前言
一直以来,MySQL的应用和学习环境都是MySQL 5.6和之前的版本,也没有去关注新版本MySQL 5.7的变化和新特性。今天帮人处理忘记root密码的时时候,发现以前的方法不奏效了。
具体情况如下所示:
案例环境如下:
操作系统 : Red Hat Enterprise Linux Server release 6.6 (Santiago)
数据库版本: 5.7.18 MySQL Community Server (GPL)
忘记密码,输入错误的密码时遇到下面错误信息:
1
2
3
4
|
[root@mytestlnx02 ~] # mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root' @ 'localhost' (using password: YES)
[root@mytestlnx02 ~] #
|
检查MySQL服务是否启动,如果启动,关闭MySQL服务
1
2
3
4
5
6
7
|
[root@mytestlnx02 ~] # ps -ef | grep -i mysql
root 22972 1 0 14:18 pts /0 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir= /var/lib/mysql --socket= /var/lib/mysql/mysql .sock --pid- file = /var/run/mysqld/mysqld .pid --basedir= /usr --user=mysql
mysql 23166 22972 0 14:18 pts /0 00:00:00 /usr/sbin/mysqld --basedir= /usr --datadir= /var/lib/mysql --plugin- dir = /usr/lib/mysql/plugin --user=mysql --log-error= /var/log/mysqld .log --pid- file = /var/run/mysqld/mysqld .pid --socket= /var/lib/mysql/mysql .sock
root 23237 21825 0 14:22 pts /0 00:00:00 grep -i mysql
[root@mytestlnx02 ~] # service mysqld stop
Stopping mysqld: [ OK ]
[root@mytestlnx02 ~] #
|
找到MySQL的my.cnf配置文件,在/etc/my.cnf (有些版本是/etc/mysql/my.cnf)在里面增加下面一段信息:
1
2
3
|
[mysqld]
skip-grant-tables
|
然后启动MySQL,进入MySQL后,修改root密码,操作过程中遇到ERROR 1054 (42S22): Unknown column 'password' in 'field list'
,查了一下user表的表结构,发现原来MySQL 5.7下,user表已经没有Password字段。加密后的用户密码存储于authentication_string字段。
具体操作过程如下所示:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@mytestlnx02 ~] # service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~] # mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle and /or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and /or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password=PASSWORD( 'Kd8k&dfdl023' )
-> where user= 'root' ;
ERROR 1054 (42S22): Unknown column 'password' in 'field list'
mysql> update mysql.user set authentication_string=password( 'Kd8k&dfdl023' ) where user= 'root' ;
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
|
在my.cnf文件中,把刚才加入的那一行“skip-grant-tables”注释或删除掉。 然后重启MySQL服务后需要执行命令set password=password('newpassword');
后,问题搞定。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@mytestlnx02 ~] # service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~] # mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18
Copyright (c) 2000, 2017, Oracle and /or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and /or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> set password=password( 'Kd8k&dfdl023' );
Query OK, 0 rows affected, 1 warning (0.00 sec)
|
后面查询了一下相关资料,发现MySQL 5.7在安全方面有下一些新特性。
1. 用户表 mysql.user 的 plugin字段不允许为空, 默认值是 mysql_native_password,而不是 mysql_old_password,不再支持旧密码格式;
2. 增加密码过期机制,过期后需要修改密码,否则可能会被禁用,或者进入沙箱模式; 是否启用密码过期由参数default_password_lifetime控制。
1
2
3
4
5
6
7
8
9
|
mysql> show variables like 'default_password_lifetime' ;
+---------------------------+-------+
| Variable_name | Value |
+---------------------------+-------+
| default_password_lifetime | 0 |
+---------------------------+-------+
1 row in set (0.00 sec)
mysql>
|
3:增加了密码安全等级以及密码复杂度设置。参数如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
mysql> show variables like 'validate_password%' ;
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
|
4. 使用 mysql_install_db 初始化时,默认会自动生成随机密码,随机密码放在/var/log/mysqld.log中,并且不创建除 root@localhost和mysql.sys@localhost 外的其他账号,也不创建 test 库;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@mytestlnx02 mysql] # yum localinstall mysql-community-{server,client,common,libs}-*
[root@mytestlnx02 mysql] # rpm -qa | grep -i mysql
mysql-community-client-5.7.18-1.el6.i686
mysql-community-libs-5.7.18-1.el6.i686
perl-DBD-MySQL-4.013-3.el6.x86_64
mysql-community-server-5.7.18-1.el6.i686
mysql-community-common-5.7.18-1.el6.i686
mysql-community-libs-compat-5.7.18-1.el6.i686
[root@mytestlnx02 mysql] # service mysqld start
Initializing MySQL database: [ OK ]
Installing validate password plugin: [ OK ]
Starting mysqld: [ OK ]
[root@mytestlnx02 mysql] #
[root@mytestlnx02 mysql] # grep 'temporary password' /var/log/mysqld.log
2017-05-05T06:10:57.802143Z 1 [Note] A temporary password is generated for root@localhost: w99s(m-q_ML:
mysql> select user ,host from user;
+-----------+-----------+
| user | host |
+-----------+-----------+
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+
2 rows in set (0.00 sec)
|
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对服务器之家的支持。
原文链接:http://www.cnblogs.com/kerrycode/p/6813497.html