Bug #71614 mysqldump silently skips --triggers when user lacks TRIGGER privilege
Submitted: 6 Feb 2014 21:30 Modified: 7 Feb 2014 19:12
Reporter: Dan Wierenga Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: mysqldump Command-line Client Severity:S3 (Non-critical)
Version:5.5, 5.6.17 OS:Any
Assigned to: CPU Architecture:Any
Tags: mysqldump trigger privilege

[6 Feb 2014 21:30] Dan Wierenga
By default mysqldump has the --triggers option enabled by default.  However, if the user connecting to the database lacks the TRIGGER privilege, it will not be able to dump any trigger information.  The verbose option adds no output either.

mysqldump should check if the user has the trigger option enabled and lacks the TRIGGER privilege.  

How to repeat:
1) Create a table with a trigger.
2) Create a user with the SELECT privilege but not the TRIGGER privilege.
3) run mysqldump with --triggers on the table.
4) Look at the resulting output - no trigger information has been dumped, and no warning issued indicating such.

Suggested fix:
If the trigger option is enabled, check the user's permissions via SHOW GRANTS to see if it also has the TRIGGER privilege.  If it does not, issue a warning that no trigger information can be dumped.

If that fix is too intrusive, at the very least the verbose option should issue a warning when triggers have been requested to be dumped and the user lacks the TRIGGER privilege.
[7 Feb 2014 19:12] Sveta Smirnova
Thank you for the report.

Verified as described.