job.answiz.com
  • 4
Votes
name
name Punditsdkoslkdosdkoskdo

mytop: least privileges required to runs it?

What is the minimum set of privileges that mytop requires in order to work, without actually requiring super-user privileges.

I feel uncomfortable with the fact that I have to save the password in the configuration file (the less desirable alternative would be the command line), so I want to minimize the impact, should someone get to see the password. The password will still be used only in this one place, but I would prefer to not give unneeded privileges to the (MySQL) user mytop is running as.

The mytop documentation doesn't mention any of that and all examples assume root.

As far as I can tell all you need is enough to run SHOW PROCESSLIST and SHOW STATUS on the mysql server, which should mean that you only need USAGE, and PROCESS.

So create an account like so.

grant usage,process on *.* to 'mytop'@'%' identified by 'mypassword';

If you don't want to save your password, then use the command line. This command will login as the user mytop, and prompt you for a password so it doesn't get store in your history or the process list.

mytop -u mytop --prompt
  • 0
Reply Report

I've found I also need to grant SELECT on mysql.* to have mytop actually succeed, in addition to the usage, process referenced above.

  • 0
Reply Report