In addition to this question: Performing root mysql operations in bash scripts
I'd like to ask how to limit/allow this action (performing root administrative actions):
mysql --local-path=mypath -e "CREATE..."
to be used just in one bash script. Maybe it's better in this case to use:
mysql -u root -p'mypass'
I've set up separate user with root privileges (they are needed to create/drop any database), but this way this user accessible from any command line without password can mess around anything (the same if the user sees the hardcoded password).
Maybe it would be better to allow specific mysql user to access only specific mysql procedures/functions to create/drop databases and users?
Create a .my.cnf in a secure location, and populate it with the following:
Then in your cron job call mysql like this:
mysql --defaults-extra-file=/localtion/to/.my.cnf -e "CREATE..."