一直以來,MySQL的應用和學習環境都是MySQL 5.6和之前的版本,也沒有去關注新版本MySQL 5.7的變化和新特性。今天幫人處理忘記root密碼的時時候,發現以前的方法不奏效了。具體情況如下所示:
案例環境如下:
操作系統 : Red Hat Enterprise Linux Server release 6.6 (Santiago)
數據庫版本: 5.7.18 MySQL Community Server (GPL)
忘記密碼,輸入錯誤的密碼時遇到下面錯誤信息:
[root@mytestlnx02 ~]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root@mytestlnx02 ~]#
檢查MySQL服務是否啟動,如果啟動,關閉MySQL服務
[root@mytestlnx02 ~]# ps -ef | grep -i mysql
root 22972 1 0 14:18 pts/0 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 23166 22972 0 14:18 pts/0 00:00:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root 23237 21825 0 14:22 pts/0 00:00:00 grep -i mysql
[root@mytestlnx02 ~]# service mysqld stop
Stopping mysqld: [ OK ]
[root@mytestlnx02 ~]#
找到MySQL的my.cnf配置文件,在/etc/my.cnf (有些版本是/etc/mysql/my.cnf)在里面增加下面一段信息:
[mysqld]
skip-grant-tables
然后啟動MySQL,進入MySQL后,修改root密碼,操作過程中遇到ERROR 1054 (42S22): Unknown column 'password' in 'field list',查了一下user表的表結構,發現原來MySQL 5.7下,user表已經沒有Password字段。加密后的用戶密碼存儲於authentication_string字段。具體操作過程如下所示:
[root@mytestlnx02 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password=PASSWORD('Kd8k&dfdl023')
-> where user='root';
ERROR 1054 (42S22): Unknown column 'password' in 'field list'
mysql> update mysql.user set authentication_string=password('Kd8k&dfdl023') where user='root';
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
在my.cnf文件中,把剛才加入的那一行“skip-grant-tables”注釋或刪除掉。 然后重啟MySQL服務后需要執行命令set password=password('newpassword');后,問題搞定。
[root@mytestlnx02 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@mytestlnx02 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.18
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> set password=password('Kd8k&dfdl023');
Query OK, 0 rows affected, 1 warning (0.00 sec)
后面查詢了一下相關資料,發現MySQL 5.7在安全方面有下一些新特性(參考MySQL 5.7版本新特性連載(三))
1. 用戶表 mysql.user 的 plugin字段不允許為空, 默認值是 mysql_native_password,而不是 mysql_old_password,不再支持舊密碼格式;
2. 增加密碼過期機制,過期后需要修改密碼,否則可能會被禁用,或者進入沙箱模式; 是否啟用密碼過期由參數default_password_lifetime控制。
mysql> show variables like 'default_password_lifetime';
+---------------------------+-------+
| Variable_name | Value |
+---------------------------+-------+
| default_password_lifetime | 0 |
+---------------------------+-------+
1 row in set (0.00 sec)
mysql>
3:增加了密碼安全等級以及密碼復雜度設置。參數如下:
mysql> show variables like 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
4. 使用 mysql_install_db 初始化時,默認會自動生成隨機密碼,隨機密碼放在/var/log/mysqld.log中,並且不創建除 root@localhost和mysql.sys@localhost 外的其他賬號,也不創建 test 庫;
[root@mytestlnx02 mysql]# yum localinstall mysql-community-{server,client,common,libs}-*
[root@mytestlnx02 mysql]# rpm -qa | grep -i mysql
mysql-community-client-5.7.18-1.el6.i686
mysql-community-libs-5.7.18-1.el6.i686
perl-DBD-MySQL-4.013-3.el6.x86_64
mysql-community-server-5.7.18-1.el6.i686
mysql-community-common-5.7.18-1.el6.i686
mysql-community-libs-compat-5.7.18-1.el6.i686
[root@mytestlnx02 mysql]# service mysqld start
Initializing MySQL database: [ OK ]
Installing validate password plugin: [ OK ]
Starting mysqld: [ OK ]
[root@mytestlnx02 mysql]#
[root@mytestlnx02 mysql]# grep 'temporary password' /var/log/mysqld.log
2017-05-05T06:10:57.802143Z 1 [Note] A temporary password is generated for root@localhost: w99s(m-q_ML:
mysql> select user ,host from user;
+-----------+-----------+
| user | host |
+-----------+-----------+
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+
2 rows in set (0.00 sec)
參考資料:
http://imysql.com/2015/07/08/mysql-57-new-feature-part-3.shtml