Remote db connection issues - mysql

I am trying to log into mysql using SSH using this command:
mysql -u username -p -h hostname
Where 'username' and 'hostname' and placeholders for the real params. However, the above gives an error :
ERROR 1045 (28000): Access denied for user 'username'#'vps-xxxxxx.xxxx.com' (using password: YES)
Why is it appending the "#vps-xx...." with the remote server username?

Place this on root
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'IP' IDENTIFIED BY 'PASSWORD' with the grant options;
Privileges Provided by MySQL
Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.
FLUSH PRIVILEGES;
How To Grant Different User Permissions
Here is a short list of other common possible permissions that users can enjoy.
ALL PRIVILEGES- as we saw previously, this would allow a MySQL
user all access to a designated database (or if no database is
selected, across the system)
CREATE- allows them to create new tables or databases
DROP- allows them to them to delete tables or databases
DELETE- allows them to delete rows from tables
INSERT- allows them to insert rows into tables
SELECT- allows them to use the Select command to read through
databases
UPDATE- allow them to update table rows
GRANT OPTION- allows them to grant or remove other users'
privileges

Related

Mysql not listing all Databases for root user

I have a mysql database running on k8s cluster inside pod. it was previously listing all the databases when i login through mysql -u root -p and then entering password. But my application was not able to connect to that database and was showing 1045, "Access denied for user 'root'#'ipaddress' (using password: YES)" there was just one host which is % and user was root
i have updated secrets as well and restart deployment but still it was showing the above error.
then i ran this command to grant all privileges to root user
GRANT ALL ON root.* TO 'root'#'localhost' IDENTIFIED BY 'password';
it creates one more host for root which is localhost. Now when i try to login with
mysql -u root -p
it is not listing my databases and just showing
And now host is localhost. what should i do to get my database back.
In MySQL permissions are granted for "accounts" which consist of a user name and a host name [1]. So in terms of GRANTS:
myuser#127.0.0.1
myuser#192.168.1.1
The above are two different users. The wildcard in terms of permissions is %. However % and localhost are mutually exclusive as explained here.
So having that in mind you would need to run something close to:
CREATE USER 'root'#'%' IDENTIFIED BY 'changeme';
GRANT ALL PRIVILEGES ON your_database_name.* TO 'root'#'%';
In order to enable connections coming from a different host. Please keep in mind that using the username root should be avoided. Instead, use a dedicated user for your needs.

How to give all privileges to a new user that I created 'user#%'

I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.

Mariadb host works on “localhost” but not IP alternative - 127.0.0.1

I am trying to connect to my database through an ash tunnel using sequel pro but it is not working and forces me to use 127.0.0.1 when entering "localhost" which leads to the problem where if I run on the command line:
mysql --host "localhost"
It works
If I run:
mysql --host "127.0.0.1"
I get the access denied error:
ERROR 1698 (28000): Access denied for user 'root'#'localhost'
What is going on?
I have tried:
update user set host='%' where host='localhost'
but this does not work.
Many SQL servers have two or more different user entries for every user that might come in via either localhost or remote. (127.0.0.1 counts as remote).
For example, for the root user, you might have these three user entries.
CREATE USER 'root'#'localhost' IDENTIFIED BY REDACTED;
CREATE USER 'root'#'127.0.0.1' IDENTIFIED BY REDACTED;
CREATE USER 'root'#'%.example.com' IDENTIFIED BY REDACTED;
There's nothing much special about the name root except that it has been granted a lot of privileges when your MySQL was installed. You need to grant the same privileges to the other versions of root#whatever you create.
I created a new user:
CREATE USER 'non-root'#'localhost' IDENTIFIED BY '123';
and then granted them all the same privileges:
GRANT ALL PRIVILEGES ON * . * TO 'non-root'#'localhost';
and then deleted root and renamed non-root to root
and now it finally works.

Granting localhost privileges or creating another user with them

I connected to MySql by this command:
$ mysql -h localhost
mysql> CREATE USER 'alex1'#localhost IDENTIFIED BY 'password$';
ERROR 1227 (42000): Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
And now I can't anything (create a new user with CRUD privileges, for instance) because localhost doesn't have enough privileges. I can't connect to MySql with any other credentials because I don't remember them. How do I grant localhost privileges to do that or create another user or a schema?
The problem is the user you are logged in as is the default user that will be used to access MySQL. This user does not have access to create other users.
Its not about 'localhost'.
If you know the username of an account that has grant privileges, specify it manually at the prompt:
$ mysql -u root -p -h localhost
Now it will ask you for the password for the root account for MySQL. This is normally the main "superuser" account that has all permissions.
If you don't know the root credentials and you don't have another user that has these permissions, then you need to reset the root password. Follow the steps in the manual for your operating system.

MySQL: Access denied for user 'test'#'localhost' (using password: YES) except root user

I am facing problem with mysql non root/admin user, I am following the below steps for creating user and its privileges, correct me if i am doing wrong,
i am installing mysql on RHEL 5.7 64bit, packages are mentioned below, once i done the rpm install we are
creating mysql db using mysql_install_db, then
starting the mysql service then
using mysql_upgrade also we are doing to the server.
After this process i can login as root but with a non-root user I am not able to log into the server:
[root#clustertest3 ~]# rpm -qa | grep MySQL
MySQL-client-advanced-5.5.21-1.rhel5
MySQL-server-advanced-5.5.21-1.rhel5
[root#clustertest3 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root#clustertest3 ~]# ls -ld /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 Nov 30 11:09 /var/lib/mysql/mysql.sock
mysql> CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+----------------+----------------+
| USER() | CURRENT_USER() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
[root#clustertest3 ~]# mysql -ugolden -p
Enter password:
ERROR 1045 (28000): Access denied for user 'golden'#'localhost' (using password: YES)
This is the problem I am facing, is there any solution to this?
Do not grant all privileges over all databases to a non-root user, it is not safe (and you already have "root" with that role)
GRANT <privileges> ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This statement creates a new user and grants selected privileges to it.
I.E.:
GRANT INSERT, SELECT, DELETE, UPDATE ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
Take a look at the docs to see all privileges detailed
EDIT: you can look for more info with this query (log in as "root"):
select Host, User from mysql.user;
To see what happened
If you are connecting to the MySQL using remote machine(Example workbench) etc., use following steps to eliminate this error on OS where MySQL is installed
mysql -u root -p
CREATE USER '<<username>>'#'%%' IDENTIFIED BY '<<password>>';
GRANT ALL PRIVILEGES ON * . * TO '<<username>>'#'%%';
FLUSH PRIVILEGES;
Try logging into the MYSQL instance.
This worked for me to eliminate this error.
Try:
CREATE USER 'golden'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'localhost';
FLUSH PRIVILEGES;
Or even better use: mysql_setpermission to create the user
It looks like you're trying to make a user 'golden'#'%' but a different user by the name of 'golden'#'localhost' is getting in the way/has precedence.
Do this command to see the users:
SELECT user,host FROM mysql.user;
You should see two entries:
1) user= golden, host=%
2) user= golden, host=localhost
Do these Command:
DROP User 'golden'#'localhost';
DROP User 'golden'#'%';
Restart MySQL Workbench.
Then do your original commands again:
CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Then when you go to try to sign in to MySQL, type it in like this:
Hit 'Test Connection' and enter your password 'password'.
First I created the user using :
CREATE user user#localhost IDENTIFIED BY 'password_txt';
After Googling and seeing this, I updated user's password using :
SET PASSWORD FOR 'user'#'localhost' = PASSWORD('password_txt');
and I could connect afterward.
For anyone else who did all the advice but the problem still persists.
Check for stored procedure and view DEFINERS. Those definers may no longer exists.
My problem showed up when we changed the wildcard host (%) to IP specific, making the database more secure. Unfortunately there are some views that are still using 'user'#'%' even though 'user'#'172....' is technically correct.
I also have the similar problem, and later on I found it is because I changed my hostname (not localhost).
Therefore I get it resolved by specifying the --host=127.0.0.1
mysql -p mydatabase --host=127.0.0.1
According way you create your user, MySQL interprets a different manner. For instance, if you create a user like this:
create user user01 identified by 'test01';
MySQL expects you give some privilege using grant all on <your_db>.* to user01;
Don't forget to flush privileges;
But, if you create user like that (by passing an IP address), you have to change it to:
create user 'user02'#'localhost' identified by 'teste02';
so, to give some privileges you have to do that:
grant all on <your_db>.* to user02#localhost;
flush privileges;
Make sure the user has a localhost entry in the users table. That was the problem I was having. EX:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
For annoying searching getting here after searching for this error message:
Access denied for user 'someuser#somewhere' (using password: YES)
The issue for me was not enclosing the password in quotes. eg. I needed to use -p'password' instead of -ppassword
Try this:
If you have already created your user, you might have created your user with the wrong password.
So drop that user and create another user by doing this.
To see your current users.
SELECT Host,User FROM mysql.user;
To drop the user
DROP User '<your-username>'#'localhost';
After this you can create the user again with the correct password
CREATE USER '<your-username>'#'localhost' IDENTIFIED WITH mysql_native_password BY '<correct password>';
then
FLUSH PRIVILEGES;
You might still run into some more errors with getting access to the database, if you have that error run this.
GRANT ALL PRIVILEGES ON *.* to '<your-username>'#'localhost';
In my case the same error happen because I was trying to use mysql by just typing "mysql" instead of "mysql -u root -p"
connect your server from mysqlworkbench and run this command->
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourpassword';
The error of ERROR 1045 (28000): Access denied for user might not be always related to privilages problems but to the fact that there is a missing -p at the end of the command:
# Will prompt us a mysql terminal in case there are no privilages issues
mysql -u root -p
# Will fail with the mentioned ERROR 1045
mysql -u root
sometimes,it can just be a wrong password.Kindly remember your passwords including their sensitivity.
I had this issue and something dummy ended up solving.
For some reason "locahost" was not resolving for anything, so using its local IP made it work.
So you would change
mysql -h localhost -P 33061
to:
mysql -h 127.0.0.1 -P 33061
Had a similar issue when trying to grant privileges to an already existing user using the command:
use my-db;
GRANT ALL PRIVILEGES ON my-database.* TO 'my-user'#'%' IDENTIFIED BY 'my-password';
Here's how I solved it:
It had to do with 2 issues:
The password of the already exiting user was different from the password that provided in the GRANT ALL PRIVILEGES command. I had to rerun the GRANT ALL PRIVILEGES with the correct password for the already existing user.
The host name of the database server that I provided when connecting to the database was incorrect. I had created the database and the user on a particular database server and I was trying to connect to another database server different from the database server where the database and the user were created. I had to get the correct database server hostname, and I used it for the connection.
After all this were sorted, I was able to connect to the database using the credentials.
The issue was that my-user already had the privileges I wanted to grant it.
You can check to see the privileges that you've granted your user using:
SHOW GRANTS FOR 'your-user'#'%';
OR
SHOW GRANTS FOR 'your-user'#'localhost';
That's all.
Just add computer name instead of 'localhost' in hostname or MySQL Host address.