On 6 Apr 2012, at 23:52, Konstantin Khomoutov wrote:
> On Thu, Apr 05, 2012 at 11:19:00PM +0100, Joe Nyland wrote:
>
> [...]
>> mysqldump --all-databases --single-transaction --delete-master-logs \
>> --flush-logs --master-data --opt -u ${DBUSER} -p${DBPASS} \
>>> ${DST}/${HOST}_${DATE}_${TIME}.sql.dmp
> [...]
>
> I don't have an answer to the problem being discussed but nonetheless
> I want to offer one improvement. Having password be passed to a program
> this way is lame since when it appears on the command line it can be
> read by anyone.
>
> Of course this can be a secured box with no regular user accounts but
> still a good security practice is to create a mysql configuration file
> reading something like
>
> [client]
> host = localhost
> user = bacula
> password = secret
> socket = /var/run/mysqld/mysqld.sock
>
> You then place it somewhere Bacula can read it, restrict access to it by
> making it something like root:bacula 0640 (provided the user bacula is a
> member of group bacula) and pass the name of this file to mysqldump
> via its "--defaults-file" command-line argument, like this:
>
> mysqldump --defaults-file=/usr/local/etc/bacula/mysql.cnf ...
>
Konstantin,
Thank you very much for this tidbit of information - I really appreciate it.
I'll be sure to build this into my backup routine, once I sort out by binary
logging issues :-).
Thanks,
Joe
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
