We can reset the mysql password by using the mysqld_safe with --skip-grant-tables option.
Can we reset it without mysql restart?
Can we recover the password instead of Resetting ?
No
No
And there is good reason of both No answers.
You can't just let any non-root user reset your root password without having full admin level access to the MySQL process on that host.
MySQL passwords (like Unix passwords) encryption is 1 way street, they can be reset but cannot be decrypted back.
1) You can update user table in mysql database but only if you still have active connection with enough privileges.
2) You cannot, passwords are not stored, only their hash values, on your login hash of your password is compared to hash stored in mysql and there is no way to find password out of hash other than trying all possible passwords hoping for hash match.
stop mysql service and start it in safe mode
start mysqld --skip-grant-tables
change password normally
see also [1]: http://www.debian-administration.org/articles/442
This is documented in the Official MySQL documentation here:
https://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html
I doubt this won't address any and all concerns because you can basically fix any permission or user problem with this method.
Related
We have a dedicated server with MySQL and other components
MySQL port is blocked by the firewall and hence no incoming connections to that port is possible.
Database access is only granted to local users like 'me'#'127.0.0.1' so that only apps/servers running on that server can access the database
In this case, having no password or the default password any less secure than having a password?
IMO, password should not make difference in this case but would like to learn from MySQL and security experts here if I have missed something.
Thanks
I'd add the option skip-networking just in case the firewall becomes compromised.
As for the password, if an attacker gets shell access but not superuser shell access, then having a password would be a good idea, assuming the password is stored in a file that is not readable by the attacker.
There's almost no reason to avoid a password, because you don't have to type it every time if you store the password in the .my.cnf or .mylogin.cnf. See https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html
But if the attacker gains superuser access, then they can read any file anyway, so having a password doesn't help. A superuser could also restart mysqld and disable authentication as documented here: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html
I downloaded MySQL server 5.7 on my computer (first time) to prove it. But the installer asking me for a password for root#localHost that I have no idea where it is.
I saw a page that you can reset the password using the command line, but the command line ask me too for a password.
What I can do?
UPDATE:
You have told me that if I have not set a password , then the server does not require you to enter one, but observe ! I want to configure the program but will not let me continue !
UPDATE (SOLVED): had to reinstall the MySQL server and the problem disappeared ... (Still asking why happened that...)
Thank you all for your responses and comments!
I think that by default there is no password set for root account.
Source
https://dev.mysql.com/doc/refman/5.7/en/resetting-permissions.html
If you have never assigned a root password for MySQL, the server does not require a password at all for connecting as root.
Your default account for the connection to the service of phpmyadmin is user: root and no password. That exist for the Security of the databases
I installed MySQL, PHP, and phpMyAdmin following this tutorial. Everything works well, i.e., I can start and connect to MySQL through the command line without any error, but the problem is when I try to login to phpMyAdmin, I receive this error:
#1862 - Your password has expired. To log in you must change it using a
client that supports expired passwords.
It might worth saying that my current MySQL password is not the temporary one that I received when I installed MySQL, but I changed it later (before installing phpMyAdmin), and now trying to login to phpMyAdmin with this new (current) password shows me the above error.
What might be the problem?
Ok, finally I did not understand what was the reason for this issue, but the following solution worked for me:
Enter this in terminal (in /usr/local/mysql/bin/) mysqladmin -u root -p password
Enter your password
Enter New password
Done! I could then login from phpmyadmin too!
Hope it help others who have similar problem,
MySQL password has expired
From MySQL 5.7.4 the default value for default_password_lifetime is 360 (a year). If you make no changes to this variable or individual user accounts, all user passwords expire after 360 days (so you get: "Your password has expired. To log in you must change it using a client that supports expired passwords").
To prevent automatic password expiry, log in as root (mysql -u root -p):
For clients that automatically connect to the server (e.g. from scripts.) change the password expiration settings:
ALTER USER 'script'#'localhost' PASSWORD EXPIRE NEVER;
or you can disable auto-password-expiry for all users:
SET GLOBAL default_password_lifetime = 0;
Links I used to understand and fix this
MySQL: Password Expiration and Sandbox Mode
MySQL: Password Expiration Policy
Password expiration policy in MySQL Server 5.7
I have a question about a scenario i currently have. generally the process should work but i can't seem to login successfully afterwards. either getting an incorrect username/password combination or an "unable to select Database" error when logging in with any credentials.
to skip forward a bit i have shutdown the mysql server on the machine and restarted it with the command
/etc/init.d/mysqld --skip-grant-tables
then logged in with mysql -u root -p
obviously this lets me in straight away as it skips the permissions check.
My goal is to change the password on a for a user on a table.
Currently there are three databases on the server we will call them as follows.
INFORMATION_SCHEMA
mysql
gnb
There is a table in gnb called users which has a username an password field. it has a single entry called admin under username which i want to change the password for as that is where the web server pulls the data from.
i have successfully changed the password for this particular user with the command
UPDATE users SET Password=PASSWORD('MyNewPass') WHERE username='admin';
FLUSH PRIVILEGES;
And 1 row is affected and i can visibly see the password hash change. also flushing privileges.
here's where i run into my problem....
once i have reset the password and restarted the mysql server in a normal mode i navigate back to the web server login and attempt to log in with the details that i now have.
i'm met with a "unable to select database" error message.
i'm not sure if i have to do something prior to restarting the database? or do i also have to restart the apache web server? i have tried a mirage of different combinations of things but just can't seem to get it working. if i attempt to log in whilst still in --skip-grant-tables mode then i just get an invalid login attempt.
thanks in advance/
I'm stumped....
I think you may have a misunderstanding about how the MySQL authentication system works.
When an application (e.g. a PHP script) connects to MySQL, the user/password checks against the mysql.users table. It does not check any other table in another database, even if that database (gnb) is the database that contains your application's data.
The fact that you have a table called "users" in your gnb database has no bearing on the MySQL authentication system. Of course you can put any data you want into that table, but it won't be used by MySQL authentication.
You can change passwords with the SET PASSWORD command, or you can UPDATE the mysql.users table directly and then FLUSH PRIVILEGES.
for the future.
second table was storing passwords in MD5.
update the row without using any password commands. simply a row update and update it with the MD5 hash of the password i was wishing to use.
web server then recognized the MD5 string as being the correct password and i was able to gain access.
In order to allow remotely connect to mysql . Instead of changing the host name "localhost" to "%" I mistaked changed the username "root" to "%" and restarted mysql
service. Now I can not login to mysql locally or remotely any more . How to solve this issue? Thanks in
advance!
You probably made a mistake updating security.
You can restart MySQL without any authentication and re-connect to see what went wrong:
http://dev.mysql.com/doc/refman/5.0/en/server-options.html#option_mysqld_skip-grant-tables
NOTE: You need to do this from the server that is running MySQL.
If you need help understanding what is wrong with the security configuration, post the contents of the relevant authentication tables (but don't post your password hash, as a valid password can be re-constructed from the hash).
If you changed the username, you need to login using "%" not root. You want to change the host field, not user field. Usually you want to grant remote logins fewer permissions. For example, remote logins would not have "DROP" privileges.
The same login/password combo can have different privileges depending on where they login from. Think of the user name as the name + host they are logging in from.