If I do SHOW GRANTS in my mysql database I get
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
If I am not mistaken, root#localhost means that user root can access the server only from localhost. How do I tell MySQL to grant root the permission to access this mysql server from every other machine (in the same network), too?
This grants root access with the same password from any machine in *.example.com:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%.example.com'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
If name resolution is not going to work, you may also grant access by IP or subnet:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'192.168.1.%'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
MySQL GRANT syntax docs.
Try:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'Pa55w0rd' WITH GRANT OPTION;
You need to take some steps to make sure first mysql and then root user is accessible from outside:
Disable skip-networking in my.cnf (i.e: /etc/mysql/my.cnf)
Check value of bind-address in my.cnf, if it's set to 127.0.0.1, you can change it to 0.0.0.0 to allow access from all IPs or whatever ip that you want to connect from.
Grant remote access the root user from any ip (or specify your ip instead of %)
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'your_root_password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
Restart mysql service:
sudo service mysql restart
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'YOUR_PASS'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
*.* = DB.TABLE you can restrict user to specific database and specific table.
'root'#'%' you can change root with any user you created and % is to allow all IP. You can restrict it by changing %.168.1.1 etc too.
If that doesn't resolve, then also modify my.cnf or my.ini
and comment these lines
bind-address = 127.0.0.1 to #bind-address = 127.0.0.1
and
skip-networking to #skip-networking
Restart MySQL and repeat above steps again.
Raspberry Pi, I found bind-address configuration under \etc\mysql\mariadb.conf.d\50-server.cnf
By mysql 8 and later version, you cannot add a user by granting privileges. it means with this query:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'type-root-password-here'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
mysql will return this error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'IDENTIFIED BY 'written password' at line 1
this means you don't have a root user for % domain. so you need to first insert the user and then grant privileges like this:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'your password';
Query OK, 0 rows affected (0.11 sec)
mysql> GRANT ALL ON *.* TO 'root'#'%';
Query OK, 0 rows affected (0.15 sec)
mysql> FLUSH PRIVILEGES;
Dont forget to replace passwords with your specific passwords.
Those SQL grants the others are sharing do work. If you're still unable to access the database, it's possible that you just have a firewall restriction for the port. It depends on your server type (and any routers in between) as to how to open up the connection. Open TCP port 3306 inbound, and give it a similar access rule for external machines (all/subnet/single IP/etc.).
Two steps:
set up user with wildcard:
create user 'root'#'%' identified by 'some_characters';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
vim /etc/my.cnf
add the following:
bind-address=0.0.0.0
restart server, you should not have any problem connecting to it.
Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the
following line:
#bind-address = 127.0.0.1
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
-Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
Ubuntu 18.04
Install and ensure mysqld us running..
Go into database and setup root user:
sudo mysql -u root
SELECT User,Host FROM mysql.user;
DROP USER 'root'#'localhost';
CREATE USER 'root'#'%' IDENTIFIED BY 'obamathelongleggedmacdaddy';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
Edit mysqld permissions and restart:
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
# edit the line to be this:
bind-address=0.0.0.0
sudo systemctl stop mysql
sudo systemctl start mysql
From another machine, test.. Obvs port (3306) on mysqld machine must allow connection from test machine.
mysql -u root -p -h 123.456.789.666
All the additional "security" of MySql doesn't help security at all, it just complicates and obfuscates, it is now actually easier to screw it up than in the old days, where you just used a really long password.
This worked for me. But there was a strange problem that even I tryed first those it didnt affect. I updated phpmyadmin page and got it somehow working.
If you need access to local-xampp-mysql. You can go to xampp-shell -> opening command prompt.
Then mysql -uroot -p --port=3306 or mysql -uroot -p (if there is password set). After that you can grant those acces from mysql shell page (also can work from localhost/phpmyadmin).
Just adding these if somebody find this topic and having beginner problems.
Related
Tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
Getting
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'root' WITH GRANT OPTION' at line 1.
Note: The same is working when tried in previous versions.
Also tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Getting
ERROR 1410 (42000): You are not allowed to create a user with GRANT
MySQL (8.0.11.0) username/password is root/root.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
Caution about the security risks about WITH GRANT OPTION, see:
Grant all privileges on database
I see a lot of (wrong) answers, it is just as simple as this:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
Note: instead of a self-created user you can use root to connect to the database. However, using the default root account to let an application connect to the database is not the preferred way. Alternative privileges can be applied as follows (be careful and remember the least-privilege principle):
-- Grant user permissions to all tables in my_database from localhost --
GRANT ALL ON my_database.* TO 'user'#'localhost';
-- Grant user permissions to my_table in my_database from localhost --
GRANT ALL ON my_database.my_table TO 'user'#'localhost';
-- Grant user permissions to all tables and databases from all hosts --
GRANT ALL ON *.* TO 'user'#'*';
If you would somehow run into the following error:
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
You need add/change the following two lines in /etc/mysql/my.cnf and restart mysql:
bind-address = 0.0.0.0
skip-networking
You could run into the following error, which is a bit confusing:
ERROR 1410 (42000): You are not allowed to create a user with GRANT
This means that either the user does not exist at all OR that the user#host combination does not exist. You can easily check for this with the following command:
SELECT host, user FROM user
1) This worked for me. First, create a new user. Example: User foo with password bar
> mysql> CREATE USER 'foo'#'localhost' IDENTIFIED WITH mysql_native_password BY 'bar';
2) Replace the below code with a username with 'foo'.
> mysql> GRANT ALL PRIVILEGES ON database_name.* TO'foo'#'localhost';
Note: database_name is the database that you want to have privileges, . means all on all
3) Login as user foo
mysql> mysql -u foo -p
Password: bar
4) Make sure your initial connection from Sequelize is set to foo with pw bar.
Just my 2 cents on the subject. I was having the exact same issue with trying to connect from MySQL Workbench. I'm running a bitnami-mysql virtual machine to set up a local sandbox for development.
Bitnami's tutorial said to run the 'Grant All Privileges' command:
/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'#'%' identified by 'PASSWORD' with grant option";
This was clearly not working, I finally got it to work using Mike Lischke's answer.
What I think happened was that the root#% user had the wrong credentials associated to it. So if you've tried to modify the user's privileges and with no luck try:
Dropping the user.
Create the user again.
Make sure you have the correct binding on your MySQL config file.
In my case I've commented the line out since it's just for a sandbox environment.
1. Dropping the user.
From Mysql Console:
List Users (helpful to see all your users):
select user, host from mysql.user;
Drop Desired User:
drop user '{{ username }}'#'%';
2. Create the user again.
Create User and Grant Permissions:
CREATE USER '{{ username }}'#'%' IDENTIFIED BY '{{ password }}';
GRANT ALL PRIVILEGES ON *.* TO '{{ username }}'#'%' WITH GRANT OPTION;
Run this command:
FLUSH PRIVILEGES;
3. Make sure you have the correct binding on your MySQL config file.
Locate your MySQL config file (additional notes at the end). If you want to have MySQL listen for connections on more than one network find the following line on the config file:
bind-address=127.0.0.1
and comment it using a '#':
#bind-address=127.0.0.1
For production environments you might want to use limit the network access (additional notes at the end).
Then restart your MySQL service.
Hope this helps someone having the same issue!
Binding: If you want to know more about this I suggest looking at the following
solution How to bind MySQL server to more than one IP address. It
basically says you can leave MySQL open and limit connections by using
a firewall, or natively if you have MySQL version 8.0.13 and above.
MySQL Config File The file could have different locations depending on your
Linux distribution and installation. On my system it was located at
'/etc/my.cnf'. Here are other suggested locations:
/etc/mysql/mysql.conf.d
/etc/mysql/my.cnf
You can also search for the config locations as shown in this website:
How to find locations of MySQL config files.
For those who've been confused by CREATE USER 'root'#'localhost' when you already have a root account on the server machine, keep in mind that your 'root'#'localhost' and 'root'#'your_remote_ip' are two different users (same user name, yet different scope) in mysql server. Hence, creating a new user with your_remote_ip postfix will actually create a new valid root user that you can use to access the mysql server from a remote machine.
For example, if you're using root to connect to your mysql server from a remote machine whose IP is 10.154.10.241 and you want to set a password for the remote root account which is 'Abcdef123!##', here are steps you would want to follow:
On your mysql server machine, do mysql -u root -p, then enter your password for root to login.
Once in mysql> session, do this to create root user for the remote scope:
mysql> CREATE USER 'root'#'10.154.10.241' IDENTIFIED BY 'Abcdef123!##';
After the Query OK message, do this to grant the newly created root user all privileges:
mysql> GRANT ALL ON *.* TO 'root'#'10.154.10.241';
And then:
FLUSH PRIVILEGES;
Restart the mysqld service:
sudo service mysqld restart
Confirm that the server has successfully restarted:
sudo service mysqld status
If the steps above were executed without any error, you can now access to the mysql server from a remote machine using root.
My Specs:
mysql --version
mysql Ver 8.0.16 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> CREATE USER 'username'#'localhost' IDENTIFIED BY 'desired_password';
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'username'#'localhost' WITH GRANT OPTION;
Response in both queries:
Query OK, O rows affected (0.10 sec*)
N.B: I created a database (db_name) earlier and was creating a user credential with all privileges granted to all tables in the DB in place of using the default root user which I read somewhere is a best practice.
The specified user just doesn't exist on your MySQL (so, MySQL is trying to create it with GRANT as it did before version 8, but fails with the limitations, introduced in this version).
MySQL's pretty dumb at this point, so if you have 'root'#'localhost' and trying to grant privileges to 'root'#'%' it treats them as different users, rather than generalized notion for root user on any host, including localhost.
The error message is also misleading.
So, if you're getting the error message, check your existing users with something like this
SELECT CONCAT("'", user, "'#'", host, "'") FROM mysql.user;
and then create missing user (as Mike advised) or adjust your GRANT command to the actual exisiting user specificaion.
You will get this error
ERROR 1410 (42000): You are not allowed to create a user with GRANT
If you are trying to run a GRANT on a user that doesn't exist!
Therefore, first run this to make sure the user you use in your GRANT matches exactly to what you have:
select User, Host from user;
In particular pay attention whether the user you created is at localhost but the one you are trying to grant to is %
Copy this and use it at once:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL ON *.* TO 'username'#'localhost';
FLUSH PRIVILEGES;
Instead of using single lines of code such as:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
Then:
GRANT ALL ON *.* TO 'username'#'localhost';
Then:
FLUSH PRIVILEGES;
Many thanks #Nebulastic
If you want to only allow remote IP using following command
CREATE USER 'user_test'#'113.yy.xx.94' IDENTIFIED BY 'YOUR_PWD';
GRANT ALL ON *.* TO 'user_test'#'113.yy.xx.94';
FLUSH PRIVILEGES;
This worked for me:
mysql> FLUSH PRIVILEGES
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
Check out your username and domain is the same as created before. Mysql select account by the two colums in user table.If it is different, mysql may think you want to create a new account by grant,which is not supported after 8.0 version.
My Specs:
mysql --version
mysql Ver 8.0.19 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> USE mysql;
mysql> UPDATE User SET Host='%' WHERE User='root' AND Host='localhost';
this commands work for me:
1-login to mysql and see all users
sudo mysql -u root
select user, host from mysql.user;
2-delete old user
drop user root#localhost;
3-create new user
CREATE USER 'root'#'localhost' IDENTIFIED BY 'mypassword'
4-add all privileges to it:
GRANT ALL ON *.* TO 'root'#'localhost'
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password
BY 'mypassword';
5-finally flush privileges
FLUSH PRIVILEGES;
in select statement, changing 'user'#'%' to 'user'#'localhost' solved my problem
In my case I wanted to do something similar, I followed some steps from here but the best way was as #nebulasic mentioned:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
After this I encountered an error while trying to query the database or connect with SQLTools from VSCode.
Client does not support authentication protocol requested by server; consider upgrading MySQL client
Running this query will fix the problem:
ALTER USER 'user'#'localhost' IDENTIFIED WITH mysql_native_password BY 'Your_newP#s$w0Rd';
I also want to mention that these steps are ok to work in a local environment, when doing something in production is recommended to allocate each user to each database with generated password accordingly and different other security measures if necessary.
Well, I just had the same problem. Even if route had '%' could not connect remotely. Now, having a look at my.ini file (config file in windows) the bind-address statement was missed.
So... I putted this bind-address = * after [mysqld] and restarted the service. Now it works!
1. grant privileges
mysql> GRANT ALL PRIVILEGES ON . TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
2. check user table:
mysql> use mysql
mysql> select host,user from user
3.Modify the configuration file
mysql default bind ip:127.0.0.1, if we want to remote visit services,just delete config
#Modify the configuration file
vi /usr/local/etc/my.cnf
#Comment out the ip-address option
[mysqld]
# Only allow connections from localhost
#bind-address = 127.0.0.1
4.finally restart the services
brew services restart mysql
Try this, i had the same issue and i tried few options, but the below worked.
GRANT ALL ON . TO 'root'#'%';
Reference used - https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04#step-6-%E2%80%94-testing-database-connection-from-php-optional
ubuntu 22.04.1
Mysql Ver 8.0.31-0
My root had no GRANT privileges so I could not grant new users any previligies.
Solution was to Drop current root user and create new one using 'mysql_native_password'.
Commands as follows
Login to mysql with as root
mysql> DROP USER 'root'#'localhost' IDENTIFIED BY 'PASSWORD' FROM mysql.user;
mysql> CREATE USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'locahost' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
This may work:
grant all on dbtest.* to 'dbuser'#'%' identified by 'mysql_password';
I had this same issue, which led me here. In particular, for local development, I wanted to be able to do mysql -u root -p without sudo. I don't want to create a new user. I want to use root from a local PHP web app.
The error message is misleading, as there was nothing wrong with the default 'root'#'%' user privileges.
Instead, as several people mentioned in the other answers, the solution was simply to set bind-address=0.0.0.0 instead of bind-address=127.0.0.1 in my /etc/mysql/mysql.conf.d/mysqld.cnf config. No changes were otherwise required.
I had the same problem on CentOS and this worked for me (version: 8.0.11):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
Stary mysql with sudo
sudo mysql
I want to connect to my SQL Server on my remote server. I have installed MySQL on this server with apt-get and set up all necessary details. On the server everything works fine. When I want to connect with the MySQL Workbench, I cannot connect with any user at all.
I logged into MySQL in Ubuntu and created a new user first:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' WITH GRANT OPTION;
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
I opened the my.cnf file:
port 3306
bind-address 127.0.0.01 (DO I NEED HERE MY REMOTE SERVER IP?)
service mysql restart
My questions would be:
1) why is the host 127.0.0.1 on my remote server?
2) In the workbench connection setup: which hostname is correct? my server IP or 127.0.0.1
3)I get the message: Failed to connect to MySQL. Access denied. So I think the user is the issue?
4) Do I need to change the cnf?
Thank you.
After you create the user and configure the right permission did you
FLUSH PRIVILEGES;
After you change your my.cnf did you restart Mysql?
Stop and Start from XAMPP Panel control
Change
bind address=127.0.0.1
to
bind-address=YOUR-SERVER-IP
I am facing problem with mysql non root/admin user, I am following the below steps for creating user and its privileges, correct me if i am doing wrong,
i am installing mysql on RHEL 5.7 64bit, packages are mentioned below, once i done the rpm install we are
creating mysql db using mysql_install_db, then
starting the mysql service then
using mysql_upgrade also we are doing to the server.
After this process i can login as root but with a non-root user I am not able to log into the server:
[root#clustertest3 ~]# rpm -qa | grep MySQL
MySQL-client-advanced-5.5.21-1.rhel5
MySQL-server-advanced-5.5.21-1.rhel5
[root#clustertest3 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root#clustertest3 ~]# ls -ld /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 Nov 30 11:09 /var/lib/mysql/mysql.sock
mysql> CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+----------------+----------------+
| USER() | CURRENT_USER() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
[root#clustertest3 ~]# mysql -ugolden -p
Enter password:
ERROR 1045 (28000): Access denied for user 'golden'#'localhost' (using password: YES)
This is the problem I am facing, is there any solution to this?
Do not grant all privileges over all databases to a non-root user, it is not safe (and you already have "root" with that role)
GRANT <privileges> ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This statement creates a new user and grants selected privileges to it.
I.E.:
GRANT INSERT, SELECT, DELETE, UPDATE ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
Take a look at the docs to see all privileges detailed
EDIT: you can look for more info with this query (log in as "root"):
select Host, User from mysql.user;
To see what happened
If you are connecting to the MySQL using remote machine(Example workbench) etc., use following steps to eliminate this error on OS where MySQL is installed
mysql -u root -p
CREATE USER '<<username>>'#'%%' IDENTIFIED BY '<<password>>';
GRANT ALL PRIVILEGES ON * . * TO '<<username>>'#'%%';
FLUSH PRIVILEGES;
Try logging into the MYSQL instance.
This worked for me to eliminate this error.
Try:
CREATE USER 'golden'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'localhost';
FLUSH PRIVILEGES;
Or even better use: mysql_setpermission to create the user
It looks like you're trying to make a user 'golden'#'%' but a different user by the name of 'golden'#'localhost' is getting in the way/has precedence.
Do this command to see the users:
SELECT user,host FROM mysql.user;
You should see two entries:
1) user= golden, host=%
2) user= golden, host=localhost
Do these Command:
DROP User 'golden'#'localhost';
DROP User 'golden'#'%';
Restart MySQL Workbench.
Then do your original commands again:
CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Then when you go to try to sign in to MySQL, type it in like this:
Hit 'Test Connection' and enter your password 'password'.
First I created the user using :
CREATE user user#localhost IDENTIFIED BY 'password_txt';
After Googling and seeing this, I updated user's password using :
SET PASSWORD FOR 'user'#'localhost' = PASSWORD('password_txt');
and I could connect afterward.
For anyone else who did all the advice but the problem still persists.
Check for stored procedure and view DEFINERS. Those definers may no longer exists.
My problem showed up when we changed the wildcard host (%) to IP specific, making the database more secure. Unfortunately there are some views that are still using 'user'#'%' even though 'user'#'172....' is technically correct.
I also have the similar problem, and later on I found it is because I changed my hostname (not localhost).
Therefore I get it resolved by specifying the --host=127.0.0.1
mysql -p mydatabase --host=127.0.0.1
According way you create your user, MySQL interprets a different manner. For instance, if you create a user like this:
create user user01 identified by 'test01';
MySQL expects you give some privilege using grant all on <your_db>.* to user01;
Don't forget to flush privileges;
But, if you create user like that (by passing an IP address), you have to change it to:
create user 'user02'#'localhost' identified by 'teste02';
so, to give some privileges you have to do that:
grant all on <your_db>.* to user02#localhost;
flush privileges;
Make sure the user has a localhost entry in the users table. That was the problem I was having. EX:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
For annoying searching getting here after searching for this error message:
Access denied for user 'someuser#somewhere' (using password: YES)
The issue for me was not enclosing the password in quotes. eg. I needed to use -p'password' instead of -ppassword
Try this:
If you have already created your user, you might have created your user with the wrong password.
So drop that user and create another user by doing this.
To see your current users.
SELECT Host,User FROM mysql.user;
To drop the user
DROP User '<your-username>'#'localhost';
After this you can create the user again with the correct password
CREATE USER '<your-username>'#'localhost' IDENTIFIED WITH mysql_native_password BY '<correct password>';
then
FLUSH PRIVILEGES;
You might still run into some more errors with getting access to the database, if you have that error run this.
GRANT ALL PRIVILEGES ON *.* to '<your-username>'#'localhost';
In my case the same error happen because I was trying to use mysql by just typing "mysql" instead of "mysql -u root -p"
connect your server from mysqlworkbench and run this command->
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourpassword';
The error of ERROR 1045 (28000): Access denied for user might not be always related to privilages problems but to the fact that there is a missing -p at the end of the command:
# Will prompt us a mysql terminal in case there are no privilages issues
mysql -u root -p
# Will fail with the mentioned ERROR 1045
mysql -u root
sometimes,it can just be a wrong password.Kindly remember your passwords including their sensitivity.
I had this issue and something dummy ended up solving.
For some reason "locahost" was not resolving for anything, so using its local IP made it work.
So you would change
mysql -h localhost -P 33061
to:
mysql -h 127.0.0.1 -P 33061
Had a similar issue when trying to grant privileges to an already existing user using the command:
use my-db;
GRANT ALL PRIVILEGES ON my-database.* TO 'my-user'#'%' IDENTIFIED BY 'my-password';
Here's how I solved it:
It had to do with 2 issues:
The password of the already exiting user was different from the password that provided in the GRANT ALL PRIVILEGES command. I had to rerun the GRANT ALL PRIVILEGES with the correct password for the already existing user.
The host name of the database server that I provided when connecting to the database was incorrect. I had created the database and the user on a particular database server and I was trying to connect to another database server different from the database server where the database and the user were created. I had to get the correct database server hostname, and I used it for the connection.
After all this were sorted, I was able to connect to the database using the credentials.
The issue was that my-user already had the privileges I wanted to grant it.
You can check to see the privileges that you've granted your user using:
SHOW GRANTS FOR 'your-user'#'%';
OR
SHOW GRANTS FOR 'your-user'#'localhost';
That's all.
Just add computer name instead of 'localhost' in hostname or MySQL Host address.
I am aware of this command:
GRANT ALL PRIVILEGES
ON database.*
TO 'user'#'yourremotehost'
IDENTIFIED BY 'newpassword';
But then it only allows me to grant a particular IP address to access this remote MySQL database. What if I want it so that any remote host can access this MySQL database? How do I do that? Basically I am making this database public so everyone can access it.
TO 'user'#'%'
% is a wildcard - you can also do '%.domain.example' or '%.123.123.123' and things like that if you need.
Enable Remote Access (Grant)
Home / Tutorials / Mysql / Enable Remote Access (Grant)
If you try to connect to your mysql server from remote machine, and run into error like below, this article is for you.
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
Change mysql config
Start with editing mysql config file
vim /etc/mysql/my.cnf
Comment out following lines.
#bind-address = 127.0.0.1
#skip-networking
If you do not find skip-networking line, add it and comment out it.
Restart mysql server.
~ /etc/init.d/mysql restart
Change GRANT privilege
You may be surprised to see even after above change you are not getting remote access or getting access but not able to all databases.
By default, mysql username and password you are using is allowed to access mysql-server locally. So need to update privilege. (if you want to create a separate user for that purpose, you can use CREATE USER 'USERNAME'#'localhost' IDENTIFIED BY 'PASSWORD';)
Run a command like below to access from all machines. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Run a command like below to give access from specific IP. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
You can replace 1.2.3.4 with your IP. You can run above command many times to GRANT access from multiple IPs.
You can also specify a separate USERNAME & PASSWORD for remote access.
You can check final outcome by:
SELECT * from information_schema.user_privileges where grantee like "'USERNAME'%";
Finally, you may also need to run:
mysql> FLUSH PRIVILEGES;
Test Connection
From terminal/command-line:
mysql -h HOST -u USERNAME -pPASSWORD
If you get a mysql shell, don’t forget to run show databases; to check if you have right privileges from remote machines.
Bonus-Tip: Revoke Access
If you accidentally grant access to a user, then better have revoking option handy.
Following will revoke all options for USERNAME from all machines:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'%';
Following will revoke all options for USERNAME from particular IP:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'1.2.3.4';
Its better to check information_schema.user_privileges table after running REVOKE command.
If you see USAGE privilege after running REVOKE command, its fine. It is as good as no privilege at all. I am not sure if it can be revoked.
To be able to connect with your user from any IP address, do the following:
Allow mysql server to accept remote connections. For this open mysqld.conf file:
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
Search for the line starting with "bind-address" and set it's value to 0.0.0.0
bind-address = 0.0.0.0
and finally save the file.
Note: If you’re running MySQL 8+, the bind-address directive will not be in the mysqld.cnf file by default. In this case, add the directive to the bottom of the file /etc/mysql/mysql.conf.d/mysqld.cnf.
Now restart the mysql server, either with systemd or use the older service command. This depends on your operating system:
sudo systemctl restart mysql # for ubuntu
sudo systemctl restart mysqld.service # for debian
Finally, mysql server is now able to accept remote connections.
Now we need to create a user and grant it permission, so we can be able to login with this user remotely.
Connect to MySQL database as root, or any other user with root privilege.
mysql -u root -p
now create desired user in both localhost and '%' wildcard and grant permissions on all DB's as such .
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
Then,
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
And finally don't forget to flush privileges
FLUSH PRIVILEGES;
Note: If you’ve configured a firewall on your database server, you will also need to open port 3306 MySQL’s default port to allow traffic to MySQL.
Hope this helps ;)
Assuming that the above step is completed and MySql port 3306 is free to be accessed remotely; Don't forget to bind the public ip address in the mysql config file.
For example on my ubuntu server:
#nano /etc/mysql/my.cnf
In the file, search for the [mysqld] section block and add the new bind address, in this example it is 192.168.0.116. It would look something like this
......
.....
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
bind-address = 192.168.0.116
.....
......
you can remove th localhost(127.0.0.1) binding if you choose, but then you have to specifically give an IP address to access the server on the local machine.
Then the last step is to restart the MySql server
(on ubuntu)
stop mysql
start mysql
or #/etc/init.d/mysql restart for other systems
Now the MySQL database can be accessed remotely by:
mysql -u username -h 192.168.0.116 -p
Config file changes are required to enable connections via localhost.
To connect through remote IPs, Login as a "root" user and run the below queries in mysql.
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' WITH GRANT OPTION;
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
This will create a new user that is accessible on localhost as well as from remote IPs.
Also comment the below line from your my.cnf file located in /etc/mysql/my.cnf
bind-address = 127.0.0.1
Restart your mysql using
sudo service mysql restart
Now you should be able to connect remotely to your mysql.
For anyone who fumbled with this, here is how I got to grant the privileges, hope it helps someone
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY
'yourRootPassword';
As noted % is a wildcard and this will allow any IP address to connect to your database. The assumption I make here is when you connect you'll have a user named root (which is the default though). Feed in the root password and you are good to go. Note that I have no single quotes (') around the user root.
Use this command:
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY 'yourRootPassword';
Then:
FLUSH PRIVILEGES;
Then comment out the below line in file "/etc/mysql/mysql.conf.d/mysqld.cnf" (is required!):
bind-address = 127.0.0.1
Works for me!
Run the following:
$ mysql -u root -p
mysql> GRANT ALL ON *.* to root#'ipaddress' IDENTIFIED BY 'mysql root password';
mysql> FLUSH PRIVILEGES;
mysql> exit
Then attempt a connection from the IP address you specified:
mysql -h address-of-remove-server -u root -p
You should be able to connect.
You can slove the problem of MariaDB via this command:
Note:
GRANT ALL ON *.* to root#'%' IDENTIFIED BY 'mysql root password';
% is a wildcard. In this case, it refers to all IP addresses.
To remotely access database Mysql server 8:
CREATE USER 'root'#'%' IDENTIFIED BY 'Pswword#123';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'
START MYSQL using admin user
mysql -u admin-user -p (ENTER PASSWORD ON PROMPT)
Create a new user:
CREATE USER 'newuser'#'%' IDENTIFIED BY 'password'; (% -> anyhost)
Grant Privileges:
GRANT SELECT,DELETE,INSERT,UPDATE ON db_name.* TO 'newuser'#'%';
FLUSH PRIVILEGES;
If you are running EC2 instance don't forget to add the inbound rules in security group with MYSQL/Aurura.
Edit File:
/etc/mysql/percona-server.cnf
Append below code in file.
[mysqld]
bind-address = 0.0.0.0
Create user for remote access.
$ mysql -u root -p
mysql> GRANT ALL ON *.* to snippetbucketdotcom#'%' IDENTIFIED BY 'tejastank';
mysql> FLUSH PRIVILEGES;
mysql> exit
All linux server works,
For MSWin c:\ Find insatallation location \ file path
Just create the user to some database like
GRANT ALL PRIVILEGES ON <database_name>.* TO '<username>'#'%' IDENTIFIED BY '<password>'
Then go to
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf and change the line bind-address = 127.0.0.1 to bind-address = 0.0.0.0
After that you may connect to that database from any IP.
Open your mysql console and execute the following command (enter your database name,username and password):
GRANT ALL ON yourdatabasename.* TO admin#'%' IDENTIFIED BY
'yourRootPassword';
Then Execute:
FLUSH PRIVILEGES;
Open command line and open the file /etc/mysql/mysql.conf.d/mysqld.cnf using any editor with root privileges.
For example:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Then comment out the below line:
bind-address = 127.0.0.1
Restart mysql to reflect the changes using command:
sudo service mysql restart
Enjoy ;)
You need to change the mysql config file:
Start with editing mysql config file
vim /etc/mysql/my.cnf
add:
bind-address = 0.0.0.0
what worked for on Ubuntu is granting all privileges to the user:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
and setting the bind address in /etc/mysql/mysql.conf.d/mysqld.cnf:
bind-address = 0.0.0.0
then restarting the mysql daemon:
service mysql restart
Go to this directory "/etc/mysql/mysql.conf.d" then
edit this file " mysqld.cnf"
$nano mysqld.cnf
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
edit to
bind-address = 0.0.0.0
mysqlx-bind-address = 0.0.0.0
In website panels like cPanel you may add a single % (percentage sign) in allowed hostnames to access your MySQL database.
By adding a single % you can access your database from any IP or website even from desktop applications.
For example in my CentOS
sudo gedit /etc/mysql/my.cnf
comment out the following lines
#bind-address = 127.0.0.1
then
sudo service mysqld restart
If you want to grant remote access of your database from any IP address, run the mysql command and after that run the following command.
GRANT ALL PRIVILEGES ON *.*
TO 'root'#'%'
IDENTIFIED BY 'password'
WITH GRANT OPTION;
I see there are many answers, but they are quite long ones except for the accepted answer, which is quite short and lacks explanation. As I can't edit it, I am adding my answer. Adit asked about:
making this database public so everyone can access it
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'remote_host'
IDENTIFIED BY 'password';
Above code grants permissions for a user from a given remote host, you can allow a user to connect from any remote host to MySQL by changing TO 'username'#'yourremotehost' to TO 'username'#'%'.
So, the corrected query for granting permissions to a user to connect from any remote host is:
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'%'
IDENTIFIED BY 'password';
You can disable all security by editing /etc/my.cnf:
skip-grant-tables
If I do SHOW GRANTS in my mysql database I get
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
If I am not mistaken, root#localhost means that user root can access the server only from localhost. How do I tell MySQL to grant root the permission to access this mysql server from every other machine (in the same network), too?
This grants root access with the same password from any machine in *.example.com:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%.example.com'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
If name resolution is not going to work, you may also grant access by IP or subnet:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'192.168.1.%'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
MySQL GRANT syntax docs.
Try:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'Pa55w0rd' WITH GRANT OPTION;
You need to take some steps to make sure first mysql and then root user is accessible from outside:
Disable skip-networking in my.cnf (i.e: /etc/mysql/my.cnf)
Check value of bind-address in my.cnf, if it's set to 127.0.0.1, you can change it to 0.0.0.0 to allow access from all IPs or whatever ip that you want to connect from.
Grant remote access the root user from any ip (or specify your ip instead of %)
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'your_root_password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
Restart mysql service:
sudo service mysql restart
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'YOUR_PASS'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
*.* = DB.TABLE you can restrict user to specific database and specific table.
'root'#'%' you can change root with any user you created and % is to allow all IP. You can restrict it by changing %.168.1.1 etc too.
If that doesn't resolve, then also modify my.cnf or my.ini
and comment these lines
bind-address = 127.0.0.1 to #bind-address = 127.0.0.1
and
skip-networking to #skip-networking
Restart MySQL and repeat above steps again.
Raspberry Pi, I found bind-address configuration under \etc\mysql\mariadb.conf.d\50-server.cnf
By mysql 8 and later version, you cannot add a user by granting privileges. it means with this query:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'type-root-password-here'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
mysql will return this error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'IDENTIFIED BY 'written password' at line 1
this means you don't have a root user for % domain. so you need to first insert the user and then grant privileges like this:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'your password';
Query OK, 0 rows affected (0.11 sec)
mysql> GRANT ALL ON *.* TO 'root'#'%';
Query OK, 0 rows affected (0.15 sec)
mysql> FLUSH PRIVILEGES;
Dont forget to replace passwords with your specific passwords.
Those SQL grants the others are sharing do work. If you're still unable to access the database, it's possible that you just have a firewall restriction for the port. It depends on your server type (and any routers in between) as to how to open up the connection. Open TCP port 3306 inbound, and give it a similar access rule for external machines (all/subnet/single IP/etc.).
Two steps:
set up user with wildcard:
create user 'root'#'%' identified by 'some_characters';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
vim /etc/my.cnf
add the following:
bind-address=0.0.0.0
restart server, you should not have any problem connecting to it.
Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the
following line:
#bind-address = 127.0.0.1
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
-Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
Ubuntu 18.04
Install and ensure mysqld us running..
Go into database and setup root user:
sudo mysql -u root
SELECT User,Host FROM mysql.user;
DROP USER 'root'#'localhost';
CREATE USER 'root'#'%' IDENTIFIED BY 'obamathelongleggedmacdaddy';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
Edit mysqld permissions and restart:
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
# edit the line to be this:
bind-address=0.0.0.0
sudo systemctl stop mysql
sudo systemctl start mysql
From another machine, test.. Obvs port (3306) on mysqld machine must allow connection from test machine.
mysql -u root -p -h 123.456.789.666
All the additional "security" of MySql doesn't help security at all, it just complicates and obfuscates, it is now actually easier to screw it up than in the old days, where you just used a really long password.
This worked for me. But there was a strange problem that even I tryed first those it didnt affect. I updated phpmyadmin page and got it somehow working.
If you need access to local-xampp-mysql. You can go to xampp-shell -> opening command prompt.
Then mysql -uroot -p --port=3306 or mysql -uroot -p (if there is password set). After that you can grant those acces from mysql shell page (also can work from localhost/phpmyadmin).
Just adding these if somebody find this topic and having beginner problems.