Cannot log in with created user in mysql - mysql

Using this command
GRANT ALL PRIVILEGES ON *.* to 'brian'#'%' identified by 'password';
I try to login with:
mysql -u brian -ppassword
The error is:
ERROR 1045 (28000): Access denied for user 'brian'#'localhost' (using password: YES)
I am doing this as root and I did try to flush privileges.
I tried this with countless users but it does not seem to work. I can create a user with no password and login works. Command line and from phpmyadmin
Also check to see if the user was in mysql.user which it is.
Show grants for brian shows:
| GRANT ALL PRIVILEGES ON *.* TO 'brian'#'%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |

You probably have this perpetual MySQL problem where one of the default users in the user table is '' # localhost, which winds up denying all localhost users later in the table. What I would do is mysqldump the mysql database and look for this entry in the User table; if found, delete it and flush privileges.
For more details see https://dev.mysql.com/doc/refman/5.5/en/connection-access.html.
It is a common misconception to think that, for a given user name, all rows that explicitly name that user are used first when the server attempts to find a match for the connection. This is not true. The preceding example illustrates this, where a connection from h1.example.net by jeffrey is first matched not by the row containing 'jeffrey' as the User column value, but by the row with no user name. As a result, jeffrey is authenticated as an anonymous user, even though he specified a user name when connecting.

This is a problem caused by the anonymous users.
Once I install MySQL I always run
shell> mysql_secure_installation
and select to set/change the root password, remove anonymous users, disallow remote root login, remove the test database. This will remove the anonymous user and secure your installation. It should also solve the problem you have.

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

None of the solutions provided here worked. After loads of error and trial I realised that I had special characters in the password. Changing password without special characters solved the issue

The mysql docs have this to say:
(from http://dev.mysql.com/doc/refman/5.1/en/adding-users.html):
Two of the accounts have a user name of monty and a password of some_pass. Both accounts are superuser accounts with full privileges to do anything. The 'monty'#'localhost' account can be used only when connecting from the local host. The 'monty'#'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.
It is necessary to have both accounts for monty to be able to connect from anywhere as monty. Without the localhost account, the anonymous-user account for localhost that is created by mysql_install_db would take precedence when monty connects from the
local host. As a result, monty would be treated as an anonymous user. The reason for this is that the anonymous-user account has a more specific Host column value than the 'monty'#'%' account and thus comes earlier in the user table sort order.
With this in mind I would recommend you create a 'brian'#'localhost' user with the same privileges.

Finally this worked for me:
MariaDB [(none)]> drop user ''#'localhost';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

You forgot the quotes around brian in your grant statement. Try it like this:
GRANT ALL PRIVILEGES ON *.* to 'brian'#'%' identified by 'password';

I think 'Russell Silva' is right...
I created an user by
CREATE USER 'username'#'%' PASSWORD='userpassword';
But I cannot login in this account.The console told me that
ERROR 1045 (28000): Access denied for user 'username'#'localhost' (using password: YES)
So I created an user with the same username except that changing '%' to 'localhost',and I could finally login in as 'username'. It's quite weird for me though.

Change to native password using this command:
ALTER USER 'username'#'hostname' IDENTIFIED WITH mysql_native_password BY 'password';

In my case it was due to me clicking "SSL: REQUIRE SSL" (in phpmyadmin). When I changed it to "REQUIRE NONE" I could log in.

You can also connect from another host and then the localhost anonymous user is bypassed and you can remove it and flush privileges:
mysql -u brian -ppassword -h 'other_host_than_localhost'

I had a similar problem attempting to connect to a Maria DB running on Ubuntu after upgrading to 17.04.
The default was to listen only on localhost, 127.0.0.1.
To make MySQL/Maria listen on all available ports and interfaces I needed to explicitly specify bind-address=0.0.0.0. I added this line to the end of the file /etc/mysql/my.cnf, i.e.
...
[client-server]
# Import all .cnf files from configuration directory
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
bind-address=0.0.0.0
Then...
sudo /etc/init.d/mysql restart

Similar problem occurred for me even after verifying i haven't entered a wrong password, i couldn't login.
Below two steps solved my problem.
Dropping test database
Deleting anonymous user

stupidest thing ... special characters in the root password are okay but NOT for a user?!?!?!
Removed any !##$%^&*()_+~ characters from the user password and it worked.

