tags:

views:

1607

answers:

4
+4  Q: 

Secure MySQL backup cron job – my.cnf is not being read

I have tried to make backup cron job on my webserver running FreeBSD. Currently it looks something like this:

/usr/local/bin/mysqldump --opt --single-transaction --comments --dump-date --no-autocommit --all-databases --result-file=/var/backups/mysql/all.sql

It works fine when I run it as root (since root has a .my.cnf with the username and password used to connect, but when the job is run by cron, the my.cnf file is not read.

Is there any way around that without having to put username and password into the command itself (since that's kinda insecure)?

Strangely, I have the same setup with PostgreSQL and a .pgpass file, and that works like a charm.

+1  A: 

Thats weird actually cron should read the .my.cnf. How do you run the cronjob in /etc/crontab or crontab -e? You could try using AutoMySQLBackup which is a small shell script using mysqldump.

Node  2009-03-02 11:56:03
Well, actually it is not run directly from cron, but by FreeBSDs `periodic` system. It's actually a script file in /usr/local/etc/periodic/dailyThe periodic cron jobs are run through `/etc/cron` like this:> `1 3 * * * root periodic daily`
mikl  2009-03-02 12:00:43
Oh, Markdown is not enabled in the comments. Hope its legible anyways :)
mikl  2009-03-02 12:01:23
+5  A: 

Use the --defaults-extra-file option to tell it where to find the .my.cnf file (assuming it's readable by whichever user is running mysqldump.

Alnitak  2009-03-02 11:57:49
*sigh* to easy ;) *upvote*
Node  2009-03-02 12:09:26
Ah, yes. How did I miss that. I'll just stick that in to my nightly job. Look forward to getting the message that it when I'm sleeping :)
mikl  2009-03-02 12:14:52
actually, it wasn't that easy to find in the MySQL online docs. None of the individual programs mention that option in their manpages.
Alnitak  2009-03-02 12:38:53
Well, thanks anyways – now my nightly backup works :)
mikl  2009-03-04 16:05:23
A: 

On FreeBSD you can add the following:

security.bsd.see_other_uids=0

To /etc/sysctl.conf and reboot, or use

sysctl security.bsd.see_other_uids=0

To set the sysctl value.

Now users other than root are only able to view their own processes. So putting the password in the command line is less risky.

Also, how are running crontab? Did you add it to the root users crontab by using crontab -e -u root, or did you add it to /etc/crontab?

Verify that the right permissions are set on the .my.cnf as well as what environment variables are set by crontab as that may cause it to look in a different location than your home directory (which for root on FreeBSD is /root).

X-Istence  2009-03-02 11:59:06
+1  A: 

I just ran into this as well.

It appears that MySQL is hardcoded to look for '~/.my.cnf', instead of something like '$HOME/.my.cnf'.

On FreeBSD, cronjobs called from /etc/crontab will ignore the tilde '~' character, and therefore will ignore a value like ~/.my.cnf

In fact, the following doesn't work for me at all:

mysql --defaults-extra-file=~/.my.cnf

However, using a $HOME variable does work:

HOME=/home/admin mysql --defaults-extra-file=$HOME/.my.cnf

As an alternative, my cronjob will work if I move it from /etc/crontab to /var/cron/tabs/root (Using 'crontab -e' as root).

Stefan Lasiewski  2009-05-20 22:20:43

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL