【MySQL】遮蔽验证mysql_config_editor
当需要shell脚本执行一些数据库的命令时(如:定时备份、检查主从同步状态的命令等),脚本中的命令需要用户名和密码,显然,我们不应该把密码放在明文的文件中。
如果不想把密码放在shell文件中,那么有几种方法:
1:创建一个权限极小的用户,只用于备份等操作。
2:在mysql配置文件中加入参数skip-grant-tables,当然这个是比较危险的,尽量不要用。
3:在mysql配置文件中加入用户名和密码,显然,这个也把密码暴露出来了。
1 2 3 4 5 |
[root@mss ~]# vi /etc/my.cnf [client] user=ck password=123456 |
4:利用mysql_config_editor,生成.mylogin.cnf配置文件,此配置文件中,密码是隐藏的。
1)查看帮助信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
[root@mss ~]# mysql_config_editor -? mysql_config_editor Ver 1.0 Distrib 5.7.19, for linux-glibc2.12 on x86_64 Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. MySQL Configuration Utility. Usage: mysql_config_editor [program options] [command [command options]] -#, --debug[=#] This is a non-debug version. Catch this and exit. -?, --help Display this help and exit. -v, --verbose Write more information. -V, --version Output version information and exit. Variables (--variable-name=value) and boolean options {FALSE|TRUE} Value (after reading options) --------------------------------- ---------------------------------------- verbose FALSE Where command can be any one of the following : set [command options] Sets user name/password/host name/socket/port for a given login path (section). remove [command options] Remove a login path from the login file. print [command options] Print all the options for a specified login path. reset [command options] Deletes the contents of the login file. help Display this usage/help information. [root@mss ~]# [root@mss ~]# mysql_config_editor set -? mysql_config_editor Ver 1.0 Distrib 5.7.19, for linux-glibc2.12 on x86_64 Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. MySQL Configuration Utility. Description: Write a login path to the login file. Usage: mysql_config_editor [program options] [set [command options]] -?, --help Display this help and exit. -h, --host=name Host name to be entered into the login file. -G, --login-path=name Name of the login path to use in the login file. (Default : client) -p, --password Prompt for password to be entered into the login file. -u, --user=name User name to be entered into the login file. -S, --socket=name Socket path to be entered into login file. -P, --port=name Port number to be entered into login file. -w, --warn Warn and ask for confirmation if set command attempts to overwrite an existing login path (enabled by default). (Defaults to on; use --skip-warn to disable.) Variables (--variable-name=value) and boolean options {FALSE|TRUE} Value (after reading options) --------------------------------- ---------------------------------------- host (No default value) login-path client user (No default value) socket (No default value) port (No default value) warn TRUE [root@mss ~]# |
2)创建.mylogin.cnf配置文件
1 2 3 |
[root@mss ~]# mysql_config_editor set -G mysql2587 -S /data/db/mysql/2587/mysql.sock -u root -p Enter password: [root@mss ~]# |
3)查看配置文件,直接查看的话,是乱码
1 2 3 4 5 6 7 8 9 10 11 12 |
[root@mss ~]# ls -la ~/ |grep login.cnf -rw------- 1 root root 280 Sep 9 15:30 .mylogin.cnf [root@mss ~]# [root@mss ~]# cat .mylogin.cnf [(A2g|"E !EE z62Ccig]<_6+~-Rz0=4#Ja!d3<+Zh-Z{<."E !EE z62Ccig]<_6+~-Rz0=4#Ja!d3<+Zh[_--+@+__ ~]# ## 注意:查看一个加密文件会出现乱码,如果想回到不是乱码的状态,可以用如下两种方法: 1:退出该会话,也就是关闭这个连接,重新再连接就可以了。 2:Ctrl + v + o (说明:Ctrl + v先按,然后再按o),此时会出现 ^O 的样子,然后,再敲一下回车即可。 |
4)通过 mysql_config_editor命令行查看配置文件
1 2 3 4 5 6 |
[root@mss ~]# mysql_config_editor print --all [mysql2587] user = root password = ***** socket = /data/db/mysql/2587/mysql.sock [root@mss ~]# |
5)免密登录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@mss ~]# mysql --login-path=mysql2587 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 Server version: 5.7.19-log MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> |
小结:
该工具至少在mysql5.6.6以上的版本才可用