Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two problems with this.
1. It doesn't work. That's the biggest problem. I have even put in the full path to mysqldump, but that does not work, either.
2. I don't like passwords viewable in plain text format. So even if the dump above would work, ideas as to how to make it more secure would be appreciated.
1) I'm not sure why the cron job isn't working. Are you sure cron is running? Is there anything in the logs that might shed some light?
2)Why don't your create a new mysql user specifically for this task. You could create one that doesn't have a password and then give it EXTREMELY limited privileges. Or keep the password for that user, but still severely restrict privileges. You're shooting to have ONLY those privileges needed to run mysqldump. That way if someone does get their hands on that username (and password if you choose), they wouldn't be able to do anything.
I wrote a simple script for backing up a mysql database every day through cron and it works well, I still use it (although a little altered). You can find it in this post. I hope that helps a bit.
Hangdog42, I thought of the special user idea, but is there a way of giving a user mysqldump access, and nothing else??
I am sure cron is working, as I run cron functions an average of every 3-5 minutes for one task or another. It's simply the database backups that are being a pain.
I don't think there is a way to give access to just mysqldump since it is a program that uses database functions, it isn't a database function itself. From what I can tell (and believe me I'm no expert), you probably need SELECT and FILE and maybe SHOW DATABASES and LOCK TABLES. You might try with just a minimal set like these (or heck, even see if it works with just USAGE) and add privileges until it works.
Oddly, if you do a little searching on mysqldump, it looks as if most people run it from their admin account. That suggests either they aren't using a cron job to do their backup or they haven't thought through the security implications.
<edit>
You might also limit these privileges to username@localhost. If you restrict the mysqldump user to localhost then if someone DOES learn the username, they would also have to have an account on the specific box to make use of it.
</edit>
I'll check out the privileges stuff. Also, I already have my box locked down as far as hosts are concerned (localhost only), so I'm not too worried about that. I'll probably do exactly that, though - just keep adding on one logical privilege at a time until it works.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
