Ever found yourself working on a MySQL server where root’s password is unavailable? It has happened to me a few times, always because the person who set up the DB left the place long ago, and this information was not documented anywhere.

If you have root access to the OS, MySQL lets you restart the server bypassing access checks, using the skip-grant-tables option, which requires a service restart.

However, if you need to regain root access and want to minimize service impact, you can take advantage of the way the server responds to SIGHUP signals and the fact that access credentials are stored on a MyISAM table.

MySQL uses a few tables to store credentials and privileges for users (you can find more about this here), but for this procedure, we only need to work with the mysql.user table.

Specifically, we will work with the columns ‘user’, ‘host’ and ‘password’ from this table.

Here’s an example of how this can look on a server:

mysql> select user,host,password from mysql.user;
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| root | localhost | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| | localhost | |
| | mysql | |
| dba | % | *4FC8D8270BEC4364C78799065996F5306139B412 |
| readwrite | localhost | *202273E75BD11D06FBE2F057BFA1B1BB2B26549C |
| readonly | localhost | *FC69E042CE30D92E2952335F690CF2345C812E36 |
+-----------+-----------+-------------------------------------------+
9 rows in set (0.00 sec)

To start, we’ll need to make a copy of this table to a database where we can change it. On this example server, this means the ‘test’ schema, as the ‘readwrite’ user has write privileges on it. Even if root’s password was lost, you can typically get a less privileged MySQL account by checking the applications that connects to this database. If for some reason this is not the case, you can achieve the same results by copying this table to another server, and copying it back after the necessary changes have been made.

The following command happen on the datadir:

[root@mysql mysql]# cp mysql/user.* test/; chown mysql.mysql test/user.*

Please don’t overwrite an existing table when doing this! Rename the copied files as needed instead …

Now you should be able to access (and write) to this table:

[root@mysql mysql]# mysql -ureadwrite -p test
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 34
Server version: 5.6.16 MySQL Community Server (GPL) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> select user,host,password from user;
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| root | localhost | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| | localhost | |
| | mysql | |
| dba | % | *4FC8D8270BEC4364C78799065996F5306139B412 |
| readonly | % | *FC69E042CE30D92E2952335F690CF2345C812E36 |
| readwrite | % | *202273E75BD11D06FBE2F057BFA1B1BB2B26549C |
+-----------+-----------+-------------------------------------------+
9 rows in set (0.00 sec)

By now you’ve probably figured out what I’ll do: update test.user, changing the password column for user ‘root’ and host ‘localhost’ to the result of running the PASSWORD() function with some string of my choice, then copying this table back, and then sending SIGHUP to the server.

A couple of caveats:

  • Either make a copy of the original table file, (and?) or write down the original hash for root (the one you will replace)
  • Even if nobody on the customer’s current team knows how to get you MySQL’s root password, that does not mean they don’t have some old app someone has forgotten about that uses the root account to connect. If this is the case, access will break for this app. You can follow the same steps outlined here, but instead of permanently changing root’s password, use your regained access to create a new super user account, and then replace root’s hash with the one you saved (and flush privileges!)

For completion, here’s the rest of the process:

mysql> update test.user set password=password('newpass but this is insecure so dont use') where user = 'root' and host = 'localhost';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0 mysql> select user,host,password from test.user where user='root';
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *0A131BF1166FB756A61317A40F272D6FFDD281E9 |
| root | mysql | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | 127.0.0.1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
| root | ::1 | *1BD9C328233CF457571A4BB5DB8D32892AB8EDBF |
+------+-----------+-------------------------------------------+
4 rows in set (0.00 sec) mysql>

Time to copy the table back and reload the grant tables:

[root@mysql mysql]# 'cp' test/user.MY* mysql/
[root@mysql mysql]# kill -SIGHUP $(pidof mysqld)

And now you should be able to get back in:

[root@mysql mysql]# mysql -p'newpass but this is insecure so dont use'
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.6.16 MySQL Community Server (GPL) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*0A131BF1166FB756A61317A40F272D6FFDD281E9' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

There you go. We’ve regained root access to MySQL without restarting the service!