Related

How to grant all privileges to root user in MySQL 8.0

Tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
Getting
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'root' WITH GRANT OPTION' at line 1.
Note: The same is working when tried in previous versions.
Also tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Getting
ERROR 1410 (42000): You are not allowed to create a user with GRANT
MySQL (8.0.11.0) username/password is root/root.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
Caution about the security risks about WITH GRANT OPTION, see:
Grant all privileges on database
I see a lot of (wrong) answers, it is just as simple as this:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
Note: instead of a self-created user you can use root to connect to the database. However, using the default root account to let an application connect to the database is not the preferred way. Alternative privileges can be applied as follows (be careful and remember the least-privilege principle):
-- Grant user permissions to all tables in my_database from localhost --
GRANT ALL ON my_database.* TO 'user'#'localhost';
-- Grant user permissions to my_table in my_database from localhost --
GRANT ALL ON my_database.my_table TO 'user'#'localhost';
-- Grant user permissions to all tables and databases from all hosts --
GRANT ALL ON *.* TO 'user'#'*';
If you would somehow run into the following error:
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
You need add/change the following two lines in /etc/mysql/my.cnf and restart mysql:
bind-address = 0.0.0.0
skip-networking
You could run into the following error, which is a bit confusing:
ERROR 1410 (42000): You are not allowed to create a user with GRANT
This means that either the user does not exist at all OR that the user#host combination does not exist. You can easily check for this with the following command:
SELECT host, user FROM user
1) This worked for me. First, create a new user. Example: User foo with password bar
> mysql> CREATE USER 'foo'#'localhost' IDENTIFIED WITH mysql_native_password BY 'bar';
2) Replace the below code with a username with 'foo'.
> mysql> GRANT ALL PRIVILEGES ON database_name.* TO'foo'#'localhost';
Note: database_name is the database that you want to have privileges, . means all on all
3) Login as user foo
mysql> mysql -u foo -p
Password: bar
4) Make sure your initial connection from Sequelize is set to foo with pw bar.
Just my 2 cents on the subject. I was having the exact same issue with trying to connect from MySQL Workbench. I'm running a bitnami-mysql virtual machine to set up a local sandbox for development.
Bitnami's tutorial said to run the 'Grant All Privileges' command:
/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'#'%' identified by 'PASSWORD' with grant option";
This was clearly not working, I finally got it to work using Mike Lischke's answer.
What I think happened was that the root#% user had the wrong credentials associated to it. So if you've tried to modify the user's privileges and with no luck try:
Dropping the user.
Create the user again.
Make sure you have the correct binding on your MySQL config file.
In my case I've commented the line out since it's just for a sandbox environment.
1. Dropping the user.
From Mysql Console:
List Users (helpful to see all your users):
select user, host from mysql.user;
Drop Desired User:
drop user '{{ username }}'#'%';
2. Create the user again.
Create User and Grant Permissions:
CREATE USER '{{ username }}'#'%' IDENTIFIED BY '{{ password }}';
GRANT ALL PRIVILEGES ON *.* TO '{{ username }}'#'%' WITH GRANT OPTION;
Run this command:
FLUSH PRIVILEGES;
3. Make sure you have the correct binding on your MySQL config file.
Locate your MySQL config file (additional notes at the end). If you want to have MySQL listen for connections on more than one network find the following line on the config file:
bind-address=127.0.0.1
and comment it using a '#':
#bind-address=127.0.0.1
For production environments you might want to use limit the network access (additional notes at the end).
Then restart your MySQL service.
Hope this helps someone having the same issue!
Binding: If you want to know more about this I suggest looking at the following
solution How to bind MySQL server to more than one IP address. It
basically says you can leave MySQL open and limit connections by using
a firewall, or natively if you have MySQL version 8.0.13 and above.
MySQL Config File The file could have different locations depending on your
Linux distribution and installation. On my system it was located at
'/etc/my.cnf'. Here are other suggested locations:
/etc/mysql/mysql.conf.d
/etc/mysql/my.cnf
You can also search for the config locations as shown in this website:
How to find locations of MySQL config files.
For those who've been confused by CREATE USER 'root'#'localhost' when you already have a root account on the server machine, keep in mind that your 'root'#'localhost' and 'root'#'your_remote_ip' are two different users (same user name, yet different scope) in mysql server. Hence, creating a new user with your_remote_ip postfix will actually create a new valid root user that you can use to access the mysql server from a remote machine.
For example, if you're using root to connect to your mysql server from a remote machine whose IP is 10.154.10.241 and you want to set a password for the remote root account which is 'Abcdef123!##', here are steps you would want to follow:
On your mysql server machine, do mysql -u root -p, then enter your password for root to login.
Once in mysql> session, do this to create root user for the remote scope:
mysql> CREATE USER 'root'#'10.154.10.241' IDENTIFIED BY 'Abcdef123!##';
After the Query OK message, do this to grant the newly created root user all privileges:
mysql> GRANT ALL ON *.* TO 'root'#'10.154.10.241';
And then:
FLUSH PRIVILEGES;
Restart the mysqld service:
sudo service mysqld restart
Confirm that the server has successfully restarted:
sudo service mysqld status
If the steps above were executed without any error, you can now access to the mysql server from a remote machine using root.
My Specs:
mysql --version
mysql Ver 8.0.16 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> CREATE USER 'username'#'localhost' IDENTIFIED BY 'desired_password';
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'username'#'localhost' WITH GRANT OPTION;
Response in both queries:
Query OK, O rows affected (0.10 sec*)
N.B: I created a database (db_name) earlier and was creating a user credential with all privileges granted to all tables in the DB in place of using the default root user which I read somewhere is a best practice.
The specified user just doesn't exist on your MySQL (so, MySQL is trying to create it with GRANT as it did before version 8, but fails with the limitations, introduced in this version).
MySQL's pretty dumb at this point, so if you have 'root'#'localhost' and trying to grant privileges to 'root'#'%' it treats them as different users, rather than generalized notion for root user on any host, including localhost.
The error message is also misleading.
So, if you're getting the error message, check your existing users with something like this
SELECT CONCAT("'", user, "'#'", host, "'") FROM mysql.user;
and then create missing user (as Mike advised) or adjust your GRANT command to the actual exisiting user specificaion.
You will get this error
ERROR 1410 (42000): You are not allowed to create a user with GRANT
If you are trying to run a GRANT on a user that doesn't exist!
Therefore, first run this to make sure the user you use in your GRANT matches exactly to what you have:
select User, Host from user;
In particular pay attention whether the user you created is at localhost but the one you are trying to grant to is %
Copy this and use it at once:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL ON *.* TO 'username'#'localhost';
FLUSH PRIVILEGES;
Instead of using single lines of code such as:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
Then:
GRANT ALL ON *.* TO 'username'#'localhost';
Then:
FLUSH PRIVILEGES;
Many thanks #Nebulastic
If you want to only allow remote IP using following command
CREATE USER 'user_test'#'113.yy.xx.94' IDENTIFIED BY 'YOUR_PWD';
GRANT ALL ON *.* TO 'user_test'#'113.yy.xx.94';
FLUSH PRIVILEGES;
This worked for me:
mysql> FLUSH PRIVILEGES
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
Check out your username and domain is the same as created before. Mysql select account by the two colums in user table.If it is different, mysql may think you want to create a new account by grant,which is not supported after 8.0 version.
My Specs:
mysql --version
mysql Ver 8.0.19 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> USE mysql;
mysql> UPDATE User SET Host='%' WHERE User='root' AND Host='localhost';
this commands work for me:
1-login to mysql and see all users
sudo mysql -u root
select user, host from mysql.user;
2-delete old user
drop user root#localhost;
3-create new user
CREATE USER 'root'#'localhost' IDENTIFIED BY 'mypassword'
4-add all privileges to it:
GRANT ALL ON *.* TO 'root'#'localhost'
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password
BY 'mypassword';
5-finally flush privileges
FLUSH PRIVILEGES;
in select statement, changing 'user'#'%' to 'user'#'localhost' solved my problem
In my case I wanted to do something similar, I followed some steps from here but the best way was as #nebulasic mentioned:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
After this I encountered an error while trying to query the database or connect with SQLTools from VSCode.
Client does not support authentication protocol requested by server; consider upgrading MySQL client
Running this query will fix the problem:
ALTER USER 'user'#'localhost' IDENTIFIED WITH mysql_native_password BY 'Your_newP#s$w0Rd';
I also want to mention that these steps are ok to work in a local environment, when doing something in production is recommended to allocate each user to each database with generated password accordingly and different other security measures if necessary.
Well, I just had the same problem. Even if route had '%' could not connect remotely. Now, having a look at my.ini file (config file in windows) the bind-address statement was missed.
So... I putted this bind-address = * after [mysqld] and restarted the service. Now it works!
1. grant privileges
mysql> GRANT ALL PRIVILEGES ON . TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
2. check user table:
mysql> use mysql
mysql> select host,user from user
3.Modify the configuration file
mysql default bind ip:127.0.0.1, if we want to remote visit services,just delete config
#Modify the configuration file
vi /usr/local/etc/my.cnf
#Comment out the ip-address option
[mysqld]
# Only allow connections from localhost
#bind-address = 127.0.0.1
4.finally restart the services
brew services restart mysql
Try this, i had the same issue and i tried few options, but the below worked.
GRANT ALL ON . TO 'root'#'%';
Reference used - https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04#step-6-%E2%80%94-testing-database-connection-from-php-optional
ubuntu 22.04.1
Mysql Ver 8.0.31-0
My root had no GRANT privileges so I could not grant new users any previligies.
Solution was to Drop current root user and create new one using 'mysql_native_password'.
Commands as follows
Login to mysql with as root
mysql> DROP USER 'root'#'localhost' IDENTIFIED BY 'PASSWORD' FROM mysql.user;
mysql> CREATE USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'locahost' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
This may work:
grant all on dbtest.* to 'dbuser'#'%' identified by 'mysql_password';
I had this same issue, which led me here. In particular, for local development, I wanted to be able to do mysql -u root -p without sudo. I don't want to create a new user. I want to use root from a local PHP web app.
The error message is misleading, as there was nothing wrong with the default 'root'#'%' user privileges.
Instead, as several people mentioned in the other answers, the solution was simply to set bind-address=0.0.0.0 instead of bind-address=127.0.0.1 in my /etc/mysql/mysql.conf.d/mysqld.cnf config. No changes were otherwise required.
I had the same problem on CentOS and this worked for me (version: 8.0.11):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
Stary mysql with sudo
sudo mysql

mysql cannot grant privilege to user, getting error: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

I am in the process of moving a new application to the Production environment which includes a MySQL DB.
While attempting to grant the required privileges using the command:
GRANT ALTER,CREATE ON `MyDB`.`*` to `ThisUser`#`*` ;
I'm getting the error: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements.
and this, while the passwords (of the root user as well as of the ThisUser) fully satisfy the current policy:
The length of the passwords are above 8 chars,
They include both upper and lower case, as well as digits and special chars (like "!", "#", "$", etc.).
I tried setting the validate_password_policy to LOW but it didn't help either.
Can anyone explain what the issue is and how to resolve it?
Thanks.
To solve this problem change validate_password_policy value:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements:
$ mysql -u root -p
mysql> SET GLOBAL validate_password_policy=LOW;
And grant privileges to your user:
mysql> grant all privileges on DB_NAME.* to 'USER_NAME'#'localhost' identified by 'USER_PASS';
mysql> FLUSH PRIVILEGES;
mysql> exit
$ sudo service mysql reload
$ brew services restart mysql
For me it work when I have added IDENTIFIED BY clause in the GRANT query. You need to use IDENTIFY BY clause when you don't have user already added to mysql.
GRANT ALTER,CREATE ON MyDB.* to 'UserName'#'%' IDENTIFIED BY 'UserPassword';
Eventually, the issue was related to some phantom definition of a user as described in here.
This error some time occurs when you've changed some fields like user host or password but forgotten to flush privileges.
So try:
mysql>flush privileges;
The problem is as a result of the policy difference between your password and the server password policy, what you need to do is to reset the password policy of the server to match that no of your server. Type in the following commands to access the plug-in for the password policies
Sudo MySQL
msql> SHOW VARIABLES LIKE 'validate_password%';
This commands should take you to the table with the password policies of the MySQL server. Now you need to write down your password on a piece of paper and reset the server password policies to match that of your password. To do the type in the following commands.
MySQL> SET GLOBAL validate_password_length = 5; ( this should be according to the length of your password)
MySQL> SET GLOBAL validate_number_count = 0;
MySQL> SET GLOBAL validate_password.policy =LOW;
MySQL> SET GLOBAL validate_password_special_char_count = 0;
Note that there are other policies you could change to suit your current password needs.
Incase you are using a password generator it's best to delete the password plug in all together, use the following commands in case you want to delete all password policies.
MySQL> uninstall plugin validate_password;
I was able to solve this ONLY by first adding the phpmyadmin database and user, then running the installation procedure and entering the same password for the phpmyadmin user there as well. Unfortunately, none of the apache configuration files were set up. I'm switchting to ubuntu from amazon linux 2.

MySQL: Access denied for user 'test'#'localhost' (using password: YES) except root user

