I have an application that stores its data in an MySQL database. The application is using a specific DB account with full access, the indivdual user rights are maintained on application level. Apart from root there is no other user with access to that database.
In order to install the application on a computer I need an sql script that creates the database, the application user, all tables without data, views, triggers, stored procedures, etc.
mysqldump --no-data --routines --add-drop-database --databases dbname > sqlfile will do almost all these things but I could not find any option to include the creation of the user having access to that database. Any hints?
The reason that mysqldump doesn't dump user information is because that is stored in a different database name mysql rather than in the database for your applicaation.
You cannot add this information manually to the generated sql dump either. You have two options. Create a shell script or create a separate sql file that contains user creation information. In either case your file will include statements like
GRANT ALL ON appdb.* TO 'pb_skat'#'localhost';
http://dev.mysql.com/doc/refman/5.7/en/grant.html
Before introducing the application dump to your database.
First list down the users which all are available with you:
SELECT User, Host, Password FROM mysql.user;
Check if that user has permissions using "show grants" command to perform the operation, else provide the permissions to do so.
GRANT ALL PRIVILEGES ON . TO 'root'#'localhost' WITH GRANT OPTION
Create the database name where you want to introduce the dump.
Related
What's the difference between
mysqldump database > dump.sql
mysqldump -u user -p database > dump_with_user.sql
?
They both exported sql, so what's the interest to specify the user and the password ? Will there be a difference when import ?
My guess is that you are connected as root user and your server is unsecurely configured (that is, with no password given for the root user).
The implicit user used by the mysqldump utility will be the user used by the underlying shell (in my guess, root)
Since no password has been given and you are able to dump the database without providing neither the user nor the password, I conclude the mysql account has no password associated.
User and password arguments to mysqldump are mysql's ones : the user must have priviledges associated to at least view the schema and select the data.
From the reference manual :
mysqldump requires at least the SELECT privilege for dumped tables, SHOW VIEW for dumped views, TRIGGER for dumped triggers, and LOCK TABLES if the --single-transaction option is not used. Certain options might require other privileges as noted in the option descriptions.
So, even in your situation you didn't need to provide neither user nor password, using real-life (!) databases you will have to specify them.
I want to create a FULL BACKUP of my database (MySQL) and I'm using the command:
mysqldump --routines -u dev_user -pblabla MyDB > d:\DB_Backups\%date%.sql
(this is on a Windows machine with a simple .bat script).
All of the sadden, I realized that all the routines stopped from being included in the created file.
Is there a way to create a full backup that can then be used to create a new DB (in production) with the whole contents of the database?
Thanks in advance.
For my windows mysql 5.6.24 install, I would use the -R switch, such as
mysqldump -u root -p -R so_gibberish > c:\nate\out123.sql
Note, the -p prompts for the password, and the db name is so_gibberish.
And the output file would contain the tables, procedures, and functions:
As an aside, please see the Mysql Manual Page on Restrictions on Views. Also, these fine answers on the stack:
The role of the Definer by ivanhoe
Various topics plus updated comments by Rolando
Though the above may not immediately address your issue, I am still looking, and may assist others.
I had the same problem and was missing the privilege SELECT on mysql.proc table for the user I was using with mysqldump.
According to the documentation:
Include stored routines (procedures and functions) for the dumped databases in the output. This option requires the SELECT privilege for the mysql.proc table.
What are the minimum privilege required for a mysql db user to use the mysqldump file and restore.
Cannot use root db user in my case.
Have taken full backup of all schemas in a dump file using mysqldump utility.
Need to know minimum required privileges to be given to a db user(other than root db user) so that it can be used to do restore from mysqldump file.
It is not possible to restore a complete, unmodified dump file to a MySQL Server without the SUPER privilege.
The "root" user is not a magical user. It just happens to be a user that is created by default and has GRANT ALL PRIVILEGES ON *.* ... WITH GRANT OPTION. Another user can be given the same privileges.
Restoring a database essentially means obliterating everything on a server and replacing it with something else, including all the user accounts so SUPER is required.
More limited privileges can be used if certain modifications to the dump file are made, such as removing all DEFINER statements, and modifying the way the mysql schema is handled, but those modifications are an advanced topic with system-specific considerations.
I've started with SUPER, INSERT, & ALTER and tried repeatedly adding new ones until the restore finished successfully.
This is what I've ended up with:
SUPER
ALTER
INSERT
CREATE
DROP
LOCK TABLES
REFERENCES
SELECT
If you have routines and triggers then you'll need these two additionally:
CREATE ROUTINE
TRIGGER
Hope this helps.
