Related
I just installed Ubuntu 16.04 (Xenial Xerus) and installed web server on it. Everything works well, but I cannot access database.
Even if I create new user and grant all privileges, I can't create database
In PHP I'm getting this error:
SQLSTATE[HY000] [1698] Access denied for user 'root'#'localhost'
When I try to login in terminal, it works, but in PHP and phpMyAdmin don't.
PHP Code:
protected $host = '127.0.0.1';
protected $db = 'dbname';
protected $name = 'root';
protected $pass = 'root';
protected $conn;
private static $settings = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
);
public function __construct() {
try {
$this->conn = new PDO("mysql:host=$this->host;dbname=$this->db", $this->name, $this->pass, self::$settings);
} catch (PDOException $e) {
echo $e->getMessage();
}
}
It turns out you can't use the root user in 5.7 anymore without becoming a sudo'er. That means you can't just run mysql -u root anymore and have to do sudo mysql -u root instead.
That also means that it will no longer work if you're using the root user in a GUI (or supposedly any non-command line application). To make it work you'll have to create a new user with the required privileges and use that instead.
See this answer for more details.
These steps worked for me on several systems using Ubuntu 16.04 (Xenial Xerus), Apache 2.4, MariaDB, and PDO:
Log into MYSQL as root
mysql -u root
Grant privileges. For a new user, execute:
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'newuser'#'localhost';
FLUSH PRIVILEGES;
UPDATE for Google Cloud Instances
MySQL on Google Cloud seem to require an alternate command (mind the backticks).
GRANT ALL PRIVILEGES ON `%`.* TO 'newuser'#'localhost';
NOTE:
Depending on wether your new user should be able to grant all privileges to other users as well you could extend the command by the GRANT WITH option. Please be aware that this exposes your user to be sudoer and hence become a higher security risk.
GRANT ALL PRIVILEGES ON `%`.* TO 'newuser'#'localhost' GRANT WITH OPTION;
Bind to all addresses:
The easiest way is to comment out the line in your
/etc/mysql/mariadb.conf.d/50-server.cnf or /etc/mysql/mysql.conf.d/mysqld.cnf file, depending on what system you are running:
#bind-address = 127.0.0.1
Exit MySQL and restart MySQL
exit
service mysql restart
By default it binds only to localhost, but if you comment the line it binds to all interfaces it finds. Commenting out the line is equivalent to bind-address=*.
To check the binding of the MySQL service, execute as root:
netstat -tupan | grep mysql
Use:
sudo mysql -u root
And now in the MySQL client:
use mysql;
update user set plugin='' where User='root';
flush privileges;
\q
Now you should be able to log in as root in phpMyAdmin.
(It was found here.)
To create a user for phpMyAdmin:
sudo mysql -p -u root
Now you can add a new MySQL user with the username of your choice.
CREATE USER 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD';
And finally grant superuser privileges to the user you just created.
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' WITH GRANT OPTION;
In short, in MariaDB:
sudo mysql -u root;
use mysql;
UPDATE mysql.user SET plugin = 'mysql_native_password',
Password = PASSWORD('pass1234') WHERE User = 'root';
FLUSH PRIVILEGES;
exit;
ALTER USER or DROP the user and create again works perfectly.
DROP USER root#localhost;
CREATE USER root#localhost IDENTIFIED BY 'root_password';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
FLUSH PRIVILEGES;`
MySQL makes a difference between "localhost" and "127.0.0.1".
It might be possible that 'root'#'localhost' is not allowed because there is an entry in the user table that will only allow root login from 127.0.0.1.
This could also explain why some application on your server can connect to the database and some not because there are different ways of connecting to the database. And you currently do not allow it through "localhost".
Just create a new user for MySQL; do not use root. There is a problem with its security issues:
sudo mysql -p -u root
Log in into MySQL or MariaDB with root privileges
CREATE USER 'troy121'#'%' IDENTIFIED BY 'mypassword123';
Log in and create a new user:
GRANT ALL PRIVILEGES ON *.* TO 'magento121121'#'%' WITH GRANT OPTION;
And grant privileges to access "." and "#" "%" any location, not just only 'localhost'.
exit;
If you want to see your privilege table, SHOW GRANTS; and enjoy.
