dannyman.toldme.com : MySQL: Backup User Privileges

August 22, 2006
Technical

MySQL: Backup User Privileges

Q: What privileges must I grant to a MySQL user to allow them to run mysqldump?

A: LOCK TABLES, SELECT seems to do the trick.

Example: GRANT LOCK TABLES, SELECT ON mydatabase.* TO 'backup'@'backuphost' IDENTIFIED BY 'somecoolpassword';

Principle of least-privilege: don’t entrust your backup host with the power to hurt the database if you don’t have to. SELECT allows the user to read data, and LOCK TABLES allows the user to lock the tables while running a “snapshot” . . . and of course, narrow the privileges to a specific user-host-password tuple.

Next: Public Toilets
Previous: Ode to the Nice Girls
Categories: Technical
Possibly-Related Posts

Responses

October 4th, 2007

MySQL: Backup User Privileges at they made me do it

[…] dannyman.toldme.com : MySQL: Backup User Privileges […]

February 22nd, 2009

Bilgehan

What do we need in order to backup stored procedures also?

August 26th, 2010

Who, Me?

You need
“GRANT LOCK TABLES, SELECT, SHOW VIEW” if you have views defined.

Comment

Name	E-Mail	Web Site

Tiny Print:

For private messages, e-mail me: dannyman@toldme.com.
You must provide an e-mail address.
You can use a bogus e-mail address, but I like to know who you are.
I will not spam you. I will not publish or share your e-mail address.
First-time commenters will be held for review.
You can use these HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

dannyman.toldme.com