Can't reset MySQL (MariaDB) root password

Question

Today, I wanted to create a database in PMA. It said: "Cannot log in to the MySQL server". I tried via a terminal, same problem, and it is because my password is wrong. And I can't understand why.

I tried the usual method to reset the root password (skip grant tables mounting and reset the passord) but it seems it doesn't works.

See that:

morgan@rakija:~$ sudo mysqld_safe --skip-grant-tables &
[1] 14016
morgan@rakija:~$ 150802 19:07:25 mysqld_safe Can't log to error log and syslog at the same time.  Remove all --log-error configuration options for --syslog to take effect.
150802 19:07:25 mysqld_safe Logging to '/var/log/mysql/error.log'.
150802 19:07:25 mysqld_safe A mysqld process already exists

[1]+  Terminé 1               sudo mysqld_safe --skip-grant-tables
morgan@rakija:~$ mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.0.20-MariaDB-0ubuntu0.15.04.1 (Ubuntu)

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> update user set password=PASSWORD("newPass") where user='root';
Query OK, 4 rows affected (0.00 sec)
Rows matched: 4  Changed: 4  Warnings: 0

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit
Bye
morgan@rakija:~$ sudo service mysql restart
morgan@rakija:~$ mysql -uroot -pnewPass
ERROR 1698 (28000): Access denied for user 'root'@'localhost'

Answer 1

I have found a solution that is as strange as the problem itself.

Reboot MySQL/MariaDB using --skip-grant-tables (search for tutorials on the web). (not necessary at all, read my edits at the end of the post)

Look at the plugin field into the mysql.user table:

MariaDB [mysql]> SELECT user, plugin FROM user;
+------+-------------+
| user | plugin      |
+------+-------------+
| root | unix_socket |
| root | unix_socket |
| root | unix_socket |
| root | unix_socket |
+------+-------------+

I had to reset the plugin field of each entry to a blank string.

UPDATE user SET plugin="";   // without WHERE clause

Also, make sure that a password is defined, because sometimes it seems to be erased (select on user, password fields). If not, update it with:

UPDATE user SET password=PASSWORD("my_password") WHERE user="root";

Privileges parameters need to be saved explicitly:

FLUSH PRIVILEGES;

Then, restart MySQL in normal mode and you should be able to connect to the root account.

This will not necessarily disable the connection via Unix socket. After my MySQL va repaired, in PMA, I can see that the connection is established through an Unix socket.

EDIT, some months later: I'm now used to have this problem come back frequently, I think at each update of MariaDB (or something like that). So I've got a better comprehension of the probem ; there's an UNIX_SOCKET plugin that can let you log in a MariaDB account without having to create a password, because it uses the shell's credentials to trust you, without having to enter any password. In fact, this plugin is an authentication plugin and not a method of communication with the SQL server. So you can safely disable it if you don't use unix socket as a logging-in method. The only thing I can't explain is why the UNIX_SOCKET plugin is regularly set on each account of the database, without any action on my side.

This has the nice side effect that, when it happens, you can login to the SQL server without having to restart MariaDB with --skip-grant-tables: just log-in to the system's root account, then just connect with mysql -u root without password, then reset the plugin field in the way it is explained above.

EDIT 2: Confirmed, it happens on each MariaDB upgrade on Ubuntu.

Answer 2

From this answer, http://ubuntuforums.org/showthread.php?t=2275033&p=13272227#post13272227.

Mysql tries to authenticate root using plugin, not password. You need to disable plugin usage for root.

shell$ sudo mysql -u root

[mysql] use mysql;
[mysql] update user set plugin='' where User='root';
[mysql] flush privileges;
[mysql] \q

Answer 3

Connect as previously described:

mysqld_safe --skip-grant-tables

Log file will be showed:

160518 23:21:01 mysqld_safe Logging to '/usr/local/mysql/data/ab123456.domain.com.err'.
160518 23:21:01 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data

Search log listed (in this case: /usr/local/mysql/data/ab123456.domain.com.err) for right socket:

cat /usr/local/mysql/data/ab123456.domain.com.err | grep "socket: "
Version: '5.5.49-MariaDB'  socket: '/tmp/mysql.sock'  port: 3306  MariaDB Server

and use it in mysql connection:

mysql --socket /tmp/mysql.sock -u root
root@ab123456:~# /usr/local/mysql/bin/mysql --socket /tmp/mysql.sock -u root

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1
Server version: 5.5.49-MariaDB MariaDB Server

Answer 4

By default marriadb uses "unix_socket" authentication plugin to set passwords this should be "mysql_native_password" so

switch database..

use mydatabase;

first see witch plugin is set..

SELECT user, plugin FROM user;

set it to "mysql_native_password"

UPDATE user SET plugin="mysql_native_password"; 

set new password...

update user set authentication_string=password('My@Password'), plugin='mysql_native_password' where user='root';