We Keep Coding

Recover my root user's DBA privileges on MariaDB

I accidentally removed the DBA privileges of my only user from mariadb and now I can't use my bank and I was also unable to restore the privileges using the Linux SHELL CentOS 7.
Command I tried:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
return:
#1045 - Access denied for user 'root'#'localhost' (using password: YES)
Has anyone ever experienced this?

It's a wrong assumption that the wildcard for hostname also includes localhost, so an attempt to connect via socket (localhost) will fail:
mysql> create user 'foo'#'%' identified by 'bar';
Query OK, 0 rows affected (0,01 sec)
$mysql -ufoo -pbar -e"select current_user"
ERROR 1045 (28000): Access denied for user 'foo'#'localhost' (using password: YES)
When creating the user with localhost, everything works as expected:
mysql> create user 'foo'#'localhost' identified by 'bar';
Query OK, 0 rows affected (0,01 sec)
$ mysql -ufoo -pbar -e"select current_user\G"
*************************** 1. row ***************************
current_user: foo#localhost
Also beginning with MariaDB Server 10.4 (Posix platforms) the default authentication method for the root user (when connecting via localhost) happens via unix_socket plugin. This allows the root#localhost user to login without a password via the local Unix socket file defined by the socket system variable, as long as the login is attempted from a process owned by the operating system root user account:
mysql -e"show grants for root#localhost\G"
*************************** 1. row ***************************
Grants for root#localhost: GRANT ALL PRIVILEGES ON *.* TO `root`#`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket WITH GRANT OPTION
So a normal login as root will fail:
georg#mozart:~/mariadb$ mysql -uroot -e"select current_user()\G"
ERROR 1698 (28000): Access denied for user 'root'#'localhost'
While running as root (sudo) login works as expected:
georg#mozart:~/mariadb$ sudo mysql -uroot -e"select current_user()\G"
*************************** 1. row ***************************
current_user(): root#localhost

Stop MariaDb server
sudo systemctl stop mariadb
Restart DB without permission checking - more
sudo mysqld_safe --skip-grant-tables --skip-networking &
mysql -u root enter password
reload the grant tables
Mariadb[MYSQL]> FLUSH PRIVILEGES
insert into user (Host, User, Password, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions, max_updates, max_connections, max_user_connections)
values('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','','0','0','0','0');
Then restart database
sudo systemctl start mariadb
I hope this works for you. it did work for me.
You can explore answers on Grant privileges on MariaDB

MySQL root user has no privelages

I was clicking around PhpMyAdmin, and I accidentally removed all the privileges for the root user facepalm
So now, when I am in PhpMyAdmin, I have no privileges to do anything at all. How can I reset the privileges for the root user?
(MySQL was installed through MAMP)

It depends on what operating system you are running, but you need to kill the MySQL service and relaunch it skipping the grant tables.
On OSX with MAMP
Shutdown MAMP all together, this will ensure that MySQL is not running
Then enter the following command to start MySQL with the right permissions
/Applications/MAMP/Library/libexec/mysqld --skip-grant-tables --port=8889 --socket=/Applications/MAMP/tmp/mysql/mysql.sock
Then launch mysql command line utility to update priviledges
mysql -u root
In *nix:
mysqld --skip-grant-tables
Then run mysql to get into the command prompt
mysql -u root
Once in MySQL Command Line
Once running in skip grant tables mode, you can run a command to update the user privileges.
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;

Another 1045 : Access denied for user 'someone'#'localhost' (using password: YES)

As lot of dummies, I cannot connect to MySQL server with user.
This is settings of my USER in DB mysql table user
Host: %
User: someone
Password: mypassword
Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv: Y
max_questions, max_updates, max_connection, max_user_connections: 0
Connection
Im connecting via localhost console OR phpMyAdmin installed on this machine.
MySQL Server
Information from phpMyAdmin: Server: Localhost via UNIX socket | Server version: 5.0.70-log | Protocol version: 10
When mysql server is running as mysqld_safe --skip-grant-tables & then I can connect to server as any user.
When mysql server is running normally as /etc/init.d/mysqld start then I cannot an I have error
1045 : Access denied for user 'someone'#'localhost' (using password: YES)
I was spending hours to find solution in google and mysql documentation but without result. Probably it will be some essential settings. Hope you will give me some suggestion. Thanks a lot.

You probably need to reset the password for the someone user. It happens often.
Try to start your local server with no password check:
mysqld_safe --skip-grant-tables
And then
set password for 'someone'#'localhost' password('new fancy password')
(notice the '')
See more info in the docs: http://dev.mysql.com/doc/refman/5.0/en/set-password.html
This answer might also help
MySQL - ERROR 1045 - Access denied

grant remote access of MySQL database from any IP address

I am aware of this command:
GRANT ALL PRIVILEGES
ON database.*
TO 'user'#'yourremotehost'
IDENTIFIED BY 'newpassword';
But then it only allows me to grant a particular IP address to access this remote MySQL database. What if I want it so that any remote host can access this MySQL database? How do I do that? Basically I am making this database public so everyone can access it.

TO 'user'#'%'
% is a wildcard - you can also do '%.domain.example' or '%.123.123.123' and things like that if you need.

Enable Remote Access (Grant)
Home / Tutorials / Mysql / Enable Remote Access (Grant)
If you try to connect to your mysql server from remote machine, and run into error like below, this article is for you.
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
Change mysql config
Start with editing mysql config file
vim /etc/mysql/my.cnf
Comment out following lines.
#bind-address = 127.0.0.1
#skip-networking
If you do not find skip-networking line, add it and comment out it.
Restart mysql server.
~ /etc/init.d/mysql restart
Change GRANT privilege
You may be surprised to see even after above change you are not getting remote access or getting access but not able to all databases.
By default, mysql username and password you are using is allowed to access mysql-server locally. So need to update privilege. (if you want to create a separate user for that purpose, you can use CREATE USER 'USERNAME'#'localhost' IDENTIFIED BY 'PASSWORD';)
Run a command like below to access from all machines. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Run a command like below to give access from specific IP. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
You can replace 1.2.3.4 with your IP. You can run above command many times to GRANT access from multiple IPs.
You can also specify a separate USERNAME & PASSWORD for remote access.
You can check final outcome by:
SELECT * from information_schema.user_privileges where grantee like "'USERNAME'%";
Finally, you may also need to run:
mysql> FLUSH PRIVILEGES;
Test Connection
From terminal/command-line:
mysql -h HOST -u USERNAME -pPASSWORD
If you get a mysql shell, don’t forget to run show databases; to check if you have right privileges from remote machines.
Bonus-Tip: Revoke Access
If you accidentally grant access to a user, then better have revoking option handy.
Following will revoke all options for USERNAME from all machines:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'%';
Following will revoke all options for USERNAME from particular IP:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'1.2.3.4';
Its better to check information_schema.user_privileges table after running REVOKE command.
If you see USAGE privilege after running REVOKE command, its fine. It is as good as no privilege at all. I am not sure if it can be revoked.

To be able to connect with your user from any IP address, do the following:
Allow mysql server to accept remote connections. For this open mysqld.conf file:
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
Search for the line starting with "bind-address" and set it's value to 0.0.0.0
bind-address = 0.0.0.0
and finally save the file.
Note: If you’re running MySQL 8+, the bind-address directive will not be in the mysqld.cnf file by default. In this case, add the directive to the bottom of the file /etc/mysql/mysql.conf.d/mysqld.cnf.
Now restart the mysql server, either with systemd or use the older service command. This depends on your operating system:
sudo systemctl restart mysql # for ubuntu
sudo systemctl restart mysqld.service # for debian
Finally, mysql server is now able to accept remote connections.
Now we need to create a user and grant it permission, so we can be able to login with this user remotely.
Connect to MySQL database as root, or any other user with root privilege.
mysql -u root -p
now create desired user in both localhost and '%' wildcard and grant permissions on all DB's as such .
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
Then,
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
And finally don't forget to flush privileges
FLUSH PRIVILEGES;
Note: If you’ve configured a firewall on your database server, you will also need to open port 3306 MySQL’s default port to allow traffic to MySQL.
Hope this helps ;)

Assuming that the above step is completed and MySql port 3306 is free to be accessed remotely; Don't forget to bind the public ip address in the mysql config file.
For example on my ubuntu server:
#nano /etc/mysql/my.cnf
In the file, search for the [mysqld] section block and add the new bind address, in this example it is 192.168.0.116. It would look something like this
......
.....
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
bind-address = 192.168.0.116
.....
......
you can remove th localhost(127.0.0.1) binding if you choose, but then you have to specifically give an IP address to access the server on the local machine.
Then the last step is to restart the MySql server
(on ubuntu)
stop mysql
start mysql
or #/etc/init.d/mysql restart for other systems
Now the MySQL database can be accessed remotely by:
mysql -u username -h 192.168.0.116 -p

Config file changes are required to enable connections via localhost.
To connect through remote IPs, Login as a "root" user and run the below queries in mysql.
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' WITH GRANT OPTION;
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
This will create a new user that is accessible on localhost as well as from remote IPs.
Also comment the below line from your my.cnf file located in /etc/mysql/my.cnf
bind-address = 127.0.0.1
Restart your mysql using
sudo service mysql restart
Now you should be able to connect remotely to your mysql.

