mysql how to fix Access denied for user 'root'@'localhost'

130

Before I screw up something, when I login using $ mysql -u root -p, and show databases:

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| game_data          |
| test               |
+--------------------+

Then I tried to create a new user and notice something is wrong with the PRIVILEGES.

So I deleted the new users, and I guess I removed the 'root' and 'Admin' accidentally.

Then I try to create 'root' again, but get Access denied error when doing grant all privileges.

mysql> CREATE USER 'root'@'localhost' IDENTIFIED BY 'password';
mysql> grant all privileges on *.* to 'root'@'localhost' identified by 'password' with grant option;
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

If I login to MySQL again using $ mysql -u root -p, and show databases,

+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+

All the other databases are gone.

How do I fix MySQL now?

I cannot find the database 'mysql', cannot create database, create user, anything I try to do will get an error.

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES).

Should I reinstall MySQL using MacPorts? If reinstall, I will lose the database game_data, right?

Vogelsire

Posted 2013-06-03T07:32:18.487

Reputation: 1 403

Also see How to have MySQL entitle the root user? on Super User. It attempts to avoid resetting passwords.

– jww – 2016-04-02T11:28:14.870

I just had a space between -p and the password. I know its silly but might help someone. – Vinay Wadhwa – 2017-02-23T07:18:36.923

Try accesing the server with 'root'@'127.0.0.1' which is diferent from 'root'@'localhost'. Then issue a command to create the user 'root'@'localhost' and grant all privileges to it. – Gimmy – 2013-06-03T08:06:45.573

Answers

138

Follow the steps below.

Start the MySQL server instance or daemon with the --skip-grant-tables option (security setting).
```
$ mysqld --skip-grant-tables
```

Execute these statements.

$ mysql -u root mysql
$mysql> UPDATE user SET Password=PASSWORD('my_password') where USER='root';
$mysql> FLUSH PRIVILEGES;

If you face the unknown field Password error above use:

update user set authentication_string=password('my_password') where user='root';

Finally, restart the instance/daemon without the --skip-grant-tables option.
```
$ /etc/init.d/mysql restart
```

You should now be able to connect with your new password.

$ mysql -u root -p

Enter password: my_password

Fix for MySQL “Unable to lock ibdata1” error

sudo mv /usr/local/mysql/data/ibdata1 /usr/local/mysql/data/ibdata1.bak
sudo mv /usr/local/mysql/data/ib_logfile0 /usr/local/mysql/data/ib_logfile0.bak
sudo mv /usr/local/mysql/data/ib_logfile1 /usr/local/mysql/data/ib_logfile1.bak
sudo cp -a /usr/local/mysql/data/ibdata1.bak /usr/local/mysql/data/ibdata1
sudo cp -a /usr/local/mysql/data/ib_logfile0.bak /usr/local/mysql/data/ib_logfile0
sudo cp -a /usr/local/mysql/data/ib_logfile1.bak /usr/local/mysql/data/ib_logfile1
sudo /etc/init.d/mysql restart

Yogus

Posted 2013-06-03T07:32:18.487

Reputation: 1 676

I found that stopping mysql before issuing the 1st command stops the lock error from happening - service mysql stop – Frank Tzanabetis – 2015-05-28T03:09:39.427

8Apparently the 'password' column no longer exists... it has been replaced by 'authentication_string'. So the password update string is now: UPDATE user SET authentication_string=PASSWORD('my_password') where USER='root'; – jdmcnair – 2015-12-23T17:03:01.293

@Yogus - is there a way to tell MySQL to honor Root (uid 0) rather than resetting a password? Resetting the password seems like its heavy handed when all I am trying to do is sudo mysqlcheck --all-databases. – jww – 2016-04-01T22:30:26.743

1Thank you! And now I'm curious: what could have caused this? On Windows? – Ilia Andrienko – 2016-12-02T16:38:17.973

