Ever found yourself working on a MySQL server where root’s password is unavailable? It has happened to me a few times, always because the person who set up the DB left the place long ago, and this information was not documented anywhere.

If you have root access to the OS, MySQL lets you restart the server bypassing access checks, using the skip-grant-tables option, which requires a service restart.

However, if you need to regain root access and want to minimize service impact, you can take advantage of the way the server responds to SIGHUP signals and the fact that access credentials are stored on a MyISAM table.

MySQL uses a few tables to store credentials and privileges for users (you can find more about this here), but for this procedure, we only need to work with the mysql.user table.

Specifically, we will work with the columns ‘user’, ‘host’ and ‘password’ from this table.

Here’s an example of how this can look on a server:

mysql> select user,host,password from mysql.user;
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| root | localhost | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| | localhost | |
| | mysql | |
| dba | % | *4FC8D8270BEC4364C78799065996F5306139B412 |
| readwrite | localhost | *202273E75BD11D06FBE2F057BFA1B1BB2B26549C |
| readonly | localhost | *FC69E042CE30D92E2952335F690CF2345C812E36 |
+-----------+-----------+-------------------------------------------+
9 rows in set (0.00 sec)

To start, we’ll need to make a copy of this table to a database where we can change it. On this example server, this means the ‘test’ schema, as the ‘readwrite’ user has write privileges on it. Even if root’s password was lost, you can typically get a less privileged MySQL account by checking the applications that connects to this database. If for some reason this is not the case, you can achieve the same results by copying this table to another server, and copying it back after the necessary changes have been made.

The following command happen on the datadir:

[root@mysql mysql]# cp mysql/user.* test/; chown mysql.mysql test/user.*

Please don’t overwrite an existing table when doing this! Rename the copied files as needed instead …

Now you should be able to access (and write) to this table:

[root@mysql mysql]# mysql -ureadwrite -p test
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 34
Server version: 5.6.16 MySQL Community Server (GPL) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select user,host,password from user;
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| root | localhost | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| | localhost | |
| | mysql | |
| dba | % | *4FC8D8270BEC4364C78799065996F5306139B412 |
| readonly | % | *FC69E042CE30D92E2952335F690CF2345C812E36 |
| readwrite | % | *202273E75BD11D06FBE2F057BFA1B1BB2B26549C |
+-----------+-----------+-------------------------------------------+
9 rows in set (0.00 sec)

By now you’ve probably figured out what I’ll do: update test.user, changing the password column for user ‘root’ and host ‘localhost’ to the result of running the PASSWORD() function with some string of my choice, then copying this table back, and then sending SIGHUP to the server.

A couple of caveats:

  • Either make a copy of the original table file, (and?) or write down the original hash for root (the one you will replace)
  • Even if nobody on the customer’s current team knows how to get you MySQL’s root password, that does not mean they don’t have some old app someone has forgotten about that uses the root account to connect. If this is the case, access will break for this app. You can follow the same steps outlined here, but instead of permanently changing root’s password, use your regained access to create a new super user account, and then replace root’s hash with the one you saved (and flush privileges!)

For completion, here’s the rest of the process:

mysql> update test.user set password=password('newpass but this is insecure so dont use') where user = 'root' and host = 'localhost';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0 mysql> select user,host,password from test.user where user='root';
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *0A131BF1166FB756A61317A40F272D6FFDD281E9 |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
+------+-----------+-------------------------------------------+
4 rows in set (0.00 sec) mysql>

Time to copy the table back and reload the grant tables:

[root@mysql mysql]# 'cp' test/user.MY* mysql/
[root@mysql mysql]# kill -SIGHUP $(pidof mysqld)

And now you should be able to get back in:

[root@mysql mysql]# mysql -p'newpass but this is insecure so dont use'
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.6.16 MySQL Community Server (GPL) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*0A131BF1166FB756A61317A40F272D6FFDD281E9' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

There you go. We’ve regained root access to MySQL without restarting the service!

I hope you find this useful, and I’ll leave opinions on MySQL’s security as an exercise to the reader …

不重启mysqld更改root密码的更多相关文章

  1. mysql设置更改root密码、mysql服务器的连接、mysql常用命令

     1.设置更改root密码 查看mysql 启动与否,若没启动就运行:/usr/local/mysql56/bin/mysqlps aux |grep mysql  或 netstat -tulnp ...

