MySQL Forums
Forum List  »  Backup

Re: Running backup in cron without clear text pw
Posted by: Rick James
Date: December 23, 2012 10:21AM

Partial (complete?) answer...

* Create a new unix user, 'dumper'. Run the cron job as a 'dumper'; it would be 0600, so no one but root (and dumper) can see the script.

* Create a mysql user, 'mydumper' with only(?) SELECT ON *.*. It is used only for backing up. (This limits damage -- a security breach necessitating changing the user/pwd does not impact applications.)

Two choices for hiding mydumper's pwd:

* The mydumper password could be in the optional extension to /etc/my.cnf: ~dumper/.my.cnf (chmod 0600 and owned by dumper). Then ps won't show it. (However, this may not be an issue; it seems that newer versions mask the -p option.)

* mysqldump -u mydumper -p`cat ~/dumper/my.pwd` and put the pwd (by itself) in that file (0600 & dumper). (Anyone with root perm can manually do: mysqldump -u mydumper -p`sudo cat ~/dumper/my.pwd` .)

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Running backup in cron without clear text pw
1726
December 23, 2012 10:21AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.