I hope you find this useful, and I’ll leave opinions on MySQL’s security as an exercise to the reader …

不重启mysqld更改root密码的更多相关文章

  1. mysql设置更改root密码、mysql服务器的连接、mysql常用命令

     1.设置更改root密码 查看mysql 启动与否,若没启动就运行:/usr/local/mysql56/bin/mysqlps aux |grep mysql  或 netstat -tulnp ...

  2. 设置更改root密码、连接mysql、mysql常用命令

    6月19日任务 13.1 设置更改root密码13.2 连接mysql13.3 mysql常用命令 13.1 设置更改root密码 使用场景:例如长时间不用忘记了mysql的root密码,那么就需要去 ...

  3. Linux centosVMware MySQL常用操作设置更改root密码、连接mysql、mysql常用命令

    一.设置更改root密码 启动mysql /usr/local/mysql/bin/mysql -uroot 更改环境变量PATH,增加mysql绝对路径 使mysql -uroot永久生效需要编辑, ...

  4. 不重启修改mysql root密码

    不重启修改mysql root密码 --------------------2014/09/28 一.一般忘记密码的解决办法,需要重启Mysql1.skip-grant-tables我们常用的方法是使 ...

  5. centOS 7 更改root密码

    Linux忘记密码怎么办,不用重装系统,进入emergency mode 更改root密码即可. 首先重启系统,按下 向下 按钮, 定位在第一个,摁 e ,进行编辑 找到 ro , 把ro改为 rw ...

  6. mysql 更改root密码

    mysql 更改root密码,有很多种,网上也有很多记录,这里只是做个记录,以后可以看看,只记录两种自己常用的方法. 1.改表法,登录到数据库,切换到:mysql数据库,update user set ...

  7. mysql更改root密码及root远程登录

    1.更改root密码 use mysql; update user set password=password('petecc') where user='root'; 2.root远程登录 1 up ...

  8. mysql(mariadb)如何更改root密码

    mysql(或者mariadb,她是mysql的一个分支,完全开源,新版本的linux系统默认安装的是mariadb)如何更改root密码呢?我们主要介绍命令mysqladmin来实现. mysql( ...

  9. 在centos使用rpm包的方式安装mysql,以及更改root密码

    在centos使用rpm包的方式安装mysql,对于centos官方实际推荐使用yum进行安装,下载安装的方式主要用于内网服务器不能连接外网yum源的情况. 下载包 首先根据centos版本在mysq ...

随机推荐

  1. Raw qcow qcow2 vhd-vpc虚拟磁盘格式间相互转换

  2. VMware+Ubuntu8.10+Skyeye+gdb实现u-boot源码调试

    系统平台:WindowsXP 虚拟机: VMware Workstation 6.5.0 Ubuntu8.10 安装程序 ubuntu-8.10-desktop-i386.iso 下载地址:http: ...

  3. HDU 4362 Dragon Ball 线段树

    #include <cstdio> #include <cstring> #include <cmath> #include <queue> #incl ...

  4. C++ - 容器(container)的erase()函数

    容器(container)的erase()函数 本文地址: http://blog.csdn.net/caroline_wendy/article/details/23996013 容器(contai ...

  5. .NET批量大数据插入性能分析及比较

    数据插入使用了以下几种方式 1. 逐条数据插入2. 拼接sql语句批量插入3. 拼接sql语句并使用Transaction4. 拼接sql语句并使用SqlTransaction5. 使用DataAda ...

  6. 【RequireJS--API学习笔记】

    原文:http://blog.csdn.net/pigpigpig4587/article/details/23427573 目录 RequireJS 加载javascript文件 定义模块 简单的值 ...

  7. js实现的对象数组根据对象的键值进行排序代码

    有时候会遇到做展示数组的排序,由大到小和由小到大的切换: var arr=[{id:1,webName:"蚂蚁部落"},{id:2,webName:"网易"}] ...

  8. 为什么报错说req未定义,createServer只接受匿名函数吗?

    var http = require('http');var server = new http.createServer(handlerRequest(req,res));server.listen ...

  9. studio中集成.so文件的两种方式

    .so文件作为NDK的开发包,如果不进行依赖使用将会报错所以,需要.so的一定要配置 注:如果没有引用so文件,可能会在程序执行的时候加载类库失败,有类似如下的DEBUG提示:    java.lan ...

  10. Webform Lable