For anyone who fumbled with this, here is how I got to grant the privileges, hope it helps someone
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY
'yourRootPassword';
As noted % is a wildcard and this will allow any IP address to connect to your database. The assumption I make here is when you connect you'll have a user named root (which is the default though). Feed in the root password and you are good to go. Note that I have no single quotes (') around the user root.

Use this command:
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY 'yourRootPassword';
Then:
FLUSH PRIVILEGES;
Then comment out the below line in file "/etc/mysql/mysql.conf.d/mysqld.cnf" (is required!):
bind-address = 127.0.0.1
Works for me!

Run the following:
$ mysql -u root -p
mysql> GRANT ALL ON *.* to root#'ipaddress' IDENTIFIED BY 'mysql root password';
mysql> FLUSH PRIVILEGES;
mysql> exit
Then attempt a connection from the IP address you specified:
mysql -h address-of-remove-server -u root -p
You should be able to connect.

You can slove the problem of MariaDB via this command:
Note:
GRANT ALL ON *.* to root#'%' IDENTIFIED BY 'mysql root password';
% is a wildcard. In this case, it refers to all IP addresses.

To remotely access database Mysql server 8:
CREATE USER 'root'#'%' IDENTIFIED BY 'Pswword#123';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'

START MYSQL using admin user
mysql -u admin-user -p (ENTER PASSWORD ON PROMPT)
Create a new user:
CREATE USER 'newuser'#'%' IDENTIFIED BY 'password'; (% -> anyhost)
Grant Privileges:
GRANT SELECT,DELETE,INSERT,UPDATE ON db_name.* TO 'newuser'#'%';
FLUSH PRIVILEGES;
If you are running EC2 instance don't forget to add the inbound rules in security group with MYSQL/Aurura.

Edit File:
/etc/mysql/percona-server.cnf
Append below code in file.
[mysqld]
bind-address = 0.0.0.0
Create user for remote access.
$ mysql -u root -p
mysql> GRANT ALL ON *.* to snippetbucketdotcom#'%' IDENTIFIED BY 'tejastank';
mysql> FLUSH PRIVILEGES;
mysql> exit
All linux server works,
For MSWin c:\ Find insatallation location \ file path

Just create the user to some database like
GRANT ALL PRIVILEGES ON <database_name>.* TO '<username>'#'%' IDENTIFIED BY '<password>'
Then go to
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf and change the line bind-address = 127.0.0.1 to bind-address = 0.0.0.0
After that you may connect to that database from any IP.

Open your mysql console and execute the following command (enter your database name,username and password):
GRANT ALL ON yourdatabasename.* TO admin#'%' IDENTIFIED BY
'yourRootPassword';
Then Execute:
FLUSH PRIVILEGES;
Open command line and open the file /etc/mysql/mysql.conf.d/mysqld.cnf using any editor with root privileges.
For example:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Then comment out the below line:
bind-address = 127.0.0.1
Restart mysql to reflect the changes using command:
sudo service mysql restart
Enjoy ;)

You need to change the mysql config file:
Start with editing mysql config file
vim /etc/mysql/my.cnf
add:
bind-address = 0.0.0.0

what worked for on Ubuntu is granting all privileges to the user:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
and setting the bind address in /etc/mysql/mysql.conf.d/mysqld.cnf:
bind-address = 0.0.0.0
then restarting the mysql daemon:
service mysql restart

Go to this directory "/etc/mysql/mysql.conf.d" then
edit this file " mysqld.cnf"
$nano mysqld.cnf
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
edit to
bind-address = 0.0.0.0
mysqlx-bind-address = 0.0.0.0

In website panels like cPanel you may add a single % (percentage sign) in allowed hostnames to access your MySQL database.
By adding a single % you can access your database from any IP or website even from desktop applications.

For example in my CentOS
sudo gedit /etc/mysql/my.cnf
comment out the following lines
#bind-address = 127.0.0.1
then
sudo service mysqld restart

If you want to grant remote access of your database from any IP address, run the mysql command and after that run the following command.
GRANT ALL PRIVILEGES ON *.*
TO 'root'#'%'
IDENTIFIED BY 'password'
WITH GRANT OPTION;

I see there are many answers, but they are quite long ones except for the accepted answer, which is quite short and lacks explanation. As I can't edit it, I am adding my answer. Adit asked about:
making this database public so everyone can access it
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'remote_host'
IDENTIFIED BY 'password';
Above code grants permissions for a user from a given remote host, you can allow a user to connect from any remote host to MySQL by changing TO 'username'#'yourremotehost' to TO 'username'#'%'.
So, the corrected query for granting permissions to a user to connect from any remote host is:
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'%'
IDENTIFIED BY 'password';

You can disable all security by editing /etc/my.cnf:
skip-grant-tables

How can I restore the MySQL root user’s full privileges?

I accidentally removed some of the privileges from my MySQL root user, including the ability to alter tables. Is there some way I can restore this user to its original state (with all privileges)?
UPDATE mysql.user SET Grant_priv = 'Y', Super_priv = 'Y' WHERE User = 'root';
# MySQL returned an empty result set (i.e. zero rows).
FLUSH PRIVILEGES ;
# MySQL returned an empty result set (i.e. zero rows).
#1045 - Access denied for user 'root'#'localhost' (using password: YES)
GRANT ALL ON *.* TO 'root'#'localhost'

If the GRANT ALL doesn't work, try:
Stop mysqld and restart it with the --skip-grant-tables option.
Connect to the mysqld server with just: mysql (i.e. no -p option, and username may not be required).
Issue the following commands in the mysql client:
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
After that, you should be able to run GRANT ALL ON *.* TO 'root'#'localhost'; and have it work.

If you've deleted your root user by mistake you can do one thing:
Stop MySQL service
Run mysqld_safe --skip-grant-tables &
Type mysql -u root -p and press enter.
Enter your password
At the mysql command line enter: use mysql;
Then execute this query:
insert into `user` (`Host`, `User`, `Password`, `Select_priv`, `Insert_priv`, `Update_priv`, `Delete_priv`, `Create_priv`, `Drop_priv`, `Reload_priv`, `Shutdown_priv`, `Process_priv`, `File_priv`, `Grant_priv`, `References_priv`, `Index_priv`, `Alter_priv`, `Show_db_priv`, `Super_priv`, `Create_tmp_table_priv`, `Lock_tables_priv`, `Execute_priv`, `Repl_slave_priv`, `Repl_client_priv`, `Create_view_priv`, `Show_view_priv`, `Create_routine_priv`, `Alter_routine_priv`, `Create_user_priv`, `ssl_type`, `ssl_cipher`, `x509_issuer`, `x509_subject`, `max_questions`, `max_updates`, `max_connections`, `max_user_connections`)
values('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','','0','0','0','0');
then restart the mysqld
EDIT: October 6, 2018
In case anyone else needs this answer, I tried it today using innodb_version 5.6.36-82.0 and 10.1.24-MariaDB and it works if you REMOVE THE BACKTICKS (no single quotes either, just remove them):
insert into user (Host, User, Password, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv, Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions, max_updates, max_connections, max_user_connections)
values('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','','0','0','0','0');

i also remove privileges of root and database not showing in mysql console when i was a root user, so changed user by mysql>mysql -u 'userName' -p; and password;
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
after this command it all show database's in root .
Thanks

I had denied insert and reload privileges to root. So after updating permissions, FLUSH PRIVILEGES was not working (due to lack of reload privilege). So I used debian-sys-maint user on Ubuntu 16.04 to restore user.root privileges. You can find password of user.debian-sys-maint from this file
sudo cat /etc/mysql/debian.cnf

GRANT ALL ON *.* TO 'user'#'localhost' with GRANT OPTION;
Just log in from root using the respective password if any and simply run the above command to whatever the user is.
For example:
GRANT ALL ON *.* TO 'root'#'%' with GRANT OPTION;

Just insert or update mysql.user with value Y in each column privileges.

If you are using WAMP on you local computer (mysql version 5.7.14)
Step 1: open my.ini file
Step 2: un-comment this line 'skip-grant-tables' by removing the semi-colon
step 3: restart mysql server
step 4: launch mySQL console
step 5:
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
Step 6: Problem solved!!!!

"sudo cat /etc/mysql/debian.cnf" to use debian-sys-maint user
login by this user throgh "mysql -u saved-username -p;", then enter the saved password.
mysql> UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit
reboot
Thanks

MariaDB on RHEL:
sudo systemctl stop mariadb.service
sudo mysqld_safe --skip-grant-tables --skip-networking &
mysql -u root
Then, eg.
GRANT ALL PRIVILEGES ON mysql.user TO 'root'#'localhost';
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
EXIT;
Sadly, there's no graceful restart when having detached with &:
sudo kill `pidof mysqld`
sudo systemctl start mariadb.service
But one could as well set skip-grant-tables and skip-networking inside /etc/my.cnf.