[GRLUG] cron job an password
Greg Folkert
greg at gregfolkert.net
Tue Jun 11 15:10:28 EDT 2013
On Tue, 2013-06-11 at 09:59 -0400, Eric Beversluis wrote:
> On Tue, 2013-06-11 at 09:44 -0400, Eric Beversluis wrote:
> > How can I set a cron job to do mysqldump without hardcoding the mysql
> > root password into the cron command? (It looks like anyone can read the
> > various cron files.)
> Would it do to put the mysqldump in a script that only root can read
> and then set the cron job to run the script? Would it be better--and
> more secure--to have the script owned and executable only by
> mundaneUser and then set the cron job to be run by mundaneUser?
Sure a script in /root/bin is fine. But then, so is a crontab for root
in /var/spool/cron
As I've said in other replies, only root can actually see the crontabs
and all users must use a sticky bit proggy to edit or view the files.
Please review actual perms or attributes versus trying to obfuscate, it
works oh so much better.
--
greg at gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
"Our happiness depends on wisdom all the way."
-- Sophocles
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20130611/93223322/attachment.pgp>
More information about the grlug
mailing list