Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Database Minimum GRANTs needed by mysqldump for dumping a full schema? (TRIGGERs are missing!!)

Thread Rating:
  • 260 Vote(s) - 3.61 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Minimum GRANTs needed by mysqldump for dumping a full schema? (TRIGGERs are missing!!)

Offline Droppen7


Member
*
Member
Posts: 0
Threads: 0
Joined: Aug 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-20-2023, 02:18 PM
I have a MySQL user called *dump* with the following perms:

GRANT USAGE ON *.* TO 'dump'@'%' IDENTIFIED BY ...
GRANT SELECT, LOCK TABLES ON `mysql`.* TO 'dump'@'%'
GRANT SELECT, LOCK TABLES ON `myschema`.* TO 'dump'@'%'

I want to dump all data (included triggers and procedures) using the *dump* user. I call mysqldump in the following way:

mysqldump -u dump -p --routines --triggers --quote-names --opt \
--add-drop-database --databases myschema > myschema.sql

Everything is OK with the dumped file except for the **triggers, they are missing**!!

The triggers are dumped correctly if I try mysqldump with _root_ MySQL user:

mysqldump -u root -p --routines --triggers --quote-names --opt \
--add-drop-database --databases myschema > myschema.sql


So, I guess it is a perms issue... what are the **extra grants my _dump_ MySQL user needs for doing the full dump correctly?**
Reply

Offline gressorious595432


Member
*
Member
Posts: 0
Threads: 0
Joined: Apr 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-20-2023, 02:22 PM
I found the extra GRANT I needed!!

GRANT TRIGGER ON `myschema`.* TO 'dump'@'%'

Here you have the reference on the official doc:

[To see links please register here]


> The TRIGGER privilege enables trigger operations. You must have this privilege for a table to create, drop, or execute triggers for that table.
Reply

Offline primuline687247


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-20-2023, 02:23 PM
Assuming by full dump you also mean the `VIEW`s and the `EVENT`s, you would need:

GRANT USAGE ON *.* TO 'dump'@'%' IDENTIFIED BY ...;
GRANT SELECT, LOCK TABLES ON `mysql`.* TO 'dump'@'%';
GRANT SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `myschema`.* TO 'dump'@'%';

and if you have `VIEW`s that execute a function, then unfortunately you also need `EXECUTE`.

My own problem is: why do I need `SELECT` if I only want to make a no-data dump?
Reply

Offline preconcertive5972


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Nov 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-20-2023, 02:38 PM
I found, that sometime if VIEW DEFINER user does not exist, dump fails.

Change it, as described [there][1]


[1]:

[To see links please register here]

Reply

Offline extrathecalnsz


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Nov 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-20-2023, 02:40 PM
In addition to [Jannes](

[To see links please register here]

) answer, when using mysqldump with **--tab** option (produces a tab-separated text file for each dumped table), your MySQL user **must be granted** the `FILE` privilege as well:
<!-- language: lang-sql -->

GRANT FILE ON *.* TO 'dump'@'%';
Official docs reference:

[To see links please register here]


Mentioned in this section:
> This option should be used only when mysqldump is run on the same
> machine as the mysqld server. Because the server creates *.txt files
> in the directory that you specify, the directory must be writable by
> the server and the MySQL account that you use must have the FILE
> privilege. Because mysqldump creates *.sql in the same directory, it
> must be writable by your system login account.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through