|
|
MySQL - Causes of Access denied Errors
MySQL and SQL
(Continued from previous question...)
MySQL - Causes of Access denied Errors
If you encounter Access denied errors when you try to connect to the MySQL server, the list below indicates some courses of
action you can take to correct the problem:
The server should let you connect without error. You should also make sure you have a file `user.MYD' in the MySQL database
directory. Ordinarily, this is `PATH/var/mysql/user.MYD', where PATH is the pathname to the MySQL installation root.
After a fresh installation, you should connect to the server and set up your users and their access permissions:
shell> mysql -u root mysql
The server should let you connect because the MySQL root user has no password initially. That is also a security risk, so
setting the root password is something you should do while you're setting up your other MySQL users. If you try to connect
as root and get this error:
Access denied for user: '@unknown' to database mysql
this means that you don't have an entry in the user table with a User column value of 'root' and that mysqld cannot resolve
the hostname for your client. In this case, you must restart the server with the --skip-grant-tables option and edit your
`/etc/hosts' or `\windows\hosts' file to add an entry for your host.
If you updated an existing MySQL installation from a version earlier than Version 3.22.11 to Version 3.22.11 or later, did
you run the mysql_fix_privilege_tables script? If not, do so. The structure of the grant tables changed with MySQL Version
3.22.11 when the GRANT statement became functional.
If you can't get your password to work, remember that you must use the PASSWORD() function if you set the password with the
INSERT, UPDATE, or SET PASSWORD statements. The PASSWORD() function is unnecessary if you specify the password using the
GRANT ... INDENTIFIED BY statement or the mysqladmin password command.
localhost is a synonym for your local hostname, and is also the default host to which clients try to connect if you specify
no host explicitly. However, connections to localhost do not work if you are running on a system that uses MIT-pthreads
(localhost connections are made using Unix sockets, which are not supported by MIT-pthreads). To avoid this problem on such
systems, you should use the --host option to name the server host explicitly. This will make a TCP/IP connection to the
mysqld server. In this case, you must have your real hostname in user table entries on the server host. (This is true even
if you are running a client program on the same host as the server.)
If you get an Access denied error when trying to connect to the database with mysql -u user_name db_name, you may have a
problem with the user table. Check this by executing mysql -u root mysql and issuing this SQL statement:
mysql> SELECT * FROM user;
The result should include an entry with the Host and User columns matching your computer's hostname and your MySQL user
name.
The Access denied error message will tell you who you are trying to log in as, the host from which you are trying to
connect, and whether or not you were using a password. Normally, you should have one entry in the user table that exactly
matches the hostname and user name that were given in the error message. For example if you get an error message that
contains Using password: NO, this means that you tried to login without an password.
If you get the following error when you try to connect from a different host than the one on which the MySQL server is
running, then there is no row in the user table that matches that host:
Host ... is not allowed to connect to this MySQL server
You can fix this by using the command-line tool mysql (on the server host!) to add a row to the user, db, or host table for
the user/hostname combination from which you are trying to connect and then execute mysqladmin flush-privileges. If you are
not running MySQL Version 3.22 and you don't know the IP number or hostname of the machine from which you are connecting,
you should put an entry with '%' as the Host column value in the user table and restart mysqld with the --log option on the
server machine. After trying to connect from the client machine, the information in the MySQL log will indicate how you
really did connect. (Then replace the '%' in the user table entry with the actual hostname that shows up in the log.
Otherwise, you'll have a system that is insecure.) Another reason for this error on Linux is that you are using a binary
MySQL version that is compiled with a different glibc version than the one you are using. In this case you should either
upgrade your OS/glibc or download the source MySQL version and compile this yourself. A source RPM is normally trivial to
compile and install, so this isn't a big problem.
