I am aware of this command:
GRANT ALL PRIVILEGES
ON database.*
TO 'user'#'yourremotehost'
IDENTIFIED BY 'newpassword';
But then it only allows me to grant a particular IP address to access this remote MySQL database. What if I want it so that any remote host can access this MySQL database? How do I do that? Basically I am making this database public so everyone can access it.
TO 'user'#'%'
% is a wildcard - you can also do '%.domain.example' or '%.123.123.123' and things like that if you need.
Enable Remote Access (Grant)
Home / Tutorials / Mysql / Enable Remote Access (Grant)
If you try to connect to your mysql server from remote machine, and run into error like below, this article is for you.
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
Change mysql config
Start with editing mysql config file
vim /etc/mysql/my.cnf
Comment out following lines.
#bind-address = 127.0.0.1
#skip-networking
If you do not find skip-networking line, add it and comment out it.
Restart mysql server.
~ /etc/init.d/mysql restart
Change GRANT privilege
You may be surprised to see even after above change you are not getting remote access or getting access but not able to all databases.
By default, mysql username and password you are using is allowed to access mysql-server locally. So need to update privilege. (if you want to create a separate user for that purpose, you can use CREATE USER 'USERNAME'#'localhost' IDENTIFIED BY 'PASSWORD';)
Run a command like below to access from all machines. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Run a command like below to give access from specific IP. (Replace USERNAME and PASSWORD by your credentials.)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
You can replace 1.2.3.4 with your IP. You can run above command many times to GRANT access from multiple IPs.
You can also specify a separate USERNAME & PASSWORD for remote access.
You can check final outcome by:
SELECT * from information_schema.user_privileges where grantee like "'USERNAME'%";
Finally, you may also need to run:
mysql> FLUSH PRIVILEGES;
Test Connection
From terminal/command-line:
mysql -h HOST -u USERNAME -pPASSWORD
If you get a mysql shell, don’t forget to run show databases; to check if you have right privileges from remote machines.
Bonus-Tip: Revoke Access
If you accidentally grant access to a user, then better have revoking option handy.
Following will revoke all options for USERNAME from all machines:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'%';
Following will revoke all options for USERNAME from particular IP:
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'#'1.2.3.4';
Its better to check information_schema.user_privileges table after running REVOKE command.
If you see USAGE privilege after running REVOKE command, its fine. It is as good as no privilege at all. I am not sure if it can be revoked.
To be able to connect with your user from any IP address, do the following:
Allow mysql server to accept remote connections. For this open mysqld.conf file:
sudo gedit /etc/mysql/mysql.conf.d/mysqld.cnf
Search for the line starting with "bind-address" and set it's value to 0.0.0.0
bind-address = 0.0.0.0
and finally save the file.
Note: If you’re running MySQL 8+, the bind-address directive will not be in the mysqld.cnf file by default. In this case, add the directive to the bottom of the file /etc/mysql/mysql.conf.d/mysqld.cnf.
Now restart the mysql server, either with systemd or use the older service command. This depends on your operating system:
sudo systemctl restart mysql # for ubuntu
sudo systemctl restart mysqld.service # for debian
Finally, mysql server is now able to accept remote connections.
Now we need to create a user and grant it permission, so we can be able to login with this user remotely.
Connect to MySQL database as root, or any other user with root privilege.
mysql -u root -p
now create desired user in both localhost and '%' wildcard and grant permissions on all DB's as such .
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
Then,
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
And finally don't forget to flush privileges
FLUSH PRIVILEGES;
Note: If you’ve configured a firewall on your database server, you will also need to open port 3306 MySQL’s default port to allow traffic to MySQL.
Hope this helps ;)
Assuming that the above step is completed and MySql port 3306 is free to be accessed remotely; Don't forget to bind the public ip address in the mysql config file.
For example on my ubuntu server:
#nano /etc/mysql/my.cnf
In the file, search for the [mysqld] section block and add the new bind address, in this example it is 192.168.0.116. It would look something like this
......
.....
