Flow:
- [] Installation innobackupex
- [] Backup data
- [] Create a backup of users and authorized
Examples of innobackupex read a lot of online backup, many of which are found directly "root" user data backup; however, this backup is very unsafe, "root" password mysql database directly exposed in front of the screen ; it plainly this and "streaking" what's the difference; if the password database landed in the hands of others, then the consequences can ..... (by this they want it). This article is born to solve this problem!
First, install innobackup
Installation dependencies
# yum -y install rsync perl-DBD-MySQL numactl libaio-devel perl-Digest perl-Digest-MD5
# wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libev-4.15-3.el7.x86_64.rpm
# rpm -ivh libev-4.15-3.el7.x86_64.rpm
# wget https://www.percona.com/downloads/XtraBackup/Percona-XtraBackup-2.4.11/binary/redhat/7/x86_64/percona-xtrabackup-24-2.4.11-1.el7.x86_64.rpm
# rpm –ivh percona-xtrabackup-24-2.4.11-1.el7.x86_64.rpmSecond, data backup
# innoxtrabackupex --defaults-file=/etc/my.cnf --socket=/data/mysql/mysql.sock --user=root --password=123456 /mnt/xtraAt the end there is this prompt is successful backup 
to the backup directory good view, good data is backed up
Tips:
If such data to be backed up, then get in the enterprise, then the root password to go directly exposed, and such "naked" What is the difference, which is too insecure, right!
So the user with a login authorization, authority control, backed up by authorized users .......
Third, create a backup of users and authorized
Mysql> grant reload,lock tables,replication client,create tablespace,process,super on *.* to 'xtrabackup'@'localhost' identified by '123456';
Mysql> flush privileges;Do not use (Grant All ON . To 'root-text1' @ '%' indentified by '123456';) The reason to create is to control the use of authority, to avoid abuse of privileges
Note: try "xtrabackup" user login mysql, can normal landing, permissions library / table / user only to view, modify can not delete 
a backup database with "xtrabackup" user
# innoxtrabackupex --defaults-file=/etc/my.cnf --socket=/data/mysql/mysql.sock --user=xtrabackup --password=123123 /mnt/xtraBackup successful 
landing mysql, view of user access rights
Mysql> select user,host,Reload_priv from user;正因为授权给 “xtrabackup” 用户有了 “Reload”重加载的权限才能对数据库进行备份
在数据库上尝试用 “back” 用户进行备份,会发现报错。如下图所示
温馨提示: 如果是没有 “Reload” 权限的用户无法执行备份
总结(两步走):
对备份用户授权
Mysql> grant reload,lock tables,replication client,create tablespace,process,super on *.* to 'xtrabackup'@'localhost' identified by '123456';备份
# innoxtrabackupex --defaults-file=/etc/my.cnf --socket=/data/mysql/mysql.sock --user=xtrabackup --password=123123 /mnt/xtra附上 mysql 用户常用权限详解
| 权限 | 权限级别 | 权限说明 |
|---|---|---|
| CREATE | 数据库、表或索引 | 数据库、表或索引权限 |
| DROP | 数据库表 | 删除数据库或表权限 |
| GRANT OPTION | 数据库、表或保存的程序 | 赋予权限选项 |
| REFERENCES | 数据库或表 | |
| ALTER | 表 | 更改表,比如添加字段、索引等 |
| DELETE | 表 | 删除数据权限 |
| INDEX | 表 | 索引权限 |
| INSERT | 表 | 插入权限 |
| SELECT | 表 | 查询权限 |
| UPDATE | 表 | 更新权限 |
| CREATE VIEW | 视图 | 创建视图 |
| SHOW VIEW | 视图 | 查看视图 |
| ALTER ROUTINE | 存储过程 | 更改存储过程权限 |
| CREATE ROUTINE | 存储过程 | 创建存储过程权限 |
| EXECUTE | 存储过程 | 执行存储过程权限 |
| FILE | 服务器主机上的文件访问 | 文件访问权限 |
| CREATE TEMPORARY TABLES | 服务器管理 | 创建临时表权限 |
| LOCK TABLES | 服务器管理 | 锁表权限 |
| CREATE USER | 服务器管理 | 创建用户权限 |
| PROCESS | 服务器管理 | 查看进程权限 |
| RELOAD | 服务器管理 | 执行flush-hosts, flush-logs, flush-privileges, flush-status, flush-tables, flush-threads, refresh, reload等命令的权限 |
| REPLICATION CLIENT | 服务器管理 | 复制权限 |
| REPLICATION SLAVE | 服务器管理 | 复制权限 |
| SHOW DATABASES | 服务器管理 | 查看数据库权限 |
| SHUTDOWN | 服务器管理 | 关闭数据库权限 |
| SUPER | 服务器管理 | 执行kill线程权限 |
MYSQL的权限如何分布,就是针对表可以设置什么权限,针对列可以设置什么权限等等,这个可以从官方文档中的一个表来说明
| 权限分布 | 配置的权限 |
|---|---|
| 表权限 | 'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Grant', 'References', 'Index', 'Alter' |
| List Permissions | 'Select', 'Insert', 'Update', 'References' |
| Process rights | 'Execute', 'Alter Routine', 'Grant' |