1 Topic by saleck

  • saleck
  • Member
  • Offline
  • Registered: 2016-08-29
  • Posts: 1

Topic: MySQL backup - warning about using a password on the command line

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Debian Jessie 8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: cron e-mail message
====

Hi,

when using a completely clean installation we are receiving daily complaint from MySQL backup cronjob:

====

mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysqldump: [Warning] Using a password on the command line interface can be insecure.
bzip2: Output file /data/vmail/backup/mysql/2016/08/29/iredadmin-2016-08-29-03:30:01.sql.bz2 already exists.
mysql: [Warning] Using a password on the command line interface can be insecure.
==> Backup completed successfully.
==> Detailed log (/data/vmail/backup/mysql/2016/08/29/2016-08-29-03:30:01.log):
=========================
* Starting backup: 2016-08-29-03:30:01.
* Backup directory: /data/vmail/backup/mysql/2016/08/29.
* Backing up databases: vmail iredadmin mysql amavisd iredapd sogo roundcubemail iredadmin.
* File size:
----
8.0K    amavisd-2016-08-29-03:30:01.sql.bz2
128K    iredadmin-2016-08-29-03:30:01.sql
8.0K    iredadmin-2016-08-29-03:30:01.sql.bz2
8.0K    iredapd-2016-08-29-03:30:01.sql.bz2
184K    mysql-2016-08-29-03:30:01.sql.bz2
4.0K    roundcubemail-2016-08-29-03:30:01.sql.bz2
4.0K    sogo-2016-08-29-03:30:01.sql.bz2
4.0K    vmail-2016-08-29-03:30:01.sql.bz2
----
* Backup completed (Success? YES).


====

I have checked the backup script and it has hardcoded the old and insecure way of accessing MySQL by specifying password using the command line -p argument. Since we are installing as root wouldn't be better to create the ~/.my.cnf file with password=... line in the [client] section and remove the -p arguments from the script? The patch should be fairly simple.

Kind regards,

David Bruha

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: MySQL backup - warning about using a password on the command line

saleck wrote:

Since we are installing as root wouldn't be better to create the ~/.my.cnf file with password=... line in the [client] section and remove the -p arguments from the script?

You're right. Fixed moment ago, and will be available in next iRedMail release. Commit log:
https://bitbucket.org/zhb/iredmail/comm … f9644b902c

Thanks for the feedback. smile