密码恢复及设置
2.1 问题
本案例要求密码恢复及设置,完成以下任务操作:
恢复MySQL管理列表
正常设置管理密码
- 1
- 2
2.2 步骤
实现此案例需要按照如下步骤进行。
步骤一:重置MySQL管理密码
1)首先停止已运行的MySQL服务程序
[root@dbsvr1 ~]# systemctl stop mysqld.service //停止服务
[root@dbsvr1 ~]# systemctl status mysqld.service //确认状态
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: inactive (dead) since 五 2017-04-07 23:01:38 CST; 21s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 20260 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 20238 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 20262 (code=exited, status=0/SUCCESS)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
2)然后跳过授权表启动MySQL服务程序
这一步主要利用mysqld的 --skip-grant-tables选项
修改my.cnf配置,添加 skip_grant_tables=1启动设置:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
skip_grant_tables=1
.. ..
[root@dbsvr1 ~]# systemctl restart mysqld.service
[root@dbsvr1 ~]# service mysql status
mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
Active: active (running) since 五 2017-04-07 23:40:20 CST; 40s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 11698 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
Process: 11676 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 11701 (mysqld)
CGroup: /system.slice/mysqld.service
└─11701 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.p...
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
3)使用mysql命令连接到MySQL服务,重设root的密码
由于前一步启动的MySQL服务跳过了授权表,所以可以root从本机直接登录
[root@dbsvr1 ~]# mysql -u root
Enter password: //直接回车即可
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
进入 mysql> 环境后,通过修改mysql库中user表的相关记录,重设root用户从本机登录的密码:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.01 sec)
mysql> exit //退出mysql> 环境
Bye
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
通过执行“FLUSH PRIVILEGES;”可使授权表立即生效,对于正常运行的MySQL服务,也可以用上述方法来修改密码,不用重启服务。本例中因为是恢复密码,最好重启MySQL服务程序,所以上述“FLUSH PRIVILEGES;”操作可跳过。
4)重新以正常方式启动MySQL服务程序,验证新密码
如果前面是修改/etc/my.cnf配置的方法来跳过授权表,则重置root密码后,应去除相应的设置以恢复正常:
[root@dbsvr1 ~]# vim /etc/my.cnf
[mysqld]
#skip_grant_tables=1 //注释掉或删除此行
.. ..
- 1
- 2
- 3
- 4
按正常方式,通过mysql脚本重启服务即可:
[root@dbsvr1 ~]# systemctl restart mysqld.service
- 1
验证无密码登录时,将会被拒绝:
[root@dbsvr1 ~]# mysql -u root
Enter password: //没有跳过授权表回车会报错
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
- 1
- 2
- 3
只有提供重置后的新密码,才能成功登入:
[root@dbsvr1 ~]# mysql -u root –p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.17 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
步骤二:正常设置MySQL管理密码
正常的前提是:已知当前MySQL管理用户(root)的密码。
1)方法1,在Shell命令行下设置
使用mysqladmin管理工具,需要验证旧的密码。比如,以下操作将会把root的密码设置为 1234567:
[root@dbsvr1 ~]# mysqladmin -u root -p password '1234567'
Enter password: //验证原来的密码
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. //提示明文修改不安全,并不是报错
- 1
- 2
- 3
- 4
2)方法2,以root登入mysql> 后,使用SET PASSWORD指令设置
这个与新安装MySQL-server后首次修改密码时要求的方式相同,平时也可以用:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
Query OK, 0 rows affected, 1 warning (0.00 sec)
- 1
- 2
3)方法3,以root登入mysql> 后,使用GRANT授权工具设置
这个是最常见的用户授权方式(下一节会做更多授权的练习):
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
Query OK, 0 rows affected, 1 warning (0.00 sec)
- 1
- 2
4)方法4,以root登入mysql> 后,使用UPDATE更新相应的表记录
这种方法与恢复密码时的操作相同:
mysql> UPDATE mysql.user SET authentication_string=PASSWORD('1234567')
-> WHERE user='root' AND host='localhost'; //重设root的密码
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 0 Warnings: 1
mysql> FLUSH PRIVILEGES; //刷新授权表
Query OK, 0 rows affected (0.00 sec)
- 1
- 2
- 3
- 4
- 5
- 6
在上述方法中,需要特别注意:当MySQL服务程序以 skip-grant-tables 选项启动时,如果未执行“FLUSH PRIVILEGES;”操作,是无法通过SET PASSWORD或者GRANT方式来设置密码的。比如,验证这两种方式时,都会看到ERROR 1290的出错提示:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('1234567');
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> GRANT all ON *.* TO root@localhost IDENTIFIED BY '1234567';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
- 1
- 2
- 3
- 4
</div>
<link href="https://csdnimg.cn/release/phoenix/mdeditor/markdown_views-b6c3c6d139.css" rel="stylesheet">
<div class="more-toolbox">
<div class="left-toolbox">
<ul class="toolbox-list">
<li class="tool-item tool-active is-like "><a href="javascript:;"><svg class="icon" aria-hidden="true">
<use xlink:href="#csdnc-thumbsup"></use>
</svg><span class="name">点赞</span>
<span class="count"></span>
</a></li>
<li class="tool-item tool-active is-collection "><a href="javascript:;" data-report-click="{"mod":"popu_824"}"><svg class="icon" aria-hidden="true">
<use xlink:href="#icon-csdnc-Collection-G"></use>
</svg><span class="name">收藏</span></a></li>
<li class="tool-item tool-active is-share"><a href="javascript:;" data-report-click="{"mod":"1582594662_002"}"><svg class="icon" aria-hidden="true">
<use xlink:href="#icon-csdnc-fenxiang"></use>
</svg>分享</a></li>
<!--打赏开始-->
<!--打赏结束-->
<li class="tool-item tool-more">
<a>
<svg t="1575545411852" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="5717" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><defs><style type="text/css"></style></defs><path d="M179.176 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5718"></path><path d="M509.684 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5719"></path><path d="M846.175 499.222m-113.245 0a113.245 113.245 0 1 0 226.49 0 113.245 113.245 0 1 0-226.49 0Z" p-id="5720"></path></svg>
</a>
<ul class="more-box">
<li class="item"><a class="article-report">文章举报</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="person-messagebox">
<div class="left-message"><a href="https://blog.csdn.net/xie_qi_chao">
<img src="https://profile.csdnimg.cn/B/F/6/3_xie_qi_chao" class="avatar_pic" username="xie_qi_chao">
<img src="https://g.csdnimg.cn/static/user-reg-year/1x/2.png" class="user-years">
</a></div>
<div class="middle-message">
<div class="title"><span class="tit"><a href="https://blog.csdn.net/xie_qi_chao" data-report-click="{"mod":"popu_379"}" target="_blank">解启超</a></span>
</div>
<div class="text"><span>发布了317 篇原创文章</span> · <span>获赞 48</span> · <span>访问量 3万+</span></div>
</div>
<div class="right-message">
<a href="https://im.csdn.net/im/main.html?userName=xie_qi_chao" target="_blank" class="btn btn-sm btn-red-hollow bt-button personal-letter">私信
</a>
<a class="btn btn-sm attented bt-button personal-watch" data-report-click="{"mod":"popu_379"}">已关注</a>
</div>
</div>
</div>
</article>
3887
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
