My question is simple, can I GRANT permission to ALL (as in any user with any pwd coming from any machine) users ?
I know it COULD BE problematic in some cases. But ours is a demo database, with users unknown. So please spare us the rod.
From what I know and what I have tried the Answer is NO, we can not do it. I am posting this question to confirm my understanding.
AFAIK, we can't. Is there a way to hack around this ?
As people have said in the comments - this is probably a bad idea. But, I thought, why not have a crack and see how it can be done.
The most simple place to start would be to create a MySQL user without a username:
GRANT ALL ON *.* TO ''#'%' IDENTIFIED BY '';
This will let you login with any username - and a blank password. This might be what some people are looking for - but it sounds like you want any username any password.
To do that - I suggest using mysql-proxy. I would download the source code. If you're on Ubuntu then you will need the following packages to build it:
apt-get install libmysqlclient-dev \
pkg-config \
lua5.1 liblua5.1-0-dev liblua5.1-0 \
libglib2.0-dev \
libevent-1.4-2 libevent1-dev
If you do compile it then you'll need to run /sbin/ldconfig afterwards as root.
Then we can write a lua script to set the username and password for every connection. The mysql-proxy client has some example scripts, but the relevant examples/tutorial-scramble.lua file is old and doesn't work with the current version. You can use the following script:
local CLIENT_PROTOCOL_41 = 512 -- New 4.1 protocol
local CLIENT_SECURE_CONNECTION = 32768 -- New 4.1 authentication
local MYSQL_AUTH_CAPABILITIES = ( CLIENT_PROTOCOL_41 + CLIENT_SECURE_CONNECTION )
local password = assert(require("mysql.password"))
local proto = assert(require("mysql.proto"))
function read_auth()
local c = proxy.connection.client
local s = proxy.connection.server
local challenge = (s.scramble_buffer):sub(1,20)
local default_username = "foo"
local default_password = "bar"
proxy.queries:append(1,
proto.to_response_packet({
username = default_username,
response = password.scramble(challenge, password.hash(default_password)),
charset = 8, -- default charset
database = c.default_db,
max_packet_size = 1 * 1024 * 1024,
server_capabilities = MYSQL_AUTH_CAPABILITIES
})
)
return proxy.PROXY_SEND_QUERY
end
Save this as any-user-any-pass.lua or something. Then you will need to create the user in the database which I refer to in the script (username foo, password bar):
GRANT ALL ON *.* TO 'foo'#'localhost' IDENTIFIED BY 'bar';
Then we can start up mysql-proxy - we will connect it to the local mysql server on port 3306 and it will listen on port 3307. Use a command similar to this:
mysql-proxy --proxy-lua-script=`pwd`/any-user-any-pass.lua \
--proxy-backend-addresses=localhost:3306 \
--proxy-address=localhost:3307
Test it out in a different terminal:
ubuntu#test:~$ mysql -h 127.0.0.1 -P 3306 -u ANYTHING -pSOMETHING
ERROR 1045 (28000): Access denied for user 'ANYTHING'#'localhost' (using password: YES)
ubuntu#test:~$ mysql -h 127.0.0.1 -P 3307 -u ANYTHING -pSOMETHING
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 752
Server version: 5.5.29-0ubuntu1 (Ubuntu)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| foo#localhost |
+----------------+
1 row in set (0.00 sec)
mysql>
As you can see - first I test connecting straight to MySQL - it rejects the ANYTHING/SOMETHING credentials. Then I connect to the MySQL proxy on 3307 and it lets me straight in because the lua script is changing the username and password the connection is using.
Related
From my local computer, I can easily connect to a remote instance of mysql database using the mysql cli command (assuming environment variables are set):
# mysql -u root -p$DB_PASSWORD -h $DB_HOST --port=$DB_PORT
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7365
Server version: 5.7.14-google (Google)
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.05 sec)
However, using docker it just hangs:
docker run --rm -it --name mysql -e MYSQL_RANDOM_ROOT_PASSWORD=yes mysql \
mysql -u root -p$DB_PASSWORD -h $DB_HOST --port=$DB_PORT
mysql: [Warning] Using a password on the command line interface can be insecure.
show databases;
^C
^C
exit
exit
^C
and have to docker container stop mysql from another terminal window for it to exit the mysql container.
I tried even attaching to the container and run the same command to no avail. Tried connecting to an AWS MySQL instance and Google Cloud SQL instance, also tried to enter variables directly in the command line all with the same result. Why is it hanging and how can I make it work? Thanks!
Try expose the default port for MySQL
docker run -p 3306:3306 ...
I was using Google Cloud SQL and the IP address needed to be whitelisted for it to allow access. So adding that solved the connection issue.