I am facing problem with mysql non root/admin user, I am following the below steps for creating user and its privileges, correct me if i am doing wrong,
i am installing mysql on RHEL 5.7 64bit, packages are mentioned below, once i done the rpm install we are
creating mysql db using mysql_install_db, then
starting the mysql service then
using mysql_upgrade also we are doing to the server.
After this process i can login as root but with a non-root user I am not able to log into the server:
[root#clustertest3 ~]# rpm -qa | grep MySQL
MySQL-client-advanced-5.5.21-1.rhel5
MySQL-server-advanced-5.5.21-1.rhel5
[root#clustertest3 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root#clustertest3 ~]# ls -ld /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 Nov 30 11:09 /var/lib/mysql/mysql.sock
mysql> CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+----------------+----------------+
| USER() | CURRENT_USER() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
[root#clustertest3 ~]# mysql -ugolden -p
Enter password:
ERROR 1045 (28000): Access denied for user 'golden'#'localhost' (using password: YES)
This is the problem I am facing, is there any solution to this?
Do not grant all privileges over all databases to a non-root user, it is not safe (and you already have "root" with that role)
GRANT <privileges> ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This statement creates a new user and grants selected privileges to it.
I.E.:
GRANT INSERT, SELECT, DELETE, UPDATE ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
Take a look at the docs to see all privileges detailed
EDIT: you can look for more info with this query (log in as "root"):
select Host, User from mysql.user;
To see what happened
If you are connecting to the MySQL using remote machine(Example workbench) etc., use following steps to eliminate this error on OS where MySQL is installed
mysql -u root -p
CREATE USER '<<username>>'#'%%' IDENTIFIED BY '<<password>>';
GRANT ALL PRIVILEGES ON * . * TO '<<username>>'#'%%';
FLUSH PRIVILEGES;
Try logging into the MYSQL instance.
This worked for me to eliminate this error.
Try:
CREATE USER 'golden'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'localhost';
FLUSH PRIVILEGES;
Or even better use: mysql_setpermission to create the user
It looks like you're trying to make a user 'golden'#'%' but a different user by the name of 'golden'#'localhost' is getting in the way/has precedence.
Do this command to see the users:
SELECT user,host FROM mysql.user;
You should see two entries:
1) user= golden, host=%
2) user= golden, host=localhost
Do these Command:
DROP User 'golden'#'localhost';
DROP User 'golden'#'%';
Restart MySQL Workbench.
Then do your original commands again:
CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Then when you go to try to sign in to MySQL, type it in like this:
Hit 'Test Connection' and enter your password 'password'.
First I created the user using :
CREATE user user#localhost IDENTIFIED BY 'password_txt';
After Googling and seeing this, I updated user's password using :
SET PASSWORD FOR 'user'#'localhost' = PASSWORD('password_txt');
and I could connect afterward.
For anyone else who did all the advice but the problem still persists.
Check for stored procedure and view DEFINERS. Those definers may no longer exists.
My problem showed up when we changed the wildcard host (%) to IP specific, making the database more secure. Unfortunately there are some views that are still using 'user'#'%' even though 'user'#'172....' is technically correct.
I also have the similar problem, and later on I found it is because I changed my hostname (not localhost).
Therefore I get it resolved by specifying the --host=127.0.0.1
mysql -p mydatabase --host=127.0.0.1
According way you create your user, MySQL interprets a different manner. For instance, if you create a user like this:
create user user01 identified by 'test01';
MySQL expects you give some privilege using grant all on <your_db>.* to user01;
Don't forget to flush privileges;
But, if you create user like that (by passing an IP address), you have to change it to:
create user 'user02'#'localhost' identified by 'teste02';
so, to give some privileges you have to do that:
grant all on <your_db>.* to user02#localhost;
flush privileges;
Make sure the user has a localhost entry in the users table. That was the problem I was having. EX:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
For annoying searching getting here after searching for this error message:
Access denied for user 'someuser#somewhere' (using password: YES)
The issue for me was not enclosing the password in quotes. eg. I needed to use -p'password' instead of -ppassword
Try this:
If you have already created your user, you might have created your user with the wrong password.
So drop that user and create another user by doing this.
To see your current users.
SELECT Host,User FROM mysql.user;
To drop the user
DROP User '<your-username>'#'localhost';
After this you can create the user again with the correct password
CREATE USER '<your-username>'#'localhost' IDENTIFIED WITH mysql_native_password BY '<correct password>';
then
FLUSH PRIVILEGES;
You might still run into some more errors with getting access to the database, if you have that error run this.
GRANT ALL PRIVILEGES ON *.* to '<your-username>'#'localhost';
In my case the same error happen because I was trying to use mysql by just typing "mysql" instead of "mysql -u root -p"
connect your server from mysqlworkbench and run this command->
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourpassword';
The error of ERROR 1045 (28000): Access denied for user might not be always related to privilages problems but to the fact that there is a missing -p at the end of the command:
# Will prompt us a mysql terminal in case there are no privilages issues
mysql -u root -p
# Will fail with the mentioned ERROR 1045
mysql -u root
sometimes,it can just be a wrong password.Kindly remember your passwords including their sensitivity.
I had this issue and something dummy ended up solving.
For some reason "locahost" was not resolving for anything, so using its local IP made it work.
So you would change
mysql -h localhost -P 33061
to:
mysql -h 127.0.0.1 -P 33061
Had a similar issue when trying to grant privileges to an already existing user using the command:
use my-db;
GRANT ALL PRIVILEGES ON my-database.* TO 'my-user'#'%' IDENTIFIED BY 'my-password';
Here's how I solved it:
It had to do with 2 issues:
The password of the already exiting user was different from the password that provided in the GRANT ALL PRIVILEGES command. I had to rerun the GRANT ALL PRIVILEGES with the correct password for the already existing user.
The host name of the database server that I provided when connecting to the database was incorrect. I had created the database and the user on a particular database server and I was trying to connect to another database server different from the database server where the database and the user were created. I had to get the correct database server hostname, and I used it for the connection.
After all this were sorted, I was able to connect to the database using the credentials.
The issue was that my-user already had the privileges I wanted to grant it.
You can check to see the privileges that you've granted your user using:
SHOW GRANTS FOR 'your-user'#'%';
OR
SHOW GRANTS FOR 'your-user'#'localhost';
That's all.
Just add computer name instead of 'localhost' in hostname or MySQL Host address.

How do I manually block and then unblock a specific IP/Hostname in MYSQL

First off, I did google this but sites are flooded with advice on how to deal with "host name is blocked" issues. (https://www.google.com/search?q=mysql+block+a+host). My issue is a little bit the opposite of that.
With me, I am running a MySQL database and no PHP is involved.
I need to block a certain host-name/IP address from connecting to my database, then I will unblock it. I am hoping there are 2 simple queries for this that I can execute on the MySQL database, I just can't seem to find it anywhere.
I can find the hostnames pretty easily by running the show processlist query and I know I can kill one process at a time, but so many new threads pop up that if I can just block all of them from a certain hostname, that would be ideal. Then I will unblock once I fix a few things.
You can use GRANT to give a non-privileged entry for a user connecting from a specific host, even if you have GRANTed privileges to a wildcard including that host. When authenticating, the most specific host match takes precedence.
For example, suppose you enabled a user to connect from a range of hosts on your local subnet:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user'#'192.168.56.%' IDENTIFIED BY 'xyzzy';
Then you could grant the minimal USAGE privilege, which is a synonym for "no privileges" for that user for one specific host within that subnet:
mysql> GRANT USAGE ON *.* TO 'user'#'192.168.56.110';
Subsequent attempts to connect from that host get this error:
$ mysql -uuser -pxyzzy
ERROR 1045 (28000): Access denied for user 'user'#'192.168.56.110' (using password: YES)
The reason this gets an error is that I did this grant for the user with no password. If I try to submit a password, this doesn't match the entry in the privileges table.
Even if the user tries to connect without using a password, he finds he has no access to anything.
$ mysql -uuser
mysql> USE mydatabase;
ERROR 1044 (42000): Access denied for user 'user'#'192.168.56.110' to database 'mydatabase'
You can undo the blocking:
mysql> DELETE FROM mysql.user WHERE host='192.168.56.110' AND user='user';
mysql> FLUSH PRIVILEGES;
And then the IP range will come back into effect, and the user will be able to connect from thathost again.
You can revoke privileges as mentioned above, but this will still allow a user to make a connection to your MySQL server - albeit this will prevent that user from authenticating. If you really want to block/allow connections to your MySQL server based on IP, use iptables.
Have you tried using MySQL Workbench?
You can simply remove ROLES for a specific User/Host from there.

