,colName3
INTO OUTFILE '/var/www/csv/OUTFILE.csv'
FIELDS TERMINATED BY ','
FROM tableName;

It successfully done and write all rows with selected columns into OUTPUT.csv file...

Stalinsk answered 16/9, 2015 at 8:0 Comment(0)

In my case, the solution was to make every directory in the directory path readable and accessible by mysql (chmod a+rx). The directory was still specified by its relative path in the command line.

chmod a+rx /tmp
chmod a+rx /tmp/migration
etc.

Soapy answered 10/2, 2012 at 15:26 Comment(0)

I just ran into this same problem. My issue was the directory that I was trying to dump into didn't have write permission for the mysqld process. The initial sql dump would write out but the write of the csv/txt file would fail. Looks like the sql dump runs as the current user and the conversion to csv/txt is run as the user that is running mysqld. So the directory needs write permissions for both users.

Bowerman answered 1/2, 2013 at 17:24 Comment(0)

You need to provide an absolute path, not a relative path.

Provide the full path to the /data directory you are trying to write to.

Fading answered 6/5, 2010 at 19:7 Comment(5)

That looks like an absolute path to me. Is it not? – Bronwen 6/5, 2010 at 19:8

Try this as the mysql user to verify that you can create the file outside of mysql: touch /data/outfile.csv – Fading 6/5, 2010 at 19:51

First I couldn't do it because the mysql user's shell was set to /bin/false, so I couldn't log in as mysql. Just to make sure that wasn't contributing to the problem, I set mysql's shell to /bin/bash, su'd to that user and touched a file in /data. The file was created successfully, owned by mysql. – Encrust 6/5, 2010 at 21:22

You can su to an account even if it's using one of the "disable" shells: su --shell=/bin/sh nameofaccount – Minstrel 6/5, 2010 at 21:25

Thanks, that fixed my problem. Furthermore, every directory in the path must be +rx for mysql. – Soapy 10/2, 2012 at 15:19

Does Ubuntu use SELinux? Check to see if it's enabled and enforcing. /var/log/audit/audit.log may be helpul (if that's where Ubuntu sticks it -- that's the RHEL/Fedora location).

Chilt answered 7/6, 2010 at 2:30 Comment(0)

I had the same problem on a CentOs 6.7 In my case all permissions were set and still the error occured. The problem was that the SE Linux was in the mode "enforcing".

I switched it to "permissive" using the command sudo setenforce 0

Then everything worked out for me.

Waitabit answered 25/11, 2015 at 6:55 Comment(1)

As user root, using Centos 7.3, mysql was still giving me Error code 13 every time too! This answer is the ONLY one that is relevant to Centos users. – Behnken 19/7, 2022 at 15:20

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags