I am trying to run the following command in MySQL as the root user:
set global log_bin_trust_function_creators=1;
However, this gives me the following error:
Access denied; you need (at least one of) the SUPER privilege(s) for this operation
To overcome this, I tried to grant the SUPER privilege to the root user by running:
GRANT SUPER ON *.* TO 'root'#'my-host' IDENTIFIED BY 'my-password';
This in turn gives me the error:
Access denied for user 'root'#'%' (using password: YES).
So I am not really sure what to do. The MySQL version is 5.7.36 and I am connecting to the database remotely. The root user is also set to mysql_native_password as well. Any ideas on what I can do?
This database was part of Google Cloud SQL and with managed databases like this and Amazon RDS, SUPER privileges are not supported. To enable this parameter, you need to set it through the Google Cloud SQL flags or in case of Amazon RDS, the parameter group.
Related
I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.
Although a variation of this question has been asked before it did not help. Link for anyone interested.
mysql> GRANT SUPER ON *.* TO root#'%' IDENTIFIED BY 'password';
I ran the above command but I receive the following error, even though I am the root user:
Access denied for user 'root'#'%' (using password: YES)
I have also create a custom Parameter Group and set the log_bin_trust_function_creators=1 and rebooted the instance, but still I don't have Super Privileges. Any ideas?
You cannot grant SUPER on an Aurora (or any RDS) database.
Some things that require SUPER can be set via the parameter group settings, and there are some built-in stored procedures for some other common task.
First off, I did google this but sites are flooded with advice on how to deal with "host name is blocked" issues. (https://www.google.com/search?q=mysql+block+a+host). My issue is a little bit the opposite of that.
With me, I am running a MySQL database and no PHP is involved.
I need to block a certain host-name/IP address from connecting to my database, then I will unblock it. I am hoping there are 2 simple queries for this that I can execute on the MySQL database, I just can't seem to find it anywhere.
I can find the hostnames pretty easily by running the show processlist query and I know I can kill one process at a time, but so many new threads pop up that if I can just block all of them from a certain hostname, that would be ideal. Then I will unblock once I fix a few things.
You can use GRANT to give a non-privileged entry for a user connecting from a specific host, even if you have GRANTed privileges to a wildcard including that host. When authenticating, the most specific host match takes precedence.
For example, suppose you enabled a user to connect from a range of hosts on your local subnet:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user'#'192.168.56.%' IDENTIFIED BY 'xyzzy';
Then you could grant the minimal USAGE privilege, which is a synonym for "no privileges" for that user for one specific host within that subnet:
mysql> GRANT USAGE ON *.* TO 'user'#'192.168.56.110';
Subsequent attempts to connect from that host get this error:
$ mysql -uuser -pxyzzy
ERROR 1045 (28000): Access denied for user 'user'#'192.168.56.110' (using password: YES)
The reason this gets an error is that I did this grant for the user with no password. If I try to submit a password, this doesn't match the entry in the privileges table.
Even if the user tries to connect without using a password, he finds he has no access to anything.
$ mysql -uuser
mysql> USE mydatabase;
ERROR 1044 (42000): Access denied for user 'user'#'192.168.56.110' to database 'mydatabase'
You can undo the blocking:
mysql> DELETE FROM mysql.user WHERE host='192.168.56.110' AND user='user';
mysql> FLUSH PRIVILEGES;
And then the IP range will come back into effect, and the user will be able to connect from thathost again.
You can revoke privileges as mentioned above, but this will still allow a user to make a connection to your MySQL server - albeit this will prevent that user from authenticating. If you really want to block/allow connections to your MySQL server based on IP, use iptables.
Have you tried using MySQL Workbench?
You can simply remove ROLES for a specific User/Host from there.
A friend of mine asked me to help him with some minor php/mysql job. He gave me his cpanel access and I have to create a database for him.
I get the error:
MySQL issue : Access denied for user 'user'#'localhost' (using password: YES)
When I type in phpMyAdmin:
CREATE DATABASE db_name;
Is there a way I can grant all priviledges to the user he provided, or is there a way I can create a database with other user?
You can grant usage by using
grant usage on *.* to prasad#localhost identified by 'passwd';
Another thing regarding access denied to even localhost is caused when your firewall is active. You can try disabling antivirus software and also firewall.
A suggestion will be if you are using mysql, then mysql workbench is a great to have. You can create databases through GUI quite easily
I'm getting a very strange error, I've created a user 'testuser' with the following credentials:
CREATE USER 'testuser'#'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON *.* TO 'testuser'#'%';
FLUSH PRIVILEGES;
I have also modified my /etc/mysql/my.cnf not to bind to any single address. (Which afaik should accept connections from anywhere?) And restarted mysql.
And I can connect locally no problem.
I am running inside a virtual box on ubunutu.
Trying to connect from my windows machine, gives me MySQL error number 1045 Access denied for user 'testuser'#'192.168.0.22'.
I'm confident that it's not a networking problem as changing the host or port gives a different error "Cannot connect to the specified instance"
Logging in as root and looking at the users table - all looks as expected. (Single row, '%' for host and all permissions set.)
I've been banging my head against the wall all afternoon... can anyone suggest any other possible causes for this error?
Thanks for any help.
Run the GRANT statement with the IDENTIFIED BY:
GRANT ALL PRIVILEGES ON *.* TO 'testuser'#'%' IDENTIFIED BY '123456';