I accidentally removed most of the privileges from my MySQL root user, including the ability to grant privileges. Is there some way I can restore this user to its original state?
You might still be able to do an UPDATE on table user in database mysql:
USE mysql;
UPDATE user SET Grant_priv='1' WHERE User='root';
FLUSH PRIVILEGES;
If step 3 doesn't work, restarting the MySQL server will have the same effect. If step 2 doesn't work, you need to restore mysql.user from backup. If you don't have a backup, make a backup, reinstall MySQL and then selectively restore your backup, leaving out tables within the mysql database.
UPDATE
You're getting Access Denied during the first step. At this point, you're down to the alternative solutions with backups. There's no way (that I know of or can easily imagine) that you're recovering those tables any other way.
UPDATE 2
The exact error message is basically saying that in addition to losing root's grant privileges, you've dropped root's access to the mysql DB. Without having access to that DB and without having grant privileges, the only way I can see back is to somehow obtain a fresh copy of the mysql DB.
Any chance you have a replication slave set up?
Related
I want o create a new MySQL user for logrotate and it needs to be able to run FLUSH LOGS, but doesn't need any other privileges as far as I can tell.
What is the minimum mysql privileges I need to give to this user in order to access FLUSH LOGS ?
I am using Mysql 5.7.29 if it matters.
According to Mysql 5.7.x docs for the FLUSH statement, you would need RELOAD privilege.
RELOAD privilege docs: https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html#priv_reload
FLUSH statement docs: https://dev.mysql.com/doc/refman/5.7/en/flush.html
When creating new tables and a user to go along with it, I usually just invoke the following commands:
CREATE DATABASE mydb;
GRANT ALL PRIVILEGES ON mydb.* TO myuser#localhost IDENTIFIED BY "mypassword";
I have never ever needed to utilize the FLUSH PRIVILEGES command after issuing the previous two commands. Users can log in and use their database and run PHP scripts which connect to the database just fine. Yet I see this command used in almost every tutorial I look at.
When is the FLUSH PRIVILEGES command really needed and when is it unnecessary?
Privileges assigned through GRANT option do not need FLUSH PRIVILEGES to take effect - MySQL server will notice these changes and reload the grant tables immediately.
From MySQL documentation:
If you modify the grant tables directly using statements such as
INSERT, UPDATE, or DELETE, your changes have no effect on privilege
checking until you either restart the server or tell it to reload the
tables. If you change the grant tables directly but forget to reload
them, your changes have no effect until you restart the server. This
may leave you wondering why your changes seem to make no difference!
To tell the server to reload the grant tables, perform a
flush-privileges operation. This can be done by issuing a FLUSH
PRIVILEGES statement or by executing a mysqladmin flush-privileges or
mysqladmin reload command.
If you modify the grant tables indirectly using account-management
statements such as GRANT, REVOKE, SET PASSWORD, or RENAME USER, the
server notices these changes and loads the grant tables into memory
again immediately.
TL;DR
You should use FLUSH PRIVILEGES; only if you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE.
Just to give some examples. Let's say you modify the password for an user called 'alex'. You can modify this password in several ways. For instance:
mysql> update* user set password=PASSWORD('test!23') where user='alex';
mysql> flush privileges;
Here you used UPDATE. If you use INSERT, UPDATE or DELETE on grant tables directly you need use FLUSH PRIVILEGES in order to reload the grant tables.
Or you can modify the password like this:
mysql> set password for 'alex'#'localhost'= password('test!24');
Here it's not necesary to use "FLUSH PRIVILEGES;"
If you modify the grant tables indirectly using account-management statements such as GRANT, REVOKE, SET PASSWORD, or RENAME USER, the server notices these changes and loads the grant tables into memory again immediately.
2 points in addition to all other good answers:
1:
what are the Grant Tables?
from dev.mysql.com
The MySQL system database includes several grant tables that contain information about user accounts and the privileges held by them.
clarification: in MySQL, there are some inbuilt databases , one of them is "mysql" , all the tables on "mysql" database have been called as grant tables
2:
note that if you perform:
UPDATE a_grant_table SET password=PASSWORD('1234') WHERE test_col = 'test_val';
and refresh phpMyAdmin , you'll realize that your password has been changed on that table but even now if you perform:
mysql -u someuser -p
your access will be denied by your new password until you perform :
FLUSH PRIVILEGES;
I have a question about a scenario i currently have. generally the process should work but i can't seem to login successfully afterwards. either getting an incorrect username/password combination or an "unable to select Database" error when logging in with any credentials.
to skip forward a bit i have shutdown the mysql server on the machine and restarted it with the command
/etc/init.d/mysqld --skip-grant-tables
then logged in with mysql -u root -p
obviously this lets me in straight away as it skips the permissions check.
