Minimal Privileges for MySQL Database Backup Cron Job

What
A quick note as I had difficulty finding a clear answer on this. I need a cron job setup where the permissions for a database user is required to do a backup (reading and copying data from a LIVE database) to a copy of the database (inaccessible via other users).

How?
I want to list 2 methods here. One to create a .sql file of the backup but another to copy the contents to a copy of the database accessible only by root and and this database "backuper" user. For both methods, I grant the following to the user doing the backup on the database I want a backup of:
copyraw
GRANT SELECT, LOCK TABLES, EVENT, INDEX, REFERENCES, TRIGGER, SHOW VIEW ON 'my_live_db'.* TO 'mybackupuser'@'localhost' IDENTIFIED BY 'mybackupuser';
  1.  GRANT SELECT, LOCK TABLES, EVENT, INDEX, REFERENCES, TRIGGER, SHOW VIEW ON 'my_live_db'.* TO 'mybackupuser'@'localhost' IDENTIFIED BY 'mybackupuser'
Or via cPanel the following screenshot when adding a user to a database:
Screenshot of cPanel Minimal Privileges for Database Backup User

Method #1:
The following command on a cron job:
copyraw
// not recommended:
/usr/bin/mysqldump -u dbusername -p'dbpassword' dbname > /path_to/backup.sql

// recommended: using credentials stored in external file:
mysqldump --defaults-file=/path-to-file/.my.cnf my_db > /path_to/backup.sql

// and in your cnf file:
[mysqldump]
user=my_user
password=my_password
  1.  // not recommended: 
  2.  /usr/bin/mysqldump -u dbusername -p'dbpassword' dbname > /path_to/backup.sql 
  3.   
  4.  // recommended: using credentials stored in external file: 
  5.  mysqldump --defaults-file=/path-to-file/.my.cnf my_db > /path_to/backup.sql 
  6.   
  7.  // and in your cnf file: 
  8.  [mysqldump] 
  9.  user=my_user 
  10.  password=my_password 
The one to rule them all:
copyraw
GRANT SELECT, LOCK TABLES, RELOAD, PROCESS, TRIGGER, SUPER, REPLICATION CLIENT, SHOW VIEW ON *.* TO 'mybackupuser'@'localhost' IDENTIFIED BY 'mybackupuser';
  1.  GRANT SELECT, LOCK TABLES, RELOAD, PROCESS, TRIGGER, SUPER, REPLICATION CLIENT, SHOW VIEW ON *.* TO 'mybackupuser'@'localhost' IDENTIFIED BY 'mybackupuser'


Additional
Others around the web have suggested the following but I don't have these options to grant and would have to grant them via a terminal/command line to MySQL.
GRANT SELECT, LOCK TABLES, RELOAD, PROCESS, TRIGGER, SUPER, REPLICATION CLIENT, SHOW VIEW ON *.* TO 'mybackupuser'@'localhost' IDENTIFIED BY 'mybackupuser';

Suggestions?
I'm all up for any suggestions people might have on how this can be improved but it's the one I'm going on for the moment which works fine.
Category: cPanel :: Article: 672

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: The information on this website is provided without warranty and any content is merely the opinion of the author. Please try to test in development environments prior to adapting them to your production environments. The articles are written in good faith and, at the time of print, are working examples used in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin - Valid till 8 May 2022 3QnhmaBX7LQSRsC9hh6Je9rGQKEGNQNfPb
© 2021 Joel Lipman .com. All Rights Reserved.