Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I'm writing a script to perform some database maintenance, and MySQL is not accepting the username I'm trying to pass it.
I have a MySQL user and database named 'abc_wpsites', as well as a user and database named 'abc_wpsitesdev'. Here, I'm trying to access abc_wpsitesdev, but MySQL continually attempts to access with the account 'abc_wpsites' instead.
abc.com [~]# mysql -uabc_wpsitesdev --password='(redacted)' -h localhost abc_wpsitesdev
ERROR 1045 (28000): Access denied for user 'abc_wpsites'#'localhost' (using password: YES)
abc.com [~]# mysql --user='abc_wpsitesdev' --password='(redacted)' -h localhost abc_wpsitesdev
ERROR 1045 (28000): Access denied for user 'abc_wpsites'#'localhost' (using password: YES)
abc.com [~]# mysql --user='abc_wpsitesfff' --password='(redacted)' -h localhost abc_wpsitesdev
ERROR 1045 (28000): Access denied for user 'abc_wpsites'#'localhost' (using password: YES)
Notice how each attempt at experimenting with the username still results in an attempt to access MySQL via the 'abc_wpsites' account. Any thoughts on what's going on here?
Also, I should mention that I can connect via other methods with the appropriate credentials (e.g. via MySQL), so this seems to be some sort of problem with my understanding/the operation of MySQL's CLI interface.
I wouldn't suggest passing your login information that way. This means your password is
Visible in the processlist (some distro's will filter that but)
It's either stored in a crontab or your bash .history file
Instead create at script.cnf file that is NOT world readable.
The contents will look like
[client]
user=abc_wspitesdev
password=your_password
Change your command line call to
mysql --defaults-file=/path/to/script.cnf -h localhost abc_wpsitesdev
mysql
Edit
Your other comment said you could connect as other users. If you have root access to this db run
select user, host, passowrd from mysql.users;
Compare the one that's not working with others that are.
The passwords that are stored will be hashes of the actual values. Are they all the same length? If one is significantly longer or shorter it could be the password was stored with an old password hashing method used in versions 4.x and earlier.
What is the host for the account you are trying to connect through? Is it 'localhost' or an IP address? If it is your IP address this likely might be the problem. Since your command line call is connecting to localhost this will tell it to connect through a unix socket (/var/lib/mysql/mysql.sock perhaps). MySQL differentiates these connections from ones coming through the TCP stack.
You could alternatively specify your full (non 127.0.0.1) IP address on the commandline if this is the case like
mysql -u blah -pblah -h 1.2.3.4
"Where" is user "abc_wpsitesdev" allowed to connect from as opposed to where the "abc_wpsites" user is allowed to connect from -- any difference?
If you did "grant all privileges on abcwpsitedev to 'abc_wpsitesdev'#'%' identified by 'thedevpassword';" that won't work for accessing from localhost as explained in the last pargraph in the post from the manual below:
From the MySQL manual:
After connecting to the server as root, you can add new accounts. The following statements use GRANT to set up four new accounts:
mysql> GRANT ALL PRIVILEGES ON . TO 'monty'#'localhost'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON . TO 'monty'#'%'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON . TO 'admin'#'localhost';
mysql> GRANT USAGE ON . TO 'dummy'#'localhost';
The accounts created by these statements have the following properties:
Two of the accounts have a user name of monty and a password of some_pass. Both accounts are superuser accounts with full privileges to do anything. The 'monty'#'localhost' account can be used only when connecting from the local host. The 'monty'#'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.
It is necessary to have both accounts for monty to be able to connect from anywhere as monty. Without the localhost account, the anonymous-user account for localhost that is created by mysql_install_db would take precedence when monty connects from the local host. As a result, monty would be treated as an anonymous user. The reason for this is that the anonymous-user account has a more specific Host column value than the 'monty'#'%' account and thus comes earlier in the user table sort order. (user table sorting is discussed in Section 5.5.4, “Access Control, Stage 1: Connection Verification”.)
the problem with your line
mysql -uabc_wpsitesdev --password='(redacted)' -h localhost abc_wpsitesdev
is, that you need a space after -u
(and no space after -p)
this is the form I use:
mysql -u abc_wpsitesdev -p(redacted) -h localhost abc_wpsitesdev
Related
I have a mysql database running on k8s cluster inside pod. it was previously listing all the databases when i login through mysql -u root -p and then entering password. But my application was not able to connect to that database and was showing 1045, "Access denied for user 'root'#'ipaddress' (using password: YES)" there was just one host which is % and user was root
i have updated secrets as well and restart deployment but still it was showing the above error.
then i ran this command to grant all privileges to root user
GRANT ALL ON root.* TO 'root'#'localhost' IDENTIFIED BY 'password';
it creates one more host for root which is localhost. Now when i try to login with
mysql -u root -p
it is not listing my databases and just showing
And now host is localhost. what should i do to get my database back.
In MySQL permissions are granted for "accounts" which consist of a user name and a host name [1]. So in terms of GRANTS:
myuser#127.0.0.1
myuser#192.168.1.1
The above are two different users. The wildcard in terms of permissions is %. However % and localhost are mutually exclusive as explained here.
So having that in mind you would need to run something close to:
CREATE USER 'root'#'%' IDENTIFIED BY 'changeme';
GRANT ALL PRIVILEGES ON your_database_name.* TO 'root'#'%';
In order to enable connections coming from a different host. Please keep in mind that using the username root should be avoided. Instead, use a dedicated user for your needs.
I'm trying to connect to a mariadb server remotelly using terminal, but I get a little issue about that.
Preconditions
I have connection to my remote server, and I can enter inside maria db using the next command
mysql -u root -p**** and I enter without problems.
Also I have commented this line of my.conf from the #bind-address = 127.0.0.1.
When I'm trying to do this from my computer mysql -u root -h mariadb.testing.des -p**** I get the following error in console
ERROR 1045 (28000): Access denied for user 'root'#'mariadb.testing.des' (using password: YES)
Why am I getting two different results using the same user? What am I doing wrong?
Thanks for the help,
Jaster.
It's not enough to ensure your server is reachable from remote. You also have to create a user which has privileges for the remote access to your desired schema. I strongly recommend not to create a remote root user with access to all. Best practice is to create a remote user for every single scheme.
In example:
CREATE USER 'jeffrey'#'my.remote.host' IDENTIFIED BY 'mypass';
GRANT ALL ON jeffreys_db.* TO 'jeffrey'#'my.remote.host';
See also:
https://dev.mysql.com/doc/refman/5.7/en/create-user.html
https://dev.mysql.com/doc/refman/5.7/en/grant.html
I have the current setup:
SVR01:
Ubuntu Trusty, with Xen
VM01:
IP: 192.168.0.10
Ubuntu Trusty, with Apache2 + php modules
VM02:
IP: 192.168.0.11
Ubuntu Trusty, with mysql server
When I try connecting from VM01 (The apache server) to mysql on VM02, I get the "Access Denied for 'NewUser'#'192.168.0.10' (Using password: YES)" error.
I created the user using:
CREATE USER 'NewUser'#'192.168.0.10' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'192.168.0.10';
But, it will work if I create the user using the host wildcard:
CREATE USER 'NewUser'#'%' IDENTIFIED BY 'password';
GRANT EXECUTE ON mydb.* TO 'NewUSer'#'%';
Does anyone know why it won't work when I specify the host ip?
PS. I get the error when trying to connect either through the Mysql client, or through the PHP PDO.
Follow up questions:
Does the grant seem to work if you create a user with a 192.168.0.% wildcard host mask?
Run select user, host, password from mysql.user where user='NewUser' to ensure there's not another user#host you weren't aware of that might be getting picked up?
Does the Access denied messages in your error logs confirm the failed connection attempts are in fact coming from the IP you think it is? Some weirdness like this might pop up if you have multiple routes setup in a system that has multiple network interfaces or perhaps some VPN routes in the mix.
When attempting connections to VM02 are you using a literal IP address or a hostname? If the later are you sure this is resolving to the IP you think it is from VM01 (you can verify using ping or just the host command from the command line)
Run "show variables like 'init_connect';" on the root account you were creating the users with. If that value is not blank you will want to ensure the accounts of permissions required to execute whatever that value does hold.
First off, I did google this but sites are flooded with advice on how to deal with "host name is blocked" issues. (https://www.google.com/search?q=mysql+block+a+host). My issue is a little bit the opposite of that.
With me, I am running a MySQL database and no PHP is involved.
I need to block a certain host-name/IP address from connecting to my database, then I will unblock it. I am hoping there are 2 simple queries for this that I can execute on the MySQL database, I just can't seem to find it anywhere.
I can find the hostnames pretty easily by running the show processlist query and I know I can kill one process at a time, but so many new threads pop up that if I can just block all of them from a certain hostname, that would be ideal. Then I will unblock once I fix a few things.
You can use GRANT to give a non-privileged entry for a user connecting from a specific host, even if you have GRANTed privileges to a wildcard including that host. When authenticating, the most specific host match takes precedence.
For example, suppose you enabled a user to connect from a range of hosts on your local subnet:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user'#'192.168.56.%' IDENTIFIED BY 'xyzzy';
Then you could grant the minimal USAGE privilege, which is a synonym for "no privileges" for that user for one specific host within that subnet:
mysql> GRANT USAGE ON *.* TO 'user'#'192.168.56.110';
Subsequent attempts to connect from that host get this error:
$ mysql -uuser -pxyzzy
ERROR 1045 (28000): Access denied for user 'user'#'192.168.56.110' (using password: YES)
The reason this gets an error is that I did this grant for the user with no password. If I try to submit a password, this doesn't match the entry in the privileges table.
Even if the user tries to connect without using a password, he finds he has no access to anything.
$ mysql -uuser
mysql> USE mydatabase;
ERROR 1044 (42000): Access denied for user 'user'#'192.168.56.110' to database 'mydatabase'
You can undo the blocking:
mysql> DELETE FROM mysql.user WHERE host='192.168.56.110' AND user='user';
mysql> FLUSH PRIVILEGES;
And then the IP range will come back into effect, and the user will be able to connect from thathost again.
You can revoke privileges as mentioned above, but this will still allow a user to make a connection to your MySQL server - albeit this will prevent that user from authenticating. If you really want to block/allow connections to your MySQL server based on IP, use iptables.
Have you tried using MySQL Workbench?
You can simply remove ROLES for a specific User/Host from there.
In MySQL I create two users:
CREATE USER 'Bob'#'localhost' IDENTIFIED by 'p'
CREATE USER 'Alice'#'%' IDENTIFIED by 'a'
And then, when I try to connect with: "mysql -u Alice -p" it fails, telling me
Error 1045 (28000) Access denied for user 'Alice'#'localhost'
T
The same with Bob.
Anyone knows why occur this?
EDIT:
MySQL asks for the password, and the I putand give me that error.
EDIT 2: I am connecting in remote, not in local, so the only that must work is Alice.
Log in as root and do this:
GRANT ALL privileges ON *.* TO Bob#localhost IDENTIFIED BY 'p' WITH GRANT OPTION;
According to a comment in Using % for host when creating a MySQL user,
Actually there is, 'localhost' is special in mysql, it means a
connection over a unix socket (or named pipes on windows I believe) as
opposed to a TCP/IP socket. using % as the host does not include
'localhost' – nos May 30 '12 at 20:45
As a result, if your mysql -u alice... command connects using a Unix socket rather than at 127.0.0.1, you'll need to
CREATE USER 'Alice'#'localhost' IDENTIFIED by 'a'
did you tried flushing privileges with that command ?
FLUSH PRIVILEGES;