I don't like to use the root user for backup, it's not good security practise. There is the roadmin user, with missing privileges for xtrabackup.
errors with roadmin:
xtrabackup: Error: missing required privilege SHOW DATABASES on *.*
xtrabackup: Error: missing required privilege CREATE on *.*
xtrabackup: Error: missing required privilege RELOAD on *.*
xtrabackup: Error: missing required privilege LOCK TABLES on *.*
I recommend to create a bkpuser with those minimal privileges needed for backup (and expose it in manifest):
CREATE USER 'bkpuser'@'localhost' IDENTIFIED BY 'uuw9shai1cheingae3oru6eejeegheiRocee8xoo7ahS';
GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT, SHOW DATABASES, SELECT, PROCESS, CREATE ON *.* TO 'bkpuser'@'localhost';
FLUSH PRIVILEGES;
What do you think? Do you wish a PR for that or do you wish to implement it yourself?
We use those xtrabackup arguments (later integrate into Shield):
Hi
I don't like to use the
root
user for backup, it's not good security practise. There is theroadmin
user, with missing privileges forxtrabackup
.errors with
roadmin
:I recommend to create a
bkpuser
with those minimal privileges needed for backup (and expose it in manifest):What do you think? Do you wish a PR for that or do you wish to implement it yourself?
We use those
xtrabackup
arguments (later integrate into Shield):thanks and best regards GETandSELECT