  2. 设置更改root密码、连接mysql、mysql常用命令

    6月19日任务 13.1 设置更改root密码13.2 连接mysql13.3 mysql常用命令 13.1 设置更改root密码 使用场景:例如长时间不用忘记了mysql的root密码,那么就需要去 ...

  3. Linux centosVMware MySQL常用操作设置更改root密码、连接mysql、mysql常用命令

    一.设置更改root密码 启动mysql /usr/local/mysql/bin/mysql -uroot 更改环境变量PATH,增加mysql绝对路径 使mysql -uroot永久生效需要编辑, ...

  4. 不重启修改mysql root密码

    不重启修改mysql root密码 --------------------2014/09/28 一.一般忘记密码的解决办法,需要重启Mysql1.skip-grant-tables我们常用的方法是使 ...

  5. centOS 7 更改root密码

    Linux忘记密码怎么办,不用重装系统,进入emergency mode 更改root密码即可. 首先重启系统,按下 向下 按钮, 定位在第一个,摁 e ,进行编辑 找到 ro , 把ro改为 rw ...

  6. mysql 更改root密码

    mysql 更改root密码,有很多种,网上也有很多记录,这里只是做个记录,以后可以看看,只记录两种自己常用的方法. 1.改表法,登录到数据库,切换到:mysql数据库,update user set ...

  7. mysql更改root密码及root远程登录

    1.更改root密码 use mysql; update user set password=password('petecc') where user='root'; 2.root远程登录 1 up ...

  8. mysql(mariadb)如何更改root密码

    mysql(或者mariadb,她是mysql的一个分支,完全开源,新版本的linux系统默认安装的是mariadb)如何更改root密码呢?我们主要介绍命令mysqladmin来实现. mysql( ...

  9. 在centos使用rpm包的方式安装mysql,以及更改root密码

    在centos使用rpm包的方式安装mysql,对于centos官方实际推荐使用yum进行安装,下载安装的方式主要用于内网服务器不能连接外网yum源的情况. 下载包 首先根据centos版本在mysq ...

随机推荐

  1. 【剑指offer】面试题29:数组中出现次数超过一半的数字

    题目: 数组中有一个数字出现的次数超过数组长度的一半,请找出这个数字.例如输入一个长度为9的数组{1,2,3,2,2,2,5,4,2}.由于数字2在数组中出现了5次,超过数组长度的一半,因此输出2. ...

  2. hdu3870-Catch the Theves(平面图最小割)

    Problem Description A group of thieves is approaching a museum in the country of zjsxzy,now they are ...

  3. 直接使用ip访问google搜索

    173.194.127.148 173.194.127.51 173.194.36.48 (亲测,个人在用,有的ip有时候应该不能访问); 173.194.72.101 173.194.72.103 ...

  4. hbase的thriftserver开启

    说明:hbase的thriftserver默认已经编译好,可以使用,不需要跟hadoopthrift一样配置. 要使用Hbase的thrift接口,必须将它的服务启动,命令行为: hbase-deam ...

  5. 用户登陆,退出等基本Action

    用户登陆页面user_login.jsp对应action为login.do: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transiti ...

  6. (转)Apache+Tomcat集群配置

    本文Apache+Tomcat集群配置 基于最新的Apache和Tomcat,具体是2011年4月20日最新的Tomcat和Apache集群和负载均衡配置. 准备环境 Apache Apache是ht ...

  7. Android学习笔记--广播(Broadcast)

    1.Android广播分类 android的广播类型分为两类:标准广播和有序广播. 标准广播:异步广播,广播发出后,所有注册了的广播接收器都会同时接收到该广播.打个比方:做地铁过程中的语音播报,当列车 ...

  8. Android 定义重名权限问题

    一直以来对android的权限机制就有一个疑问,因为在使用权限时,实际上只需要permission的name这一个标签,而在定义权限时,android是不会检查是否重名的,那么在两个应用定义了重名权限 ...

  9. [Leetcode] Search In Rotated Sorted Array (C++)

    题目: Suppose a sorted array is rotated at some pivot unknown to you beforehand. (i.e., 0 1 2 4 5 6 7  ...

  10. 反引号backtick中输入多个命令

    如果在反引号backtick中输入多个命令会怎样?比如有如下脚本: #!/bin/bash var=`date;who` echo $var 运行该脚本,会发现输出的是命令date和who的集合,只是 ...