PT-SHOW-GRANTS(1p)

User Contributed Perl Documentation

PT-SHOW-GRANTS(1p)

NAME¶

pt-show-grants - Canonicalize and print MySQL grants so you can effectively replicate, compare and version-control them.

SYNOPSIS¶

Usage: pt-show-grants [OPTION...] [DSN]

pt-show-grants shows grants (user privileges) from a MySQL server.

Examples:

   pt-show-grants
   pt-show-grants --separate --revoke | diff othergrants.sql -

RISKS¶

The following section is included to inform users about the potential risks, whether known or unknown, of using this tool. The two main categories of risks are those created by the nature of the tool (e.g. read-only tools vs. read-write tools) and those created by bugs.

pt-show-grants is read-only by default, and very low-risk. If you specify "--flush", it will execute "FLUSH PRIVILEGES".

At the time of this release, we know of no bugs that could cause serious harm to users.

The authoritative source for updated information is always the online issue tracking system. Issues that affect this tool will be marked as such. You can see a list of such issues at the following URL: http://www.percona.com/bugs/pt-show-grants <http://www.percona.com/bugs/pt-show-grants>.

See also "BUGS" for more information on filing bugs and getting help.

DESCRIPTION¶

pt-show-grants extracts, orders, and then prints grants for MySQL user accounts.

Why would you want this? There are several reasons.

The first is to easily replicate users from one server to another; you can simply extract the grants from the first server and pipe the output directly into another server.

The second use is to place your grants into version control. If you do a daily automated grant dump into version control, you'll get lots of spurious changesets for grants that don't change, because MySQL prints the actual grants out in a seemingly random order. For instance, one day it'll say

  GRANT DELETE, INSERT, UPDATE ON `test`.* TO 'foo'@'%';

And then another day it'll say

  GRANT INSERT, DELETE, UPDATE ON `test`.* TO 'foo'@'%';

The grants haven't changed, but the order has. This script sorts the grants within the line, between 'GRANT' and 'ON'. If there are multiple rows from SHOW GRANTS, it sorts the rows too, except that it always prints the row with the user's password first, if it exists. This removes three kinds of inconsistency you'll get from running SHOW GRANTS, and avoids spurious changesets in version control.

Third, if you want to diff grants across servers, it will be hard without "canonicalizing" them, which pt-show-grants does. The output is fully diff-able.

With the "--revoke", "--separate" and other options, pt-show-grants also makes it easy to revoke specific privileges from users. This is tedious otherwise.

OPTIONS¶

This tool accepts additional command-line arguments. Refer to the "SYNOPSIS" and usage information for details.

--ask-pass: Prompt for a password when connecting to MySQL.

--charset: short form: -A; type: string

Default character set. If the value is utf8, sets Perl's binmode on STDOUT to utf8, passes the mysql_enable_utf8 option to DBD::mysql, and runs SET NAMES UTF8 after connecting to MySQL. Any other value sets binmode on STDOUT without the utf8 layer, and runs SET NAMES after connecting to MySQL.

--config: type: Array

Read this comma-separated list of config files; if specified, this must be the first option on the command line.

--database: short form: -D; type: string

The database to use for the connection.

--defaults-file: short form: -F; type: string

Only read mysql options from the given file. You must give an absolute pathname.

--drop: Add DROP USER before each user in the output.

--flush: Add FLUSH PRIVILEGES after output.

You might need this on pre-4.1.1 servers if you want to drop a user completely.

--[no]header

default: yes

Print dump header.

The header precedes the dumped grants. It looks like:

  -- Grants dumped by pt-show-grants 1.0.19
  -- Dumped from server Localhost via UNIX socket, MySQL 5.0.82-log at 2009-10-26 10:01:04

DSN OPTIONS¶

These DSN options are used to create a DSN. Each option is given like "option=value". The options are case-sensitive, so P and p are not the same option. There cannot be whitespace before or after the "=" and if the value contains whitespace it must be quoted. DSN options are comma-separated. See the percona-toolkit manpage for full details.

•: A

dsn: charset; copy: yes

Default character set.

•: D

dsn: database; copy: yes

Default database.

•: F

dsn: mysql_read_default_file; copy: yes

Only read default options from the given file

•: h

dsn: host; copy: yes

Connect to host.

•: p

dsn: password; copy: yes

Password to use when connecting.

•: P

dsn: port; copy: yes

Port number to use for connection.

•: S

dsn: mysql_socket; copy: yes

Socket file to use for connection.

•: u

dsn: user; copy: yes

User for login if not current user.

ENVIRONMENT¶

The environment variable "PTDEBUG" enables verbose debugging output to STDERR. To enable debugging and capture all output to a file, run the tool like:

   PTDEBUG=1 pt-show-grants ... > FILE 2>&1

Be careful: debugging output is voluminous and can generate several megabytes of output.

SYSTEM REQUIREMENTS¶

You need Perl, DBI, DBD::mysql, and some core packages that ought to be installed in any reasonably new version of Perl.

BUGS¶

For a list of known bugs, see http://www.percona.com/bugs/pt-show-grants <http://www.percona.com/bugs/pt-show-grants>.

Please report bugs at https://bugs.launchpad.net/percona-toolkit <https://bugs.launchpad.net/percona-toolkit>. Include the following information in your bug report:

•: Complete command-line used to run the tool

•: Tool "--version"

•: MySQL version of all servers involved

•: Output from the tool including STDERR

•: Input files (log/dump/config files, etc.)

If possible, include debugging output by running the tool with "PTDEBUG"; see "ENVIRONMENT".

DOWNLOADING¶

Visit http://www.percona.com/software/percona-toolkit/ <http://www.percona.com/software/percona-toolkit/> to download the latest release of Percona Toolkit. Or, get the latest release from the command line:

   wget percona.com/get/percona-toolkit.tar.gz
   wget percona.com/get/percona-toolkit.rpm
   wget percona.com/get/percona-toolkit.deb

You can also get individual tools from the latest release:

   wget percona.com/get/TOOL

Replace "TOOL" with the name of any tool.

AUTHORS¶

Baron Schwartz

ABOUT PERCONA TOOLKIT¶

This tool is part of Percona Toolkit, a collection of advanced command-line tools developed by Percona for MySQL support and consulting. Percona Toolkit was forked from two projects in June, 2011: Maatkit and Aspersa. Those projects were created by Baron Schwartz and developed primarily by him and Daniel Nichter, both of whom are employed by Percona. Visit <http://www.percona.com/software/> for more software developed by Percona.

COPYRIGHT, LICENSE, AND WARRANTY¶

THIS PROGRAM IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2; OR the Perl Artistic License. On UNIX and similar systems, you can issue `man perlgpl' or `man perlartistic' to read these licenses.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.

VERSION¶

pt-show-grants 2.1.2

2012-06-15

perl v5.14.2

Source file:	pt-show-grants.1p.en.gz (from percona-toolkit 2.1.2-1)
Source last updated:	2012-06-15T21:12:16Z
Converted to HTML:	2017-06-07T16:54:54Z