I'm trying to change the mysql root password on my machine. Another engineer created the password and left the company so I don't have access. I'd rather not have to reinstall the whole shebang.
I'm trying to follow the instructions here: http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html
But when I execute the command on step 2 of the "Resetting the Root Password: Unix Systems" instructions I get the following error:
FitValet-MacBook-Pro:~ fitvalet$ kill `cat /usr/local/mysql/data/FitValet-MacBook-Pro.local.pid`
cat: /usr/local/mysql/data/FitValet-MacBook-Pro.local.pid: Permission denied
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
And I can't figure it out for the life of me...permission is denied? How can I get past this? Thanks!
Try adding sudo in front of the kill and cat commands. Like this:
sudo kill `sudo cat /usr/local/mysql/data/FitValet-MacBook-Pro.local.pid`
It will then ask you for the root password for your Mac (not mysql). Enter it, and the command should execute without giving you a permission denied error.
Related
Screenshot of the installation process
As you can see at the image (link above) I started an installation of mysql by typing
mysql_secure_installation
on the Ubuntu 20.04 terminal.
But now I just want to cancel (exit) the installation. The process is now in the password setting section (like in the image above).
I tried ctrl+x, ctrl+q, ctrl+d, ESC but none of them worked.
Should I just close the terminal window? (I want that nothing will be saved of the process)
I'm waiting for your help, thanks in advance.
The Solution
From another terminal:
sudo kill $(ps aux | grep mysql_secure_installation | grep -v grep | awk '{print $2}')
Per qt-x's comment, if your system supports pgrep you can use:
sudo kill $(pgrep mysql_secure_installation)
You can then run 'mysql_secure_installation' again. But you may want to read the "Why I Know This" section below first....., which may explain why you have to exit 'mysql_secure_installation' in the first place [for some people].
Why I Know This
For some reason, recently I've had to set my root password first before running this script:
> mysql
mysql> ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';
Or I end up in an endless loop where I can't set the password, and the message is:
Failed! Error: SET PASSWORD has no significance for user ‘root’#’localhost’ as the authentication method used doesn’t store authentication data in the MySQL server
ctrl+c will work, but only at the following position:
Do you wish to continue with the password provided?(Press y|Y for Yes,
any other key for No) :
Maybe a simpler command to kill mysql_secure_installation
sudo pkill -f mysql_secure_installation
pgrep -af mysql_secure_installation to get the current state.
very easy, just type ctrl+c
it worked for me, don't know about you
I'm trying to setup a backup system for MySQL from PHP by using mysqldump command but I'm having a Permission denied error.
I'm on MacOS Catalina 10.15.6, using system PHP and Homebrew mysql#57.
After many attempts, I could reproduce this issue in Terminal. If I run the command as me, it works fine and the backup file is correctly created, but when I run it as _www I get the error.
This works:
% mysqldump --defaults-extra-file="crd" --extended-insert mydb > backup.sql.gz
And this does not work:
% sudo -u _www mysqldump --defaults-extra-file="crd" --extended-insert mydb > backup.sql.gz
sudo: unable to execute /usr/local/opt/mysql#5.7/bin/mysqldump: Permission denied
I checked and mysqldump can be executed by user, group and other:
% ls -la /usr/local/opt/mysql#5.7/bin | grep mysqldump
-r-xr-xr-x 1 jbogdani staff 3853364 Aug 17 21:22 mysqldump
Other attempts to provide username and password in the command also fail.
mysqldump will need a password for the mysql user root. If you don't supply that password it won't work, sudo or no sudo.
instead of using sudo -u _www just execute it with current mysql user account.
if you need further reading
You need to use a full path on the output.
You do not have permissions to write to /usr/local/opt/mysql#5.7/bin/backup.sql.gz. Specify full path of the target backup archive to another directory
I think you'll find the _www user is restricted in some way. It might not have a valid shell, it might be locked, or there might be apparmour/selinux restrictions preventing it from running.
Check the output of dmesg and /var/log/secure for useful logs, otherwise check and change the shell and status of the user using usermod to find and isolate the issue.
Make sure you consider the security ramifications before doing anything in production though.
I am trying to automate mysql_secure_installation script with automated response. My code is as follows :
echo "& y y abc abc y y y y" | ./usr/bin/mysql_secure_installation
The actual questions which i am automating are as follows:
Enter current password for root (enter for none): <enter>
Set root password? [Y/n] y
New password: abc
Re-enter new password: abc
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
But it gives me an error "Sorry you cannot use an empty password here" but in the screen i used to press the return key for the first question.
I stumbled upon this question but decided to run the queries manually through a Bash script:
#!/bin/bash
# Make sure that NOBODY can access the server without a password
mysql -e "UPDATE mysql.user SET Password = PASSWORD('CHANGEME') WHERE User = 'root'"
# Kill the anonymous users
mysql -e "DROP USER ''#'localhost'"
# Because our hostname varies we'll use some Bash magic here.
mysql -e "DROP USER ''#'$(hostname)'"
# Kill off the demo database
mysql -e "DROP DATABASE test"
# Make our changes take effect
mysql -e "FLUSH PRIVILEGES"
# Any subsequent tries to run queries this way will get access denied because lack of usr/pwd param
Since mysql_secure_installation is just a Bash script, just check out the raw source code as shown here. Look for the lines that read, do_query (note that extra space I placed after do_query; need to find queries versus the function) and then you can find these commands.
UPDATE mysql.user SET Password=PASSWORD('root') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
Note that for this example, I have the password being set to root but feel free to change that to match your setup needs. Anyway, take that simply pile of MySQL commands and save it in a file named mysql_secure_installation.sql.
With that done, just run the following command via script to secure the MySQL install:
mysql -sfu root < "mysql_secure_installation.sql"
The s silences errors and the f forces the commands to continue even if one chokes. The u relates to the username that immediately follows it which—in this case—is clearly root.
Run that in a deployment script where MySQL is installed initially without a password and you are all set to lock it down without any keyboard interaction.
PS: This script was put together to secure a MySQL installation on Ubuntu 14.04 which was installed with the export DEBIAN_FRONTEND=noninteractive set and the actual install command being set to sudo -E aptitude install -y --assume-yes -q mysql-server mysql-client. Doing that will cleanly install MySQL on Ubuntu without a password; which is nice for deployment scripts. This mysql -sfu root < "mysql_secure_installation.sql" just locks it all down in seconds after that install happens.
I just did this on CentOS 6.7 with the following:
mysql_secure_installation <<EOF
y
secret
secret
y
y
y
y
EOF
You can try to use expect, that automates interactive applications.
Look at this automating mysql_secure_installation or at my modification.
Here is an automated script for a fresh MySQL 5.7 installation based on #Giacomo1968's answer. Works fine on CentOS 7.5.1804.
yum localinstall -y https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
yum install -y mysql-community-server
# start mysql service
service mysqld start
# get Temporary root Password
root_temp_pass=$(grep 'A temporary password' /var/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
echo "root_temp_pass:"$root_temp_pass
# mysql_secure_installation.sql
cat > mysql_secure_installation.sql << EOF
# Make sure that NOBODY can access the server without a password
UPDATE mysql.user SET Password=PASSWORD('yourrootpass') WHERE User='root';
# Kill the anonymous users
DELETE FROM mysql.user WHERE User='';
# disallow remote login for root
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# Kill off the demo database
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
# Make our changes take effect
FLUSH PRIVILEGES;
EOF
mysql -uroot -p"$root_temp_pass" --connect-expired-password <mysql_secure_installation.sql
sudo mysql -e "SET PASSWORD FOR root#localhost = PASSWORD('123');FLUSH PRIVILEGES;"
printf "123\n n\n n\n n\n y\n y\n y\n" | sudo mysql_secure_installation
Enter current password for root (enter for none)? (I have 123 set for root)
Switch to unix_socket authentication? n
Change the root password? n
Remove anonymous users? n
Disallow root login remotely? y
Remove test database and access to it? y
Reload privilege tables now? y
Version:
mysql Ver 15.1 Distrib 10.4.6-MariaDB, for osx10.14 (x86_64) using readline 5.1
It's not necessary to use expect or to fish the SQL commands out of the source code (although if you want to, the C++ file you are looking for is here: https://github.com/mysql/mysql-server/blob/7ed30a748964c009d4909cb8b4b22036ebdef239/client/mysql_secure_installation.cc)
If you are happy with the defaults in mysql_secure_installation (the most secure option is always the default) then you can use the --use-default option to skip most of the interaction. mysql_secure_installation will still ask you for a root password interactively if one is not set, so you can just script that away by setting it before calling mysql_secure_option.
Here's an example:
mysql -u root <<EOF
SET PASSWORD FOR root#localhost = '${ROOT_PASSWORD}';
FLUSH PRIVILEGES;
EOF
mysql_secure_installation -u root --password="${ROOT_PASSWORD}" --use-default
I had the same problem.
Replacing the echo command to use -e and \n seems to have fixed it.
echo -e "\ny\ny\nabc\nabc\ny\ny\ny\ny\n" | ./usr/bin/mysql_secure_installation
Works for AWS. Amazon Linux 2 AMI.
Custom settings to start an instance (AWS User data):
#!/bin/bash
sudo yum -y update &> /dev/null
wget https://repo.mysql.com/mysql80-community-release-el7-1.noarch.rpm &> /dev/null
sudo yum -y localinstall mysql80-community-release-el7-1.noarch.rpm
sudo yum -y install mysql-community-server &> /dev/null
sudo service mysqld start
# get Temporary root Password
root_temp_pass=$(sudo grep 'A temporary password' /var/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
echo "root_temp_pass: " $root_temp_pass
# mysql_secure_installation.sql
sudo cat > mysql_secure_installation.sql << EOF
# Make sure that NOBODY can access the server without a password
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourrootpass';
# Kill the anonymous users
DELETE FROM mysql.user WHERE User='';
# disallow remote login for root
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# Kill off the demo database
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
# Make our changes take effect
FLUSH PRIVILEGES;
EOF
sudo mysql -uroot -p"$root_temp_pass" --connect-expired-password <mysql_secure_installation.sql
sudo systemctl enable mysql
You could try this:
echo -e "\ny\ny\nabc\nabc\ny\ny\ny\ny" | ./usr/bin/mysql_secure_installation
Just tested this on Ubuntu Bionic 18.04LTS
Step #1
export MYPWD="D33Ps3CR3T";
export NEWPWD="D33P3Rs3CR3T";
Step #2
# First time **ever**
sudo mysql_secure_installation 2>/dev/null <<MSI
n
y
${MYPWD}
${MYPWD}
y
y
y
y
MSI
# Did it work?
mysql -u root -p${MYPWD} -e "SELECT 1+1";
# -------
Step #3
# Every subsequent time
sudo mysql_secure_installation 2>/dev/null <<MSI2
${MYPWD}
n
y
${NEWPWD}
${NEWPWD}
y
y
y
y
MSI2
# Just in case (optional) ....
sudo service mysql restart
# Did it work?
mysql -u root -p${NEWPWD} -e "SELECT 1+1";
You should be able to cut'n paste steps #2 & #3 directly into a terminal, after editing the before and after passwords from step #1.
Notes
If a root password has already been set step #2 will fail, so go to step #3
It's just a heredoc fed into the command
sudo is obligatory.
MSI has no particular meaning (it's collision avoidance; I use EOF elsewhere in the script)
MYPWD == NEWPWD is allowed
2>/dev/null hides the warning "stty: 'standard input': Inappropriate ioctl for device"
You can use &>/dev/null for fully silent mode.
