Bug #54525 Mysqldump, triggers, and SUPER being required to view them
Submitted: 15 Jun 2010 19:16 Modified: 16 Jun 2010 5:38
Reporter: Daniel Grace Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.1.45 OS:Linux
Assigned to: CPU Architecture:Any
Tags: mysqldump, super, triggers

[15 Jun 2010 19:16] Daniel Grace 
Description:
This is possibly related to ancient 'not a bug' bug #24679

As listed there, mysqldump --triggers does not dump triggers if the current user does not have access to them.  This was closed as Not A Bug, however I think the following implications need to be considered:

1) The only privilege allowing any access to triggers at all is SUPER.

2) Giving an automated backup script superuser privileges on your server is probably a Bad Idea(tm), at least from a security standpoint

How to repeat:
not applicable

Suggested fix:
I propose the addition of a SHOW TRIGGERS privilege which would provide read-only access to trigger data.
[15 Jun 2010 19:18] Daniel Grace 
fixing tags
[15 Jun 2010 19:20] Paul DuBois 
"1) The only privilege allowing any access to triggers at all is SUPER."

In 5.0, yes. In 5.1, no because there is a TRIGGER privilege. The SUPER
privilege _might_ be required in 5.1, as described in
http://dev.mysql.com/doc/refman/5.1/en/create-trigger.html
but not necessarily.
[16 Jun 2010 5:38] Sveta Smirnova 
Thank you for the report.

Closed as "Not a Bug" because reasons which Paul provided in previous comment.
[16 Jun 2010 5:40] Sveta Smirnova 
See also bug #52127 for detailed discussion related to this behavior.