List:General Discussion« Previous MessageNext Message »
From:Nuno Pereira Date:July 20 2005 11:19am
Subject:Re: MySQLDump - Command line password
View as plain text  
Cabbar Duzayak wrote:
...
> I have setup cronjobs to take daily backups of my db using mysqldump.
> But the problem is, mysqldump requires the password to be passed via
> command line, which means anyone on the same machine can take a peek
> at my password using "top", "ps -ef", etc.
> 
> Is there a way of avoiding this, i.e. making it read the password from
> some file, etc? Or, is there any other alternative I can use?

In my backup script, I have something like this

mysqldump --password=`cat /path/to/pass_file` --otherOptionsToMysqldump

where pass_file is a file with only one line with the password for the 
username that you use, without trailing spaces, and 
--otherOptionsToMysqldump are the rest of the arguments that you pass to 
mysqldump, like -u (for username), or the DB that you want to dump. 
Don't forget to use the fullpath to the pass_file in case that it 
doesn't work (or if you want to sleep at night :)).
Don't forget to restrict the read access to that file to the root 
(recommend) or some user (yours?).
I recommend you to test the command in a command line, and see if it 
works, but when it works at command prompt, test if it dumps when it 
runs from the cron file.

Rich:
I won't recommend it, because it is a security hole: any user with 
access to a login in the Machine could access to the DB without 
restrictions, if he founds that the particular username that is in the 
my.cnf he has no restrictions to access the DB.

Rich and Cabbar:
But that also remembered me to set GRANT priviliges of that user only to 
SELECT, and then he can only read the DB (what could be bad), and not 
alter it, but the you would need another user to alter the DB.


-- 
Airconditioners and computers have one thing in common: Once you open 
windows everything fails.

Nuno Pereira
email: nuno.pereira@stripped
Thread
MySQLDump - Command line passwordCabbar Duzayak20 Jul
  • Re: MySQLDump - Command line passwordRich Allen20 Jul
  • Re: MySQLDump - Command line passwordNuno Pereira20 Jul
RE: MySQLDump - Command line passwordanurag.dashputre20 Jul