I tried all the ways but below step has resolved my issue.
run command inside container
dpkg-reconfigure tzdata
it will ask you to select for Geographical area and Time zone, then you are done.
I am not able to connect a MySQL server remotely.
The connection seems to be ok because with telnet [ip] [port] I get response:
4.1.3b-beta-nt-max▒ <0v '[uZ,? B {efSLa $, Q4N
When executed by command line or by MySQL Workbench 6.3
mysql -u [user] -p -h [host]
I get the same error:
ERROR 2027 (HY000): Malformed packet
It is a mysql client bug, I've searched about it and it is a old auth switch request. Your client it is out of date, using a old protocol communication, now, if it is a Workbench problem too your just the Client, you need to update or downgrade the MySQL Client first and try to run it alone.
Here, it is the same question with a more complete answer:
https://dba.stackexchange.com/questions/135343/server-responds-with-empty-packet-during-session-negotiation-resulting-in-client
And, for the new Auth protocol, on connection phase:
https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html
You must upgrade the "old_password" hashed password:
SET PASSWORD FOR 'existinguser'#'localhost' = PASSWORD('existingpass');
So you can login in an "old" MySQL server, using a recent Workbench version
If you need to connect to pre-4.1 MySQL servers from later MySQL versions (5.7+), you will need to use "--skip-secure-auth" option from the client. And the client version cannot be newer than v5.7.4 because this option had been removed in 5.7.5. You can download version 5.7.4_m14 from mysql's archive website. For example,
$ mysql -uuser -p -hserver --skip-secure-auth
I had the same error trying to connect to a MariaDB server with the MySQL client mysql-client. I solved it by installing mariadb-client (that overwrites the mysql binary, so use the same command to connect).
I did face this issue for normal select query. It was weird that when I was using small-case 's' in the query statement, it was giving me the same error. The I figured out that this happens as internally it is trying to retrieve the data from mysql cache.
It was not because of the case of 's' in the select query.
//Returned Error
select * from foo;
//This worked fine
Select * from foo;
//This also worked fine
select SQL_NO_CACHE * from foo;
From this I was able to conclude that it was the issue as it was using Cached data.
I've faced the same issue with latest MySQL Client (>5.7) while trying to connect lower versions of MySQL like 5.1.xx.
To avoid this issue (ERROR 2027 (HY000): Malformed packet), create a user with latest password authentication.
ex:
Login to MySQL 5.1.xx server and execute..
mysql> create user 'testuser'#'xx.xx.xxx.%' identified by 'testuser_Secret1';
Check if you have old_passwords enabled, then disable it for that session.
mysql> show session variables like 'old_passwords';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| old_passwords | ON |
+-----------------+-------+
mysql> set session old_passwords = 0;
mysql> GRANT select on test.* TO 'testuser'#'xx.xx.xxx.%' identified by 'testuser_Secret1';
Verify password that should begin with "*SOMETHING1123SHOWNBELOW3034".
mysql> select user,host,password from mysql.user where user = 'testuser';
+-----------+---------------+-------------------------------------------+
| user | host | password |
+-----------+---------------+-------------------------------------------+
| testuser | xx.xx.xxx.% | *053CB27FDD2AE63F03D4A0B919E471E0E88DA262 |
+-----------+---------------+-------------------------------------------+
Now try logging from MySQL 5.7.xx Client and try to establish a connection to MySQL 5.1.xx server.
[testuser#localhost]# mysql -V
mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using EditLine wrapper
[testuser#localhost]# mysql -hxx.xx.xxx.xxx -u testuser -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1528853
Server version: 5.1.73-log Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
For the people that has this error when the execute the query (not when connecting to DB), the problem is the cache configuration in database.
You can find the bug description here:
https://bugs.mysql.com/bug.php?id=86318
The solution:
disable the cache configuration:
query_cache_limit = 0
query_cache_size = 0
query_cache_type = 0
In the long term there are no negative repercussions, since the latest versions of MySQL no longer support this feature. With little data the cache works correctly, but in large quantities it generates a bottleneck.
More info about the cache removed from mysql 8.0:
https://mysqlserverteam.com/mysql-8-0-retiring-support-for-the-query-cache/
i solved this issue. i was facing this issue in my PHP 7.2. First i created a new user and upgrade it in my script. Then i upgrade PHP 7.2 to 7.3. And it worked. :)
The problem I have is when I get into the commandline for mysql I enter as ''#'localhost' and have no access to anything useful, I'm trying at the moment to get data back to a php page so I need a valid username and password. Is there a way I can create a user account with my feeble resources? Is there a way I can enter the MySQL commandline as root?
Any help appreciated.
If you user is root without any password (like a default MySQL setup), you should be able to connect using:
mysql --user=root
If you need to specify pwd as password:
mysql --user=root -ppwd
Check MySQL command line guide for other details.
