.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' .\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .\" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MYSQL-SHOW-GRANTS 1" .TH MYSQL-SHOW-GRANTS 1 "2007-10-15" "perl v5.8.8" "User Contributed Perl Documentation" .SH "NAME" mysql\-show\-grants \- Canonicalize and print MySQL grants so you can effectively replicate, compare and version\-control them. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& mysql-show-grants \& mysql-show-grants --separate --revoke | diff othergrants.sql - .Ve .SH "OPTIONS" .IX Header "OPTIONS" .IP "\-\-askpass" 4 .IX Item "--askpass" Prompt for password for connections. .IP "\-\-database" 4 .IX Item "--database" Database to use. .IP "\-\-defaults\-file" 4 .IX Item "--defaults-file" Only read default options from the given file. .IP "\-\-drop" 4 .IX Item "--drop" Adds \s-1DROP\s0 \s-1USER\s0 before each user in the output. .IP "\-\-flush" 4 .IX Item "--flush" Adds \s-1FLUSH\s0 \s-1PRIVILEGES\s0 after output. You might need this on pre\-4.1.1 servers if you want to drop a user completely. .IP "\-\-help" 4 .IX Item "--help" Displays a help message. .IP "\-\-host" 4 .IX Item "--host" Connect to host. .IP "\-\-ignore" 4 .IX Item "--ignore" Ignore this comma-separated list of users. .IP "\-\-only" 4 .IX Item "--only" Only print grants for this comma-separated list of users. .IP "\-\-password" 4 .IX Item "--password" Password to use when connecting. .IP "\-\-port" 4 .IX Item "--port" Port number to use for connection. .IP "\-\-revoke" 4 .IX Item "--revoke" Add \s-1REVOKE\s0 statements for each \s-1GRANT\s0 statement. .IP "\-\-separate" 4 .IX Item "--separate" Lists each \s-1GRANT\s0 or \s-1REVOKE\s0 separately, instead of the default output from MySQL's \s-1SHOW\s0 \s-1GRANTS\s0 command, which may list many privileges on a single line. With \*(L"\-\-flush\*(R", places a \s-1FLUSH\s0 \s-1PRIVILEGES\s0 after each user, instead of once at the end of all the output. .IP "\-\-socket" 4 .IX Item "--socket" Socket file to use for connection. .IP "\-\-user" 4 .IX Item "--user" User for login if not current user. .IP "\-\-version" 4 .IX Item "--version" Output version information and exit. .SH "DESCRIPTION" .IX Header "DESCRIPTION" mysql-show-grants extracts, orders, and then prints grants for MySQL user accounts. .PP Why would you want this? There are several reasons. .PP The first is to easily replicate users from one server to another; you can simply extract the grants from the first server and pipe the output directly into another server. .PP The second use is to place your grants into version control. If you do a daily automated grant dump into version control, you'll get lots of spurious changesets for grants that don't change, because MySQL prints the actual grants out in a seemingly random order. For instance, one day it'll say .PP .Vb 1 \& GRANT DELETE, INSERT, UPDATE ON `test`.* TO 'foo'@'%'; .Ve .PP And then another day it'll say .PP .Vb 1 \& GRANT INSERT, DELETE, UPDATE ON `test`.* TO 'foo'@'%'; .Ve .PP The grants haven't changed, but the order has. This script sorts the grants within the line, between '\s-1GRANT\s0' and '\s-1ON\s0'. If there are multiple rows from \s-1SHOW\s0 \&\s-1GRANTS\s0, it sorts the rows too, except that it always prints the row with the user's password first, if it exists. This removes three kinds of inconsistency you'll get from running \s-1SHOW\s0 \s-1GRANTS\s0, and avoids spurious changesets in version control. .PP Third, if you want to diff grants across servers, it will be hard without \&\*(L"canonicalizing\*(R" them, which mysql-show-grants does. The output is fully diff\-able. .PP With the \*(L"\-\-revoke\*(R", \*(L"\-\-separate\*(R" and other options, mysql-show-grants also makes it easy to revoke specific privileges from users. This is tedious otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" Someone pointed out that this has been done before (not surprising, as it's not all that complicated). Visit http://www.futhark.ch/mysql/139.html for a simpler implementation of the same general concept, though without the canonicalization. I borrowed the idea of adding \s-1DROP\s0 \s-1USER\s0 from that script, and it inspired me to add the \s-1REVOKE\s0 functionality too. .SH "BUGS" .IX Header "BUGS" Please use the Sourceforge bug tracker, forums, and mailing lists to request support or report bugs: . .SH "SYSTEM REQUIREMENTS" .IX Header "SYSTEM REQUIREMENTS" You need the following Perl modules: \s-1DBI\s0 and DBD::mysql. .SH "LICENSE" .IX Header "LICENSE" This program is copyright (c) 2007 Baron Schwartz. Feedback and improvements are welcome. .PP \&\s-1THIS\s0 \s-1PROGRAM\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R" \s-1AND\s0 \s-1WITHOUT\s0 \s-1ANY\s0 \s-1EXPRESS\s0 \s-1OR\s0 \s-1IMPLIED\s0 \&\s-1WARRANTIES\s0, \s-1INCLUDING\s0, \s-1WITHOUT\s0 \s-1LIMITATION\s0, \s-1THE\s0 \s-1IMPLIED\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \&\s-1MERCHANTIBILITY\s0 \s-1AND\s0 \s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0. .PP This program is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation, version 2; \s-1OR\s0 the Perl Artistic License. On \s-1UNIX\s0 and similar systems, you can issue `man perlgpl' or `man perlartistic' to read these licenses. .PP You should have received a copy of the \s-1GNU\s0 General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, \s-1MA\s0 02111\-1307 \s-1USA\s0. .SH "AUTHOR" .IX Header "AUTHOR" Baron Schwartz. .SH "VERSION" .IX Header "VERSION" This manual page documents Ver 1.0.3 Distrib 1053 \f(CW$Revision\fR $.