Cabbar Duzayak wrote:
> I have setup cronjobs to take daily backups of my db using mysqldump.
> But the problem is, mysqldump requires the password to be passed via
> command line, which means anyone on the same machine can take a peek
> at my password using "top", "ps -ef", etc.
> Is there a way of avoiding this, i.e. making it read the password from
> some file, etc? Or, is there any other alternative I can use?
In my backup script, I have something like this
mysqldump --password=`cat /path/to/pass_file` --otherOptionsToMysqldump
where pass_file is a file with only one line with the password for the
username that you use, without trailing spaces, and
--otherOptionsToMysqldump are the rest of the arguments that you pass to
mysqldump, like -u (for username), or the DB that you want to dump.
Don't forget to use the fullpath to the pass_file in case that it
doesn't work (or if you want to sleep at night :)).
Don't forget to restrict the read access to that file to the root
(recommend) or some user (yours?).
I recommend you to test the command in a command line, and see if it
works, but when it works at command prompt, test if it dumps when it
runs from the cron file.
I won't recommend it, because it is a security hole: any user with
access to a login in the Machine could access to the DB without
restrictions, if he founds that the particular username that is in the
my.cnf he has no restrictions to access the DB.
Rich and Cabbar:
But that also remembered me to set GRANT priviliges of that user only to
SELECT, and then he can only read the DB (what could be bad), and not
alter it, but the you would need another user to alter the DB.
Airconditioners and computers have one thing in common: Once you open
windows everything fails.