I am using simple command to change root password after MySql installation ,But getting the Above error (signal 9 kill)
(FATAL: Chef::Exceptions::ChildConvergeError: Chef run process terminated by signal 9 (KILL)) Though the command works and password is changed the error is confusing.
script "change password" do
interpreter "bash"
user "root"
cwd "/tmp"
code <<-EOH
#MYSQL
root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
#Login as root change password
mysql -uroot -p"$root_temp_pass" -Be "ALTER USER 'root'#'localhost' IDENTIFIED BY 'Czt732ck#';" --connect-expired-password
EOH
end
I use following lines. Works fine for AWS Linux AMI 2018
db_root_password=Password4root
cat <<EOF | mysql_secure_installation
y
0
$db_root_password
$db_root_password
y
y
y
y
y
EOF
The top-voted solution is a bit of a hack, and is version, spin, and OS specific. Unfortunately the elegant solution (using --use-defaults) is not supported by the script shipped with RHEL9.
Here is a somewhat more compatible hack to extract the correct commands from the shipped script:
grep 'do_query ' /usr/bin/mariadb-secure-installation | \
sed -e 's/ *do_query \"//' -e 's/\"$//' \
-e "s/\$esc_pass/$db_admin_pass/" \
-e 's/([^;])$/\\1;/' | \
grep -v 'show create' | \
mysql --user=$db_admin_user
The first 2 sed commands strip off the do_query call from each SQL command.
The second line sets your new root password.
The third line adds a trailing semicolon to any SQL commands not so terminated; this is broken in the script shipped with RHEL9
The command assumes you provide the variables $db_admin_user and $db_admin_pass
The code was pulled from my puppet manifest so command quoting may differ depending on how you use it.
The mysql command needs root privileges (which it should inherit from your automation engine)
echo -e "${MARIADB_ROOT_PASSWORD}\nY\nn\nY\nn\nY\nY\n" | ./usr/bin/mysql_secure_installation
...did work for me, in my mariadb docker container. Without this call I could not get simple things like /etc/init.d/mariadb status running.
In Windows OS just search for 'mysql_secure_installation' application usually found in Drive:\MySQL_Install-DIR\bin\
By pressing WindowKey + R just run the command 'Drive:\MySQL_Install-DIR\bin\mysql_secure_installation'
When you run this command a window will pop up that will walk you through the process of securing your MySQL installation. That's it!
I'm trying to create a cron that daily backups my MySQL slave. The backup.sh content:
#!/bin/bash
#
# Backup mysql from slave
#
#
sudo mysql -u root -p'xxxxx' -e 'STOP SLAVE SQL_THREAD;'
sudo mysqldump -u root -p'xxxxx' ng_player | gzip > database_`date +\%Y-\%m-\%d`.sql.gz
sudo mysqladmin -u root -p'xxxxx' start-slave
I made it executable by sudo chmod +x /home/dev/backup.sh
and entered in to crontab by:
sudo crontab -e
0 12 * * * /home/dev/backup.sh
but it doesn't work, if I only run in the command line it works but not in crontab.
FIXED:
I used the script from this link: mysqldump doesn't work in crontab
Break the problem in half. First try sending only email from the cron job to see if you are getting it to even run. Put this above in a file and have your cron job point to it:
#!/bin/bash
/bin/mail -s "test subject" "yourname#yourdomain" < /dev/null
The good thing about using this tester is that it is very simple and more likely to give you some results. It does not depend on your current working directory, which can sometimes be not what you expect it to be.
Try use full link to mysql bin directory in .sh file
example :
sudo /var/lib/mysql -u root -p'xxxxx' -e 'STOP SLAVE SQL_THREAD;'
I had this same problem.
I figured out that you can't use the command sudo in a non-interactive script.
The sudo command would create a field where you would type in the password to your account (root).
If you are logged into a command prompt like ssh sudo works without typing in any passwords, but when another program runs sudo it would ask for password.
