Bug #76815 mysqldbexport requires SELECT to mysql even with --skip=procedures,functions
Submitted: 23 Apr 2015 23:36 Modified: 28 Jul 2015 0:27
Reporter: Denis Parnovskiy Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Utilities Severity:S2 (Serious)
Version:1.6.1 OS:Any
Assigned to: CPU Architecture:Any

[23 Apr 2015 23:36] Denis Parnovskiy
Description:
mysqldbexport requires SELECT to mysql even with --skip=procedures,functions

How to repeat:
python scripts/mysqldbexport.py --server=user:password@10.1.1.1 --skip=views,procedures,functions database

ERROR: User user on the Source server does not have permissions to read all objects in database. User needs SELECT privilege on mysql.

Suggested fix:
mysql/utilities/common/database.py:1670
misspelled option names

       if not options.get('skip_proc', False) or \
           not options.get('skip_func', False):
            priv_tuple = ("mysql", "SELECT")
            source_privs.append(priv_tuple)

real names are skip_procs and skip_funcs
[24 Apr 2015 8:13] MySQL Verification Team
Hello Denis Parnovskiy,

Thank you for the report.

Thanks,
Umesh
[24 Apr 2015 8:14] MySQL Verification Team
// ON OL6 with Utilities 1.5.4

[root@cluster-repo mysql-5.7.6]# mysqldbexport --version
MySQL Utilities mysqldbexport version 1.5.4
License type: GPLv2

// privileges
mysql> show grants for 'ushastry';
+----------------------------------------------------+
| Grants for ushastry@%                              |
+----------------------------------------------------+
| GRANT USAGE ON *.* TO 'ushastry'@'%'               |
| GRANT ALL PRIVILEGES ON `test`.* TO 'ushastry'@'%' |
+----------------------------------------------------+
2 rows in set (0.01 sec)

mysql> show grants for 'ushastry'@'localhost';
+------------------------------------------------------------+
| Grants for ushastry@localhost                              |
+------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ushastry'@'localhost'               |
| GRANT ALL PRIVILEGES ON `test`.* TO 'ushastry'@'localhost' |
+------------------------------------------------------------+
2 rows in set (0.01 sec)

[root@cluster-repo mysql-5.7.6]# mysqldbexport --server=ushastry@localhost:15000:/tmp/mysql_ushastry.sock --skip=CREATE_DB,EVENTS,FUNCTIONS,GRANTS,PROCEDURES,TABLES,TRIGGERS,VIEWS  test --export=data
# WARNING: Using a password on the command line interface can be insecure.
# Source on localhost: ... connected.
ERROR: User ushastry on the Source server does not have permissions to read all objects in test. User needs SELECT privilege on mysql.

Quoting from man pages - To export all objects from a source database, the user must have these privileges: SELECT and SHOW VIEW on the database as well as SELECT on the mysql database
http://dev.mysql.com/doc/mysql-utilities/1.5/en/mysqldbexport.html#option_mysqldbexport_sk...

May be SELECT privilege on the mysql database is required?
[24 Apr 2015 18:06] Denis Parnovskiy
Reproduced in 1.6.1
[24 Apr 2015 18:10] Denis Parnovskiy
Hi Umesh

You do not need SELECT on mysql if you pull only data (and CREATE TABLE) from the database you already have access to.

If you use mysqldump, you could easily achieve this result without any access to mysql databasee.

And see the code, find "skip_proc" in the code, the error is obvious.

Also, apply the suggested fix. You will be able to get data without access to mysql database.
[28 Jul 2015 0:27] Philip Olson
Posted by developer:
 
Fixed as of the upcoming MySQL Utilities 1.5.5 / 1.6.2 releases, and here's the changelog entry:

The mysqldbexport utility required SELECT privileges to the mysql database
when such permissions were not needed, even when passing in
--skip=procedures,functions.

Thank you for the bug report.
[11 Aug 2015 22:41] Philip Olson
Correction: This bug fix only applies to 1.6.2, and not 1.5.5.