From the Mysql official site:
mysqldump requires at least the SELECT privilege for dumped tables,
SHOW VIEW for dumped views, TRIGGER for dumped triggers, and LOCK
TABLES if the --single-transaction option is not used. Certain options
might require other privileges as noted in the option descriptions.
--single-transaction
This option sets the transaction isolation mode to REPEATABLE READ and
sends a START TRANSACTION SQL statement to the server before dumping
data. It is useful only with transactional tables such as InnoDB,
because then it dumps the consistent state of the database at the time
when START TRANSACTION was issued without blocking any applications.
In conclusion, privileges are:
select (required)
lock tables (required)
show views and trigger (optional)
I need to do encryption / decryption via sql (mysql) in rails. The reason i need this is because i need to do this with thinking sphinx, which talks to my database in sql. What kind of tools do i need, and how do i use them (like what documentation is there, especially for use with rails, if it is not as simple as a gem) for what is out there.
Thanks for any help i get. (im on rails 3 if it helps)
as others have already asked, i am not sure what you are trying to achieve.
I used encryption(loosely used) if someone who you suspect might be accessing info or databases they are not supposed to view. If it helps, you could grant privileges to users to access specific databases within mysql.
Normally if your mysql is a new install you can login to it by doing this:
mysql -u root -p
and then press enter without typing a password then it logs you into mysql
mysql>
Lets assume we have a database called "chicken_farm_development" and we want to grant access to the user "farmer_brown"
Then we could grant privileges to "famer_brown" to only access "chicken_farm_development" database and nothing else in mysql(so farmer_brown cannot access "joes_pizza_development" database). We do this in mysql:
mysql> GRANT ALL PRIVILEGES ON chicken_farm_development.*
-> TO 'farmer_brown'#'localhost'
-> IDENTIFIED BY 'mysecretpassword';
To check that this works:
mysql> SHOW GRANTS FOR 'farmer_brown'#'localhost';
and it should display the grants for farmer_brown.
So how can you use this?
Not really sure how thinking sphinx is setup, but you could grant access for thinking sphinx to use a specific database, without affecting any other databases you might have, and can be extrapolated to production environments.
to login to mysql as farmer_brown, you would do this:
$ mysql -u farmer_brown -p chicken_farm_development
Enter password:
and whooohooo!, farmer brown now only has access to chicken_cms_developement database. In summary you can grant access to specific databases. Hope this helps a little as it was a bit unclear as to what you were asking.
My requirement is to create a user for remote login but without a password. At my remote space I use a bash script to do inserts, which is something like:
for i in {1..5000}; do
mysql -h 11.40.3.169 -uUser -pPass -DDatabaseName <<<
"insert into DatabaseTableName values('$i','dummy_$i');" &
echo -n "$i "
sleep 1
date
done
The problem is that each insert is taking almost 4 seconds, and I can not pinpoint the problem to anything but authentication at every insert. So, if I could create a user in MySQL with minimal authentication involved...Something like:
# I'm trying to remove this password
GRANT ALL PRIVILEGES TO 'user'#'%' IDENTIFIED BY 'password';
...Anything you can suggest.
Just remove the IDENTIFIED BY part:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%'
Note that remote login from anywhere without a password is a very insecure thing. You better limit the allowed IP range for this user:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'allowed_remote_machine'
You can do this by creating a user with a password and then placing a .my.cnf file in the home directory of the account which runs the bash script containing the following:
[mysql]
user=user
password=pass
[mysqladmin]
user=user
password=pass
This might be better than creating a user with no password.
I think your problem lies in the fact that you are starting the mysql client for each insert. You should be doing your inserts from a php, java, etc program - not from a shell script.
The startup time of the client (and connection to the host) is killing you. I routinely do 1000s of inserts per minute from a php or java program to a MySQL database with millions of records on a small (CPU/memory) machine.
It's not so good idea to have a user without password and all privileges. I suggest you to create a user without password but just with some privileges (insert to specific table or specific database).
First off, using a client cnf file on the remote machine running the script wont speed this up. MySQL client is still sending logon information and logging in for each insert, it's just reading.a file for uid/pw instead of using cmd line arguments. AFAIK The network and authentication overhead are identical. Even the network packet contents will be the same.
You should still use a cnf file..
The way to.improve performance is to do multi-line linserts:
MySQL --defaults-file=/some/uid/pw/etc/.client.cnf -e \
"Insert into
tbl_name
('fld1','fld2')
values
('r1-fld1','r1-fld2'),
('r2-fld2','r2-fld2'),
...and so on (up to max_allowed_packet_size)
('r500-fld2','r500-fld2');"
Or READ DATA INFILE on server side after shipping over the data file