If you get an error message where the hostname is not shown or where the hostname is an IP, even if you try to connect with
a hostname:
shell> mysqladmin -u root -pxxxx -h some-hostname ver
Access denied for user: 'root' (Using password: YES)
This means that MySQL got some error when trying to resolve the IP to a hostname. In this case you can execute mysqladmin
flush-hosts to reset the internal DNS cache. Some permanent solutions are:
Try to find out what is wrong with your DNS server and fix this.
Specify IPs instead of hostnames in the MySQL privilege tables.
Start mysqld with --skip-name-resolve.
Start mysqld with --skip-host-cache.
Connect to localhost if you are running the server and the client on the same machine.
Put the client machine names in /etc/hosts.
If mysql -u root test works but mysql -h your_hostname -u root test results in Access denied, then you may not have the
correct name for your host in the user table. A common problem here is that the Host value in the user table entry specifies
an unqualified hostname, but your system's name resolution routines return a fully qualified domain name (or vice-versa).
For example, if you have an entry with host 'tcx' in the user table, but your DNS tells MySQL that your hostname is
'tcx.subnet.se', the entry will not work. Try adding an entry to the user table that contains the IP number of your host as
the Host column value. (Alternatively, you could add an entry to the user table with a Host value that contains a wild
card--for example, 'tcx.%'. However, use of hostnames ending with `%' is insecure and is not recommended!)
If mysql -u user_name test works but mysql -u user_name other_db_name doesn't work, you don't have an entry for
other_db_name listed in the db table.
If mysql -u user_name db_name works when executed on the server machine, but mysql -u host_name -u user_name db_name doesn't
work when executed on another client machine, you don't have the client machine listed in the user table or the db table.
If you can't figure out why you get Access denied, remove from the user table all entries that have Host values containing
wild cards (entries that contain `%' or `_'). A very common error is to insert a new entry with Host='%' and User='some
user', thinking that this will allow you to specify localhost to connect from the same machine. The reason that this doesn't
work is that the default privileges include an entry with Host='localhost' and User=''. Because that entry has a Host value
'localhost' that is more specific than '%', it is used in preference to the new entry when connecting from localhost! The
correct procedure is to insert a second entry with Host='localhost' and User='some_user', or to remove the entry with
Host='localhost' and User=''.
If you get the following error, you may have a problem with the db or host table:
Access to database denied
If the entry selected from the db table has an empty value in the Host column, make sure there are one or more corresponding
entries in the host table specifying which hosts the db table entry applies to. If you get the error when using the SQL
commands SELECT ... INTO OUTFILE or LOAD DATA INFILE, your entry in the user table probably doesn't have the file privilege
enabled.
Remember that client programs will use connection parameters specified in configuration files or environment variables.
If a client seems to be sending the wrong default connection parameters when you don't
specify them on the command line, check your environment and the `.my.cnf' file in your home directory. You might also check
the system-wide MySQL configuration files, though it is far less likely that client connection parameters will be specified
there. If you get Access denied when you run a client without any options, make sure you
haven't specified an old password in any of your option files!
If you make changes to the grant tables directly (using an INSERT or UPDATE statement) and your changes seem to be ignored,
remember that you must issue a FLUSH PRIVILEGES statement or execute a mysqladmin flush-privileges command to cause the
server to re-read the privilege tables. Otherwise your changes have no effect until the next time the server is restarted.
Remember that after you set the root password with an UPDATE command, you won't need to specify it until after you flush the
privileges, because the server won't know you've changed the password yet!
If you have access problems with a Perl, PHP, Python, or ODBC program, try to connect to the server with mysql -u user_name
db_name or mysql -u user_name -pyour_pass db_name. If you are able to connect using the mysql client, there is a problem
with your program and not with the access privileges. (Note that there is no space between -p and the password; you can also
use the --password=your_pass syntax to specify the password. If you use the -p option alone, MySQL will prompt you for the
password.)
For testing, start the mysqld daemon with the --skip-grant-tables option. Then you can change the MySQL grant tables and use
the mysqlaccess script to check whether or not your modifications have the desired effect. When you are satisfied with your
changes, execute mysqladmin flush-privileges to tell the mysqld server to start using the new grant tables. Note: Reloading
the grant tables overrides the --skip-grant-tables option. This allows you to tell the server to begin using the grant
tables again without bringing it down and restarting it.
