MySQL 之 mysqldump 备份权限
1.创建一个用于备份数据库的用户
mysql> create user 'backup'@'localhost' identified by '123'; |
2.添加权限
2.1 添加 SELECT 权限
根据报错,backup用户缺少select权限
[root@private_server ~]# mysqldump -ubackup -p123 -B wordpress > wordpress.sql |
给backup用户添加select权限
mysql> GRANT SELECT ON *.* TO 'backup'@'localhost'; |
2.2 添加 LOCK TABLES 权限
根据报错,backup用户缺少lock tables权限
[root@private_server ~]# mysqldump -ubackup -p123 -B wordpress > wordpress.sql |
给backup用户添加lock tables权限
mysql> GRANT lock tables ON *.* TO 'backup'@'localhost'; |
注意:
如果备份时加入
--single-transaction
选项,则可不需要LOCK TABLES权限。
2.3 添加 SHOW VIEW 权限
当数据库中存在view(视图)的时候,使用mysqldump备份数据库,需要有SHOW VIEW权限
- 给test2库添加一个view
mysql> CREATE VIEW view_1 AS SELECT 1 AS Number; |
- 使用mysqldump备份,会提示缺少SHOW VIEW权限
[root@private_server ~]# mysqldump -ubackup -p123 -B test2 > test2.sql |
- 给用户backup添加SHOW VIEW权限
mysql> GRANT SHOW VIEW ON *.* TO 'backup'@'localhost' |
2.4 添加 RELOAD 权限
加入–master-data选项后,备份需要RELOAD权限
[root@private_server ~]# mysqldump -ubackup -p123 --master-data=2 -B wordpress > wordpress.sql |
给backup用户添加RELOAD权限
mysql> GRANT reload ON *.* TO 'backup'@'localhost'; |
2.5 添加 REPLICATION CLIENT 权限
根据备份的报错提示,需要REPLICATION CLIENT权限
[root@private_server ~]# mysqldump -ubackup -p123 --master-data=2 -B wordpress > wordpress.sql |
给backup用户添加REPLICATION CLIENT权限
mysql> GRANT REPLICATION CLIENT ON *.* TO 'backup'@'localhost'; |
2.6 添加 EVEN 权限
备份是若要备份事件,即使用–events选项,则需要EVENT权限
[root@private_server ~]# mysqldump -ubackup -p123 --single-transaction --master-data=2 --events -B wordpress > wordpress.sql |
给backup用户添加EVENT权限
mysql> GRANT EVENT ON *.* TO 'backup'@'localhost'; |
2.7 添加 TRIGGER 权限
mysql> GRANT TRIGGER ON *.* TO 'backup'@'localhost'; |
3.查看backup用户的所有权限
MariaDB [test2]> SHOW GRANTS FOR 'backup'@'localhost'\G |
总结:一个mysql的备份用户需要以下权限:SELECT, RELOAD, LOCK TABLES, REPLICATION CLIENT, SHOW VIEW, EVENT, TRIGGER。
最终授权命令可以综合成一条:
GRANT SELECT, RELOAD, LOCK TABLES, REPLICATION CLIENT, SHOW VIEW, EVENT, TRIGGER ON *.* TO 'backup'@'localhost' IDENTIFIED BY '123'; |
All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
Comment