Security Best Practices

Don't use the database's master root account inside script configurations if you can avoid it. Instead, create a dedicated MySQL user that only possesses the bare minimum permissions required to copy files and lock tables:

Create a Restricted Backup User

CREATE USER 'backup_user'@'localhost' IDENTIFIED BY 'your_ultra_secure_password';

-- Grant minimum required privileges for hot-backups
GRANT RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'backup_user'@'localhost';

-- Required for MySQL 8.0+ to track block modifications
GRANT BACKUP_ADMIN ON *.* TO 'backup_user'@'localhost';

FLUSH PRIVILEGES;