With MySQL client version 14.14 and Distrib 5.7.22, the update statement is now:
update user set authentication_string=password('1111') where user='root';
If you are receiving that error even after creating a new user and assigning them the database privileges, then the one last thing to look at is to check if the users have been assigned the privileges in the database.
To do this, log into to your MySQL client (this is presumably the application that has restricted access to the database, but you as a root can be able to access your database table via mysql -u user -p).
Commands to apply
mysql -u root -p
password: (provide your database credentials)
On successful login, type
use mysql;
from this point, check each user's privileges if it is enabled from the database table as follows:
select User,Grant_priv,Host from db;
If the values of the Grant_priv col for the created user is N, update that value to Y with the following command:
UPDATE db SET Grant_priv = "Y" WHERE User= "your user";
With that, now try accessing the application and making a transaction with the database.
sudo mysql -u root
mysql> USE mysql;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit;
service mysql restart
After restarting mysql server reload the app please.
None from this question reply that solving my problem but i got super easy to solving that problem!
Just open file DEBIAN.CNF :
/etc/mysql/debian.cnf
You will find default sys admin user and pass! login with this account on your PhpMyAdmin then create new user etc whatever you want!
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = 8pTMhYuRMW6jmMG1
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = 8pTMhYuRMW6jmMG1
socket = /var/run/mysqld/mysqld.sock
Users for MySQL and for server are two different things. Look how to add a user to the database and log in with these credentials.
I had the same problem in my Ubuntu 20.04 (Focal Fossa) and MySQL 8.0 and I do these steps:
log in to MySQL
sudo mysql -p -u root
Show the users added to MySQL
SELECT user,plugin,host FROM mysql.user
Change the root user plugin from auth_socket to mysql_native_password
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'root';
Flush the privileges
FLUSH PRIVILEGES;
Ctrl + z to exit from MySQL
Restart your MySQL service
sudo service MySQL restart
Check your phpMyAdmin page and try to log in.
Use:
sudo mysql -u root
mysql> CREATE USER 'sample'#'localhost' IDENTIFIED BY 'Secure1pass!';
mysql> CREATE DATABASE testdb;
mysql> GRANT ALL PRIVILEGES ON testdb . * TO 'sample'#'localhost';
In case you just want to use your MySQL server on Ubuntu locally and want to connect with your application to a database.
I had 'user'#'%' with all privileges when getting the same error mentioning 'user'#'localhost' denied access.
So I create 'user'#'localhost' with all privileges, and then flush, and even restart services to no avail.
At last I changed $host = '127.0.0.1'; to $host = 'localhost';.
Now it works!
I just installed MariaDB 10.1.29 on Ubuntu 18.04. From the command line I can connect using sudo:
sudo mysql -u root -p
But not without sudo.
Also, if I try to connect to the database through DBeaver, I get:
Could not connect: Access denied for user 'root'#'localhost'
While the credentials are correct. I tried installing MySQL 5.7, but I'm experiencing the exact same issue there as well.
What am I missing?
As it turns out, this is expected behaviour for MariaDB and MySQL. To overcome the issue, it is advisable to create a separate user and grant access to all databases created. Here is a step by step guide on how to create databases using the command line and grant permissions to the user of your choice.
Log in to MariaDB/MySQL
$ sudo mysql -u root -p
Create a database
mysql> CREATE DATABASE `database_name`;
Create a user
mysql> CREATE USER 'user_name' IDENTIFIED BY 'a_secure_password';
Grant user permissions
mysql> GRANT ALL PRIVILEGES ON database_name.* TO 'user_name'#'%' WITH GRANT OPTION;
Apply changes
mysql> FLUSH PRIVILEGES;
I just installed ubuntu 18.04 and installed LAMP on it, however I had trouble using mysql without the root privilege. when I write:
mysql -u root -p
and enter the password I configured it throws access denied. unless if I write
sudo mysql -u root -p
and enter the password that I'm able to connect. But I don't want the sudo cause it prevents having workbench to connect to mysql, same applies to phpmyadmin too. Any hints on how to fix that?
It should only be the "-u root" user that requires sudo. It's good practice to not use root for most access anyways, so just login as root using sudo and create a newuser:
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON database_name.* TO 'newuser'#'localhost';
Then you should be able to access "mysql -u newuser" without sudo.
I also faced this problem yesterday. To solve this problem follow these steps:
Connect to MySQL: sudo mysql -u root
Check for mysql users in db: SELECT User,Host FROM mysql.user;
Drop root user account: DROP USER 'root'#'localhost';
Recreate root user: CREATE USER 'root'#'%' IDENTIFIED BY ''
Grant all privileges to root user: GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Set password for root user: ALTER USER 'root'#'%' IDENTIFIED BY 'yourpassword';
That's it! Now you should be able to connect the MySQL.
I am using Ubuntu 18.04 with mysql version 5.7 in workbench but solved this by following these 10 steps
Connect to MySQL: sudo mysql -u root
Check for mysql users in db: SELECT User,Host FROM mysql.user;
Drop root user account: DROP USER 'root'#'localhost';
SET GLOBAL validate_password_length = 5;
SET GLOBAL validate_password_number_count = 0;
SET GLOBAL validate_password_mixed_case_count = 0;
SET GLOBAL validate_password_special_char_count = 0;
SET GLOBAL validate_password_policy = LOW;
Recreate root user: CREATE USER 'root'#'%' IDENTIFIED BY 'admin'
Grant all privileges to root user: GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
enter image description here 1. UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket';
2.FLUSH PRIVILEGES;
If you couldn't connect to mysql with any mysql user without sudo, try:
sudo chmod -R 755 /var/lib/mysql/
or
sudo chmod -R 755 /var/run/mysql/
then restart the service
sudo services mysql start
or
sudo /etc/init.d/mysql start
The command:
mysql -u root -p
gives the error:
ERROR 1698 (28000): Access denied for user 'root'#'localhost'
But running sudo privileges, works:
sudo mysql -u root -p
Is it possible to get rid of the sudo requirement because it prevents me from opening the database in intellij? I tried the following as in the answer to this question Connect to local MySQL server without sudo:
sudo chmod -R 755 /var/lib/mysql/
which did not help. The above question has a different error thrown
Only the root user needs sudo requirement to login to mysql. I resolved this by creating a new user and granting access to the required databases:
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON database_name.* TO 'newuser'#'localhost';
now newuser can login without sudo requirement:
mysql -u newuser -p
You need to change algorithm. Following work for me,
mysql > ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY '';
mysql > FLUSH PRIVILEGES;
You can use the same ROOT user, or a NEW_USER and remove the SUDO privileges. Below example shows how to remove connect using ROOT, without SUDO.
Connect to MY-SQL using SUDO
sudo mysql -u root
Delete the current Root User from the User Table
DROP USER 'root'#'localhost';
Create a new ROOT user (You can create a different user if needed)
CREATE USER 'root'#'%' IDENTIFIED BY '';
Grant permissions to new User (ROOT)
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Flush privileges, so that the Grant tables get reloaded immediately. (Why do we need to flush privileges?)
FLUSH PRIVILEGES;
Now it's all good. Just in case, check whether a new root user is created.
SELECT User,Host FROM mysql.user;
+------------------+-----------+
| User | Host |
+------------------+-----------+
| root | % |
| debian-sys-maint | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
+------------------+-----------+
4 rows in set (0.00 sec)
Exit mysql. (Press CTRL + Z). Connect to MySQL without SUDO
mysql -u root
Hope this will help!
first login to your mysql with sudo.
then use this code to change "plugin" coloumn value from "unix_socket" or "auth_socket" to "mysql_native_password" for root user.
UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin IN ('unix_socket', 'auth_socket');
FLUSH PRIVILEGES;
finally restart mysql service. that's it.
if you want more info, check this link
UPDATE:
In new versions of mysql or mariadb you can use :
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password USING PASSWORD('your-password');
FLUSH PRIVILEGES;
I have solved this problem using following commands.
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'username'#'localhost';
FLUSH PRIVILEGES;
Here,
username = any user name you like.
and password = any password you like.
You can use the below query:
GRANT ALL PRIVILEGES ON *.* TO 'username'#'localhost' IDENTIFIED BY 'password';
This query is enough.
This answer needs to be slightly adapted for mariaDB instead of mysql.
First login as root using sudo:
$ sudo mysql -uroot
Then alter the mariadb root user:
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password USING PASSWORD('mypassword');
FLUSH PRIVILEGES;
From now on sudo is not longer needed:
$ mysql -uroot -p
Version used:
mysql Ver 15.1 Distrib 10.4.13-MariaDB, for osx10.15 (x86_64) using readline 5.1
Login to mysql with sudo:
sudo mysql -u root -p
After that Delete current root#localhost account:
~ MariaDB [(none)]> DROP USER 'root'#'localhost';
~ MariaDB [(none)]> CREATE USER 'root'#'localhost' IDENTIFIED BY 'password';
~ MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION;
~ MariaDB [(none)]> FLUSH PRIVILEGES;
In the comment of the question you answer you referenced, it reads
Ok, just try to analyze all of the directories down in the path of the
socket file, they need to have o+rx and the sock file too (it's not a
good idea to make it modifiable by others).
You can also try to remove mysql.sock and then restart mysqld, the
file should be created by the daemon with proper privileges.
This seemed to work for this question(the one you said you looked at) so it may work for you as well
The error Message:
"ERROR 1698 (28000): Access denied for user 'root'#'localhost'"
means that the Server not allow the connect for this user and not that mysql cant access the socket.
try this to solve the problem:
Login in your DB
sudo mysql -u root -p
then make these modifications:
MariaDB []>use mysql;
MariaDB [mysql]>update user set plugin=' ' where User='root';
MariaDB [mysql]>flush privileges;
MariaDB [mysql]>exit
try login again without sudo
I am facing problem with mysql non root/admin user, I am following the below steps for creating user and its privileges, correct me if i am doing wrong,
i am installing mysql on RHEL 5.7 64bit, packages are mentioned below, once i done the rpm install we are
creating mysql db using mysql_install_db, then
starting the mysql service then
using mysql_upgrade also we are doing to the server.
After this process i can login as root but with a non-root user I am not able to log into the server:
[root#clustertest3 ~]# rpm -qa | grep MySQL
MySQL-client-advanced-5.5.21-1.rhel5
MySQL-server-advanced-5.5.21-1.rhel5
[root#clustertest3 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root#clustertest3 ~]# ls -ld /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 Nov 30 11:09 /var/lib/mysql/mysql.sock
mysql> CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+----------------+----------------+
| USER() | CURRENT_USER() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
[root#clustertest3 ~]# mysql -ugolden -p
Enter password:
ERROR 1045 (28000): Access denied for user 'golden'#'localhost' (using password: YES)
This is the problem I am facing, is there any solution to this?
Do not grant all privileges over all databases to a non-root user, it is not safe (and you already have "root" with that role)
GRANT <privileges> ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This statement creates a new user and grants selected privileges to it.
I.E.:
GRANT INSERT, SELECT, DELETE, UPDATE ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
Take a look at the docs to see all privileges detailed
EDIT: you can look for more info with this query (log in as "root"):
select Host, User from mysql.user;
To see what happened
If you are connecting to the MySQL using remote machine(Example workbench) etc., use following steps to eliminate this error on OS where MySQL is installed
mysql -u root -p
CREATE USER '<<username>>'#'%%' IDENTIFIED BY '<<password>>';
GRANT ALL PRIVILEGES ON * . * TO '<<username>>'#'%%';
FLUSH PRIVILEGES;
Try logging into the MYSQL instance.
This worked for me to eliminate this error.
Try:
CREATE USER 'golden'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'localhost';
FLUSH PRIVILEGES;
Or even better use: mysql_setpermission to create the user
It looks like you're trying to make a user 'golden'#'%' but a different user by the name of 'golden'#'localhost' is getting in the way/has precedence.
Do this command to see the users:
SELECT user,host FROM mysql.user;
You should see two entries:
1) user= golden, host=%
2) user= golden, host=localhost
Do these Command:
DROP User 'golden'#'localhost';
DROP User 'golden'#'%';
Restart MySQL Workbench.
Then do your original commands again:
CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Then when you go to try to sign in to MySQL, type it in like this:
Hit 'Test Connection' and enter your password 'password'.
First I created the user using :
CREATE user user#localhost IDENTIFIED BY 'password_txt';
After Googling and seeing this, I updated user's password using :
SET PASSWORD FOR 'user'#'localhost' = PASSWORD('password_txt');
and I could connect afterward.
For anyone else who did all the advice but the problem still persists.
Check for stored procedure and view DEFINERS. Those definers may no longer exists.
My problem showed up when we changed the wildcard host (%) to IP specific, making the database more secure. Unfortunately there are some views that are still using 'user'#'%' even though 'user'#'172....' is technically correct.
I also have the similar problem, and later on I found it is because I changed my hostname (not localhost).
Therefore I get it resolved by specifying the --host=127.0.0.1
mysql -p mydatabase --host=127.0.0.1
According way you create your user, MySQL interprets a different manner. For instance, if you create a user like this:
create user user01 identified by 'test01';
MySQL expects you give some privilege using grant all on <your_db>.* to user01;
Don't forget to flush privileges;
But, if you create user like that (by passing an IP address), you have to change it to:
create user 'user02'#'localhost' identified by 'teste02';
so, to give some privileges you have to do that:
grant all on <your_db>.* to user02#localhost;
flush privileges;
Make sure the user has a localhost entry in the users table. That was the problem I was having. EX:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
For annoying searching getting here after searching for this error message:
Access denied for user 'someuser#somewhere' (using password: YES)
The issue for me was not enclosing the password in quotes. eg. I needed to use -p'password' instead of -ppassword
Try this:
If you have already created your user, you might have created your user with the wrong password.
So drop that user and create another user by doing this.
To see your current users.
SELECT Host,User FROM mysql.user;
To drop the user
DROP User '<your-username>'#'localhost';
After this you can create the user again with the correct password
CREATE USER '<your-username>'#'localhost' IDENTIFIED WITH mysql_native_password BY '<correct password>';
then
FLUSH PRIVILEGES;
You might still run into some more errors with getting access to the database, if you have that error run this.
GRANT ALL PRIVILEGES ON *.* to '<your-username>'#'localhost';
In my case the same error happen because I was trying to use mysql by just typing "mysql" instead of "mysql -u root -p"
connect your server from mysqlworkbench and run this command->
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourpassword';
The error of ERROR 1045 (28000): Access denied for user might not be always related to privilages problems but to the fact that there is a missing -p at the end of the command:
# Will prompt us a mysql terminal in case there are no privilages issues
mysql -u root -p
# Will fail with the mentioned ERROR 1045
mysql -u root
sometimes,it can just be a wrong password.Kindly remember your passwords including their sensitivity.
I had this issue and something dummy ended up solving.
For some reason "locahost" was not resolving for anything, so using its local IP made it work.
So you would change
mysql -h localhost -P 33061
to:
mysql -h 127.0.0.1 -P 33061
Had a similar issue when trying to grant privileges to an already existing user using the command:
use my-db;
GRANT ALL PRIVILEGES ON my-database.* TO 'my-user'#'%' IDENTIFIED BY 'my-password';
Here's how I solved it:
It had to do with 2 issues:
The password of the already exiting user was different from the password that provided in the GRANT ALL PRIVILEGES command. I had to rerun the GRANT ALL PRIVILEGES with the correct password for the already existing user.
The host name of the database server that I provided when connecting to the database was incorrect. I had created the database and the user on a particular database server and I was trying to connect to another database server different from the database server where the database and the user were created. I had to get the correct database server hostname, and I used it for the connection.
After all this were sorted, I was able to connect to the database using the credentials.
The issue was that my-user already had the privileges I wanted to grant it.
You can check to see the privileges that you've granted your user using:
SHOW GRANTS FOR 'your-user'#'%';
OR
SHOW GRANTS FOR 'your-user'#'localhost';
That's all.
Just add computer name instead of 'localhost' in hostname or MySQL Host address.