1

Would like to implement a daily cron task that repairs & optimizes all databases on our MySQL server. Far as I can tell, though, the root password would need to be visible in order to do this. Here is the cron that works, but cannot be implemented for obvious reasons:

mysqlcheck -u root -p[ROOTPASSWD] --auto-repair --optimize --all-databases > /dev/null 2>&1

Any thoughts on how this daily task can be performed without leaving a gaping security hole? If the crontab is opened with sudo permissions, would this eliminate the need to include the MySQL password in the repair & optimize command?

FurryWombat
  • 816
  • 2
  • 12
  • 28
  • You already have the answer here http://stackoverflow.com/questions/6861355/mysqldump-launched-by-cron-and-password-security/6861458#6861458 – Aleksander Wons Apr 12 '15 at 12:25
  • And this solution would only allow root user crons (emphasis on root), or those logged in via SSH as root user, to carry out the tasks without a password? Last thing I want is to hand over the diamonds in the underground safe some day to a thief who was smart enough to climb through an open window. – FurryWombat Apr 12 '15 at 17:04
  • The file containing the password is readable by root only. If someone can already read it you were in deep trouble long before that. – Aleksander Wons Apr 12 '15 at 18:06
  • Thanks for your direction on this, awons! – FurryWombat Apr 12 '15 at 18:19
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Mar 30 '16 at 16:30
  • Thanks for the tip! #LaterGram – FurryWombat Mar 31 '16 at 11:47

0 Answers0