When you install MySQL, it asks you to enter credentials for the root user.
If you had not done something like that, I recommend you to reinstall.
Moreover, I would recommend you to use a good package like PHPMyadmin to simplify your operations with databases.
http://www.phpmyadmin.net/home_page/news.php
You could also try Xampp, which has everything in a package - PHP, Tomcat, Mercury , Filezilla, PHPMyadmin and more if you'd like. You will spend almost 0 time configuring anything.
http://www.apachefriends.org/en/xampp.html
Previously, I was getting Access denied... errors for every command, but I was able to resolve the issue after reading RobbieE's suggestion and this documentation:
First, start mysql from the command line as the root user; this is the solution to your original question:
mysql -u root
Now if you'd like to password-protect root...
To see which accounts exist and check their passwords, execute:
SELECT User, Host, Password FROM mysql.user;
You should see an ASCII table, something like this:
+------+--------------------+----------+
| User | Host | Password |
+------+--------------------+----------+
| root | localhost | |
| root | 127.0.0.1 | |
| | localhost | |
+------+--------------------+----------+
Finally, set the password for each root user a la:
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('plaintext-password');
Re-execute statement 2 to verify the password was set correctly. You now have a useful and protected MySQL user for localhost. Do this again for 127.0.0.1 and any other hosts you may have.
Does anyone know why I get this error when running mysqlimport?
mysqlimport -u someone -pwhatever --columns=a,b,c,d,e bar /var/tmp/baz.sql
mysqlimport: Error: 1045, Access denied for user 'someone'#'%' (using password: YES), when using table: baz
However...
mysql -u someone -pwhatever
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 199
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show grants;
+------------------------------------------------------------------------------------------------------------+
| Grants for someone#% |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'someone'#'%' IDENTIFIED BY PASSWORD '*BLAHBLAHBLAH' |
| GRANT ALL PRIVILEGES ON `bar`.* TO 'someone'#'%' |
+------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
You can avoid the need for the extra privileges by using the --local parameter to mysqlimport:
--local, -L
Read input files locally from the client host.
OK, it turns out that the FILE privilege is a "global" privilege, which apparently means you can't selectively enable it on certain databases, tables. etc. That's why my previous grant statement on bar.* had no effect:
GRANT ALL PRIVILEGES ON `bar`.* TO 'someone'#'%'
You need to grant FILE privileges on *.*:
GRANT FILE ON *.* to 'someone'#'%';
Hope this helps someone.
Some would instead opt for this command, skipping the extra FILE grant.
mysql -u username -p <yourdbname> < yourfile.sql
mysqlimport is a command-line interface to the LOAD DATA INFILE statement, for which you need the 'FILE' privilege (server level).
From LOAD DATA INFILE syntax:
Also, to use LOAD DATA INFILE on server files, you must have the FILE privilege.
TLDR: Use the `--set-gtid-purged=OFF` Arg in MySQLDump
When doing mysqldump -u username -p to create the file you're going to import elsewhere, throw in the argument of --set-gtid-purged=OFF.
GTIDs are needed for replication, and probably don't apply to what you're doing if you just want to copy/paste DB 1 to DB 2.
General Debugging Help
My debugging process here was a little bit different than what others have done. I suggest this to debug: Change your .sql to the simplest possible thing, maybe just one single CREATE TABLE statement, and see if it runs.
If it runs, then these are things that you want to remove from your SQL import file:
Any line setting ##GLOBAL.GTID.
SET #MYSQLDUMP_TEMP_LOG_BIN = ##SESSION.SQL_LOG_BIN;
SET ##SESSION.SQL_LOG_BIN= 0;
SET ##SESSION.SQL_LOG_BIN = #MYSQLDUMP_TEMP_LOG_BIN;
As you can see, it's a lot of GTID stuff, which is transaction ID info used for doing replication. So, these are important when doing server replication, but not when doing basically a copy-paste of one DB to another DB, and in that case we can drop them.
I lost my MySQL username and password. How do I retrieve it?
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
Unfortunately your user password is irretrievable. It has been hashed with a one way hash which if you don't know is irreversible. I recommend go with Xenph Yan above and just create an new one.
You can also use the following procedure from the manual for resetting the password for any MySQL root accounts on Windows:
Log on to your system as Administrator.
Stop the MySQL server if it is running. For a server that is running as a Windows service, go to
the Services manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Then find the MySQL service in the list, and stop it. If your server is
not running as a service, you may need to use the Task Manager to force it to stop.
Create a text file and place the following statements in it. Replace the password with the password that you want to use.
UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
FLUSH PRIVILEGES;
The UPDATE and FLUSH statements each must be written on a single line. The UPDATE statement resets the password for all existing root accounts, and the FLUSH statement tells the server to reload the grant tables into memory.
