Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PT-SHOW-GRANTS(1)     User Contributed Perl Documentation    PT-SHOW-GRANTS(1)

NAME
       pt-show-grants -	Canonicalize and print MySQL grants so you can
       effectively replicate, compare and version-control them.

SYNOPSIS
       Usage: pt-show-grants [OPTIONS] [DSN]

       pt-show-grants shows grants (user privileges) from a MySQL server.

       Examples:

	  pt-show-grants

	  pt-show-grants --separate --revoke | diff othergrants.sql -

RISKS
       Percona Toolkit is mature, proven in the	real world, and	well tested,
       but all database	tools can pose a risk to the system and	the database
       server.	Before using this tool,	please:

       o   Read	the tool's documentation

       o   Review the tool's known "BUGS"

       o   Test	the tool on a non-production server

       o   Backup your production server and verify the	backups

DESCRIPTION
       pt-show-grants extracts,	orders,	and then prints	grants for MySQL user
       accounts.

       Why would you want this?	 There are several reasons.

       The first is to easily replicate	users from one server to another; you
       can simply extract the grants from the first server and pipe the	output
       directly	into another server.

       The second use is to place your grants into version control.  If	you do
       a daily automated grant dump into version control, you'll get lots of
       spurious	changesets for grants that don't change, because MySQL prints
       the actual grants out in	a seemingly random order.  For instance, one
       day it'll say

	 GRANT DELETE, INSERT, UPDATE ON `test`.* TO 'foo'@'%';

       And then	another	day it'll say

	 GRANT INSERT, DELETE, UPDATE ON `test`.* TO 'foo'@'%';

       The grants haven't changed, but the order has.  This script sorts the
       grants within the line, between 'GRANT' and 'ON'.  If there are
       multiple	rows from SHOW GRANTS, it sorts	the rows too, except that it
       always prints the row with the user's password first, if	it exists.
       This removes three kinds	of inconsistency you'll	get from running SHOW
       GRANTS, and avoids spurious changesets in version control.

       Third, if you want to diff grants across	servers, it will be hard
       without "canonicalizing"	them, which pt-show-grants does.  The output
       is fully	diff-able.

       With the	"--revoke", "--separate" and other options, pt-show-grants
       also makes it easy to revoke specific privileges	from users.  This is
       tedious otherwise.

OPTIONS
       This tool accepts additional command-line arguments.  Refer to the
       "SYNOPSIS" and usage information	for details.

       --ask-pass
	   Prompt for a	password when connecting to MySQL.

       --charset
	   short form: -A; type: string

	   Default character set.  If the value	is utf8, sets Perl's binmode
	   on STDOUT to	utf8, passes the mysql_enable_utf8 option to
	   DBD::mysql, and runs	SET NAMES UTF8 after connecting	to MySQL.  Any
	   other value sets binmode on STDOUT without the utf8 layer, and runs
	   SET NAMES after connecting to MySQL.

       --config
	   type: Array

	   Read	this comma-separated list of config files; if specified, this
	   must	be the first option on the command line.

       --database
	   short form: -D; type: string

	   The database	to use for the connection.

       --defaults-file
	   short form: -F; type: string

	   Only	read mysql options from	the given file.	 You must give an
	   absolute pathname.

       --drop
	   Add DROP USER before	each user in the output.

       --flush
	   Add FLUSH PRIVILEGES	after output.

	   You might need this on pre-4.1.1 servers if you want	to drop	a user
	   completely.

       --[no]header
	   default: yes

	   Print dump header.

	   The header precedes the dumped grants.  It looks like:

	     --	Grants dumped by pt-show-grants	1.0.19
	     --	Dumped from server Localhost via UNIX socket, MySQL 5.0.82-log at 2009-10-26 10:01:04

	   See also "--[no]timestamp".

       --help
	   Show	help and exit.

       --host
	   short form: -h; type: string

	   Connect to host.

       --ignore
	   type: array

	   Ignore this comma-separated list of users.

       --only
	   type: array

	   Only	show grants for	this comma-separated list of users.

       --password
	   short form: -p; type: string

	   Password to use when	connecting.  If	password contains commas they
	   must	be escaped with	a backslash: "exam\,ple"

       --pid
	   type: string

	   Create the given PID	file.  The tool	won't start if the PID file
	   already exists and the PID it contains is different than the
	   current PID.	 However, if the PID file exists and the PID it
	   contains is no longer running, the tool will	overwrite the PID file
	   with	the current PID.  The PID file is removed automatically	when
	   the tool exits.

       --port
	   short form: -P; type: int

	   Port	number to use for connection.

       --revoke
	   Add REVOKE statements for each GRANT	statement.

       --separate
	   List	each GRANT or REVOKE separately.

	   The default output from MySQL's SHOW	GRANTS command lists many
	   privileges on a single line.	 With "--flush", places	a FLUSH
	   PRIVILEGES after each user, instead of once at the end of all the
	   output.

       --set-vars
	   type: Array

	   Set the MySQL variables in this comma-separated list	of
	   "variable=value" pairs.

