Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19949

mariabackup option of '--password' or '-p' without specifying password in commandline

Details

    Description

      Hi.

      During mariabackup testing, I realized that for the option of "--password" I had to specify password in the commandline together.
      If I use the option only without password, It says it requires a argument.

      [root@maria-master full]# mariabackup --backup --target-dir /tmp/full -uroot -p
      mariabackup: option '-p' requires an argument
      

      For security purpose, It would be great that we just get the password input in next commandline like the other client tool does.

      Great thanks,
      Kwangbock

      Attachments

        Issue Links

          Activity

            As a workaround, you can add the user name and password to ~/.my.cnf. e.g.:

            [mariabackup]
            user=mariabackup
            password=mypassword
            

            See here:

            https://mariadb.com/kb/en/library/mariabackup-overview/#authentication-and-privileges

            GeoffMontee Geoff Montee (Inactive) added a comment - As a workaround, you can add the user name and password to ~/.my.cnf. e.g.: [mariabackup] user=mariabackup password=mypassword See here: https://mariadb.com/kb/en/library/mariabackup-overview/#authentication-and-privileges
            rvlane Richard Lane added a comment - - edited

            I would like to also vote for this enhancement. We have strict requirements for not using passwords in command line and will not comply to DFSEC requirements without at least an environment variable to supply password vs. command line.

            Geoff, the workaround is actually worse since it is in plain text in a config files, which is also a major violation. Even if the file has root+mysql read only permissions.

            rvlane Richard Lane added a comment - - edited I would like to also vote for this enhancement. We have strict requirements for not using passwords in command line and will not comply to DFSEC requirements without at least an environment variable to supply password vs. command line. Geoff, the workaround is actually worse since it is in plain text in a config files, which is also a major violation. Even if the file has root+mysql read only permissions.

            It changes the behavior in an incompatible way, existing scripts stop working (we had it in buildbot).

            But the new behavior is compatible with other mariadb command-line tools, so let's still do it, but in 11.6+

            serg Sergei Golubchik added a comment - It changes the behavior in an incompatible way, existing scripts stop working (we had it in buildbot). But the new behavior is compatible with other mariadb command-line tools, so let's still do it, but in 11.6+
            danblack Daniel Black added a comment -

            Now that this was merged, was this break in behaviour intended?

             
            + docker exec mariadbcontainer18598 mariabackup --backup --target-dir=/backup/d --user root --password soverysecret
            mariabackup: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb-backup' instead
            Enter password: [00] 2024-08-14 01:49:02 mariabackup: Error: unknown argument: 'soverysecret'
            

            $ rr record -n   extra/mariabackup/mariadb-backup  -S /tmp/build-mariadb-server-11.6.sock  --backup --target-dir=/tmp/d --user root --password soverysecret
            rr: Saving execution to trace directory `/home/dan/.local/share/rr/mariadb-backup-0'.
            Enter password: 
            [00] 2024-08-14 13:10:09 mariabackup: Error: unknown argument: 'soverysecret'
             
             
            ...
            Breakpoint 1, xb_get_one_option (opt=0x1761510 <xb_client_options+4704>, argument=0x0) at /home/dan/repos/mariadb-server-11.6/extra/mariabackup/xtrabackup.cc:2226
            2226	  switch(opt->id) {
            (gdb) p *opt
            $1 = {name = 0xeffdfe "password", id = 112, comment = 0xef7100 "This option specifies the password to use when connecting to the database. It accepts a string argument.  See mysql --help for details.", value = 0x0, 
              u_max_value = 0x0, typelib = 0x0, var_type = 9, arg_type = OPT_ARG, def_value = 0, min_value = 0, max_value = 0, deprecation_substitute = 0x0, block_size = 0, app_type = 0x0}
            

            So argument is null for password.

            So long args have to have --password=thesecret

            fix: https://github.com/MariaDB/mariadb-docker/commit/1637a68a195a27f4a89fa8e6b9d0c13a1dcb015e

            danblack Daniel Black added a comment - Now that this was merged , was this break in behaviour intended?   + docker exec mariadbcontainer18598 mariabackup --backup --target-dir=/backup/d --user root --password soverysecret mariabackup: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb-backup' instead Enter password: [00] 2024-08-14 01:49:02 mariabackup: Error: unknown argument: 'soverysecret' $ rr record -n extra/mariabackup/mariadb-backup -S /tmp/build-mariadb-server-11.6.sock --backup --target-dir=/tmp/d --user root --password soverysecret rr: Saving execution to trace directory `/home/dan/.local/share/rr/mariadb-backup-0'. Enter password: [00] 2024-08-14 13:10:09 mariabackup: Error: unknown argument: 'soverysecret'     ... Breakpoint 1, xb_get_one_option (opt=0x1761510 <xb_client_options+4704>, argument=0x0) at /home/dan/repos/mariadb-server-11.6/extra/mariabackup/xtrabackup.cc:2226 2226 switch(opt->id) { (gdb) p *opt $1 = {name = 0xeffdfe "password", id = 112, comment = 0xef7100 "This option specifies the password to use when connecting to the database. It accepts a string argument. See mysql --help for details.", value = 0x0, u_max_value = 0x0, typelib = 0x0, var_type = 9, arg_type = OPT_ARG, def_value = 0, min_value = 0, max_value = 0, deprecation_substitute = 0x0, block_size = 0, app_type = 0x0} So argument is null for password. So long args have to have --password=thesecret fix: https://github.com/MariaDB/mariadb-docker/commit/1637a68a195a27f4a89fa8e6b9d0c13a1dcb015e
            danblack Daniel Black added a comment - - edited

            For release notes:

            The mariadb-backup --password thissit syntax is no longer supported - use mariadb-backup --password=thissit

            danblack Daniel Black added a comment - - edited For release notes: The mariadb-backup --password thissit syntax is no longer supported - use mariadb-backup --password=thissit

            People

              serg Sergei Golubchik
              kb Kwangbock Lee
              Votes:
              5 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.