Skip to content

Instantly share code, notes, and snippets.

@mainul35-bs23

mainul35-bs23/MySQL user grants and Password policy reset.md

Last active September 3, 2020 18:58
Show Gist options
  • Save mainul35-bs23/b4be66fcf58a333e0d6131ef2b604b05 to your computer and use it in GitHub Desktop.
Save mainul35-bs23/b4be66fcf58a333e0d6131ef2b604b05 to your computer and use it in GitHub Desktop.
Download ZIP
MySQL user grants and Password policy reset
Raw
MySQL user grants and Password policy reset.md

Background story

It is a common scenario that we often forget out database password. When we try to log in to our mysql DB, we face the following error message. If we use a password:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

If we don't use a password:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

In this case we need to reset the password to access our mysql databases (atttention: only for ethical purpose).

To forcibly access the mysql shell, follow the below steps.

  1. Open and edit /etc/my.conf or /etc/mysql/my.conf depending on your distro. In my case, I edited it with vim.
$ sudo vi /etc/my.conf
  1. Add skip-grant-tables under [mysqld]
  2. Restart Mysql
$ sudo service mysqld restart
  1. You should be able to login to mysql now using the below command mysql -u root -p
  2. Run mysql> flush privileges;
  3. Try to set new password by ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword'; [1]
  4. Go back to /etc/my.cnf and remove/comment skip-grant-tables that you added earlier in step 2.
  5. Restart Mysql
  6. Now you will be able to login with the new password using the command mysql -u root -p

[1] If your mysql server has strong password policy, you may see the following message when you try to execute step 6.

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

In this case, follow the below steps.

  • For checking the current variables for validating the password you should run the following command.
mysql> SHOW VARIABLES LIKE 'validate_password%';
  • Validate_password is a variable that is used to inform the server about the validate_password plugin. This plugin tests the passwords and improve security. Following output will be displayed, if you run the above command.
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
  • If you want to enable setting a weak password, you have to change the values of few global variables shown above by running the following commands.
SET GLOBAL validate_password.length=0;
SET GLOBAL validate_password.mixed_case_count=0;
SET GLOBAL validate_password.number_count=0;
SET GLOBAL validate_password.special_char_count=0;
SET GLOBAL validate_password.policy=LOW;

Keep in mind that these changes are temporary. If you want these variables to have the values set permanently, you need to change these values in /etc/my.conf file. To do that go to /etc/my.conf and add the following lines.

validate_password.policy=LOW
validate_password.length=0
validate_password.mixed_case_count=0
validate_password.number_count=0
validate_password.special_char_count=0
  • Now restart MySQL and try to execute the command in link 6.

If you have done everything successfully, hopefully you have become successful to reset the mysql password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment