I cannot get mysqldump to work with cron. The following command works at command line, but not through cron:

mysqldump -uusername -ppassword --opt my_db | bzip2 > /tmp/my_db.sql.bz2

I have two problems with this.
1. It doesn't work. That's the biggest problem. I have even put in the full path to mysqldump, but that does not work, either.

2. I don't like passwords viewable in plain text format. So even if the dump above would work, ideas as to how to make it more secure would be appreciated.

Thanks!

Anybody have any ideas?

1) I'm not sure why the cron job isn't working. Are you sure cron is running? Is there anything in the logs that might shed some light?

2)Why don't your create a new mysql user specifically for this task. You could create one that doesn't have a password and then give it EXTREMELY limited privileges. Or keep the password for that user, but still severely restrict privileges. You're shooting to have ONLY those privileges needed to run mysqldump. That way if someone does get their hands on that username (and password if you choose), they wouldn't be able to do anything.

I wrote a simple script for backing up a mysql database every day through cron and it works well, I still use it (although a little altered). You can find it in this post. I hope that helps a bit.


Håkan

hw-tph, I will try something like that.

Hangdog42, I thought of the special user idea, but is there a way of giving a user mysqldump access, and nothing else??

I am sure cron is working, as I run cron functions an average of every 3-5 minutes for one task or another. It's simply the database backups that are being a pain.

I don't think there is a way to give access to just mysqldump since it is a program that uses database functions, it isn't a database function itself. From what I can tell (and believe me I'm no expert), you probably need SELECT and FILE and maybe SHOW DATABASES and LOCK TABLES. You might try with just a minimal set like these (or heck, even see if it works with just USAGE) and add privileges until it works.

Oddly, if you do a little searching on mysqldump, it looks as if most people run it from their admin account. That suggests either they aren't using a cron job to do their backup or they haven't thought through the security implications.

<edit>
You might also limit these privileges to username@localhost. If you restrict the mysqldump user to localhost then if someone DOES learn the username, they would also have to have an account on the specific box to make use of it.
</edit>

I'll check out the privileges stuff. Also, I already have my box locked down as far as hosts are concerned (localhost only), so I'm not too worried about that. I'll probably do exactly that, though - just keep adding on one logical privilege at a time until it works.