There are cases when you forget mysql root password or you are asked to start supporting a new database and you have not been handed over passwords.Oracle DBA’s are used to login as sqlplus “/ as sysdba” from host with user which is part of dba group. This can be used to connect or changing password by recreating password file (orapwd)
In case of mysql , this is not possible. If you have enabled password authentication (which is the right way 🙂 ) , you will get following error
-bash-4.1$ mysql -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Lets try with some dummy password
-bash-4.1$ mysql -u root -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
We need to reset the password now. This can be done in two ways
Method 1
1) Add following parameter under mysqld section in /etc/my.cnf or any other custom parameter file
[mysqld] skip-grant-tables
2) Restart the mysql server
3) Now you should be able to login to server without password
-bash-4.1$ mysql -u root Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.1.67.0 Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
4) Next we need to reset the password
mysql> update mysql.user set password=password('askdba') where user='root';
Query OK, 3 rows affected (0.00 sec)
Rows matched: 3 Changed: 3 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
5) Restart the mysql server and try connecting with password
-bash-4.1$ mysql -u root -paskdba Your MySQL connection id is 1 mysql>
This approach is widely used but has serious security concerns. This approach allows anyone to connect to mysql root user without password.
e.g I am connecting from remote machine when mysql was started with ‘skip-grant-tables’ option
-bash-4.1$ mysql -u root -h mysqldev01.askdba.org mysql> select hostname(); ERROR 1305 (42000): FUNCTION hostname does not exist mysql> select @@hostname; +---------------------------------+ | @@hostname | +---------------------------------+ | mysqldev01.askdba.org | +---------------------------------+ 1 row in set (0.00 sec)
One option is to use bind-address=127.0.0.1 in my.cnf which will disable remote connections. But again this is not fool proof.
Method 2
This is one more way which is safer and recommended way of resetting passwords
1) Create a text file with following line say tmp_mysql.txt. Using new password to ensure that this file is read and correctly executed
update mysql.user set password=password('securepass') where user='root';
flush privileges;
2) Edit /etc/my.cnf file and add following parameter under mysqld
[mysqld] init-file=/home/askdba/tmp_mysql.txt
3) Restart mysql server process and you will be able to connect using specified password
bash-4.1$ mysql -u root -paskdba ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) -bash-4.1$ mysql -u root -psecurepass mysql>
I tried with old password first to ensure that it doesn’t work. We are able to login to successfully login using “securepass” password
Recent Comments