	   By default, the tool	sets:

	      wait_timeout=10000

	   Variables specified on the command line override these defaults.
	   For example,	specifying "--set-vars wait_timeout=500" overrides the
	   defaultvalue	of 10000.

	   The tool prints a warning and continues if a	variable cannot	be
	   set.

       --socket
	   short form: -S; type: string

	   Socket file to use for connection.

       --[no]timestamp
	   default: yes

	   Add timestamp to the	dump header.

	   See also "--[no]header".

       --user
	   short form: -u; type: string

	   User	for login if not current user.

       --version
	   Show	version	and exit.

DSN OPTIONS
       These DSN options are used to create a DSN.  Each option	is given like
       "option=value".	The options are	case-sensitive,	so P and p are not the
       same option.  There cannot be whitespace	before or after	the "="	and if
       the value contains whitespace it	must be	quoted.	 DSN options are
       comma-separated.	 See the percona-toolkit manpage for full details.

       o   A

	   dsn:	charset; copy: yes

	   Default character set.

       o   D

	   dsn:	database; copy:	yes

	   Default database.

       o   F

	   dsn:	mysql_read_default_file; copy: yes

	   Only	read default options from the given file

       o   h

	   dsn:	host; copy: yes

	   Connect to host.

       o   p

	   dsn:	password; copy:	yes

	   Password to use when	connecting.  If	password contains commas they
	   must	be escaped with	a backslash: "exam\,ple"

       o   P

	   dsn:	port; copy: yes

	   Port	number to use for connection.

       o   S

	   dsn:	mysql_socket; copy: yes

	   Socket file to use for connection.

       o   u

	   dsn:	user; copy: yes

	   User	for login if not current user.

ENVIRONMENT
       The environment variable	"PTDEBUG" enables verbose debugging output to
       STDERR.	To enable debugging and	capture	all output to a	file, run the
       tool like:

	  PTDEBUG=1 pt-show-grants ... > FILE 2>&1

       Be careful: debugging output is voluminous and can generate several
       megabytes of output.

SYSTEM REQUIREMENTS
       You need	Perl, DBI, DBD::mysql, and some	core packages that ought to be
       installed in any	reasonably new version of Perl.

BUGS
       For a list of known bugs, see
       <http://www.percona.com/bugs/pt-show-grants>.

       Please report bugs at <https://bugs.launchpad.net/percona-toolkit>.
       Include the following information in your bug report:

       o   Complete command-line used to run the tool

       o   Tool	"--version"

       o   MySQL version of all	servers	involved

       o   Output from the tool	including STDERR

       o   Input files (log/dump/config	files, etc.)

       If possible, include debugging output by	running	the tool with
       "PTDEBUG"; see "ENVIRONMENT".

DOWNLOADING
       Visit <http://www.percona.com/software/percona-toolkit/>	to download
       the latest release of Percona Toolkit.  Or, get the latest release from
       the command line:

	  wget percona.com/get/percona-toolkit.tar.gz

	  wget percona.com/get/percona-toolkit.rpm

	  wget percona.com/get/percona-toolkit.deb

       You can also get	individual tools from the latest release:

	  wget percona.com/get/TOOL

       Replace "TOOL" with the name of any tool.

AUTHORS
       Baron Schwartz

ABOUT PERCONA TOOLKIT
       This tool is part of Percona Toolkit, a collection of advanced command-
       line tools for MySQL developed by Percona.  Percona Toolkit was forked
       from two	projects in June, 2011:	Maatkit	and Aspersa.  Those projects
       were created by Baron Schwartz and primarily developed by him and
       Daniel Nichter.	Visit <http://www.percona.com/software/> to learn
       about other free, open-source software from Percona.

COPYRIGHT, LICENSE, AND	WARRANTY
       This program is copyright 2011-2016 Percona LLC and/or its affiliates,
       2007-2011 Baron Schwartz.

       THIS PROGRAM IS PROVIDED	"AS IS"	AND WITHOUT ANY	EXPRESS	OR IMPLIED
       WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
       MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published by the
       Free Software Foundation, version 2; OR the Perl	Artistic License.  On
       UNIX and	similar	systems, you can issue `man perlgpl' or	`man
       perlartistic' to	read these licenses.

       You should have received	a copy of the GNU General Public License along
       with this program; if not, write	to the Free Software Foundation, Inc.,
       59 Temple Place,	Suite 330, Boston, MA  02111-1307  USA.

VERSION
       pt-show-grants 2.2.17

perl v5.24.1			  2016-03-07		     PT-SHOW-GRANTS(1)

NAME | SYNOPSIS | RISKS | DESCRIPTION | OPTIONS | DSN OPTIONS | ENVIRONMENT | SYSTEM REQUIREMENTS | BUGS | DOWNLOADING | AUTHORS | ABOUT PERCONA TOOLKIT | COPYRIGHT, LICENSE, AND WARRANTY | VERSION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pt-show-grants&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help