Man page for mk-show-grants

August 24, 2007 – 5:35 pm

MK-SHOW-GRANTS

Section: User Contributed Perl Documentation (1)
Updated: 2008-06-01
Index
Return to Main Contents

NAME

mk-show-grants – Canonicalize and print MySQL grants so you can effectively
replicate, compare and version-control them.

SYNOPSIS

mk-show-grants
mk-show-grants –separate –revoke | diff othergrants.sql -

DOWNLOADING

You can download Maatkit from the Sourceforge website at
<http://sourceforge.net/projects/maatkit>, or you can get any of the tools
easily with a command like the following:

wget http://www.maatkit.org/get/toolname
or
wget http://www.maatkit.org/trunk/toolname

Where "toolname" can be replaced with the name (or fragment of a name) of any
of the Maatkit tools. Once downloaded, they’re ready to run; no installation is
needed. The first URL gets the latest released version of the tool, and the
second gets the latest trunk code from Subversion.

OPTIONS

–askpass

Prompt for a password when connecting to MySQL.

–charset

short form: -A; type: string

Default character set.

Enables character set settings in Perl and MySQL. If the value is "utf8", sets
Perl’s binmode on STDOUT to utf8, passes the "mysql_enable_utf8" option to
DBD::mysql, and runs "SET NAMES UTF8" after connecting to MySQL. Any other
value sets binmode on STDOUT without the utf8 layer, and runs "SET NAMES" after
connecting to MySQL.

–database

short form: -D; type: string

The database to use for the connection.

–defaults-file

short form: -F; type: string

Only read mysql options from the given file. You must give an absolute
pathname.

–drop

short form: -d

Add DROP USER before each user in the output.

–flush

short form: -f

Add FLUSH PRIVILEGES after output.

You might need this on pre-4.1.1 servers if you want to drop a user completely.

–host

short form: -h; type: string

Connect to host.

–ignore

short form: -i; type: string

Ignore this comma-separated list of users.

–only

short form: -o; type: string

Only show grants for this comma-separated list of users.

–password

short form: -p; type: string

Password to use when connecting.

–port

short form: -P; type: int

Port number to use for connection.

–revoke

short form: -r

Add REVOKE statements for each GRANT statement.

–separate

short form: -s

List each GRANT or REVOKE separately.

The default output from MySQL’s SHOW GRANTS command lists many privileges on a
single line. With “–flush”, places a FLUSH PRIVILEGES after each user,
instead of once at the end of all the output.

–setvars

type: string; default: wait_timeout=10000

Set these MySQL variables.

Specify any variables you want to be set immediately after connecting to MySQL.
These will be included in a "SET" command.

–socket

short form: -S; type: string

Socket file to use for connection.

–timestamp

short form: -t; negatable: yes; default: yes

Show dump timestamp.

–user

short form: -u; type: string

User for login if not current user.

DESCRIPTION

mk-show-grants extracts, orders, and then prints grants for MySQL user
accounts.

Why would you want this? There are several reasons.

The first is to easily replicate users from one server to another; you can
simply extract the grants from the first server and pipe the output directly
into another server.

The second use is to place your grants into version control. If you do a daily
automated grant dump into version control, you’ll get lots of spurious
changesets for grants that don’t change, because MySQL prints the actual grants
out in a seemingly random order. For instance, one day it’ll say

GRANT DELETE, INSERT, UPDATE ON `test`.* TO ‘foo’@'%’;

And then another day it’ll say

GRANT INSERT, DELETE, UPDATE ON `test`.* TO ‘foo’@'%’;

The grants haven’t changed, but the order has. This script sorts the grants
within the line, between ‘GRANT‘ and ‘ON‘. If there are multiple rows from SHOW
GRANTS, it sorts the rows too, except that it always prints the row with the
user’s password first, if it exists. This removes three kinds of inconsistency
you’ll get from running SHOW GRANTS, and avoids spurious changesets in version
control.

Third, if you want to diff grants across servers, it will be hard without
“canonicalizing” them, which mk-show-grants does. The output is fully
diff-able.

With the “–revoke”, “–separate” and other options, mk-show-grants
also makes it easy to revoke specific privileges from users. This is tedious
otherwise.

ENVIRONMENT

The environment variable "MKDEBUG" enables verbose debugging output in all of
the Maatkit tools:



   MKDEBUG=1 mk-….

BUGS

Please use the Sourceforge bug tracker, forums, and mailing lists to request
support or report bugs: <http://sourceforge.net/projects/maatkit/>.

Please include the complete command-line used to reproduce the problem you are
seeing, the version of all MySQL servers involved, the complete output of the
tool when run with “–version”, and if possible, debugging output produced by
running with the "MKDEBUG=1" environment variable.

SYSTEM REQUIREMENTS

You need the following Perl modules: DBI and DBD::mysql.

LICENSE

This program is copyright (c) 2007 Baron Schwartz.
Feedback and improvements are welcome.

THIS PROGRAM IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, version 2; OR the Perl Artistic License. On UNIX and similar
systems, you can issue `man perlgpl’ or `man perlartistic’ to read these
licenses.

You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place, Suite 330, Boston, MA 02111-1307 USA.

AUTHOR

Baron Schwartz.

VERSION

This manual page documents Ver 1.0.10 Distrib 1972 $Revision: 1970 $.

Linux Apache MySQL PHP Tips