Administrating a MySQL server
Recover MySQL root Password
by Vivek Gite on April 18, 2006 · 184 comments
You can recover MySQL database server password with following five easy steps.
Step # 1: Stop the MySQL server process.
Step # 2: Start the MySQL (mysqld) server/daemon process with the --skip-grant-tables option
so that it will not prompt for password.
Step # 3: Connect to mysql server as the root user.
Step # 4: Setup new mysql root account password i.e. reset mysql password.
Step # 5: Exit and restart the MySQL server.
Here are commands you need to type for each step (login as the root user):
Step # 1 : Stop mysql service
# /etc/init.d/mysql stop
Output:
Stopping MySQL database server: mysqld.
Step # 2: Start to MySQL server w/o password:
# mysqld_safe --skip-grant-tables &
Output:
[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started
Step # 3: Connect to mysql server using mysql client:
# mysql -u root
Output:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
Step # 4: Setup new MySQL root user password
mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where
User='root';
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:
# /etc/init.d/mysql stop
Output:
Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended
[1]+ Done mysqld_safe --skip-grant-tables
Step # 6: Start MySQL server and test it
# /etc/init.d/mysql start
Setting the password:
1. From Unix:
shell> mysql -u username -h hostname -p password
mysql> SET PASSWORD FOR username@localhost=PASSWORD('new_password');
2. Directly manipulate the privilege tables:
shell> mysql -u username -h host -u username -p
mysql> UPDATE user SET Password=PASSWORD('new_password') WHERE
user='root';
mysql> FLUSH PRIVILEGES;
3. Using the mysqladmin command:
shell> mysqladmin -u username password new_password
In our case we were able to change password specifying host name along
with user name:
shell> bin/myslqadmin u username h localhost
MySQL Permissions & Grant Tables
In order to add a new user or update user's privileges in mysql grant
tables login to mysql as a root user.
There are two options: use GRANT/REVOKE command or manipulating the
MySQL grant tables directly.
The preferred method is to use GRANT statements - more concise and less
error-prone.
If you modify the grant tables manually (using INSERT, UPDATE, etc.),
you should execute
a FLUSH PRIVILEGES statement to tell the server to reload the grant
tables.
To remove user: mysql> delete from user where user='username';
mysql> FLUSH PRIVILEGES;
Examples adding a new user with different level of privileges:
dummy: A user who can connect without a password, but only from the
local host.
mysql> GRANT USAGE ON *.* TO dummy@localhost;
myUser : A full superuser who can connect to the server from anywhere,
but who must use a password 'pass' to do so.
GRANT statements should be for both myUser@localhost and
myUser@"%".
to prevent the anonymous user entry for localhost take
precedence.
mysql> GRANT ALL PRIVILEGES ON *.* TO myUser@localhost
IDENTIFIED BY 'pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO myUser@"%"
IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
"%" - is a wildcard in mysql. If you are defining your DB table
and in the 'host' field
enter '%', that means that any host can access that database (Of
course, that host
must also have a valid db user).
admin: A user who can connect from localhost without a password and
who is granted
the RELOAD and PROCESS administrative privileges.
No database-related privileges are granted.
mysql> GRANT RELOAD,PROCESS ON *.* TO admin@localhost;
Add a user that has full rights to his database only but cannot see
other database:
mysql> GRANT USAGE ON *.* TO 'user'@'host' GRANT Select, Insert,
Update, Delete,
Create, Drop ON `database`.* TO 'user'@'host' FLUSH
PRIVELEGS;
The FILE privelege and WITH GRANT OPTION may not be the best way to
include, it is
only in case of creating another superuser with full set of privileges
or
giving privileges to load data using mysql command INLOAD DATA.
GRANT TABLE FIELDS EXPLANATION:
TABLE USER: Everything after "password" is a privelege granted with
values 'Y' or 'N'.
This table controls individual user global access rights.
'host','user','password','select','insert','update','delete','index','al
ter'
,'create','drop','grant','reload','shutdown','process','file
'
TABLE DB: This controls access of USERS to databases.
'host','db','user','select','insert','update','delete','index','alter',
'create','drop','grant'
TABLE HOST: This controls which HOSTS are allowed what global access
rights.
'host','db','select','insert','update','delete','index','alter',
'create','drop','grant'
HOST, USER, and DB table are very closely connected - if an authorized
USER
attempts an SQL request from an unauthorized HOST, it is denied.
If a request from an authorized HOST is not an authorized USER, it is
denied.
If a globally authorized USER does not have rights to a certain DB, it
is denied.
Backups in MySQL
Full backup of MySql databases:
1. shell> mysqldump --tab=/path/to/some/dir --opt --full
OR
2. shell> mysqlhotcopy database /path/to/some/dir
OR
3. simply copy all table files (`*.frm', `*.MYD', and `*.MYI'
files)
For a SQL level backup of a table use SELECT INTO OUTFILE or BACKUP
TABLE.
mysql> BACKUP TABLE tbl_name[,tbl_name...] TO
'/path/to/backup/directory'
Copies to the backup directory the minimum number of table files
needed to
restore the table, after flushing any buffered changes to disk.
RESTORE TABLE tbl_name[,tbl_name...] FROM '/path/to/backup/directory'
Restores the table(s) from the backup that was made with BACKUP TABLE.
Existing tables will not be overwritten; if you try to restore over an
existing
table, you will get an error. Restoring will take longer than backing
up due to
the need to rebuild the index. The more keys you have, the longer it
will take.
Just as BACKUP TABLE, RESTORE TABLE currently works only for MyISAM
tables.
Selective backups can be done with:
SELECT * INTO OUTFILE 'file_name' FROM tbl_name
and restore with:
LOAD DATA INFILE 'file_name' REPLACE ...
To avoid duplicate records, you need a PRIMARY KEY or a UNIQUE key in
the table.
The REPLACE keyword causes old records to be replaced with new ones
when a new
record duplicates an old record on a unique key value.
Monitoring tools
The myisamchk utility is used to get information, check, repair or
optimise mysql database tables:
shell> myisamchk [options] tbl_name
With no options, myisamchk simply checks the table.
Some useful Options for myisamchk utility:
1. Print informational statistics about the table that is checked: -i
or --information
2. Check only tables that have changed since the last check: -C or
--check-only-changed
3. The recommended way to quickly check all tables:
myisamchk --silent --fast /path/to/datadir/*/*.MYI
To Start the server automatically at system startup
time
The mysql.server and safe_mysqld scripts can be used to start/stop the
server automatically.
shell> mysql.server start
shell> mysql.server stop
See mysql.server in the `share/mysql' directory or in the `support-
files' directory of the MySQL source tree.
The mysql.server script understands the following options: datadir,
basedir, and pid-file.
If your system uses `/etc/rc.local' to start external scripts, you
should append the following to it:
/bin/sh -c 'cd /usr/local/mysql ; ./bin/safe_mysqld --user=mysql &'
The mysql.server script understands the following options: datadir,
basedir, and pid-file.
Last Modified April 25, 2002