MySQL Error #1133 - Can't find any matching row in the user table

Unable to set password for a user using 3.5.2.2 - phpMyAdmin for 5.5.27 - MySQL. When trying to set the password while logged onto phpMyAdmin as the user, it pops up the following error:
#1133 - Can't find any matching row in the user table
When logged on as root, following password set successfully message pops up.
SET PASSWORD FOR 'user'#'%' = PASSWORD( '***' )
In either case, password does not set and stays as it currently is, blank.
I encountered this error using MySQL in a different context (not within phpMyAdmin). GRANT and SET PASSWORD commands failed on a particular existing user, who was listed in the mysql.user table. In my case, it was fixed by running
FLUSH PRIVILEGES;
The documentation for this command says
Reloads the privileges from the grant tables in the mysql database.
The server caches information in memory as a result of GRANT and CREATE USER statements.
This memory is not released by the corresponding REVOKE and DROP USER statements, so for
a server that executes many instances of the statements that cause caching, there will be
an increase in memory use. This cached memory can be freed with FLUSH PRIVILEGES.
Apparently the user table cache had reached an inconsistent state, causing this weird error message. More information is available here.
This error can occur if trying to grant privileges for a non-existing user.
It is not clear to me what MySQL considers a non-existing user. But I suspect MySQL considers a user to exist if it can be found by a name (column User) and a host (column Host) in the user table.
If trying to grant privileges to a user that can be found with his name (column User) but not by his name and host (columns User and Host), and not provide a password, then the error occurs.
For example, the following statement triggers the error:
grant all privileges on mydb.* to myuser#'xxx.xxx.xxx.xxx';
This is because, with no password being specified, MySQL cannot create a new user, and thus tries to find an existing user. But no user with the name myuser and the host xxx.xxx.xxx.xxx can be found in the user table.
Whereas providing a password, allows the statement to be executed successfully:
grant all privileges on mydb.* to myuser#'xxx.xxx.xxx.xxx' identified by 'mypassword';
Make sure to reuse the same password of that user you consider exists, if that new "MySQL user" is the same "application user".
Complete the operation by flushing the privileges:
flush privileges;
I encountered this issue, but in my case the password for the 'phpmyadmin' user did not match the contents of /etc/phpmyadmin/config-db.php
Once I updated the password for the 'phpmyadmin' user the error went away.
These are the steps I took:
Log in to mysql as root: mysql -uroot -pYOUR_ROOT_PASS
Change to the 'mysql' db: use mysql;
Update the password for the 'phpmyadmin' user:
UPDATE mysql.user SET Password=PASSWORD('YOUR_PASS_HERE') WHERE User='phpmyadmin' AND Host='localhost';
Flush privileges: FLUSH PRIVILEGES;
DONE!! It worked for me.
It turns out, the error is very vague indeed!
1) Password was setting while logged on as root, as it was updating the user/password field in the users table under MySql.
2) When logged on as user, password was in fact not changing and even though there was one specified in the users table in MySql, config.inc.php file allowed authentication without password.
Solution:
Change following value to false in the config.inc.php.
$cfg['Servers'][$i]['AllowNoPassword'] = true;
So that it reads
$cfg['Servers'][$i]['AllowNoPassword'] = false;
Change user's host from Any or % to localhost in MySql users table. This could easily be achieved via phpMyAdmin console.
These two changes allowed me to authenticate as user with it's password and disallowed authentication without password.
It also allowed user to change its password while logged on as user.
Seems all permissions and the rest was fixed with these two changes.
To expound on Stephane's answer.
I got this error when I tried to grant remote connections privileges of a particular database to a root user on MySQL server by running the command:
USE database_name;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%';
This gave an error:
ERROR 1133 (42000): Can't find any matching row in the user table
Here's how I fixed it:
First, confirm that your MySQL server allows for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below which is similar to the previous one that was throwing errors, but notice that I added a password to it this time:
USE database_name;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
grant all on newdb.* to newuser#localhost identified by 'password';
For someone who is doing a mistake like me.
I was using command
SET PASSWORD FOR root = 'elephant7'
to update the password for the root user and I was getting the same error. I tried every thing mention above in all the answer but I got no success then after searching a bit I found out the ans,
MySQL account names consist of a user name and a host name. This enables creation of accounts for users with the same name who can connect from different hosts.
on https://dba.stackexchange.com/
and then I used the command
SET PASSWORD FOR 'root'#'localhost'=PASSWORD('mynewpasword');
here 'root'#'localhost' did the trick and the command worked.
Hope this be beneficial for someone.
If you're using PHPMyAdmin you have to be logged in as root to be able to change root password. in user put root than leave password blank than change your password.
In my case I had just renamed the Mysql user which was going to change his password on a gui based db tool (DbVisualizer). The terminal in which I tried to 'SET PASSWORD' did not work(MySQL Error #1133).
However this answer worked for me, even after changing the password the 'SET PASSWORD' command did not work yet.
After closing the terminal and opening new one the command worked very well.
I think the answer is here now : https://bugs.mysql.com/bug.php?id=83822
So, you should write :
GRANT ALL PRIVILEGES ON mydb.* to myuser#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword';
And i think that could be work :
SET PASSWORD FOR myuser#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'old_password' = PASSWORD('new_password');