LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-10-2012, 10:32 AM   #1
ggalan
Member
 
Registered: Oct 2010
Posts: 57

Rep: Reputation: 0
bash mysql back up credentials


i have a bash script that backs up mysql db, on schedule using cron
how can i move the user/pass credentials out of the script and place it outside file called cred.cnf?
Code:
#!/bin/bash

export DB_BACKUP="/path/to/myfolder"
# look for file: /path/to/cred.cnf
#export DB_USER=user
#export DB_PASSWD=pass

rm -rf $DB_BACKUP/04
mv $DB_BACKUP/03 $DB_BACKUP/04
mv $DB_BACKUP/02 $DB_BACKUP/03
mv $DB_BACKUP/01 $DB_BACKUP/02
mkdir $DB_BACKUP/01 

mysqldump --user=$DB_USER --password=$DB_PASSWD --all-databases | bzip2 > $DB_BACKUP/01/mysql-`date +%Y-%m-%d`.bz2
exit 0
cred.cnf:
Code:
user=username
pass=password
 
Old 01-10-2012, 10:52 AM   #2
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 242Reputation: 242Reputation: 242
just add :
Code:
. /path/to/cred.cnf
... at top of script, under export... line
(note: there is a space after dot)

then modify also:
Code:
mysqldump --user=$DB_USER --password=$DB_PASSWD ...
to:
Code:
mysqldump --user=$user --password=$pass ...
(so user and pass variable are defined in cred.cnf)

(edit)
Or uncomment
Code:
#export DB_USER=user
#export DB_PASSWD=pass
(but I don't see the advantage of using more variables)

Last edited by Cedrik; 01-10-2012 at 10:54 AM.
 
1 members found this post helpful.
Old 01-10-2012, 11:10 AM   #3
ggalan
Member
 
Registered: Oct 2010
Posts: 57

Original Poster
Rep: Reputation: 0
thank you for this

taking the credentials out of bash isnt more secure?
 
Old 01-10-2012, 04:16 PM   #4
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 242Reputation: 242Reputation: 242
Consider the security chain, you script is executed like :

cron reads --> bash script file, bash script reads --> cred.cnf file

It is good to not have password directly in crontab line, because if it was here, the password could be see through system monitoring, log etc

But consider bash script file and cred.cnf file:

- if bash script has permissions set to 0700 (-rwx------), read write and exec for owner only
-> putting password in another file will add nothing, security wise

-now if bash script has permissions set to 0755 (-rwxr-xr-x)
-> put password in cred.cnf file with more restrictive permission 0600 (-rw-------) will add the ability to be readable by owner only.

Last edited by Cedrik; 01-10-2012 at 04:19 PM.
 
1 members found this post helpful.
Old 01-10-2012, 05:38 PM   #5
ggalan
Member
 
Registered: Oct 2010
Posts: 57

Original Poster
Rep: Reputation: 0
Quote:
-now if bash script has permissions set to 0755 (-rwxr-xr-x)
i gave it permission of 751 to tighten it up just a little more

Last edited by ggalan; 01-12-2012 at 04:46 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how to run 2 bash command back-to-back in bourneShell nass Slackware 7 10-10-2011 06:23 PM
How do I copy user credentials from a MySQL table into SSH users Zoner Linux - Newbie 3 03-13-2011 09:25 PM
Can MySQL log on via SSH/bash? mysql:x:27:101:MySQL Server:/var/lib/mysql:/bin/bash Ujjain Linux - Newbie 2 04-24-2009 03:21 PM
LXer: How To Back Up MySQL Databases Without Interrupting MySQL LXer Syndicated Linux News 0 05-14-2007 10:16 AM
mysql - back to square one bshearer *BSD 3 05-29-2005 11:32 AM


All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration