It’s bad practice to provide world-writable access to critical
files in Linux, though we’ve seen time and time again that this
is done to conveniently share files with other users,
applications, or services. But with Xtrabackup, preparing backups
could go wrong if the backup configuration has world-writable
file permissions.
Say you performed a backup on a MySQL instance configured with
data-at-rest encryption using the keyring plugin. On the backup
directory, the generated backup-my.cnf contains these
instructions to load this plugin that will be used by Xtrabackup
while preparing the backup:
backup-my.cnf
[mysqld]
innodb_checksum_algorithm=crc32
innodb_log_checksum_algorithm=strict_crc32
innodb_data_file_path=ibdata1:12M:autoextend
innodb_log_files_in_group=2
innodb_log_file_size=1073741824
innodb_fast_checksum=false
innodb_page_size=16384
innodb_log_block_size=512
innodb_undo_directory=./ …
[Read more]