0

I've been using the "mysql" command from the Unix console for a while now. It's more convenient for scheduling tasks or launching them unattended.

The outline of a .sh script for this is:

#!/bin/bash

#DB Config
USR_BD=myUsr
PWD_BD=myPass
IP_BD=x.x.x.x

f_exec ()
{
echo `date` ' -> Executing sql file ' $1

mysql -h $IP_BD -u $USR_BD -p$PWD_BD my_schema < $1

echo `date` ' -> Executed sql file ' $1
}

f_exec my_sentences.sql

The thing is, I've passed a security check, and they tell me that I can't save the clear password in a variable, or in plain text file, inside a .sh script

My question is: how can I solve this problem?

  • If you can save something like a token, the token presents the same problem as the password.
  • If you give permission to connect without a password to the host from which I run the script, if you gain access to that host, you also, consequently, gain access to the database.

Of course, it is obvious that I am not going to connect at 3am to enter the password to run the script. Or waiting online for a 10 minutes long heavy query.

I don't know how to solve the situation. Thanks.

Improve this question

1 Answer 1

Reset to default
1 
echo "MYSQLPASSWORD='XXXXXXX'" > mypass.txt
chmod 400 mypass.txt

Now the script:

#!/bin/bash

# '. FILENAME.EXT' is a bash form of <INCLUDE>
. mypass.txt 

mysql -h $IP_BD -u $USR_BD -p$MYSQLPASSWORD my_schema < $1

#####

Now an invocation:

sudo myscript.sh somecode.sql

Only launched by root your script will be able to include mypass.txt properly and get $MYSQLPASSWORD variable visible. Nonprivileged users will get a permission error.

Improve this answer
2
  • 1
    Thank you for your answer. I just wanted to make a brief note: the "import" should be ". mypass.txt" , with a space between the dot and the file name. It works for me. I can't make the sudo test now, but it should work. The password is clear in a file, but it's much more restricted and difficult to get the content of the file in this way. Thanks again. Commented Feb 13 at 15:44
  • @yaki_nuka Thanks for suggestion, I have edited my answer accordingly. Also if script is invoked by owner then sudo is not necessary. But root can access files even with 000 permissions. Commented Feb 13 at 16:56

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.