My goal is to change the password on a for a user on a table.
Currently there are three databases on the server we will call them as follows.
INFORMATION_SCHEMA
mysql
gnb
There is a table in gnb called users which has a username an password field. it has a single entry called admin under username which i want to change the password for as that is where the web server pulls the data from.
i have successfully changed the password for this particular user with the command
UPDATE users SET Password=PASSWORD('MyNewPass') WHERE username='admin';
FLUSH PRIVILEGES;
And 1 row is affected and i can visibly see the password hash change. also flushing privileges.
here's where i run into my problem....
once i have reset the password and restarted the mysql server in a normal mode i navigate back to the web server login and attempt to log in with the details that i now have.
i'm met with a "unable to select database" error message.
i'm not sure if i have to do something prior to restarting the database? or do i also have to restart the apache web server? i have tried a mirage of different combinations of things but just can't seem to get it working. if i attempt to log in whilst still in --skip-grant-tables mode then i just get an invalid login attempt.
thanks in advance/
I'm stumped....
I think you may have a misunderstanding about how the MySQL authentication system works.
When an application (e.g. a PHP script) connects to MySQL, the user/password checks against the mysql.users table. It does not check any other table in another database, even if that database (gnb) is the database that contains your application's data.
The fact that you have a table called "users" in your gnb database has no bearing on the MySQL authentication system. Of course you can put any data you want into that table, but it won't be used by MySQL authentication.
You can change passwords with the SET PASSWORD command, or you can UPDATE the mysql.users table directly and then FLUSH PRIVILEGES.
for the future.
second table was storing passwords in MD5.
update the row without using any password commands. simply a row update and update it with the MD5 hash of the password i was wishing to use.
web server then recognized the MD5 string as being the correct password and i was able to gain access.
This question already has answers here:
mysql: cannot create user after delete the user with phpmyadmin
(2 answers)
Closed 9 years ago.
I accidentally all my user accesses to phpMyAdmin and I have no clue how to re institute a user so I can access mysql again.
Right now I have no access to even sign in MySQL when using the commandline and phpMyAdmin just displays an error.
Well, if you managed to delete the root user, I assume you have the ability to restart the mysql daemon. Try killing mysql, and restarting it:
mysqld –skip-grant-tables
then
mysql
Which should give you unfettered access to your user table.
Resetting the Root Password
Connect to the mysqld server with this command:
shell> mysql
Issue the following statements in the mysql client. Replace the password with the password that you want to use.
mysql> UPDATE mysql.user SET Password=PASSWORD('MyNewPass')
-> WHERE User='root';
mysql> FLUSH PRIVILEGES;
The FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
Looks like you've not just delete the table, but also the entire mysql permission database. You need now to find the script 'mysql_install_db'. Once you run it, you will recreate the mysql permissions database. Now you need recreate users for any application you've set up previously.
Every time I create a database using a custom joomla template quick install the database is created but does not show up in MySQL Database management despite the fact that it most definitely does exist and MySQL database management knows it does because it wont let me create a database with that name due to error "Database already exists".
I want to delete joomlasall database.
Full size image
http://img99.imageshack.us/img99/4995/tempkh.png
If you can not see database but you are sure that it exists, this is definitely permissions issue.
Do
SHOW GRANTS
More info here
You will see that you does not hold global SELECT privilege.
You need to explicitly GRANT permissions with similar command like:
GRANT ALL PRIVILEGES ON DBNAME.* TO 'username'#'localhost';
Instead of ALL you can specify SELECT, INSERT, UPDATE, DELETE , EXECUTE, etc... check this
replace DBNAME with your DB name, username with user for whom you want to grant access and localhost with hostname if DB is used remotly.
To do this, you need GRANT privilege or to be root user.
use same mysql user credentials for Joomla DB connectivity also the one you are using in phpmyadmin.