|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: secure automated access (was "Re: Backing up all databases")
From: Randall Perry (rgp
systame.com)
Date: Sun Nov 16 2003 - 10:55:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Mysterious. I assume `mysql -p` prompts you for root's password and
> works as expected, since without -p it says you're not using a password,
> rather than saying there's something wrong with the password.
>
Yes, that works.
> When you tried the defaults-file option, did you use the full path?
> That is,
>
> mysql --defaults-file=/private/var/root/.my.cnf
>
Yes.
> My best guess at this point is that mysql is not finding .my.cnf.
> Perhaps there's a problem with root's $HOME environment variable? For
> example, I'm using Mac OS X 10.2.8. Root's $HOME says /var/root, but as
> /var is a symlink to /private/var, the real home directory is
> /private/var/root. That's fine, as long as the symlink is there.
> Without the symlink, I'd get the same thing as you from mysql (and a lot
> of other stuff wouldn't work).
>
cat $HOME/.my.cnf
[client]
password="rootpassword"
/usr/local/mysql/bin/mysql --defaults-file=$HOME/.my.cnf
ERROR 1045: Access denied for user: 'rootlocalhost' (Using password: YES)
> If this is not the case, using `cat $HOME/.my.cnf` should give the same
> result you got using the full path.
Yes
> You could also simply `echo $HOME`
> to see if it's set correctly.
echo $HOME
/var/root
>
> The only other thing I can imagine is that mysql is somehow set to
> ignore the defaults files. Did you build from source or install one of
> the packages? Which version mysql? Which OS?
Mac OS 10.2.3. Maybe Panther has an issue with the build?
/usr/local/mysql/bin/mysql -V
/usr/local/mysql/bin/mysql Ver 12.21 Distrib 4.0.14, for apple-darwin6.4
(powerpc)
>
> Randall Perry wrote:
>
>> on 11/13/03 3:57 PM, Michael Stassen at Michael.Stassenverizon.net wrote:
>>
>>
>>> The client (mysql) reads the .my.cnf file when you start it, so
>>> restarting mysqld and relogging in as root are not necessary.
>>>
>>> Let's see if I have this straight: While logged in as root, you created
>>> .my.cnf in root's home directory. This file contains the password for
>>> the mysql user "root". Yes? Did you make sure the file was readable
>>> only by root (`chmod 600 .my.cnf` would do the trick)?
>>>
>>
>> Permissions are correct. Here's a cat of the file with password changed:
>>
>> # cat /private/var/root/.my.cnf
>> [client]
>> password="rootpassword"
>>
>>
>>> Since I'm not sure exactly what happened, I don't know why this didn't
>>> work for you. When you say nothing works, do you mean you cannot
>>> connect via mysql interactively, or your cron job doesn't work? What
>>> error did you get?
>>>
>>> If you haven't already, try running mysql. Do you get in, or do you get
>>> "ERROR 1045: Access denied for user: 'rootlocalhost' (Using password:
>>> NO)", or do you get something else?
>>>
>>
>> Yes, that's the error.
>>
>>
>>> If you don't get in, try
>>>
>>> mysql --defaults-file=/path/to/.my.cnf
>>>
>>
>> That also doesn't work.
>>
>>
>>> If that works, then .my.cnf isn't in the right place.
>>>
>>> If mysql works interactively, but not via cron, then the problem to be
>>> fixed lies with cron. What error do you get from cron?
>>>
>>
>> Doesn't work at all.
>>
>>
>>> Michael
>>>
>>> Randall Perry wrote:
>>>
>>>> I created the .my.cnf file in root's home dir, added the directives below
>>>> setting the correct password. Restarted mysqld, re-logged in as root, but
>>>> nothing works. It's not getting the password.
>>>>
>>>>
>>>>
>>>>
>>>>> The simplest solution is to keep the password in the .my.cnf file in
>>>>> your home directory. See http://www.mysql.com/doc/en/Option_files.html
>>>>> in the manual.
>>>>>
>>>>> In the case of root cron jobs then, you need a .my.cnf readable only by
>>>>> root in root's home. It should include
>>>>>
>>>>> [client]
>>>>> password="mysql_root_password"
>>>>>
>>>>> As mysql reads the .my.cnf file, this avoids the ps "sniffing" problem,
>>>>> and also keeps the password out of the script. Because you make the
>>>>> .my.cnf file readable only by root, other users can't see it. (If they
>>>>> can see it, you've got bigger problems than just the mysql password).
>>>>>
>>>>> Michael
>>>>
>>>>
>>>>
>>
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]