Scroll to navigation

MYSQLUSERCLONE(1) MySQL Utilities MYSQLUSERCLONE(1)

NAME

mysqluserclone - Clone Existing User to Create New User

SYNOPSIS

mysqluserclone [options] base_user new_user[:password][@host_name] ...

DESCRIPTION

This utility uses an existing MySQL user account on one server as a template, and clones it to create one or more new user accounts with the same privileges as the original user. The new users can be created on the original server or a different server.

To list users for a server, specify the --list option. This prints a list of the users on the source (no destination is needed). To control how to display list output, use one of the following values with the --format option:

grid (default)

Display output in grid or table format like that of the mysql client command-line tool.

csv

Display output in comma-separated values format.

tab

Display output in tab-separated format.

vertical

Display output in single-column format like that of the \G command for the mysql client command-line tool.

OPTIONS.PP mysqluserclone accepts the following command-line options:

•--help

Display a help message and exit.

•--license

Display license information and exit.

•--destination=<destination>

Connection information for the destination server.

To connect to a server, it is necessary to specify connection parameters such as the user name, host name, password, and either a port or socket. MySQL Utilities provides a number of ways to supply this information. All of the methods require specifying your choice via a command-line option such as --server, --master, --slave, etc. The methods include the following in order of most secure to least secure.

•Use login-paths from your .mylogin.cnf file (encrypted, not visible). Example : <login-path>[:<port>][:<socket>]

•Use a configuration file (unencrypted, not visible) Note: available in release-1.5.0. Example : <configuration-file-path>[:<section>]

•Specify the data on the command-line (unencrypted, visible). Example : <user>[:<passwd>]@<host>[:<port>][:<socket>]

•--dump, -d

Display the GRANT statements to create the account rather than executing them. In this case, the utility does not connect to the destination server and no --destination option is needed.

•--format=<list_format>, -f<list_format>

Specify the user display format. Permitted format values are grid, csv, tab, and vertical. The default is grid. This option is valid only if --list is given.

•--force

Drop the new user account if it exists before creating the new account. Without this option, it is an error to try to create an account that already exists.

•--include-global-privileges

Include privileges that match base_user@% as well as base_user@host.

•--list

List all users on the source server. With this option, a destination server need not be specified.

•--quiet, -q

Turn off all messages for quiet execution.

•--source=<source>

Connection information for the source server.

To connect to a server, it is necessary to specify connection parameters such as the user name, host name, password, and either a port or socket. MySQL Utilities provides a number of ways to supply this information. All of the methods require specifying your choice via a command-line option such as --server, --master, --slave, etc. The methods include the following in order of most secure to least secure.

•Use login-paths from your .mylogin.cnf file (encrypted, not visible). Example : <login-path>[:<port>][:<socket>]

•Use a configuration file (unencrypted, not visible) Note: available in release-1.5.0. Example : <configuration-file-path>[:<section>]

•Specify the data on the command-line (unencrypted, visible). Example : <user>[:<passwd>]@<host>[:<port>][:<socket>]

•--ssl-ca

The path to a file that contains a list of trusted SSL CAs.

•--ssl-cert

The name of the SSL certificate file to use for establishing a secure connection.

•--ssl-cert

The name of the SSL key file to use for establishing a secure connection.

•--ssl

Specifies if the server connection requires use of SSL. If an encrypted connection cannot be established, the connection attempt fails. Default setting is 0 (SSL not required).

•--verbose, -v

Specify how much information to display. Use this option multiple times to increase the amount of information. For example, -v = verbose, -vv = more verbose, -vvv = debug.

•--version

Display version information and exit.

NOTES.PP For the --format option, the permitted values are not case sensitive. In addition, values may be specified as any unambiguous prefix of a valid value. For example, --format=g specifies the grid format. An error occurs if a prefix matches more than one valid value.

The path to the MySQL client tools should be included in the PATH environment variable in order to use the authentication mechanism with login-paths. This will allow the utility to use the my_print_defaults tools which is required to read the login-path values from the login configuration file (.mylogin.cnf).

When cloning users that are defined with an authentication plugin, the utility will attempt to use the authentication plugin for the destination user(s). The utility will issue an error if the plugin is not on the destination machine or is inactive and the operation will be aborted. A warning is issued if a password is assigned to a new user when the source user has an authentication plugin. In this case, the utility will use the password and not the authentication plugin for the new user. EXAMPLES.PP To clone joe as sam and sally with passwords and logging in as root on the local machine, use this command:

shell> mysqluserclone --source=root@localhost \


          --destination=root@localhost \


          joe@localhost sam:secret1@localhost sally:secret2@localhost
# Source on localhost: ... connected.
# Destination on localhost: ... connected.
# Cloning 2 users...
# Cloning joe@localhost to user sam:secret1@localhost
# Cloning joe@localhost to user sally:secret2@localhost
# ...done.

The following command shows all users on the local server in the most verbose output in CSV format:

shell> mysqluserclone --source=root@localhost --list --format=csv -vvv
# Source on localhost: ... connected.
user,host,database
joe,localhost,util_test
rpl,localhost,
sally,localhost,util_test
sam,localhost,util_test
joe,user,util_test

PERMISSIONS REQUIRED.PP The account used on the source server must have privileges to read the mysql database. The account used to connect to the destination server must have privileges to execute CREATE USER (and DROP USER if the --force option is given), and privileges to execute GRANT for all privileges to be granted to the new accounts.

COPYRIGHT

Copyright © 2006, 2016, Oracle and/or its affiliates. All rights reserved.

This documentation is free software; you can redistribute it and/or modify it only under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License.

This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with the program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.

SEE ALSO

For more information, please refer to the MySQL Utilities and Fabric documentation, which is available online at http://dev.mysql.com/doc/index-utils-fabric.html

AUTHOR

Oracle Corporation (http://dev.mysql.com/).

08/01/2016 MySQL 1.6.3