If everything else fails, start the mysqld daemon with a debugging option (for example, --debug=d,general,query). This will
print host and user information about attempted connections, as well as information about each command issued.
If you have any other problems with the MySQL grant tables and feel you must post the problem to the mailing list, always
provide a dump of the MySQL grant tables. You can dump the tables with the mysqldump mysql command. As always, post your
problem using the mysqlbug script.
(Continued on next question...)
Other Interview Questions
- What's MySQL
- What is DDL, DML and DCL?
- How do you get the number of rows affected by query?
- If the value in the column is repeatable, how do you find out the unique values?
- How do you return the a hundred books starting from 25th?
- You wrote a search engine that should retrieve 10 results at a time, but at the same time you’d like to know how many rows there’re total. How do you display that to the user?
- How would you write a query to select all teams that won either 2, 4, 6 or 8 games?
- How would you select all the users, whose phone number is null?
- What does this query mean: SELECT user_name, user_isp FROM users LEFT JOIN isps USING (user_id)
- How do you find out which auto increment was assigned on the last insert?
- What does –i-am-a-dummy flag to do when starting MySQL?
- On executing the DELETE statement I keep getting the error about foreign key constraint failing. What do I do?
- When would you use ORDER BY in DELETE statement?
- How can you see all indexes defined for a table?
- How would you change a column from VARCHAR(10) to VARCHAR(50)?
- How would you delete a column?
- How would you change a table to InnoDB?
- When you create a table, and then run SHOW CREATE TABLE on it, you occasionally get different results than what you typed in. What does MySQL modify in your newly created tables?
- How do I find out all databases starting with ‘tech’ to which I have access to?
- How do you concatenate strings in MySQL?
- How do you get a portion of a string?
- What’s the difference between CHAR_LENGTH and LENGTH?
- How do you convert a string to UTF-8?
- What do % and _ mean inside LIKE statement?
- What does + mean in REGEXP?
- How do you get the month from a timestamp?
- How do you offload the time/date handling to MySQL?
- How do you add three minutes to a date?
- What’s the difference between Unix timestamps and MySQL timestamps?
- How do you convert between Unix timestamps and MySQL timestamps?
- What are ENUMs used for in MySQL?
- How are ENUMs and SETs represented internally?
- How do you start and stop MySQL on Windows?
- How do you start MySQL on Linux?
- Explain the difference between mysql and mysqli interfaces in PHP?
- What’s the default port for MySQL Server?
- What does tee command do in MySQL?
- Can you save your connection settings to a conf file?
- How do you change a password for an existing user via mysqladmin?
- Use mysqldump to create a copy of the database?
- Have you ever used MySQL Administrator and MySQL Query Browser?
- What are some good ideas regarding user security in MySQL?
- Explain the difference between MyISAM Static and MyISAM Dynamic.
- What does myisamchk do?
- Explain advantages of InnoDB over MyISAM?
- Explain advantages of MyISAM over InnoDB?
- What are HEAP tables in MySQL?
- How do you control the max size of a HEAP table?
- What are CSV tables?
- Explain federated tables.
- What is SERIAL data type in MySQL?
- What happens when the column is set to AUTO INCREMENT and you reach the maximum value for that table?
- Explain the difference between BOOL, TINYINT and BIT.
- Explain the difference between FLOAT, DOUBLE and REAL.
- If you specify the data type as DECIMAL (5,2), what’s the range of values that can go in this table?
- What happens if a table has one column defined as TIMESTAMP?
- But what if you really want to store the timestamp data, such as the publication date of the article?
- Explain data type TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
- What does TIMESTAMP ON UPDATE CURRENT_TIMESTAMP data type do?
