一直以来,MySQL的应用和学习环境都是MySQL 5.6和之前的版本,也没有去关注新版本MySQL 5.7的变化和新特性。今天帮人处理忘记root密码的时时候,发现以前的方法不奏效了。具体情况如下所示:
案例环境如下:
操作系统 : Red Hat Enterprise Linux Server release 6.6 (Santiago)
数据库版本: 5.7.18 MySQL Community Server (GPL)
忘记密码,输入错误的密码时遇到下面错误信息:
[root@mytestlnx02 ~]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root@mytestlnx02 ~]#
检查MySQL服务是否启动,如果启动,关闭MySQL服务
[root@mytestlnx02 ~]# ps -ef | grep -i mysql
root 22972 1 0 14:18 pts/0 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 23166 22972 0 14:18 pts/0 00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root 23237 21825 0 14:22 pts/0 00:00:00 grep -i mysql
[root@mytestlnx02 ~]# service mysqld stop
Stopping mysqld: [ OK ]
[root@mytestlnx02 ~]#
找到MySQL的my.cnf配置文件,在/etc/my.cnf (有些版本是/etc/mysql/my.cnf)在里面增加下面一段信息:
[mysqld]
skip-grant-tables
然后启动MySQL,进入MySQL后,修改root密码,操作过程中遇到ERROR 1054 (42S22): Unknown column 'password' in 'field list',查了一下user表的表结构,发现原来MySQL 5.7下,user表已经没有Password字段。加密后的用户密码存储于authentication_string字段。具体操作过程如下所示:
[root@mytestlnx02 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password=PASSWORD('Kd8k&dfdl023')
-> where user='root';
ERROR 1054 (42S22): Unknown column 'password' in 'field list'
mysql> update mysql.user set authentication_string=password('Kd8k&dfdl023') where user='root';
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
在my.cnf文件中,把刚才加入的那一行“skip-grant-tables”注释或删除掉。 然后重启MySQL服务后需要执行命令set password=password('newpassword');后,问题搞定。
[root@mytestlnx02 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> set password=password('Kd8k&dfdl023');
Query OK, 0 rows affected, 1 warning (0.00 sec)
后面查询了一下相关资料,发现MySQL 5.7在安全方面有下一些新特性(参考MySQL 5.7版本新特性连载(三))
1. 用户表 mysql.user 的 plugin字段不允许为空, 默认值是 mysql_native_password,而不是 mysql_old_password,不再支持旧密码格式;
2. 增加密码过期机制,过期后需要修改密码,否则可能会被禁用,或者进入沙箱模式; 是否启用密码过期由参数default_password_lifetime控制。
mysql> show variables like 'default_password_lifetime';
+---------------------------+-------+
| Variable_name | Value |
+---------------------------+-------+
| default_password_lifetime | 0 |
+---------------------------+-------+
1 row in set (0.00 sec)
mysql>
3:增加了密码安全等级以及密码复杂度设置。参数如下:
mysql> show variables like 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
4. 使用 mysql_install_db 初始化时,默认会自动生成随机密码,随机密码放在/var/log/mysqld.log中,并且不创建除 root@localhost和mysql.sys@localhost 外的其他账号,也不创建 test 库;
[root@mytestlnx02 mysql]# yum localinstall mysql-community-{server,client,common,libs}-*
[root@mytestlnx02 mysql]# rpm -qa | grep -i mysql
mysql-community-client-5.7.18-1.el6.i686
mysql-community-libs-5.7.18-1.el6.i686
perl-DBD-MySQL-4.013-3.el6.x86_64
mysql-community-server-5.7.18-1.el6.i686
mysql-community-common-5.7.18-1.el6.i686
mysql-community-libs-compat-5.7.18-1.el6.i686
[root@mytestlnx02 mysql]# service mysqld start
Initializing MySQL database: [ OK ]
Installing validate password plugin: [ OK ]
Starting mysqld: [ OK ]
[root@mytestlnx02 mysql]#
[root@mytestlnx02 mysql]# grep 'temporary password' /var/log/mysqld.log
2017-05-05T06:10:57.802143Z 1 [Note] A temporary password is generated for root@localhost: w99s(m-q_ML:
mysql> select user ,host from user;
+-----------+-----------+
| user | host |
+-----------+-----------+
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+
2 rows in set (0.00 sec)
参考资料:
http://imysql.com/2015/07/08/mysql-57-new-feature-part-3.shtml