FYI, if Update user SET Password ... does not work, per @Mario Olivio Flores's answer to OP, find the column in the user table that best identifies the MySQL native password using describe user; in the MySQL console. In my case, it was the field, user.plugin, and not user.Password. – progfan – 2017-08-26T18:44:44.267

What if "mysql -u root mysql" command says "ERROR 1130 (HY000): Host 'localhost' is not allowed to connect to this MariaDB server"? That is my issue. My MySQL from XAMPP was working since last 4 years and this morning it started giving me this error. – Vipul Hadiya – 2019-08-31T10:09:35.223

1"$ mysqld --skip-grant-tables" and " InnoDB: Unable to lock ./ibdata1, error: 35 InnoDB: Check that you do not already have another mysqld process InnoDB: using the same InnoDB data or log files. " ? – None – 2013-06-03T07:42:20.947

see my update above – Yogus – 2013-06-03T07:45:05.977

None of the above were helpful for me. I found I needed to clear the plugin method. In 5.6, I could do:

sudo mysql -u root
use mysql;
[mysql] update user set plugin='' where User='root';
[mysql] flush privileges;

In 5.7, I found I needed to:

sudo mysql -u root
use mysql;
[mysql] update user set plugin='mysql_native_password' where User='root';
[mysql] flush privileges;

According to the docs, with plugin set to an empty string, it should have effectively defaulted to mysql_native_password, but may be getting confused by an empty password hash. For more nuance, you can read the documentation here: https://dev.mysql.com/doc/refman/5.7/en/native-authentication-plugin.html

Mario Olivio Flores

Posted 2013-06-03T07:32:18.487

Reputation: 958

6This solved it for me. When I looked at the status of the mysql daemon, I saw this warning: "[Warning] 'user' entry 'root@localhost' has both a password and an authentication plugin specified. The password will be ignored." Setting plugin to '' allowed me to login again. Thank you, @Mario Flores – SpacePope – 2016-09-29T17:07:31.793

My plugin was blank. The funny thing is it changed to blank automatically. Please note that I am talking about an installation on my personal computer where I use dist-upgrades, so that might be the reason why the root user broke. – Friend of Kim – 2016-10-02T07:55:12.340

2set plugin='mysql_native_password' did it for me, thanks! For reference: https://dev.mysql.com/doc/refman/5.7/en/native-authentication-plugin.html – Koen. – 2016-12-08T10:55:09.743

1Why is this still a problem for ground up package installs going into 2018 ? – mckenzm – 2017-10-01T06:31:51.513

1Well, the MariaDB default plugin="unix_socket"is so secure, that it really takes a while to get connected :) Thanks for this answer, worked for me. – BurninLeo – 2017-12-07T11:51:35.263

3ubuntu 18 , and it worked – Rahal Kanishka – 2018-06-23T17:48:55.383

Thanks, you saved several hours for me messing with that! – POMATu – 2019-01-28T19:20:49.150

1This is the solution! – Darko Miletic – 2019-02-04T13:45:24.637

This worked for me installing mysql-server on Ubuntu in Windows 10. Thanks ! – boxofrats – 2019-04-02T03:05:40.737

1This worked! Ubuntu 18. Thanks. – Kovo – 2019-11-21T17:39:01.173

Every time I installed MariaDB on Ubuntu OS, I always had to do this step. Else it would be "Access denied for user....". – GPraz – 2020-01-22T13:36:28.887

grep 'temporary password' /var/log/mysqld.log
Sort date (newest date)

You may see something like this;

[root@SERVER ~]# grep 'temporary password' /var/log/mysqld.log
2016-01-16T18:07:29.688164Z 1 [Note] A temporary password is generated for root@localhost: O,k5.marHfFu
2016-01-22T13:14:17.974391Z 1 [Note] A temporary password is generated for root@localhost: b5nvIu!jh6ql
2016-01-22T15:35:48.496812Z 1 [Note] A temporary password is generated for root@localhost: (B*=T!uWJ7ws
2016-01-22T15:52:21.088610Z 1 [Note] A temporary password is generated for root@localhost: %tJXK7sytMJV
2016-01-22T16:24:41.384205Z 1 [Note] A temporary password is generated for root@localhost: lslQDvgwr3/S
2016-01-22T22:11:24.772275Z 1 [Note] A temporary password is generated for root@localhost: S4u+J,Rce_0t
[root@SERVER ~]# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 

The existing password for the user account root has expired. Please set a new password.