- Explain TIMESTAMP DEFAULT ‘2006:09:02 17:38:44? ON UPDATE CURRENT_TIMESTAMP.
- If I created a column with data type VARCHAR(3), what would I expect to see in MySQL table?
- General Information About MySQL
- The Main Features of MySQL
- Database Basics
- MySQL Command Interpreter
- Installing a MySQL Binary Distribution
- MySQL - Quick Installation Overview
- MySQL - MySQL Extensions to ANSI SQL92
- MySQL - Running MySQL in ANSI Mode
- Functionality Missing from MySQL - Sub-selects
- Functionality Missing from MySQL - SELECT INTO TABLE
- Functionality Missing from MySQL - Transactions
- Functionality Missing from MySQL - Stored Procedures and Triggers
- Functionality Missing from MySQL - Foreign Keys
- MySQL - Reasons NOT to Use Foreign Keys constraints
- Functionality Missing from MySQL - `--' as the Start of a Comment
- Functionality Missing from MySQL - How to Cope Without COMMIT/ROLLBACK
- MySQL - General Security
- How to Make MySQL Secure Against Crackers
- MySQL - Startup options to mysqld which concerns security
- MySQL - What the Privilege System Does
- MySQL - User Names and Passwords
- How to connecting to the MySQL Server
- MySQL - Keeping Your Password Secure
- Privileges Provided by MySQL
- MySQL - How the Privilege System Works
- MySQL - Access Control, Stage 1: Connection Verification
- MySQL - Access Control
- MySQL - When Privilege Changes Take Effect
- Setting Up the Initial MySQL Privileges
- Adding New User Privileges to MySQL
- MySQL - Setting Up Passwords
- MySQL - Causes of Access denied Errors
- Replication in MySQL
- MySQL - Replication Implementation Overview
- MySQL - how to set up complete replication on your current MySQL server
- MySQL - Replication Features and known problems
- MySQL - SQL Commands Related to Replication
- MySQL - Why do I sometimes see more than one Binlog_Dump thread on the master after I have restarted the slave?
- MySQL - How do I rotate replication logs?
- MySQL - How do I upgrade on a hot replication setup?
- MySQL - What issues should I be aware of when setting up two-way replication?
- MySQL - How can I use replication to improve performance of my system?
- MySQL - What should I do to prepare my client code to use performance-enhancing replication?
- MySQL - When and how much can MySQL replication improve the performance of my system?
- MySQL - How can I use replication to provide redundancy/high availability?
- MySQL - Troubleshooting Replication
- How to get Maximum Performance from MySQL
- MySQL - Optimization Overview
- MySQL - System/Compile Time and Startup Parameter Tuning
- MySQL - Disk Issues
- MySQL - Using Symbolic Links for Databases and Tables
- MySQL - Tuning Server Parameters
- How MySQL Opens and Closes Tables
- MySQL - Drawbacks to Creating Large Numbers of Tables in the Same Database
- MySQL - Why So Many Open tables?
- How MySQL Uses Memory
- How MySQL Locks Tables
- MySQL - Table Locking Issues
- How MySQL uses DNS
- MySQL - Get Your Data as Small as Possible
- How MySQL Uses Indexes
- MySQL - Speed of Queries that Access or Update Data
- MySQL - Estimating Query Performance
- MySQL - Speed of SELECT Queries
- How MySQL Optimizes WHERE Clauses
- How MySQL Optimizes DISTINCT
- How MySQL Optimizes LEFT JOIN and RIGHT JOIN
- How MySQL Optimizes LIMIT
- MySQL - Speed of INSERT Queries
- MySQL - Speed of UPDATE Queries
- MySQL - Speed of DELETE Queries
- MySQL - Other Optimization Tips
- MySQL - Using Your Own Benchmarks
- How MySQL Stores Its Row Data and Index Data?
- MySQL is Portability
- What Have We Used MySQL For?
- What is the difference between mysql_fetch_array and mysql_fetch_object?
- What are the different table present in MYsql?
|