Save the file. For this example, the file will be named C:\mysql-init.txt.
Open a console window to get to the command prompt:
Start Menu -> Run -> cmd
Start the MySQL server with the special --init-file option:
C:\> C:\mysql\bin\mysqld-nt --init-file = C:\mysql-init.txt
If you installed MySQL to a location other than C:\mysql, adjust the command accordingly.
The server executes the contents of the file named by the --init-file option at startup, changing each root account password.
You can also add the --console option to the command if you want server output to appear in the console window rather than in a log file.
If you installed MySQL using the MySQL Installation Wizard, you may need to specify a --defaults-file option:
C:\> "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" --init-file=C:\mysql-init.txt
The appropriate --defaults-file setting can be found using the Services Manager:
Start Menu -> Control Panel -> Administrative Tools -> Services
Find the MySQL service in the list, right-click on it, and choose the Properties option. The Path to executable field contains the --defaults-file setting.
After the server has started successfully, delete C:\mysql-init.txt.
Stop the MySQL server, then restart it in normal mode again. If you run the server as a service, start it from the Windows Services window. If you start the server manually, use whatever command you normally use.
You should now be able to connect to MySQL as root using the new password.
An improvement to the most useful answer here:
1] No need to restart the mysql server
2] Security concern for a MySQL server connected to a network
There is no need to restart the MySQL server.
use FLUSH PRIVILEGES; after the update mysql.user statement for password change.
The FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
The --skip-grant-options enables anyone to connect without a password and with all privileges. Because this is insecure, you might want to
use --skip-grant-tables in conjunction with --skip-networking to prevent remote clients from connecting.
from: reference: resetting-permissions-generic
Do it without down time
Run following command in the Terminal to connect to the DBMS (you need root access):
sudo mysql -u root -p;
run update password of the target user (for my example username is mousavi and it's password must be 123456):
UPDATE mysql.user SET authentication_string=PASSWORD('123456') WHERE user='mousavi';
at this point you need to do a flush to apply changes:
FLUSH PRIVILEGES;
Done! You did it without any stop or restart mysql service.
While you can't directly recover a MySQL password without bruteforcing, there might be another way - if you've used MySQL Workbench to connect to the database, and have saved the credentials to the "vault", you're golden.
On Windows, the credentials are stored in %APPDATA%\MySQL\Workbench\workbench_user_data.dat - encrypted with CryptProtectData (without any additional entropy). Decrypting is easy peasy:
std::vector<unsigned char> decrypt(BYTE *input, size_t length) {
DATA_BLOB inblob { length, input };
DATA_BLOB outblob;
if (!CryptUnprotectData(&inblob, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &outblob)) {
throw std::runtime_error("Couldn't decrypt");
}
std::vector<unsigned char> output(length);
memcpy(&output[0], outblob.pbData, outblob.cbData);
return output;
}
Or you can check out this DonationCoder thread for source + executable of a quick-and-dirty implementation.
If you have root access to the server where mysql is running you should stop the mysql server using this command
sudo service mysql stop
Now start mysql using this command
sudo /usr/sbin/mysqld --skip-grant-tables --skip-networking &
Now you can login to mysql using
sudo mysql
FLUSH PRIVILEGES;
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('MyNewPass');
Full instructions can be found here http://www.techmatterz.com/recover-mysql-root-password/
Login MySql from windows cmd using existing user:
mysql -u username -p
Enter password:****
Then run the following command:
mysql> SELECT * FROM mysql.user;
After that copy encrypted md5 password for corresponding user and there are several online password decrypted application available in web. Using this decrypt password and use this for login in next time.
or update user password using flowing command:
mysql> UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
Then login using the new password and user.
After MySQL 5.7.6 and MariaDB 10.1.20 (currently in 2022) you can:
Update a mysql user password having access to root user
ALTER USER 'some_user_name'#'localhost' IDENTIFIED BY 'a_super_secure_password';
Update mysql root user
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';
List all users
select user from mysql.user;
IF you happen to have ODBC set up, you can get the password from the ODBC config file. This is in /etc/odbc.ini for Linux and in the Software/ODBC folder in the registry in Windows (there are several - it may take some hunting)
Save the file. For this example, the file will be named C:\mysql-init.txt.
it asking administrative permisions for saving the file
Although a strict, logical, computer science'ish interpretation of the op's question would be to require both "How do I retrieve my MySQL username" and "password" - I thought It might be useful to someone to also address the OR interpretation. In other words ...
1) How do I retrieve my MySQL username?
OR
2) password
This latter condition seems to have been amply addressed already so I won't bother with it. The following is a solution for the case "How do i retreive my MySQL username" alone. HIH.
To find your mysql username run the following commands from the mysql shell ...
SELECT User FROM mysql.user;
it will print a table of all mysql users.