New password: 

Re-enter new password:

If you see it says

... Failed! Error: Your password does not satisfy the current policy requirements
That means your password needs to have a character such as ! . # - etc...
mix characters well, upper case, lower case, ! . , # etc...

New password: 

Re-enter new password: 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y

New password: 

Re-enter new password: 

Estimated strength of the password: 100 
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done! 
[root@SERVER ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.7.10 MySQL Community Server (GPL)

Watch the last 10 minutes of this video, it teaches you how you do it.

Tadeh

Posted 2013-06-03T07:32:18.487

Reputation: 81

Although this may answer the question, you should give a more detailed description of the linked content and explain how it relates to the question. This will help ensure that this answer remains useful in the event the linked page is removed or goes offline. For more information, see this Meta Stack Exchange post.

– bwDraco – 2016-01-22T23:15:50.497

This is the use case I saw, I'm installing mysql on RHEL7 in AWS with Ansible and I'm getting the same behavior after reconfiguring and restarting the DB. Do you know why this happens on the first place, is blocking Ansible from accessing the local mysqld and configuring it. This is just for testing purposes. – einarc – 2016-05-13T21:43:52.313

Apparently it depends on how you initialize the server, look at step 4 here: https://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization-mysqld.html

– einarc – 2016-05-13T21:48:16.303

Also make sure needed record in table user has empty plugin field (there can be, for example, "unix_socket").

Since version 5.5.7 mysql has various auth plugins support https://dev.mysql.com/doc/refman/5.6/en/authentication-plugins.html

So if you have non-empty plugin field then password would be ignored and there would be warning at mysql error log (for me it's /var/log/mysql/error.log):

[Warning] 'user' entry 'root@localhost' has both a password and an authentication plugin specified. The password will be ignored.

d9k

Posted 2013-06-03T07:32:18.487

Reputation: 401

1For someone else that runs across this, when running mysql server 5.7.15, this actually locks your user out if you do not provide a plugin.

Probably what you are looking for is a plugin of mysql_native_password. – Jonathan Cantrell – 2016-09-28T17:41:37.030

In my case I had a database corruption, after restarting mysql on Debian the root login was without password. The solution was this :

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'test';

Some other answers also have mentioned the native_password plugin but this is how you can do it without complicated fiddling around. That's how it is meant to be changed.

John

Posted 2013-06-03T07:32:18.487

Reputation: 268

Try it:

mysql --no-defaults --force --user=root --host=localhost --database=mysql 
UPDATE user SET Password=PASSWORD('NEWPASSWORD') where USER='root';
FLUSH PRIVILEGES;

Gustavo Duarte

Posted 2013-06-03T07:32:18.487

Reputation: 39

@CanadianLuke no defaults skips any configuration files present that it'd otherwise include, force continues operation even if any of the issued SQL commands fails. When in doubt, check the manual

– deucalion – 2015-05-26T11:39:54.817

3It needs to be edited in to the answer – Canadian Luke – 2015-05-26T14:31:21.800

2I get ERROR 1054 (42S22): Unknown column 'Password' in 'field list' – Jonathan – 2016-05-16T15:38:56.110

@JonathanLeaders look: http://stackoverflow.com/questions/30692812/mysql-user-db-does-not-have-password-columns-installing-mysql-on-osx

– Gustavo Duarte – 2016-05-18T00:47:45.503

6Can you describe what the --no-defaults --force switches do? Otherwise, it's a VLQ duplicate of the above, accepted answer. – Canadian Luke – 2014-02-21T17:17:18.280