Skip to content
This repository has been archived by the owner on Sep 21, 2022. It is now read-only.

extend privleges of roadmin user for mysqldump (still read-only) #5

Closed
wants to merge 1 commit into from
Closed

extend privleges of roadmin user for mysqldump (still read-only) #5

wants to merge 1 commit into from

Conversation

GETandSELECT
Copy link

Hi

We wish to use roadmin user with shield backup plugin mysql (mysqldump)

testing:

MariaDB [(none)]> GRANT SELECT, PROCESS, SHOW VIEW, TRIGGER, LOCK TABLES, RELOAD, FILE ON *.* TO 'roadmin'@'%';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> show grants for roadmin;
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for roadmin@%                                                                                                                                            |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, RELOAD, PROCESS, FILE, LOCK TABLES, SHOW VIEW, TRIGGER ON *.* TO 'roadmin'@'%' IDENTIFIED BY PASSWORD '*$PASSWORD' |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> select VERSION();
+-----------------+
| VERSION()       |
+-----------------+
| 10.1.20-MariaDB |
+-----------------+
1 row in set (0.00 sec)

@cf-gitbot
Copy link
Collaborator

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/145106873

The labels on this github issue will be updated when the story is started.

@cfdreddbot
Copy link

Hey GETandSELECT!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

@menicosia
Copy link
Contributor

Hi @GETandSELECT,

Oh nuts, I totally lost track of this PR. I am sorry! Is this something you're still interested in pursuing? The work we did for #184 now causes this PR to not merge cleanly.

Were you able to work around this issue? Can you help me understand which privs, specifically, are necessary for shield to work? We have lots of people who are using mysqldump today, what is it that shield is looking for that requires these privs? I'm especially sensitive to FILE and RELOAD.

Also, does it make sense to do backups via the roadmin? How do restores work in this case?

--
Marco Nicosia
Product Manager
Pivotal Software, Inc.

@GETandSELECT
Copy link
Author

Hi @menicosia

For security reason we tried to use a read only user for backup. We discarded this thing.
Shield (backup) anyway can't automatically restore cf-mysql (Galera). It needs to be done manually.

@GETandSELECT GETandSELECT deleted the roadmin-privileges branch January 9, 2018 14:59
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@GETandSELECT @cf-gitbot @cfdreddbot @menicosia @Abcd4321