Documentation Home
MySQL Utilities 1.6 Manual
Related Documentation Download this Manual
PDF (US Ltr) - 1.2Mb
PDF (A4) - 1.2Mb
EPUB - 288.2Kb
HTML Download (TGZ) - 208.9Kb
HTML Download (Zip) - 221.6Kb


MySQL Utilities 1.6 Manual  /  Manual Pages  /  mysqluserclone — Clone Existing User to Create New User

Beta Draft: 2016-08-26

5.28 mysqluserclone — Clone Existing User to Create New User

This utility uses an existing MySQL user account on one server as a template, and clones it to create one or more new user accounts with the same privileges as the original user. The new users can be created on the original server or a different server.

To list users for a server, specify the --list option. This prints a list of the users on the source (no destination is needed). To control how to display list output, use one of the following values with the --format option:

  • grid (default)

    Display output in grid or table format like that of the mysql client command-line tool.

  • csv

    Display output in comma-separated values format.

  • tab

    Display output in tab-separated format.

  • vertical

    Display output in single-column format like that of the \G command for the mysql client command-line tool.

OPTIONS

mysqluserclone accepts the following command-line options:

  • --help

    Display a help message and exit.

  • --license

    Display license information and exit.

  • --destination=<destination>

    Connection information for the destination server.

    To connect to a server, it is necessary to specify connection parameters such as the user name, host name, password, and either a port or socket. MySQL Utilities provides a number of ways to supply this information. All of the methods require specifying your choice via a command-line option such as --server, --master, --slave, etc. The methods include the following in order of most secure to least secure.

    • Use login-paths from your .mylogin.cnf file (encrypted, not visible). Example : <login-path>[:<port>][:<socket>]

    • Use a configuration file (unencrypted, not visible) Note: available in release-1.5.0. Example : <configuration-file-path>[:<section>]

    • Specify the data on the command-line (unencrypted, visible). Example : <user>[:<passwd>]@<host>[:<port>][:<socket>]

  • --dump, -d

    Display the GRANT statements to create the account rather than executing them. In this case, the utility does not connect to the destination server and no --destination option is needed.

  • --format=<list_format>, -f<list_format>

    Specify the user display format. Permitted format values are grid, csv, tab, and vertical. The default is grid. This option is valid only if --list is given.

  • --force

    Drop the new user account if it exists before creating the new account. Without this option, it is an error to try to create an account that already exists.

  • --include-global-privileges

    Include privileges that match base_user@% as well as base_user@host.

  • --list

    List all users on the source server. With this option, a destination server need not be specified.

  • --quiet, -q

    Turn off all messages for quiet execution.

  • --source=<source>

    Connection information for the source server.

    To connect to a server, it is necessary to specify connection parameters such as the user name, host name, password, and either a port or socket. MySQL Utilities provides a number of ways to supply this information. All of the methods require specifying your choice via a command-line option such as --server, --master, --slave, etc. The methods include the following in order of most secure to least secure.

    • Use login-paths from your .mylogin.cnf file (encrypted, not visible). Example : <login-path>[:<port>][:<socket>]

    • Use a configuration file (unencrypted, not visible) Note: available in release-1.5.0. Example : <configuration-file-path>[:<section>]

    • Specify the data on the command-line (unencrypted, visible). Example : <user>[:<passwd>]@<host>[:<port>][:<socket>]

  • --ssl-ca

    The path to a file that contains a list of trusted SSL CAs.

  • --ssl-cert

    The name of the SSL certificate file to use for establishing a secure connection.

  • --ssl-key

    The name of the SSL key file to use for establishing a secure connection.

  • --ssl

    Specifies if the server connection requires use of SSL. If an encrypted connection cannot be established, the connection attempt fails. Default setting is 0 (SSL not required).

  • --verbose, -v

    Specify how much information to display. Use this option multiple times to increase the amount of information. For example, -v = verbose, -vv = more verbose, -vvv = debug.

  • --version

    Display version information and exit.

NOTES

For the --format option, the permitted values are not case sensitive. In addition, values may be specified as any unambiguous prefix of a valid value. For example, --format=g specifies the grid format. An error occurs if a prefix matches more than one valid value.

The path to the MySQL client tools should be included in the PATH environment variable in order to use the authentication mechanism with login-paths. This will allow the utility to use the my_print_defaults tools which is required to read the login-path values from the login configuration file (.mylogin.cnf).

When cloning users that are defined with an authentication plugin, the utility will attempt to use the authentication plugin for the destination user(s). The utility will issue an error if the plugin is not on the destination machine or is inactive and the operation will be aborted. A warning is issued if a password is assigned to a new user when the source user has an authentication plugin. In this case, the utility will use the password and not the authentication plugin for the new user.

EXAMPLES

To clone joe as sam and sally with passwords and logging in as root on the local machine, use this command:

shell> mysqluserclone --source=root@localhost \
          --destination=root@localhost \
          joe@localhost sam:secret1@localhost sally:secret2@localhost
# Source on localhost: ... connected.
# Destination on localhost: ... connected.
# Cloning 2 users...
# Cloning joe@localhost to user sam:secret1@localhost
# Cloning joe@localhost to user sally:secret2@localhost
# ...done.

The following command shows all users on the local server in the most verbose output in CSV format:

shell> mysqluserclone --source=root@localhost --list --format=csv -vvv
# Source on localhost: ... connected.
user,host,database
joe,localhost,util_test
rpl,localhost,
sally,localhost,util_test
sam,localhost,util_test
joe,user,util_test

PERMISSIONS REQUIRED

The account used on the source server must have privileges to read the mysql database. The account used to connect to the destination server must have privileges to execute CREATE USER (and DROP USER if the --force option is given), and privileges to execute GRANT for all privileges to be granted to the new accounts.


User Comments
Sign Up Login You must be logged in to post a comment.