Re: Running backup in cron without clear text pw
Posted by:
Rick James
Date: December 23, 2012 10:21AM
Partial (complete?) answer...
* Create a new unix user, 'dumper'. Run the cron job as a 'dumper'; it would be 0600, so no one but root (and dumper) can see the script.
* Create a mysql user, 'mydumper' with only(?) SELECT ON *.*. It is used only for backing up. (This limits damage -- a security breach necessitating changing the user/pwd does not impact applications.)
Two choices for hiding mydumper's pwd:
* The mydumper password could be in the optional extension to /etc/my.cnf: ~dumper/.my.cnf (chmod 0600 and owned by dumper). Then ps won't show it. (However, this may not be an issue; it seems that newer versions mask the -p option.)
* mysqldump -u mydumper -p`cat ~/dumper/my.pwd` and put the pwd (by itself) in that file (0600 & dumper). (Anyone with root perm can manually do: mysqldump -u mydumper -p`sudo cat ~/dumper/my.pwd` .)
Subject
Views
Written By
Posted
3417
December 11, 2012 04:53PM
Re: Running backup in cron without clear text pw
1809
December 23, 2012 10:21AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.