Try this instead su command doesn't require any logins and it does the same thing.
su --session-command="mysql -u root -p'xxxxx' -e 'STOP SLAVE SQL_THREAD;'" root
su --session-command="mysqldump -u root -p'xxxxx' ng_player | gzip > database_`date +\%Y-\%m-\%d`.sql.gz" root
su --session-command="mysqladmin -u root -p'xxxxx' start-slave" root
Replace root with your linux username.
EDIT:
Look at this thread for a different answer.
https://askubuntu.com/questions/173924/how-to-run-cron-job-using-sudo-command
Let's start with the silly stuff in the script.
The only command which you don't run via 'sudo' is the, spookily enough, only command which I would expect you might need to run via sudo (depending on the permissions of the target file).
Prefixing the commands in a script with sudo without a named user (i.e. running as root) serves no useful function if you are invoking the script as root.
On a typical installation, the mysql, mysqladmin and gzip programs are typically executable by any user - the authentication and authorization of the commands to the DBMS are authenticated by the DBMS using the authentication credentials passed as arguments - hence I would not expect that any of the operations here, except possibly writing to the output file (depending on its permissions).
You don't specify a path for the backup file - maybe it's writing it somewhere other than you expect?
(similarly, you should check if any of the executables are in a location which is not in the $PATH for the crontab execution environment).
but it doesn't work
....is not an error message.
The output of any command run via cron is mailed to the owner of the crontab - go read your mail.
i have downloaded and installed mySQL my double clicking on its icon. It was installed successfully.
When i goto startup and preference i see the icon of mysql added and when i click on it i see a screen where it says 'MySQL server instance is running'.
But when i open terminal and cd to /usr/local/mysql and then when i type sudo ./bin/mysqld_safe i was prompted for a password. and i have not added a password when i installed mySQL, so i tried leaving it blank, and then i tried various passwords to login but all attempts failed.
So now i need to know how to login to mySQL via the terminal ?
mysql version - 5.5.24-osx10.6x86_64
my Mac OS - 10.7.3
What I found installing mysql on MacOs, there are a few differences. One is that it installs it without a password. The other thing is that it by default allows for anonymous logins.
Use this to set the password:
mysqladmin -u root -h localhost password yourpassword
You can remove anonymous logins this way:
shell> mysql -u root -p
Enter password: (enter root password here)
mysql> DROP USER ''#'localhost';
mysql> DROP USER ''#'host_name';
The other thing is that I found that the install does not modify the path variable. What I did to run mysql from the command line was to add /usr/local/mysql/bin to path by adding it to /etc/paths or /etc/paths.d . This may be what you need in order to run mysql. Like someone said in the comments, mysqld_safe is one way to start the mysql server, and it seems that is already set to run.
Here are specific instructions to add something to /etc/paths.d
$ cd /etc/paths.d
$ cat > mysql
/usr/local/bin/mysql
(and then type Ctrl-D
that should put a file there)
you may have to sudo if you do not have permissions.
The sudo command, by default, lets anyone in the admin group run a command as root by giving his own password. That's why it asked for your password when you typed "sudo ./bin/mysqld_safe". It has nothing whatsoever to do with mysql.
If you don't have a password, you cannot use sudo in the default configuration. Either give yourself a password, or edit the sudoers file. (I would strongly suggest the former over the latter, especially if you have no idea what sudo does.)
For more information, type "man sudo" (and then "man sudoers") from your Terminal.
Meanwhile, the reason "it says -bash: mysql: command not found when i type mysql in the terminal" is because you've clearly installed it into /usr/local/mysql/bin/mysql, and that isn't on your path. If it were on your path, you could have just done "sudo mysqld_safe" above, instead of "sudo ./bin/mysqld_safe". Since it's not, you have to do "./bin/mysqld_safe".
For more information, consult a good primer on the Unix shell.
Finally, if you've got the mysql daemon running, and are trying to start the client, it's "mysql" that you want to run, not "mysqld_safe".