backup and sst user for xtrabackup v2.3 and later

Hi All!

I would like to start using xtrabackup for Galera SST (instead of rsync) and for backup and I’m a little confused about documentation of using a backup and an SST user. For example I have a 3 node percona xtradb cluster and I can perfom a backup with this command which seems to be perfectly working:

xtrabackup --backup --datadir=/var/lib/mysql/ --target-dir=/backups/mysql/ --stream=tar > /backups/mysql/date +%Y-%m-%d_db_backup.tar
160411 15:24:16 version_check Connecting to MySQL server with DSN ‘dbi:mysql:;mysql_read_default_group=xtrabackup;port=3306;mysql_socket=/var/run/mysqld/mysqld.sock’ as ‘root’ (using password: YES).
160411 15:24:16 version_check Connected to MySQL server
160411 15:24:16 version_check Executing a version check against the server…
160411 15:24:18 version_check Done.
160411 15:24:18 Connecting to MySQL server host: localhost, user: root, password: set, port: 3306, socket: /var/run/mysqld/mysqld.sock

I do not pass any auth info, but the output shows that xtrabackup connects to mysql as ‘root’. Is this correct? Evidently if this works perfectly this way, why do I need a backupuser with special privileges?

Thanks in advance!