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
bind-address = 192.168.0.116
.....
......
you can remove th localhost(127.0.0.1) binding if you choose, but then you have to specifically give an IP address to access the server on the local machine.
Then the last step is to restart the MySql server
(on ubuntu)
stop mysql
start mysql
or #/etc/init.d/mysql restart for other systems
Now the MySQL database can be accessed remotely by:
mysql -u username -h 192.168.0.116 -p
Config file changes are required to enable connections via localhost.
To connect through remote IPs, Login as a "root" user and run the below queries in mysql.
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' WITH GRANT OPTION;
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
This will create a new user that is accessible on localhost as well as from remote IPs.
Also comment the below line from your my.cnf file located in /etc/mysql/my.cnf
bind-address = 127.0.0.1
Restart your mysql using
sudo service mysql restart
Now you should be able to connect remotely to your mysql.
For anyone who fumbled with this, here is how I got to grant the privileges, hope it helps someone
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY
'yourRootPassword';
As noted % is a wildcard and this will allow any IP address to connect to your database. The assumption I make here is when you connect you'll have a user named root (which is the default though). Feed in the root password and you are good to go. Note that I have no single quotes (') around the user root.
Use this command:
GRANT ALL ON yourdatabasename.* TO root#'%' IDENTIFIED BY 'yourRootPassword';
Then:
FLUSH PRIVILEGES;
Then comment out the below line in file "/etc/mysql/mysql.conf.d/mysqld.cnf" (is required!):
bind-address = 127.0.0.1
Works for me!
Run the following:
$ mysql -u root -p
mysql> GRANT ALL ON *.* to root#'ipaddress' IDENTIFIED BY 'mysql root password';
mysql> FLUSH PRIVILEGES;
mysql> exit
Then attempt a connection from the IP address you specified:
mysql -h address-of-remove-server -u root -p
You should be able to connect.
You can slove the problem of MariaDB via this command:
Note:
GRANT ALL ON *.* to root#'%' IDENTIFIED BY 'mysql root password';
% is a wildcard. In this case, it refers to all IP addresses.
To remotely access database Mysql server 8:
CREATE USER 'root'#'%' IDENTIFIED BY 'Pswword#123';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'
START MYSQL using admin user
mysql -u admin-user -p (ENTER PASSWORD ON PROMPT)
Create a new user:
CREATE USER 'newuser'#'%' IDENTIFIED BY 'password'; (% -> anyhost)
Grant Privileges:
GRANT SELECT,DELETE,INSERT,UPDATE ON db_name.* TO 'newuser'#'%';
FLUSH PRIVILEGES;
If you are running EC2 instance don't forget to add the inbound rules in security group with MYSQL/Aurura.
Edit File:
/etc/mysql/percona-server.cnf
Append below code in file.
[mysqld]
bind-address = 0.0.0.0
Create user for remote access.
$ mysql -u root -p
mysql> GRANT ALL ON *.* to snippetbucketdotcom#'%' IDENTIFIED BY 'tejastank';
mysql> FLUSH PRIVILEGES;
mysql> exit
All linux server works,
For MSWin c:\ Find insatallation location \ file path
Just create the user to some database like
GRANT ALL PRIVILEGES ON <database_name>.* TO '<username>'#'%' IDENTIFIED BY '<password>'
Then go to
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf and change the line bind-address = 127.0.0.1 to bind-address = 0.0.0.0
After that you may connect to that database from any IP.
Open your mysql console and execute the following command (enter your database name,username and password):
GRANT ALL ON yourdatabasename.* TO admin#'%' IDENTIFIED BY
'yourRootPassword';
Then Execute:
FLUSH PRIVILEGES;
Open command line and open the file /etc/mysql/mysql.conf.d/mysqld.cnf using any editor with root privileges.
For example:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Then comment out the below line:
bind-address = 127.0.0.1
Restart mysql to reflect the changes using command:
sudo service mysql restart
Enjoy ;)
You need to change the mysql config file:
Start with editing mysql config file
vim /etc/mysql/my.cnf
add:
bind-address = 0.0.0.0
what worked for on Ubuntu is granting all privileges to the user:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
and setting the bind address in /etc/mysql/mysql.conf.d/mysqld.cnf:
bind-address = 0.0.0.0
then restarting the mysql daemon:
service mysql restart
Go to this directory "/etc/mysql/mysql.conf.d" then
edit this file " mysqld.cnf"
$nano mysqld.cnf
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
edit to
bind-address = 0.0.0.0
mysqlx-bind-address = 0.0.0.0
In website panels like cPanel you may add a single % (percentage sign) in allowed hostnames to access your MySQL database.
By adding a single % you can access your database from any IP or website even from desktop applications.
For example in my CentOS
sudo gedit /etc/mysql/my.cnf
comment out the following lines
#bind-address = 127.0.0.1
then
sudo service mysqld restart
If you want to grant remote access of your database from any IP address, run the mysql command and after that run the following command.
GRANT ALL PRIVILEGES ON *.*
TO 'root'#'%'
IDENTIFIED BY 'password'
WITH GRANT OPTION;
I see there are many answers, but they are quite long ones except for the accepted answer, which is quite short and lacks explanation. As I can't edit it, I am adding my answer. Adit asked about:
making this database public so everyone can access it
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'remote_host'
IDENTIFIED BY 'password';
Above code grants permissions for a user from a given remote host, you can allow a user to connect from any remote host to MySQL by changing TO 'username'#'yourremotehost' to TO 'username'#'%'.
So, the corrected query for granting permissions to a user to connect from any remote host is:
GRANT ALL PRIVILEGES
ON database.*
TO 'username'#'%'
IDENTIFIED BY 'password';
You can disable all security by editing /etc/my.cnf:
skip-grant-tables
Related
I just installed Ubuntu 16.04 (Xenial Xerus) and installed web server on it. Everything works well, but I cannot access database.
Even if I create new user and grant all privileges, I can't create database
In PHP I'm getting this error:
SQLSTATE[HY000] [1698] Access denied for user 'root'#'localhost'
When I try to login in terminal, it works, but in PHP and phpMyAdmin don't.
PHP Code:
protected $host = '127.0.0.1';
protected $db = 'dbname';
protected $name = 'root';
protected $pass = 'root';
protected $conn;
private static $settings = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
);
public function __construct() {
try {
$this->conn = new PDO("mysql:host=$this->host;dbname=$this->db", $this->name, $this->pass, self::$settings);
} catch (PDOException $e) {
echo $e->getMessage();
}
}
It turns out you can't use the root user in 5.7 anymore without becoming a sudo'er. That means you can't just run mysql -u root anymore and have to do sudo mysql -u root instead.
That also means that it will no longer work if you're using the root user in a GUI (or supposedly any non-command line application). To make it work you'll have to create a new user with the required privileges and use that instead.
See this answer for more details.
These steps worked for me on several systems using Ubuntu 16.04 (Xenial Xerus), Apache 2.4, MariaDB, and PDO:
Log into MYSQL as root
mysql -u root
Grant privileges. For a new user, execute:
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'newuser'#'localhost';
FLUSH PRIVILEGES;
UPDATE for Google Cloud Instances
MySQL on Google Cloud seem to require an alternate command (mind the backticks).
GRANT ALL PRIVILEGES ON `%`.* TO 'newuser'#'localhost';
NOTE:
Depending on wether your new user should be able to grant all privileges to other users as well you could extend the command by the GRANT WITH option. Please be aware that this exposes your user to be sudoer and hence become a higher security risk.
GRANT ALL PRIVILEGES ON `%`.* TO 'newuser'#'localhost' GRANT WITH OPTION;
Bind to all addresses:
The easiest way is to comment out the line in your
/etc/mysql/mariadb.conf.d/50-server.cnf or /etc/mysql/mysql.conf.d/mysqld.cnf file, depending on what system you are running:
#bind-address = 127.0.0.1
Exit MySQL and restart MySQL
exit
service mysql restart
By default it binds only to localhost, but if you comment the line it binds to all interfaces it finds. Commenting out the line is equivalent to bind-address=*.
To check the binding of the MySQL service, execute as root:
netstat -tupan | grep mysql
Use:
sudo mysql -u root
And now in the MySQL client:
use mysql;
update user set plugin='' where User='root';
flush privileges;
\q
Now you should be able to log in as root in phpMyAdmin.
(It was found here.)
To create a user for phpMyAdmin:
sudo mysql -p -u root
Now you can add a new MySQL user with the username of your choice.
CREATE USER 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD';
And finally grant superuser privileges to the user you just created.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' WITH GRANT OPTION;
In short, in MariaDB:
sudo mysql -u root;
use mysql;
UPDATE mysql.user SET plugin = 'mysql_native_password',
Password = PASSWORD('pass1234') WHERE User = 'root';
FLUSH PRIVILEGES;
exit;
ALTER USER or DROP the user and create again works perfectly.
DROP USER root#localhost;
CREATE USER root#localhost IDENTIFIED BY 'root_password';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
FLUSH PRIVILEGES;`
MySQL makes a difference between "localhost" and "127.0.0.1".
It might be possible that 'root'#'localhost' is not allowed because there is an entry in the user table that will only allow root login from 127.0.0.1.
This could also explain why some application on your server can connect to the database and some not because there are different ways of connecting to the database. And you currently do not allow it through "localhost".
Just create a new user for MySQL; do not use root. There is a problem with its security issues:
sudo mysql -p -u root
Log in into MySQL or MariaDB with root privileges
CREATE USER 'troy121'#'%' IDENTIFIED BY 'mypassword123';
Log in and create a new user:
GRANT ALL PRIVILEGES ON *.* TO 'magento121121'#'%' WITH GRANT OPTION;
And grant privileges to access "." and "#" "%" any location, not just only 'localhost'.
exit;
If you want to see your privilege table, SHOW GRANTS; and enjoy.
With MySQL client version 14.14 and Distrib 5.7.22, the update statement is now:
update user set authentication_string=password('1111') where user='root';
If you are receiving that error even after creating a new user and assigning them the database privileges, then the one last thing to look at is to check if the users have been assigned the privileges in the database.
To do this, log into to your MySQL client (this is presumably the application that has restricted access to the database, but you as a root can be able to access your database table via mysql -u user -p).
Commands to apply
mysql -u root -p
password: (provide your database credentials)
On successful login, type
use mysql;
from this point, check each user's privileges if it is enabled from the database table as follows:
select User,Grant_priv,Host from db;
If the values of the Grant_priv col for the created user is N, update that value to Y with the following command:
UPDATE db SET Grant_priv = "Y" WHERE User= "your user";
With that, now try accessing the application and making a transaction with the database.
sudo mysql -u root
mysql> USE mysql;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit;
service mysql restart
After restarting mysql server reload the app please.
None from this question reply that solving my problem but i got super easy to solving that problem!
Just open file DEBIAN.CNF :
/etc/mysql/debian.cnf
You will find default sys admin user and pass! login with this account on your PhpMyAdmin then create new user etc whatever you want!
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = 8pTMhYuRMW6jmMG1
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = 8pTMhYuRMW6jmMG1
socket = /var/run/mysqld/mysqld.sock
Users for MySQL and for server are two different things. Look how to add a user to the database and log in with these credentials.
I had the same problem in my Ubuntu 20.04 (Focal Fossa) and MySQL 8.0 and I do these steps:
log in to MySQL
sudo mysql -p -u root
Show the users added to MySQL
SELECT user,plugin,host FROM mysql.user
Change the root user plugin from auth_socket to mysql_native_password
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'root';
Flush the privileges
FLUSH PRIVILEGES;
Ctrl + z to exit from MySQL
Restart your MySQL service
sudo service MySQL restart
Check your phpMyAdmin page and try to log in.
Use:
sudo mysql -u root
mysql> CREATE USER 'sample'#'localhost' IDENTIFIED BY 'Secure1pass!';
mysql> CREATE DATABASE testdb;
mysql> GRANT ALL PRIVILEGES ON testdb . * TO 'sample'#'localhost';
In case you just want to use your MySQL server on Ubuntu locally and want to connect with your application to a database.
I had 'user'#'%' with all privileges when getting the same error mentioning 'user'#'localhost' denied access.
So I create 'user'#'localhost' with all privileges, and then flush, and even restart services to no avail.
At last I changed $host = '127.0.0.1'; to $host = 'localhost';.
Now it works!
I usualy setup correctly MySQL for having remote access.
And currently I got stuck with MySQL 8.
The first thing is that on the mysql.conf.d/mysqld.cnf , I don't have any bind-address line, so I added it by hand (bind-address 0.0.0.0)
And I granted access to the user on '%'
When I connected I got the message "Authentication failed"
But it works well on localhost/command line
Delete or comment the bind_address parameter from the my.ini file.
(The file name is different depend on the OS. On Linux my.ini is
actually my.cnf located in directory /etc/mysql/)
Restart the service.
Create the root user (yes, a new user because what exists is 'root#localhost' which is local access only):
CREATE USER 'root'#'%' IDENTIFIED BY '123';
Give the privileges:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%';
For DBA user, add WITH GRANT OPTION at the end.
e.g. CREATE USER 'root'#'%' IDENTIFIED BY '123' WITH GRANT OPTION;
Because it does not work CREATE with GRANT?
MySQL 8 can no longer create a user with GRANT, so there is an error in IDENTIFIED BY '123' if you try to use it with GRANT, which is the most common error.
Remote Access in MySQL 8:
1) Allow access from any host
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
bind-address = 0.0.0.0
2) Allow the user to access from anywhere:
mysql
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%';
UPDATE mysql.user SET host='%' WHERE user='root';
3) Change authentication to password
ALTER USER 'root'#'%' IDENTIFIED WITH mysql_native_password BY 'ThePassword';
Had the same problem, Connected to MySQL Workbench and updated the User privilege.
MySQL version : 8.0.20 Community.
OS : Windows 10.
Open MySQL Workbench --> Server --> Users and Privileges
Select the user
Change the Limit to Hosts Matching to "%" for accessing from any host.
Apply changes.
Restart MySQL Service if required. It worked for me with out restarting.
Screen shot,
For MySQL 8 open the mysqld.cnf file
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
And modify or add the bind-address option:
[mysqld]
bind-address = 0.0.0.0
Restart the mysql server
sudo service mysql restart
I want to connect to my SQL Server on my remote server. I have installed MySQL on this server with apt-get and set up all necessary details. On the server everything works fine. When I want to connect with the MySQL Workbench, I cannot connect with any user at all.
I logged into MySQL in Ubuntu and created a new user first:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' WITH GRANT OPTION;
CREATE USER 'username'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
I opened the my.cnf file:
port 3306
bind-address 127.0.0.01 (DO I NEED HERE MY REMOTE SERVER IP?)
service mysql restart
My questions would be:
1) why is the host 127.0.0.1 on my remote server?
2) In the workbench connection setup: which hostname is correct? my server IP or 127.0.0.1
3)I get the message: Failed to connect to MySQL. Access denied. So I think the user is the issue?
4) Do I need to change the cnf?
Thank you.
After you create the user and configure the right permission did you
FLUSH PRIVILEGES;
After you change your my.cnf did you restart Mysql?
Stop and Start from XAMPP Panel control
Change
bind address=127.0.0.1
to
bind-address=YOUR-SERVER-IP
If I do SHOW GRANTS in my mysql database I get
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
If I am not mistaken, root#localhost means that user root can access the server only from localhost. How do I tell MySQL to grant root the permission to access this mysql server from every other machine (in the same network), too?
This grants root access with the same password from any machine in *.example.com:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%.example.com'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
If name resolution is not going to work, you may also grant access by IP or subnet:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'192.168.1.%'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
MySQL GRANT syntax docs.
Try:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'Pa55w0rd' WITH GRANT OPTION;
You need to take some steps to make sure first mysql and then root user is accessible from outside:
Disable skip-networking in my.cnf (i.e: /etc/mysql/my.cnf)
Check value of bind-address in my.cnf, if it's set to 127.0.0.1, you can change it to 0.0.0.0 to allow access from all IPs or whatever ip that you want to connect from.
Grant remote access the root user from any ip (or specify your ip instead of %)
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'your_root_password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
Restart mysql service:
sudo service mysql restart
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'YOUR_PASS'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
*.* = DB.TABLE you can restrict user to specific database and specific table.
'root'#'%' you can change root with any user you created and % is to allow all IP. You can restrict it by changing %.168.1.1 etc too.
If that doesn't resolve, then also modify my.cnf or my.ini
and comment these lines
bind-address = 127.0.0.1 to #bind-address = 127.0.0.1
and
skip-networking to #skip-networking
Restart MySQL and repeat above steps again.
Raspberry Pi, I found bind-address configuration under \etc\mysql\mariadb.conf.d\50-server.cnf
By mysql 8 and later version, you cannot add a user by granting privileges. it means with this query:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'type-root-password-here'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
mysql will return this error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'IDENTIFIED BY 'written password' at line 1
this means you don't have a root user for % domain. so you need to first insert the user and then grant privileges like this:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'your password';
Query OK, 0 rows affected (0.11 sec)
mysql> GRANT ALL ON *.* TO 'root'#'%';
Query OK, 0 rows affected (0.15 sec)
mysql> FLUSH PRIVILEGES;
Dont forget to replace passwords with your specific passwords.
Those SQL grants the others are sharing do work. If you're still unable to access the database, it's possible that you just have a firewall restriction for the port. It depends on your server type (and any routers in between) as to how to open up the connection. Open TCP port 3306 inbound, and give it a similar access rule for external machines (all/subnet/single IP/etc.).
Two steps:
set up user with wildcard:
create user 'root'#'%' identified by 'some_characters';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
vim /etc/my.cnf
add the following:
bind-address=0.0.0.0
restart server, you should not have any problem connecting to it.
Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the
following line:
#bind-address = 127.0.0.1
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
-Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
Ubuntu 18.04
Install and ensure mysqld us running..
Go into database and setup root user:
sudo mysql -u root
SELECT User,Host FROM mysql.user;
DROP USER 'root'#'localhost';
CREATE USER 'root'#'%' IDENTIFIED BY 'obamathelongleggedmacdaddy';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
Edit mysqld permissions and restart:
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
# edit the line to be this:
bind-address=0.0.0.0
sudo systemctl stop mysql
sudo systemctl start mysql
From another machine, test.. Obvs port (3306) on mysqld machine must allow connection from test machine.
mysql -u root -p -h 123.456.789.666
All the additional "security" of MySql doesn't help security at all, it just complicates and obfuscates, it is now actually easier to screw it up than in the old days, where you just used a really long password.
This worked for me. But there was a strange problem that even I tryed first those it didnt affect. I updated phpmyadmin page and got it somehow working.
If you need access to local-xampp-mysql. You can go to xampp-shell -> opening command prompt.
Then mysql -uroot -p --port=3306 or mysql -uroot -p (if there is password set). After that you can grant those acces from mysql shell page (also can work from localhost/phpmyadmin).
Just adding these if somebody find this topic and having beginner problems.
If I do SHOW GRANTS in my mysql database I get
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
If I am not mistaken, root#localhost means that user root can access the server only from localhost. How do I tell MySQL to grant root the permission to access this mysql server from every other machine (in the same network), too?
This grants root access with the same password from any machine in *.example.com:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%.example.com'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
If name resolution is not going to work, you may also grant access by IP or subnet:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'192.168.1.%'
IDENTIFIED BY 'some_characters'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
MySQL GRANT syntax docs.
Try:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'Pa55w0rd' WITH GRANT OPTION;
You need to take some steps to make sure first mysql and then root user is accessible from outside:
Disable skip-networking in my.cnf (i.e: /etc/mysql/my.cnf)
Check value of bind-address in my.cnf, if it's set to 127.0.0.1, you can change it to 0.0.0.0 to allow access from all IPs or whatever ip that you want to connect from.
Grant remote access the root user from any ip (or specify your ip instead of %)
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'your_root_password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
Restart mysql service:
sudo service mysql restart
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'YOUR_PASS'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
*.* = DB.TABLE you can restrict user to specific database and specific table.
'root'#'%' you can change root with any user you created and % is to allow all IP. You can restrict it by changing %.168.1.1 etc too.
If that doesn't resolve, then also modify my.cnf or my.ini
and comment these lines
bind-address = 127.0.0.1 to #bind-address = 127.0.0.1
and
skip-networking to #skip-networking
Restart MySQL and repeat above steps again.
Raspberry Pi, I found bind-address configuration under \etc\mysql\mariadb.conf.d\50-server.cnf
By mysql 8 and later version, you cannot add a user by granting privileges. it means with this query:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY 'type-root-password-here'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
mysql will return this error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'IDENTIFIED BY 'written password' at line 1
this means you don't have a root user for % domain. so you need to first insert the user and then grant privileges like this:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'your password';
Query OK, 0 rows affected (0.11 sec)
mysql> GRANT ALL ON *.* TO 'root'#'%';
Query OK, 0 rows affected (0.15 sec)
mysql> FLUSH PRIVILEGES;
Dont forget to replace passwords with your specific passwords.
Those SQL grants the others are sharing do work. If you're still unable to access the database, it's possible that you just have a firewall restriction for the port. It depends on your server type (and any routers in between) as to how to open up the connection. Open TCP port 3306 inbound, and give it a similar access rule for external machines (all/subnet/single IP/etc.).
Two steps:
set up user with wildcard:
create user 'root'#'%' identified by 'some_characters';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
IDENTIFIED BY PASSWORD 'some_characters'
WITH GRANT OPTION
vim /etc/my.cnf
add the following:
bind-address=0.0.0.0
restart server, you should not have any problem connecting to it.
Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the
following line:
#bind-address = 127.0.0.1
In my case I was trying to connect to a remote mysql server on cent OS. After going through a lot of solutions (granting all privileges, removing ip bindings,enabling networking) problem was still not getting solved.
As it turned out, while looking into various solutions,I came across iptables, which made me realize mysql port 3306 was not accepting connections.
Here is a small note on how I checked and resolved this issue.
Checking if port is accepting connections:
telnet (mysql server ip) [portNo]
-Adding ip table rule to allow connections on the port:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-Would not recommend this for production environment, but if your iptables are not configured properly, adding the rules might not still solve the issue. In that case following should be done:
service iptables stop
Hope this helps.
Ubuntu 18.04
Install and ensure mysqld us running..
Go into database and setup root user:
sudo mysql -u root
SELECT User,Host FROM mysql.user;
DROP USER 'root'#'localhost';
CREATE USER 'root'#'%' IDENTIFIED BY 'obamathelongleggedmacdaddy';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
Edit mysqld permissions and restart:
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
# edit the line to be this:
bind-address=0.0.0.0
sudo systemctl stop mysql
sudo systemctl start mysql
From another machine, test.. Obvs port (3306) on mysqld machine must allow connection from test machine.
mysql -u root -p -h 123.456.789.666
All the additional "security" of MySql doesn't help security at all, it just complicates and obfuscates, it is now actually easier to screw it up than in the old days, where you just used a really long password.
This worked for me. But there was a strange problem that even I tryed first those it didnt affect. I updated phpmyadmin page and got it somehow working.
If you need access to local-xampp-mysql. You can go to xampp-shell -> opening command prompt.
Then mysql -uroot -p --port=3306 or mysql -uroot -p (if there is password set). After that you can grant those acces from mysql shell page (also can work from localhost/phpmyadmin).
Just adding these if somebody find this topic and having beginner problems.