Backups without MySQL user passwords
I have been tasked with keeping a MySQL database backed up on a regular schedule. The DB and MySQL server reside on a CentOS Linux server that I myself setup and maintain. I believe the constraints that have been given me are unrealistic, and perhaps a little silly, so I'd like to verify that this is indeed the case.
Since I setup and now maintain the Linux server, I have the root password for the machine. When I setup the MySQL server, I also had the password for the MySQL root user (different from the Linux root user's password). The client runs some propietary software from a third party vendor (I'll refer to them as "the vendor"). The vendor is very protective of their software, and I believe falsely, believes that by keeping the MySQL root password secret, nobody can examine their schema. The vendor has non-root access to the machine, but immediately changed the MySQL root password before creating the database on the machine in order to store data from their proprietary application. I presume, but don't know for sure, that the application somehow has the password for the MySQL root and/or specific database user embedded in the program code (Visual FoxPro). The problem is that the vendor absolutely refuses to share any of the database passwords. So at the moment, only the vendor and their application can access the database. At the same time, they don't provide any means to backup the database.
If I had the relevant MySQL passwords, I would use mysqldump to make backups of the database, but I don't. And the mysqldump program seems to not give any special rights to the Linux root user, so I really can't use it with the relevant database passwords. As a stop-gap measure, I simply stop the database server at night and make a tar of the /var/lib/mysql directory before restarting the database server. I think this is undoubtedly the wrong approach.
I could stop the database server, start it in single user mode without networking etc., and change the root password, but I am pretty sure that would keep the vendor's software from working. Or, instead of changing the password, just do the dump while in single user mode, before restarting the server in multiuser mode.
In any event, since I have root access to the Linux server, it seems I *could* obtain a full dump of the client software's database schema, making their arguments about keeping the password to themselves indeed false. In fact, I've done so in the past, but this seems to be an unnecessary constraint to only be able to backup while in single user mode.
I'd appreciate any guidance to this MySQL newbie.