2019.05.10_v1
linux版本:Red Hat Enterprise Linux Server release 7.4 (Maipo)
数据库版本:mysql-5.7.17
-----------------------------------------------------------------------------------------------------------------------------------------------
步骤一:重置MySQL管理密码
1)首先停止已运行的MySQL服务程序
1. [root@dbsvr1 ~]# systemctl stop mysqld.service //停止服务
2. [root@dbsvr1 ~]# systemctl status mysqld.service //确认状态
3. mysqld.service - MySQL Server
4. Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
5. Active: inactive (dead) since 五 2017-04-07 23:01:38 CST; 21s ago
6. Docs: man:mysqld(8)
7. http://dev.mysql.com/doc/refman/en/using-systemd.html
8. Process: 20260 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
9. Process: 20238 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
10. Main PID: 20262 (code=exited, status=0/SUCCESS)
2)然后跳过授权表启动MySQL服务程序
这一步主要利用mysqld的 --skip-grant-tables选项
修改my.cnf配置,添加 skip_grant_tables=1启动设置:
1. [root@dbsvr1 ~]# vim /etc/my.cnf
2. [mysqld]
3. skip_grant_tables=1
4. .. ..
5. [root@dbsvr1 ~]# systemctl restart mysqld.service
6. [root@dbsvr1 ~]# service mysql status
7. mysqld.service - MySQL Server
8. Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
9. Active: active (running) since 五 2017-04-07 23:40:20 CST; 40s ago
10. Docs: man:mysqld(8)
11. http://dev.mysql.com/doc/refman/en/using-systemd.html
12. Process: 11698 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
13. Process: 11676 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
14. Main PID: 11701 (mysqld)
15. CGroup: /system.slice/mysqld.service
16. └─11701 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.p...
3)使用mysql命令连接到MySQL服务,重设root的密码
由于前一步启动的MySQL服务跳过了授权表,所以可以root从本机直接登录
1. [root@dbsvr1 ~]# mysql -u root
2. Enter password: //直接回车即可
3. Welcome to the MySQL monitor. Commands end with ; or \g.
4. Your MySQL connection id is 4
5. Server version: 5.7.17 MySQL Community Server (GPL)
6.
7. Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
8.
9. Oracle is a registered trademark of Oracle Corporation and/or its
10. affiliates. Other names may be trademarks of their respective
11. owners.
12.
13. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
14.
15. mysql>
进入 mysql> 环境后,通过修改mysql库中user表的相关记录,重设root用户从本机登录的密码:
1. mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
2. -> WHERE user='root' AND host='localhost'; //重设root的密码
3. Query OK, 1 row affected, 1 warning (0.00 sec)
4. Rows matched: 1 Changed: 1 Warnings: 1
5. mysql> FLUSH PRIVILEGES; //刷新授权表
6. Query OK, 0 rows affected (0.01 sec)
7. mysql> exit //退出mysql> 环境
8. Bye
通过执行“FLUSH PRIVILEGES;”可使授权表立即生效,对于正常运行的MySQL服务,也可以用上述方法来修改密码,不用重启服务。本例中因为是恢复密码,最好重启MySQL服务程序,所以上述“FLUSH PRIVILEGES;”操作可跳过。
4)重新以正常方式启动MySQL服务程序,验证新密码
如果前面是修改/etc/my.cnf配置的方法来跳过授权表,则重置root密码后,应去除相应的设置以恢复正常:
1. [root@dbsvr1 ~]# vim /etc/my.cnf
2. [mysqld]
3. #skip_grant_tables=1 //注释掉或删除此行
4. .. ..
按正常方式,通过mysql脚本重启服务即可:
1. [root@dbsvr1 ~]# systemctl restart mysqld.service
验证无密码登录时,将会被拒绝:
1. [root@dbsvr1 ~]# mysql -u root
2. Enter password: //没有跳过授权表回车会报错
3. ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
只有提供重置后的新密码,才能成功登入:
1. [root@dbsvr1 ~]# mysql -u root –p
2. Enter password:
3. Welcome to the MySQL monitor. Commands end with ; or \g.
4. Your MySQL connection id is 4
5. Server version: 5.7.17 MySQL Community Server (GPL)
6.
7. Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
8.
9. Oracle is a registered trademark of Oracle Corporation and/or its
10. affiliates. Other names may be trademarks of their respective
11. owners.
12.
13. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
14.
15. mysql>
步骤二:正常设置MySQL管理密码
正常的前提是:已知当前MySQL管理用户(root)的密码。
1)方法1,在Shell命令行下设置
使用mysqladmin管理工具,需要验证旧的密码。比如,以下操作将会把root的密码设置为 1234567:
1. [root@dbsvr1 ~]# mysqladmin -u root -p password '1234567'
2. Enter password: //验证原来的密码
3. mysqladmin: [Warning] Using a password on the command line interface can be insecure.
4. Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. //提示明文修改不安全,并不是报错
2)方法2,以root登入mysql> 后,使用SET PASSWORD指令设置
这个与新安装MySQL-server后首次修改密码时要求的方式相同,平时也可以用:
1. mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
2. Query OK, 0 rows affected, 1 warning (0.00 sec)
3)方法3,以root登入mysql> 后,使用GRANT授权工具设置
这个是最常见的用户授权方式(下一节会做更多授权的练习):
1. mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
2. Query OK, 0 rows affected, 1 warning (0.00 sec)
4)方法4,以root登入mysql> 后,使用UPDATE更新相应的表记录
这种方法与恢复密码时的操作相同:
1. mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
2. -> WHERE user='root' AND host='localhost'; //重设root的密码
3. Query OK, 0 rows affected, 1 warning (0.00 sec)
4. Rows matched: 1 Changed: 0 Warnings: 1
5. mysql> FLUSH PRIVILEGES; //刷新授权表
6. Query OK, 0 rows affected (0.00 sec)
在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:
1. mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
2. ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
3.
4. mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
5. ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement